z/Series Modernization and Migration

The biggest migration is yet to come.

Executive Summary

Info-Tech Insight

“A number of market conditions have coalesced in a way that is increasingly driving existing mainframe customers to consider running their application workloads on alternative platforms. In 2020, the World Economic Forum noted that 42% of core skills required to perform existing jobs are expected to change by 2022, and that more than 1 billion workers need to be reskilled by 2030.” – Dale Vecchio

Review

We help IT leaders make the most of their z/Series environment

Analyst Perspective

Good Luck.

Modernize the mainframe … here we go again. Prior to 2020, most organizations were muddling around in “year eleven of the four-year plan” to exit the mainframe platform where a medium-term commitment to the platform existed. Since 2020, it appears the appetite for the mainframe platform changed. Again. Discussions mostly seem to be about what the options are beyond hardware outsourcing or re-platforming to “cloud” migration of workloads – mostly planning and strategy topics. A word of caution: it would appear unwise to stand in front of the exit door for fear of being trampled. Hardware expirations between now and 2025 are motivating hosting deployments. Others are in migration activities, and some have already decommissioned and migrated but now are trying to rehab the operations team now lacking direction and/or structure. There is little doubt that modernization and “digital transformation” trends will drive more exit traffic, so IT leaders who are still under pressure to get off the platform need to assess their options and decide. Being in a state of perpetually planning to get off the mainframe handcuffs your ability to invest in the mainframe, address deficiencies, and improve cost-effectiveness.

Darin Stahl Principal Research Advisor, Infrastructure & Operations Research Info-Tech Research Group

The mainframe “fidget spinner”

Thinking of modernizing your mainframe can cause you angst so grab a fidget spinner and relax because we have you covered!

External Business Pressures:

• Digital transformation
• Modernization programs
• Compliance and regulations
• TCO

Internal Considerations:

• Reinvest
• Migrate to a new platform
• Evaluate public and vendor cloud alternatives
• Hosting versus infrastructure outsourcing

Info-Tech Insight

With multiple control points to be addressed, care must be taken to simplify your options while addressing all concerns to ease operational load.

The analyst call review

“Who has Darin talked with?” – Troy Cheeseman

Scale out versus scale up

Consider your resourcing

Understand your options

Migrate

Having perpetual plans to migrate handcuffs your ability to invest in your mainframe, extend its value, and improve cost effectiveness.

Hosting

Using a hosting provider is typically more cost-effective than running your mainframe in-house.

Potential for reduced costs

• Hosting enables you to reduce or eliminate your mainframe staff.
• Economies of scale enable hosting providers to reduce software licensing costs. They also have more buying power to negotiate better terms.
• Power and cooling costs are also transferred to the hosting provider.

Reliable infrastructure and experienced staff

• A quality hosting provider will have 24/7 monitoring, full redundancy, and proven disaster recovery capabilities.
• The hosting provider will also have a larger mainframe staff, so they don’t have the same risk of suddenly being without those advanced critical skills.

So, what are the risks?

• A transition to a hosting provider usually means eliminating or significantly reducing your in-house mainframe staff. With that loss of in-house expertise, it will be next to impossible to bring the mainframe back in-house, and you become highly dependent on your hosting provider.

Outsourcing

Re-platform – z/Series COBOL Cloud

Re-platforming is not trivial.

Re-platform – z/Series (Non-COBOL)

But what if it's not COBOL?

Reinvest

By contrast, reducing the use of your mainframe makes it less cost-effective and more challenging to retain in-house expertise.

• For organizations that have migrated applications off the mainframe (at least partly to reduce dependency on the platform), inevitably there remains a core set of mission critical applications that cannot be moved off for reasons described on the “Migrate” slide. This is when the mainframe becomes a costly burden:
  • TCO is relatively high due to low utilization.
  • In-house expertise declines as workload declines and current staffing allocations become harder to justify.
• Organizations that are instead adding capacity and finding new ways to use this platform have lower cost concerns and resourcing challenges. The charts below illustrate this correlation. While some capacity growth is due to normal business growth, some is also due to new workloads, and it reflects an ongoing commitment to the platform.

*92% of organizations that added capacity said TCO is lower than for commodity servers (compared to 50% of those who did not add capacity)	*63% of organizations that added capacity said finding resources is not very difficult (compared to 42% of those who did not add capacity)

*Maximize the Value of IBM Mainframes in My Business

An important thought about data migration

Mainframe data migrations – “VSAM, IMS, etc.”

Enterprise class job scheduling

Job scheduling or data center automation?

• Enterprise class job scheduling solutions enable complex unattended batched programmatically conditioned task/job scheduling.
• Data center automation (DCIM) software automates and orchestrates the processes and workflow for infrastructure operations including provisioning, configuring, patching of physical, virtual, and cloud servers, and monitoring of tasks involved in maintaining the operations of a data center or Infrastructure environment.
• While there maybe some overlap and or confusion between data center automation and enterprise class job scheduling solutions, data center automation (DCIM) software solutions are least likely to have support for non-commodity server platforms and lack robust scheduling functionality.

Note: Enterprise job scheduling is a topic with low member interest or demand. Since our published research is driven by members’ interest and needs, the lack of activity or member demand would obviously be a significant influence into our ability to aggregate shared member insight, trends, or best practices in our published agenda.

Data Center Automation (DCIM) Software

Orchestration/Provisioning Software

Enterprise class job scheduling features

The feature set for these tools is long and comprehensive. The feature list below is not exhaustive as specific tools may have additional product capabilities. At a minimum, the solutions offered by the vendors in the list below will have the following capabilities:

Understand your vendors and tools

List and compare the job scheduling features of each vendor.

• This is not presented as an exhaustive list.
• The list relies on observations aggregated from analyst engagements with Info-Tech Research Group members. Those member discussions tend to be heavily tilted toward solutions supporting non-commodity platforms.
• Nothing is implied about a solution suitability or capability by the order of presentation or inclusion or absence in this list.

Info-Tech Insight

Creating vendor profiles will help quickly filter the solution providers that directly meet your z/Series needs.

Advanced Systems Concepts

ActiveBatch

*Advanced Systems Concepts, Inc.

BMC

Control-M

*BMC

Broadcom

Atomic Automation

Autosys Workload Automation

*Broadcom

HCL

Workload Automation

*HCL Software

Fortra

JAMS Scheduler

*JAMS

Redwood

Redwood SaaS

*Redwood

Fortra

Robot Scheduler

*Fortra

SMA Technologies

OpCon

*SMA Technologies

StoneBranch

Universal Automation Center (UAC)

*Stonebranch

Tidal Software

Workload Automation

*Tidal

Vinzant Software

Global ECS

*Vizant Software

Activity

Scale Out or Scale Up

Activities:

1. Complete the Scale Up vs. Scale Out TCO Tool.
2. Compare total lifecycle costs to determine TCO.

This activity involves the following participants:

IT strategic direction decision makers

IT managers responsible for an existing z/Series platform

Organizations evaluating platforms for mission critical applications

Outcomes of this step:

• Completed Scale Up vs. Scale Out TCO Tool

Info-Tech Insight

This checkpoint process creates transparency around agreement costs with the business and gives the business an opportunity to re-evaluate its requirements for a potentially leaner agreement.

Scale out versus scale up activity

The Scale Up vs. Scale Out TCO Tool provides organizations with a framework for estimating the costs associated with purchasing and licensing for a scale-up and scale-out environment over a multi-year period. Use this tool to: Compare the pre-populated values. Insert your own amounts to contrast possible database decisions and determine the TCO of each.
Info-Tech Insight Watch out for inaccurate financial information. Ensure that the financials for cost match your maintenance and contract terms.	Use the Scale Up vs. Scale Out TCO Tool to determine your TCO options.

Related Info-Tech Research

Effectively Acquire Infrastructure Services

Acquiring a service is like buying an experience. Don’t confuse the simplicity of buying hardware with buying an experience.

Outsource IT Infrastructure to Improve System Availability, Reliability, and Recovery

There are very few IT infrastructure components you should be housing internally – outsource everything else.

Build Your Infrastructure Roadmap

Move beyond alignment: Put yourself in the driver’s seat for true business value.

Define Your Cloud Vision

Make the most of cloud for your organization.

Document Your Cloud Strategy

Drive consensus by outlining how your organization will use the cloud.

Build a Strategy for Big Data Platforms

Know where to start and where to focus attention in the implementation of a big data strategy.

Create a Better RFP Process

Improve your RFPs to gain leverage and get better results.

Research Authors

Darin Stahl, Principal Research Advisor, Info-Tech Research Group Darin is a Principal Research Advisor within the Infrastructure Practice, and leveraging 38+ years of experience, his areas of focus include: IT Operations Management, Service Desk, Infrastructure Outsourcing, Managed Services, Cloud Infrastructure, DRP/BCP, Printer Management, Managed Print Services, Application Performance Monitoring/ APM, Managed FTP, non-commodity servers (z/Series, mainframe, IBM i, AIX, Power PC).

Troy Cheeseman, Practice Lead, Info-Tech Research Group Troy has over 25 years of IT management experience and has championed large enterprise-wide technology transformation programs, remote/home office collaboration and remote work strategies, BCP, IT DRP, IT Operations and expense management programs, international right placement initiatives, and large technology transformation initiatives (M&A). Additionally, he has deep experience working with IT solution providers and technology (cloud) start-ups.

Bibliography

“AWS Announces AWS Mainframe Modernization.” Business Wire, 30 Nov. 2021.
de Valence, Phil. “Migrating a Mainframe to AWS in 5 Steps with Astadia?” AWS, 23 Mar. 2018.
Graham, Nyela. “New study shows mainframes still popular despite the rise of cloud—though times are changing…fast?” WatersTechnology, 12 Sept. 2022.
“Legacy applications can be revitalized with API.” MuleSoft, 2022.
Vecchio, Dale. “The Benefits of Running Mainframe Applications on LzLabs Software Defined Mainframe® & Microsoft Azure.” LzLabs Sites, Mar. 2021.

Manage Exponential Value Relationships

Are you ready to manage outcome-based agreements?

Analyst Perspective

Outcome-based agreements require a higher degree of mutual trust.

Exponential IT brings with it an exciting new world of cutting-edge technology and increasingly accelerated growth of business and IT. But adopting and driving change through this paradigm requires new capabilities to grow impactful and meaningful partnerships with external vendors who can help implement technologies like artificial intelligence and virtual reality. Building outcome-based partnerships involves working very closely with vendors who, in many cases, will have just as much to lose as the organizations implementing these new technologies. This requires a greater degree of trust between parties than a standard vendor relationship. It also drastically increases the risks to both organizations; as each loses some control over data and outcomes, they must trust that the other organization will follow through on commitments and obligations. Outcome-based partnerships build upon traditional vendor management practices and create the potential for organizations to embrace emerging technology in new ways. Kim Osborne Rodriguez Research Director, CIO Advisory Info-Tech Research Group

Executive Summary

Info-Tech Insight

Outcome-based partnerships require a higher degree of trust than traditional vendor relationships. Build trust by sharing risks and rewards.

Vendor relationships can be worth billions of dollars

Positive vendor relationships directly impact the bottom line, sometimes to the tune of billions of dollars annually.

• Organizations typically spend 40% to 80% of their total budget on external suppliers.
• Greater supplier trust translates directly to greater business profits, even in traditional vendor relationships.1
• Based on over a decade of data from vehicle manufacturers, greater supplier relationships nearly doubled the unit profit margin on vehicles, contributing over $20 billion to Toyota’s annual profits based on typical sales volume.2
• Having positive vendor relationships can be instrumental in times of crisis – when scarcity looms, vendors often choose to support their best customers.3,4 For example, Toyota protected itself from the losses many original equipment manufacturers (OEMs) faced in 2020 and showed improved profitability that year due to increased demand for vehicles which it was able to supply as a result of top-ranked vendor relationships.

1 PR Newswire, 2022.
2 Based on 10 years of data comparing Toyota and Nissan, every 1-point increase in the company’s Working Relations Index was correlated with a $15.77 net profit increase per unit. Impact on Toyota annual profits is based on 10.5 million units sold in 2021 and 2022.
3 Interview with Renee Stanley, University of Texas at Arlington. Conducted 17 May 2023.
4 Plante Moran, 2020.

Sources: Macrotrends, Plante Moran 2022, Nissan 2022 and 2023, and Toyota 2022. Profit per car is based on total annual profit divided by total annual sales volume.

Outcome-based relationships are a new paradigm

In a new model where organizations are procuring autonomous capabilities, outcomes will govern vendor relationships.

An outcome-based relationship requires a higher level of mutual trust than traditional vendor relationships. This requires shared reward and shared risk.

Don’t forget about traditional vendor management relationships! Not all vendor relationships can (or should) be outcome-based.

Case study

INDUSTRY: Technology

SOURCE: Press Release

Microsoft and OpenAI partner on Azure, Teams, and Microsoft Office suite

In January 2023, Microsoft announced a $10 billion investment in OpenAI, allowing OpenAI to continue scaling its flagship large language model, ChatGPT, and giving Microsoft first access to deploy OpenAI’s products in services like GitHub, Microsoft Office, and Microsoft Teams.

Shared risk

Issues with OpenAI’s platforms could have a debilitating effect on Microsoft’s own reputation – much like Google’s $100 billion stock loss following a blunder by its AI platform Bard – not to mention the financial loss if the platform does not live up to the hype.

Shared reward

This was a particularly important strategic move by Microsoft, as its main competitors develop their own AI models in a race to the top. This investment also gave OpenAI the resources to continue scaling and evolving its services much faster than it would be capable of on its own. If OpenAI’s products succeed, there is a significant upside for both companies.

Adapt your approach to vendor relationships

Both traditional vendors and exponential relationships are important.

Use Info-Tech’s research to Jump Start Your Vendor Management Initiative.

Common obstacles

Exponential relationships require new approaches to vendor management as businesses autonomize:

• Autonomization refers to the shift toward autonomous business capabilities which leverage technologies such as AI and quantum computing to operate independently of human interaction.
• The speed and complexity of technology advancement requires that businesses move quickly and confidently to develop strong relationships and deliver value.
• We are seeing businesses shift from procuring products and services to procuring autonomous business capabilities (sometimes called “as a service,” or aaS). This shift can drive exponential value but also increases complexity and risk.
• Exponential IT requires a shift in emphasis toward more mature relationship and risk management strategies, compared to traditional vendor management.

The shift from technology service agreements to business capability agreements needs a new approach

Eighty-seven percent of organizations are currently experiencing talent shortages or expect to within a few years.

Source: McKinsey, “Mind the [skills] gap”, 2021.

Sixty-three percent of IT leaders plan to implement AI in their organizations by the end of 2023.

Source: Info-Tech Research Group survey, 2022

Insight summary

Assess your readiness for exponential value relationships

Key deliverable:

Exponential Relationships Readiness Assessment

Determine your readiness to build exponential value relationships.

Measure the value of this blueprint

Save thousands of dollars by leveraging this research to assess your readiness, before you lose millions from a relationship gone bad.

Our research indicates that most organizations would take months to prepare this type of assessment without using our research. That’s over 80 person-hours spent researching and gathering data to support due diligence, for a total cost of thousands of dollars. Doesn’t your staff have better things to do?

Start by answering a few brief questions, then return to this slide at the end to see how much your answers have changed.

Use Info-Tech’s research to Exponential Relationships Readiness Assessment.

Establish a baseline

Gauge the effectiveness of this research by asking yourself the following questions before and after completing your readiness assessment:

How to use this research

Five tips to get the most out of your readiness assessment.

1. Each category consists of five competencies, with a maximum of five points each. The maximum score on this assessment is 100 points.
2. Effectiveness levels range from basic (level 1) to advanced (level 5). Level 1 is generally considered the baseline for most effectively operating organizations. If your organization is struggling with level 1 competencies, it is recommended to improve maturity in those areas before pursuing exponential relationships.
3. This assessment is qualitative; complete the assessment to the best of your ability, based on the scoring rubric provided. If you fall between levels, use the lower one in your assessment.
4. The scoring rubric may not perfectly fit the processes and practices within every organization. Consider the spirit of the description and score accordingly.
5. Other industry- and region-specific competencies may be required to succeed at exponential relationships. The competencies in this assessment are a starting point, and internal validation and assessments should be conducted to uncover additional competencies and skills.

Financial management

Manage your budget and spending to stay on track throughout your relationship.

“Most organizations underestimate the amount of time, money, and skill required to build and maintain a successful relationship with another organization. The investment in exponential relationships is exponential in itself – as are the returns.”

– Jennifer Perrier, Principal Research Director,
Info-Tech Research Group

This step involves the following participants:

• Executive leadership team, including CIO
• CFO
• Vendor management leader
• Other internal stakeholders of vendor relationships

Activities:

• Assess your ability to manage scope and budget in exponential IT relationships.

Successfully manage complex finances

Stay on track and keep your relationship running smoothly.

Why is this important?

• Finance is at the core of most business – it drives decision making, acts as a constraint for innovation and optimization, and plays a key role in assessing options (such as return on investment or payback period).
• Effectively managing finances is a critical success factor in developing strong relationships. Each organization must be able to manage their own budget and spending in order to balance the risk and reward in the relationship. Often, these risks and rewards will come in the form of profit and loss or revenue and spend.

Build it into your practice:

1. Ensure your financial decision-making practices are aligned with the organizational and relationship strategy. Do metrics and criteria reflect the organization’s goals?
2. Develop strong accounting and financial analysis practices – this includes the ability to conduct financial due diligence on potential vendors.
3. Develop consistent methodology to track and report on the desired outcomes on a regular basis.

Build your ability to manage finances

The five competencies needed to manage finances in exponential value relationships are:

Relationship management

Drive exponential value by becoming a customer of choice.

“The more complex the business environment becomes — for instance, as new technologies emerge or as innovation cycles get faster — the more such relationships make sense. And the better companies get at managing individual relationships, the more likely it is that they will become “partners of choice” and be able to build entire portfolios of practical and value-creating partnerships.”

(“Improving the management of complex business partnerships.” McKinsey, 2019)

This step involves the following participants:

• Executive leadership team, including CIO
• Vendor management leader
• Other internal stakeholders of vendor relationships

Activities:

• Assess your ability to manage relationships in exponential IT relationships.

Take your relationships to the next level

Maintaining positive relationships is key to building trust.

Why is this important?

• All relationships will experience challenges, and the ability to resolve these issues will rely heavily on the relationship management skills and soft skills of the leadership within each organization.
• Based on a 20-year study of vendor relationships in the automotive sector, business-to-business trust is a function of reasonable demands, follow-through, and information sharing.

(Source: Plante Moran, 2020)

Build it into your practice:

1. Develop the soft skills necessary to promote psychological safety, growth mindset, and strong and open communication channels.
2. Be smart about sharing information – you don’t need to share everything, but being open about relevant information will enhance trust.
3. Both parties need to work hard to develop trust necessary to build a true relationship. This will require increased access to decision-makers, clearly defined guardrails, and the ability for unsatisfied parties to leave.

Build your ability to manage relationships

The five competencies needed to manage relationships in exponential partnerships are:

Performance management

Outcomes management focuses on results, not methods.

According to Jennifer Robinson, senior editor at Gallup, “This approach focuses people and teams on a concrete result, not the process required to achieve it. Leaders define outcomes and, along with managers, set parameters and guidelines. Employees, then, have a high degree of autonomy to use their own unique talents to reach goals their own way.” (Forbes, 2023)

In the context of exponential relationships, vendors can be given a high degree of autonomy provided they meet their objectives.

This step involves the following participants:

• Executive leadership team, including CIO
• Vendor management leader
• Other internal stakeholders of vendor relationships

Activities:

• Assess your ability to manage outcomes in exponential IT relationships.

Manage outcomes to drive mutual success

Build trust by achieving shared objectives.

Why is this important?

• Relationships are based on shared risk and shared reward for all parties. In order to effectively communicate the shared rewards, you must first understand and communicate your objectives for the relationship, then measure outcomes to ensure all parties are benefiting.
• Effectively managing outcomes reduces the risk that one party will choose to leave based on a perception of benefits not being achieved. Parties may still leave the agreement, but decisions should be based on shared facts and issues should be communicated and addressed early.

Build it into your practice:

1. Clearly articulate what you hope to achieve by entering an outcome-based relationship. Each party should outline and agree to the goals, objectives, and desired outcomes from the relationship.
2. Document how rewards will be shared among parties. What type of rewards are anticipated? Who will benefit and how?
3. Develop consistent methodology to track and report on the desired outcomes on a regular basis. This might consist of a vendor scorecard or a monthly meeting.

Build your ability to manage outcomes

The five competencies needed to manage outcomes in exponential value relationships are:

Risk management

Exponential IT means exponential risk – and exponential rewards.

One of the key differentiators between traditional vendor relationships and exponential relationships is the degree to which risk is shared between parties. This is not possible in all industries, which may limit companies’ ability to participate in this type of exponential relationship.

This step involves the following participants:

• Executive leadership team, including CIO
• Vendor management leader
• Risk management leader
• Other internal stakeholders of vendor relationships

Activities:

• Assess your ability to manage risk in exponential IT relationships.

Relationships come with a lot of hidden risks

Successfully managing complex risks can be the difference between a spectacular success and company-ending failure.

Why is this important?

• Relationships inherently involve a loss of control. You are relying on another party to fulfill their part of the agreement, and you depend on the success of the outcome. Loss of control comes with significant risks.
• Sharing in risk is what differentiates an outcome-based relationship from a traditional vendor relationship; vendors must have skin in the game.
• Organizations must consider many different types of risk when considering a relationship with a vendor: fraud, security, human rights, labor relations, ESG, and operational risks. Remember that risk is not inherently bad; some risk is necessary.

Build it into your practice:

1. Build or hire the necessary risk expertise needed to properly assess and evaluate the risks of potential vendor relationships. This includes intellectual property, ESG, legal/regulatory, cybersecurity, data security, and more.
2. Develop processes and procedures which clearly communicate and report on risk on a regular basis.

Info-Tech Insight

Some highly regulated industries (such as finance) are prevented from transferring certain types of risk. In these industries, it may be much more difficult to form vendor relationships.

Don’t forget about third-party ESG risk

Customers care about ESG. You should too.

Protect yourself against third-party ESG risks by considering the environmental and social impacts of your vendors.

Third-party ESG risks can include the following:

• Environmental risk: Vendors with unsustainable practices such as carbon emissions or waste generation of natural resource depletion can negatively impact the organization’s environmental goals.
• Social risk: Unsafe or illegal labor practices, human rights violations, and supply chain management issues can reflect negatively on organizations that choose to work with vendors who engage in such practices.
• Governance risk: Vendors who engage in illegal or unethical behaviors, including bribery and corruption or data and privacy breaches can impact downstream customers.

Working with vendors that have a poor record of ESG carries a very real reputational risk for organizations who do not undertake appropriate due diligence.

A global survey of nearly 14,000 customers revealed that…

Source: EY Future Consumer Index, 2021

Seventy-seven percent of customers believe companies have a responsibility to manufacture sustainably.

Sixty-eight percent of customers believe businesses should ensure their suppliers meet high social and environmental standards.

Fifty-five percent of customers consider the environmental impact of production in their purchasing decisions.

Build your ability to manage risk

The five competencies needed to manage risk in exponential value relationships are:

Contract management

Contract management is a critical part of vendor management.

Well-managed contracts include clearly defined pricing, performance-based outcomes, clear roles and responsibilities, and appropriate remedies for failure to meet requirements. In outcome-based relationships, contracts are generally used as a secondary method of enforcing performance, with relationship management being the primary method of addressing challenges and ensuring performance.

This step involves the following participants:

• Executive leadership team, including CIO
• Vendor management leader
• Risk management leader
• Other internal stakeholders of vendor relationships

Activities:

• Assess your ability to manage risk in exponential IT relationships.

Build your ability to manage contracts

The five competencies needed to manage contracts in exponential value relationships are:

Activity 1: Assess your readiness for exponential relationships

1-3 hours

1. Gather key stakeholders from across your organization to participate in the readiness assessment exercise.
2. As a group, review the core competencies from the previous four sections and determine where your organization’s effectiveness lies for each competency. Record your responses in the Exponential Relationships Readiness Assessment tool.

Download the Exponential Relationships Readiness Assessment tool.

Understand your assessment

This step involves the following participants:

• Executive leadership team, including CIO
• Vendor management leader
• Other internal stakeholders of vendor relationships

Activities:

• Create an action plan.

Understand the results of your assessment

Consider the following recommendations based on your readiness assessment scores:

• The chart to the right shows sample results. The bars indicate the recommended scores, and the line indicates the readiness score.
• Three or more categories below the recommended scores, or any categories more than five points below the recommendation: outcome-based relationships are not recommended at this time.
• Two or more categories below the recommended scores: Proceed with caution and limit outcome-based relationships to low-risk areas. Continue to mature capabilities.
• One category below the recommended scores: Evaluate the risks and benefits before engaging in higher-risk vendor relationships. Continue to mature capabilities.
• All categories at or above the recommended scores: You have many of the core capabilities needed to succeed at exponential relationships! Continue to evaluate and refine your vendor relationships strategy, and identify any additional competencies needed based on your industry or region.

Activity 2: Create an action plan

1 hour

1. Gather the stakeholders who participated in the readiness assessment exercise.
2. As a group, review the results of the readiness assessment. Where there any surprise? Do the results reflect your understanding of the organization’s maturity?
3. Determine which areas are likely to limit the organization’s relationship capability, based on lowest scoring areas and relative importance to the organization.
4. Break out into groups and have each group identify three actions the organization could take to mature the lowest scoring areas.
5. Bring the group back together and prioritize the actions. Note who will be accountable for each next step.

Related Info-Tech Research

Jump Start Your Vendor Management Initiative
Create and implement a vendor management framework to begin obtaining measurable results in 90 days.

Elevate Your Vendor Management Initiative
Transform your VMI from tactical to strategic to maximize its impact and value

Evaluate Your Vendor Account Team to Optimize Vendor Relations
Understand the value of knowing your account team’s influence in the organization, and your influence, to drive results.

Related Info-Tech Research

Build an IT Risk Management Program
Mitigate the IT risks that could negatively impact your organization.

Build an IT Budget
Effective IT budgets are more than a spreadsheet. They tell a story.

Adopt an Exponential IT Mindset
Thrive through the next paradigm shift..

Author

Kim Osborne Rodriguez Research Director, CIO Advisory Info-Tech Research Group

Kim is a professional engineer and Registered Communications Distribution Designer (RCDD) with over a decade of experience in management and engineering consulting spanning healthcare, higher education, and commercial sectors. She has worked on some of the largest hospital construction projects in Canada, from early visioning and IT strategy through to design, specifications, and construction administration. She brings a practical and evidence-based approach, with a track record of supporting successful projects. Kim holds a Bachelor’s degree in Honours Mechatronics Engineering and an option in Management Sciences from the University of Waterloo.

Research Contributors and Experts

	Jack Hakimian Senior Vice President Info-Tech Research Group Jack has more than 25 years of technology and management consulting experience. He has served multibillion-dollar organizations in multiple industries including financial services and telecommunications. Jack also served several large public sector institutions. He is a frequent speaker and panelist at technology and innovation conferences and events and holds a Master’s degree in Computer Engineering as well as an MBA from the ESCP-EAP European School of Management.		Michael Tweedie Practice Lead, CIO Strategy Info-Tech Research Group Mike Tweedie brings over 25 years as a technology executive. He’s led several large transformation projects across core infrastructure, application and IT services as the head of Technology at ADP Canada. He was also the Head of Engineering and Service Offerings for a large French IT services firm, focused on cloud adoption and complex ERP deployment and management. Mike holds a Bachelor’s degree in Architecture from Ryerson University.
	Scott Bickley Practice Lead, VCCO Info-Tech Research Group Scott Bickley is a Practice Lead & Principal Research Director at Info-Tech Research Group, focused on Vendor Management and Contract Review. He also has experience in the areas of IT Asset Management (ITAM), Software Asset Management (SAM), and technology procurement along with a deep background in operations, engineering, and quality systems management. Scott holds a B.S. in Justice Studies from Frostburg State University. He also holds active IAITAM certification designations of CSAM and CMAM and is a Certified Scrum Master (SCM).		Donna Bales Principal Research Director Info-Tech Research Group Donna Bales is a Principal Research Director in the CIO Practice at Info-Tech Research Group, specializing in research and advisory services in IT risk, governance, and compliance. She brings over 25 years of experience in strategic consulting and product development and has a history of success in leading complex, multistakeholder industry initiatives. Donna has a bachelor’s degree in economics from the University of Western Ontario.

Research Contributors and Experts

Jennifer Perrier Principal Research Director Info-Tech Research Group Jennifer has 25 years of experience in the information technology and human resources research space, joining Info-Tech in 1998 as the first research analyst with the company. Over the years, she has served as a research analyst and research manager, as well as in a range of roles leading the development and delivery of offerings across Info-Tech’s product and service portfolio, including workshops and the launch of industry roundtables and benchmarking. She was also Research Lead for McLean & Company, the HR advisory division of Info-Tech, during its start-up years. Jennifer’s research expertise spans the areas of IT strategic planning, governance, policy and process management, people management, leadership, organizational change management, performance benchmarking, and cross-industry IT comparative analysis. She has produced and overseen the development of hundreds of publications across the full breadth of both the IT and HR domains in multiple industries. In 2022, Jennifer joined Info-Tech’s IT Financial Management Practice with a focus on developing financial transparency to foster meaningful dialogue between IT and its stakeholders and drive better technology investment decisions.

Phil Bode Principal Research Director Info-Tech Research Group Phil has 30+ years of experience with IT procurement-related topics: contract drafting and review, negotiations, RFXs, procurement processes, and vendor management. Phil has been a frequent speaker at conferences, a contributor to magazine articles in CIO Magazine and ComputerWorld, and quoted in many other magazines. He is a co-author of the book The Art of Creating a Quality RFP. Phil has a Bachelor of Science in Business Administration with a double major of Finance and Entrepreneurship and a Bachelor of Science in Business Administration with a major of Accounting, both from the University of Arizona.

Research Contributors

Erin Morgan Assistant Vice President, IT Administration University of Texas at Arlington

Renee Stanley Assistant Director IT Procurement and Vendor Management University of Texas at Arlington

Note: Additional contributors did not wish to be identified.

Bibliography

Andrea, Dave. “Plante Moran’s 2022 Working Relations Index® (WRI) Study shows supplier relations can improve amid industry crisis.” Plante Moran, 25 Aug 2022. Accessed 18 May 2023.
Andrea, Dave. “Trust between suppliers and OEMs can better prepare you for the next crisis.” Plante Moran, 9 Sept 2020. Accessed 17 May 2023.
Cleary, Shannon, and Carolan McLarney. “Organizational Benefits of an Effective Vendor Management Strategy.” IUP Journal of Supply Chain Management, Vol. 16, Issue 4, Dec 2019.
De Backer, Ruth, and Eileen Kelly Rinaudo. “Improving the management of complex business partnerships.” McKinsey, 21 March 2019. Accessed 9 May 2023 .
Dennean, Kevin et al. “Let's chat about ChatGPT.” UBS, 22 Feb 2023. Accessed 26 May 2023.
F&I Tools. “Nissan Worldwide Vehicle Sales Report.” Factory Warranty List, 2022. Accessed 18 May 2023.
Gomez, Robin. “Adopting ChatGPT and Generative AI in Retail Customer Service.” Radial, 235, April 2023. Accessed 10 May 2023.
Harms, Thomas and Kristina Rogers. “How collaboration can drive value for you, your partners and the planet.” EY, 26 Oct 2021. Accessed 10 May 2023.
Hedge & Co. “Toyota, Honda finish 1-2; General Motors finishes at 3rd in annual Supplier Working Relations Study.” PR Newswire, 23 May 2022. Accessed 17 May 2023.
Henke Jr, John W., and T. Thomas. "Lost supplier trust, lost profits." Supply Chain Management Review, May 2014. Accessed 17 May 2023.
Information Services Group, Inc. “Global Demand for IT and Business Services Continues Upward Surge in Q2, ISG Index™ Finds.” BusinessWire, 7 July 2021. Accessed 8 May 2023.
Kasanoff, Bruce. “New Study Reveals Costs Of Bad Supplier Relationships.” Forbes, 6 Aug 2014. Accessed 17 May 2023.
Macrotrends. “Nissan Motor Gross Profit 2010-2022.” Macrotrends. Accessed 18 May 2023.
Macrotrends. “Toyota Gross Profit 2010-2022.” Macrotrends. Accessed 18 May 2023.
McKinsey. “Mind the [skills] gap.” McKinsey, 27 Jan 2021. Accessed 18 May 2023.
Morgan, Blake. “7 Examples of How Digital Transformation Impacted Business Performance.” Forbes, 21 Jul 2019. Accessed 10 May 2023.
Nissan Motor Corporation. “Nissan reports strong financial results for fiscal year 2022.” Nissan Global Newsroom, 11 May 2023. Accessed 18 May 2023.

Bibliography

“OpenAI and Microsoft extend partnership.” Open AI, 23 Jan 2023. Accessed 26 May 2023.
Pearson, Bryan. “The Apple Of Its Aisles: How Best Buy Lured One Of The Biggest Brands.“ Forbes, 23 Apr 2015. Accessed 23 May 2023.
Perifanis, Nikolaos-Alexandros and Fotis Kitsios. “Investigating the Influence of Artificial Intelligence on Business Value in the Digital Era of Strategy: A Literature Review.” Information, 2 Feb 2023. Accessed 10 May 2023.
Scott, Tim and Nathan Spitse. “Third-party risk is becoming a first priority challenge.” Deloitte. Accessed 18 May 2023.
Stanley, Renee. Interview by Kim Osborne Rodriguez, 17 May 2023.
Statista. “Toyota's retail vehicle sales from 2017 to 2021.” Statista, 27 Jul 2022. Accessed 18 May 2023.
Tlili, Ahmed, et al. “What if the devil is my guardian angel: ChatGPT as a case study of using chatbots in education.” Smart Learning Environments, 22 Feb 2023. Accessed 9 May 2023.
Vitasek, Kate. “Outcome-Based Management: What It Is, Why It Matters And How To Make It Happen.” Forbes, 12 Jan 2023. Accessed 9 May 2023.

Secure IT/OT Convergence

Create a holistic IT/OT security culture.

Analyst Perspective

Are you ready for secure IT/OT convergence?

IT/OT convergence is less of a convergence and more of a migration. The previously entirely separate OT ecosystem is migrating into the IT ecosystem, primarily to improve access via connectivity and to leverage other standard IT capabilities for economic benefit.

In the past, OT systems were engineered to be air gapped, relying on physical protection and with little or no security in design, (e.g. OT protocols without confidentiality properties). However, now, OT has become dependent on the IT capabilities of the organization, thus OT inherits IT’s security issues, that is, OT is becoming more vulnerable to attack from outside the system. IT/OT convergence is complex because the culture, policies, and rules of IT are quite foreign to OT processes such as change management, and the culture, policies, and rules of OT are likewise foreign to IT processes.

A secure IT/OT convergence can be conceived of as a negotiation of a strong treaty between two systems: IT and OT. The essential initial step is to begin with communication between IT and OT, followed by necessary components such as governing and managing OT security priorities and accountabilities, converging security controls between IT and OT environments, assuring compliance with regulations and standards, and establishing metrics for OT security.

Ida Siahaan Research Director, Security and Privacy Practice Info-Tech Research Group

Executive Summary

Info-Tech Insight

Returning to isolated OT is not beneficial for the organization, so IT and OT need to learn to collaborate, starting with communication to build trust and to overcome their differences. Next, negotiation is needed on components such as governance and management, security controls on OT environments, compliance with regulations and standards, and establishing metrics for OT security.

Consequences of unsecure IT/OT convergence

OT systems were built with no or little security design 90% of organizations that use OT experienced a security incident. (Fortinet, 2021. Ponemon, 2019.)

(Source: Fortinet, 2021.)

Lack of visibility 86% of OT security-related service engagements lack complete visibility of OT network in 2021 (90% in 2020, 81% in 2019). (Source: “Cybersecurity Year In Review” Dragos, 2022.)

The need for secure IT/OT convergence

Important Industrial Control System (ICS) cyber incidents

2000 Target: Australian sewage plant. Method: Insider attack. Impact: 265,000 gallons of untreated sewage released.	2012 Target: Middle East energy companies. Method: Shamoon. Impact: Overwritten Windows-based systems files.	2014 Target: German Steel Mill. Method: Spear-phishing. Impact: Blast furnace failed to shut down.	2017 Target: Middle East safety instrumented system (SIS). Method: TRISIS/TRITON. Impact: Modified SIS ladder logic.	2022 Target: Viasat’s KA-SAT network. Method: AcidRain. Impact: Significant loss of communication for the Ukrainian military, which relied on Viasat’s services.
1903 Target: Marconi wireless telegraph presentation. Method: Morse code. Impact: Fake message sent “Rats, rats, rats, rats. There was a young fellow of Italy, Who diddled the public quite prettily.”	2010 Target: Iranian uranium enrichment plant. Method: Stuxnet. Impact: Compromised programmable logic controllers (PLCs).	2013 Target: ICS supply chain. Method: Havex. Impact: Remote Access Trojan (RAT) collected information and uploaded data to command-and-control (C&C) servers	2016 Target: Ukrainian power grid. Method: BlackEnergy. Impact: For 1-6 hours, power outages for 230,000 consumers.	2021 Target: Colonial Pipeline. Method: DarkSide ransomware. Impact: Compromised billing infrastructure halted the pipeline operation.

(Source: US Department of Energy, 2018.

”Significant Cyber Incidents,” CSIS, 2022

MIT Technology Review, 2022.)

Info-Tech Insight

Most OT incidents start with attacks against IT networks and then move laterally into the OT environment. Therefore, converging IT and OT security will help protect the entire organization.

The Secure IT/OT Convergence Framework

Phases Plan Enhance Monitor & Optimize

Plan Outcomes Mapping business goals to IT/OT security goals RACI chart for priorities and accountabilities Compliance obligations register Readiness checklist Enhance Outcomes Security strategy for IT/OT convergence Risk management framework Security policies & procedures IR, DR, BCP Monitor & Optimize Outcomes Security awareness and training Security architecture and controls

Plan Benefits Improved flexibility and less divided IT/OT Improved compliance Enhance Benefits Increased strategic common goals Increased efficiency and versatility Monitor & Optimize Benefits Enhanced security Reduced costs

Plan

Initiate communication

Map organizational goals to IT/OT security goals

Input: Corporate, IT, and OT strategies

Output: Your goals for the security strategy

Materials: Secure IT/OT Convergence Requirements Gathering Tool

Participants: Executive leadership, OT leader, IT leader, Security leader, Compliance, Legal, Risk management

1. As a group, brainstorm organization goals.
   1. Review relevant corporate, IT, and OT strategies.
2. Record the most important business goals in the Secure IT/OT Convergence Requirements Gathering Tool. Try to limit the number of business goals to no more than 10 goals. This limitation will be critical to helping focus on your secure IT/OT convergence.
3. For each goal, identify one to two security alignment goals. These should be objectives for the security strategy that will support the identified organization goals.

Download the Secure IT/OT Convergence Requirements Gathering Tool

Record organizational goals

Refer to the Secure IT/OT Convergence Framework when filling in the following elements.

1. Record your identified organization goals in the Goals Cascade tab of the Secure IT/OT Convergence Requirements Gathering Tool.
2. For each of your organizational goals, identify IT alignment goals.
3. For each of your organizational goals, identify OT alignment goals.
4. For each of your organizational goals, select one to two IT/OT security alignment goals from the drop-down lists.

Establish scope and boundaries

It is important to know at the outset of the strategy: What are we trying to secure in IT/OT convergence ?
This includes physical areas we are responsible for, types of data we care about, and departments or IT/OT systems we are responsible for.

Record scope and boundaries

Refer to the Secure IT/OT Convergence Framework when filling in the following elements: Record your security-related organizational scope, physical location scope, IT systems scope, and OT systems scope in the Scope tab of the Secure IT/OT Convergence Requirements Gathering Tool. For each item scoped, give the rationale for including it in the comments column. Careful attention should be paid to any elements that are not in scope.

Plan

Define roles and responsibilities

Input: List of relevant stakeholders

Output: Roles and responsibilities for the secure IT/OT convergence program

Materials: Secure IT/OT Convergence RACI Chart Tool

Participants: Executive leadership, OT leader, IT leader, Security leader

There are many factors that impact an organization’s level of effectiveness as it relates to IT/OT convergence. How the two groups interact, what skill sets exist, the level of clarity around roles and responsibilities, and the degree of executive support and alignment are only a few. Thus, it is imperative in the planning phase to identify stakeholders who are:

• Responsible: The people who do the work to accomplish the activity; they have been tasked with completing the activity and/or getting a decision made.
• Accountable: The person who is accountable for the completion of the activity. Ideally, this is a single person and will often be an executive or program sponsor.
• Consulted: The people who provide information. This is usually several people, typically called subject matter experts (SMEs).
• Informed: The people who are updated on progress. These are resources that are affected by the outcome of the activities and need to be kept up to date.

Download the Secure IT/OT Convergence RACI Chart Tool

Define RACI Chart

Plan

Establish governance and build cross-functional team

To establish governance and build an IT/OT cross-functional team, it is important to understand the operation of OT systems and their interactions with IT within the organization, e.g. ad hoc, centralized, decentralized.

Info-Tech Insight

To determine IT/OT convergence maturity level, Info-Tech provides the IT/OT Convergence Self-Evaluation Tool.

Centralized security governance model example

Plan

Identify convergence elements and compliance obligations

Identify compliance obligations

Source: ENISA, 2013 DHS, 2009.

OT system has compliance obligations with industry regulations and security standards/regulations/guidelines. See the lists given. The lists are not exhaustive. OT system owner can use the standards/regulations/guidelines as a benchmark to determine and manage the security level provided by third parties. It is important to understand the various frameworks and to adhere to the appropriate compliance obligations, e.g. IEC/ISA 62443 - Security for Industrial Automation and Control Systems Series.

IEC/ISA 62443 - Security for Industrial Automation and Control Systems Series

(Source: Cooksley, 2021)

IEC/ISA 62443 is a comprehensive international series of standards covering security for ICS systems, which recognizes three roles, namely: asset owner, system integrator, and product manufacturer. In IEC/ISA 62443, requirements flow from the asset owner to the product manufacturer, while solutions flow in the opposite direction. For the asset owner who owns and operates a system, IEC 62443-2 enables defining target security level with reference to a threat level and using the standard as a benchmark to determine the current security level. For the system integrator, IEC 62443-3 assists to evaluate the asset owner’s requirements to create a system design. IEC 62443-3 also provides a method for verification that components provided by the product manufacturer are securely developed and support the functionality required.

Record your compliance obligations

Refer to the “Goals Cascade” tab of the Secure IT/OT Convergence Requirements Gathering Tool. Identify your compliance obligations. Most organizations have compliance obligations that must be adhered to. These can include both mandatory and voluntary obligations. Mandatory obligations include: Laws Government regulations Industry standards Contractual agreements Voluntary obligations include standards that the organization has chosen to follow for best practices and any obligations that are required to maintain certifications. Organizations will have many different compliance obligations. For the purposes of your secure IT/OT convergence, include only those that have OT security requirements. Record your compliance obligations, along with any notes, in your copy of the Secure IT/OT Convergence Requirements Gathering Tool. Refer to the “Compliance DB” tab for lists of standards/regulations/guidelines.

Plan

Assess readiness

Readiness checklist for secure IT/OT convergence

(Source: “Grid Modernization: Optimize Opportunities And Minimize Risks,” Info-Tech)

Enhance

Update security strategy

To update security strategy, it is important to actively encourage visible sponsorship across management and to provide regular updates.

(Source: NIST SP 800-82 Rev.3, “Guide to Operational Technology (OT) Security,” NIST, 2022.)

OT system life cycle is like the IT system life cycle, starting with architectural design and ending with decommissioning. Currently, IT only gets involved from installation or maintenance, so they may not fully understand the OT system. Therefore, if OT security is compromised, the same personnel who commissioned the OT system (e.g. engineering, electrical, and maintenance specialists) must be involved. Thus, it is important to have the IT team collaborate with the OT team in each stage of the OT system’s life cycle. Finally, it is necessary to have propositional sharing of responsibilities between IT leaders, security leaders, and OT leaders who have broader responsibilities.

Enhance

Update risk management framework

The need for asset and threat taxonomy

One of issues in IT/OT convergence is that OT systems focus on production, so IT solutions like security patching or updates may deteriorate a machine or take a machine offline and may not be applicable. For example, some facilities run with reliability of 99.999%, which only allows maximum of 5 minutes and 35 seconds or less of downtime per year. Managing risks requires an understanding of the assets and threats for IT/OT systems. Having a taxonomy of the assets and the threats cand help. Applying normal IT solutions to mitigate security risks may not be applicable in an OT environment, e.g. running an antivirus tool on OT system may remove essential OT operations files. Thus, this approach must be avoided; instead, systems must be rebuilt from golden images.

(Source: ENISA, 2018.)

Enhance

Update security policies and procedures

Policy hierarchy example

This example of a policy hierarchy features templates from Info-Tech’s Develop and Deploy Security Policies and Identify the Best Framework for Your Security Policies research.

Enhance

Update IR, DR, and BCP

A proactive approach to security is important, so actions such as updating and testing the incident response plan for OT are a must. (“Cybersecurity Year In Review” Dragos, 2022.)

1. Customize organizational chart for IT/OT IR, DR, BCP based on governance and management model.
   E.g. ad hoc, internal distributed, internal centralized, combined distributed, and decentralized. (Software Engineering Institute, 2003)
2. Adjust the authority of the new organizational chart and decide if it requires additional staffing.
   E.g. full authority, shared authority. (Software Engineering Institute, 2003)
3. Update IR plan, DR plan, and BCP for IT/OT convergence.
   E.g. incorporate zero trust principles for converge network
4. Testing updated IR plan, DR plan, and BCP.

Optimize

Implement awareness, induction, and cross-training

Awareness may not correspond to readiness

Certifications

One of issues in certification is the complexity on relevancy in topics with respect to roles and levels. An example solution is the European Union Agency for Cybersecurity (ENISA)’s approach to analyzing existing certifications by orientation, scope, and supporting bodies, grouped into specific certifications, relevant certifications, and safety certifications. Specific cybersecurity certification of ICS/SCADA Example: ISA-99/IEC 62443 Cybersecurity Certificate Program, GIAC Global Industrial Cyber Security Professional (GICSP), Certified SCADA Security Architect (CSSA), EC-Council ICS/SCADA Cybersecurity Training Course. Other relevant certification schemes Example: Network and Information Security (NIS) Driving License, ISA Certified Automation Professional (CAP), Industrial Security Professional Certification (NCMS-ISP). Safety Certifications Example: Board of Certified Safety Professionals (BCSP), European Network of Safety and Health Professional Organisations (ENSHPO).

(Source: ENISA, 2015.)

Optimize

Design and deploy converging security architecture and controls

IT/OT convergence architecture can be modeled as a layered structure based on security. In this structure, the bottom layer is referred as “OT High-Security Zone” and the topmost layer is “IT Low-Security Zone.” In this model, each layer has its own set of controls configured and acts like an additional layer of security for the zone underneath it. The data flows from the “OT High-Security Zone” to the topmost layer, the “IT Low-Security Zone,” and the traffic must be verified to pass to another zone based on the need-to-know principle. In the normal control flow within the “OT High-Security Zone” from level 3 to level 0, the traffic must be verified to pass to another level based on the principle of least privilege. Remote access (dotted arrow) is allowed under strict access control and change control based on the zero-trust principle with clear segmentation and a point for disconnection between the “OT High-Security Zone” and the “OT Low-Security Zone” This model simplifies the security process, as if the lower layers have been compromised, then the compromise can be confined on that layer, and it also prevents lateral movement as access is always verified.

(Source: “Purdue Enterprise Reference Architecture (PERA) model,” ISA-99.)

Off-the-shelf solutions

Getting the right recipe: What criteria to consider?

Visibility and Asset Management Passive data monitoring using various protocol layers, active queries to devices, or parsing configuration files of OT, IoT, and IT environments on assets, processes, and connectivity paths. Threat Detection, Mitigation, and Response (+ Hunting) Automation of threat analysis (signature-based, specification-based, anomaly-based, sandboxing) not only in IT but also in relevant environments, e.g. IoT, IIoT, and OT on assets, data, network, and orchestration with threat intelligence sharing and analytics. Risk Assessment and Vulnerability Management Risk scoring approach (qualitative, quantitative) based on variables such as behavioral patterns and geolocation. Patching and vulnerability management. Usability, Architecture, Cost The user and administrative experience, multiple deployment options and extensive integration capabilities, and affordability.

Optimize

Establish and monitor IT/OT security metrics for effectiveness and efficiency

Further information

Related Info-Tech Research

Build an Information Security Strategy Info-Tech has developed a highly effective approach to building an information security strategy – an approach that has been successfully tested and refined for over seven years with hundreds of organizations. This unique approach includes tools for ensuring alignment with business objectives, assessing organizational risk and stakeholder expectations, enabling a comprehensive current-state assessment, prioritizing initiatives, and building a security roadmap.

Preparing for Technology Convergence in Manufacturing Information technology (IT) and operational technology (OT) teams have a long history of misalignment and poor communication. Stakeholder expectations and technology convergence create the need to leave the past behind and build a culture of collaboration.

Implement a Security Governance and Management Program Your security governance and management program needs to be aligned with business goals to be effective. This approach also helps provide a starting point to develop a realistic governance and management program. This project will guide you through the process of implementing and monitoring a security governance and management program that prioritizes security while keeping costs to a minimum.

Bibliography

Bibliography

Research Contributors and Experts

Jeff Campbell Manager, Technology Shared Services Horizon Power, AU Jeff Campbell has more than 20 years' experience in information security, having worked in both private and government organizations in education, finance, and utilities sectors. Having focused on developing and implementing information security programs and controls, Jeff is tasked with enabling Horizon Power to capitalize on IoT opportunities while maintaining the core security basics of confidentiality, integrity and availability. As Horizon Power leads the energy transition and moves to become a digital utility, Jeff ensures the security architecture that supports these services provides safer and more reliable automation infrastructures.

Christopher Harrington Chief Technology Officer (CTO) Carolinas Telco Federal Credit Union Frank DePaola Vice President, Chief Information Security Officer (CISO) Enpro Kwasi Boakye-Boateng Cybersecurity Researcher Canadian Institute for Cybersecurity

Define Your Virtual and Hybrid Event Requirements

Accelerate your event scoping and software selection process.

Analyst Perspective

When events go virtual, IT needs to cover its bases.

The COVID-19 pandemic imposed a dramatic digital transformation on the events industry. Though event ticket and registration software, mobile event apps, and onsite audio/visual technology were already important pieces of live events, the total transformation of events into online experiences presented major challenges to organizations whose regular business operations involve at least one annual mid-sized to large event (association meetings, conferences, trade shows, and more).

Many organizations worked to shift to online, or virtual events, in order to maintain business continuity. As time went on, and public gatherings began to restart, a shift to “hybrid” events began to emerge—events that accommodate both in-person and virtual attendance. Regardless of event type, this pivot to using virtual event software, or digital event technology, brings events more closely into IT’s areas of responsibility. If you don't begin with strategy, you risk fitting your event to technology, instead of the other way around.

If virtual and hybrid events are becoming standard forms of delivering content in your organization, use Info-Tech’s material to help define the scope of the event and your requirements, and to support your software selection process.

Emily Sugerman
Research Analyst, Infrastructure & Operations
Info-Tech Research Group

Executive Summary

Info-Tech Insight

If you don't begin with strategy, you will fit your event to technology, instead of the other way around.

Your challenge

The solution you have been using for online events does not meet your needs.

Though you do have some tools that support large meetings, it is not clear if you require a larger and more comprehensive virtual event solution. There is a need to determine what type of technology you might need to purchase versus leveraging what you already have.

It is difficult to quickly and practically identify core event requirements and how they translate into technical capabilities.

Maintaining or improving audience engagement is a perpetual challenge for virtual events.

Source: Virtual Event Tech Guide, 2022

Common obstacles

These barriers make this challenge difficult to address for many organizations.

Events with networking objectives are not always well served by webinars, which are traditionally more limited in their interactive elements.

Events that include the conducting of organizational/association business (like voting) may have bylaws that make selecting a virtual solution more challenging.

Maintaining attendee engagement is more challenging in a virtual environment.

Prior to the pandemic, your organization may not have been as experienced in putting on fully virtual events, putting more responsibility in your corner as IT. Navigating virtual events can also require technological competencies that your attendee userbase may not universally possess.

Technological limitations and barriers to access can exclude potential attendees just as much as bringing events online can open up attendance to new audiences.

Opportunity: Virtual events can significantly increase an event’s reach

Events held virtually during the pandemic noted significant increases in attendees.

“We had 19,000 registrations from all over the world, almost 50 times the number of people we had expected to host in Amsterdam. . . . Most of this year’s [2020] attendees would not have been able to participate in a physical GrafanaCon in Amsterdam. That was a huge win.” – Raj Dutt, Grafana Labs CEO[5]

[1] Kelly, 2020; [2] Price, 2020; [3] Stanford Digital Economy Lab, 2022; [4] Warren, 2022; [5] Fast Company, 2020

Info-Tech’s methodology for defining virtual/hybrid event requirements

Event planning phases

Apply project management principles to your virtual/hybrid event planning process.

Online event planning should follow the same established principles as in-person event planning.
Align the event’s concept and objectives with organizational goals.

Source: Adapted from Event Management Body of Knowledge, CC BY 4.0

Gather inputs to the planning processes

Acquire as much of this information as possible before you being the planning process.

Budget: Determine your organization’s budget for this event to help decide the scope of the event and the purchasing decisions you make as you plan.

Internal human resources: Identify who in your organization is usually involved in the organization of this event and if they are available to organize this one.

List of communication and collaboration tools: Acquire the list of the existing communication and collaboration tools you are currently licensed for. Ensure you know the following information about each tool:

• Type of license
• License limitations (maximum number of users)
• Internal or external-facing tool (or capable of both)
• Level of internal training and competency on the tool

Decision point: Relate event goals to organizational goals

What is driving the event?

Your organization may hold a variety of in-person events that you now wish, for various reasons, to hold fully or partially online. Each event likely has a slightly different set of goals.

Before getting into the details of how to transition your event online, return to the business/organizational goals the event is serving.

Ensure each event (and each component of each event) maps back to an organizational goal.

If a component of the event does not align to an organizational goal, assess whether it should remain as part of the event.

Common organizational goals

• Increase revenue
• Increase productivity
• Attract and retain talent
• Improve change management
• Carry out organizational mission
• Identify new markets
• Increase market share
• Improve customer service
• Launch new product/service

Common event goals

• Education/training
• Knowledge transfer
• Decision making
• Professional development
• Sales/lead generation
• Fundraising
• Entertainment
• Morale boosting
• Recognition of achievement

Decision point: Identify your organization’s digital event vision

What do you want the outcome of this event to be?

Attendee goals: Who are your attendees? Why do they attend this event? What attendee needs does your event serve? What is your event’s value proposition? Are they intrinsically or extrinsically motivated to attend?

Event goals: From the organizer perspective, why do you usually hold this event? Who are your stakeholders?

Organizational goals: How do the event goals map to your organizational goals? Is there a clear understanding of what the event’s larger strategic purpose is.

Common attendee goals

Education: our attendees need to learn something new that they cannot learn on their own.
Networking: our attendees need to meet people and make new professional connections.
Professional development: our attendees have certain obligations to keep credentials updated or to present their work publicly to advance their careers.
Entertainment: our attendees need to have fun.
Commerce: our attendees need to buy and sell things.

Decision point: Level of external event production

Will you be completely self-managed, reliant on external event production services, or somewhere in the middle?

You can review this after working through the other decision points and the scope becomes clearer.

Decision point: Assign event planning roles

Who will be involved in planning the event? Fill/combine these roles as needed.

Decision point: Assign event production roles

Who will be involved in running the event?

Decision point: Map attendee goals to event goals to organizational goals

Input: List of attendee benefits, List of event goals, List of organizational goals
Output: Ranked list of event goals as they relate to attendee needs and organizational goals
Materials: Whiteboard/flip charts
Participants: Planning team

1. Define attendee benefits:
   1. List the attendee benefits derived from your event (as many as possible).
   2. Rank attendee benefits from most to least important.
2. Define event goals:
   1. List your event goals (as many as possible).
   2. Draw a connecting line to your ranked list of attendee benefits.
   3. Identify if any event goals exist with no clear relationship to attendee benefits. Discuss whether this event goal needs to be re-envisioned. If it connects to no discernible attendee benefits, consider removing it. Otherwise, figure out what attendee benefits the event goal provides.
3. Define organizational goals:
   1. Acquire a list of your organization’s main strategic goals.
   2. Draw a connecting line from each event goal to the organizational goal it supports.
   3. If most of your event goals do not immediately seem to support an organizational goal, discuss why this is. Try to find the connection. If you cannot, discuss whether the event should proceed or be rethought.

Decision point: Break down your event into its constituent components

Identify your event archetype

Decompose the event into its component parts

Identify technical requirements that help meet event goals

Benefits:

• Clarify how formerly in-person events map to virtual archetypes.
• Ensure your virtual event planning is anchored to organizational goals from the outset.
• Streamline your virtual event tech stack planning later.

Decision point: Determine your event archetype

Analyze your event’s:

• Main goals.
• The components and activities that support those goals.
• How these components and activities fall into people- vs. content-centric activities, and real-time vs. asynchronous activities.

1. Conference
2. Trade show
3. Annual general meeting
4. Department meeting
5. Town hall
6. Workshop

Info-Tech Insight

Begin the digital event planning process by understanding how your event’s content is typically consumed. This will help you make decisions later about how best to deliver the content virtually.

Conference

Goals: Education/knowledge transfer; professional advancement; networking.

Major content

• Call for proposals/circulation of abstracts
• Keynotes or plenary address: key talk addressed to large audience
• Panel sessions: multiple panelists deliver address on common theme
• Poster sessions: staffed/unstaffed booths demonstrate visualization of major research on a poster
• Association meetings (see also AGM archetype): professional associations hold AGM as one part of a larger conference agenda

Community

• Formal networking (happy hours, social outings)
• Informal networking (hallway track, peer introductions)
• Business card exchange
• Pre- and post-event correspondence

Commercial Partners

• Booth reps: Publishing or industry representatives exhibit products/discuss collaboration

Trade show

Objectives: Information transfer; sales; lead generation.

Major content

• Live booth reps answer questions
• Product information displayed
• Promotional/information material distributed
• Product demonstrations at booths or onstage
• Product samples distributed to attendees

Community interactions

• Statements of intent to buy
• Lead generation (badge scanning) of booth visitors
• Business card exchange
• Pre- and post-event correspondence

Annual general meeting

Objectives: Transparently update members; establish governance and alignment.

Meeting events

• Updates provided to members on organization’s activities/finances
• Decisions made regarding organization’s direction
• Governance over organization established (elections)
• Speakers addressing large audience from stage
• In-camera sessions
• Translation of proceedings
• Real-time weighted voting
• Minutes taken during meeting

Administration

• Notice given of meeting within mandated time period
• Agenda circulated prior to meeting
• Distribution of proxy material
• Minutes distributed

Department meeting

Objectives: Information transfer of company agenda/initiatives; group decision making.

Major content

• Agenda circulated prior to meeting
• Updates provided from senior management/leadership to employees on organization’s initiatives and direction
• Employee questions and feedback addressed
• Group decision making
• Minutes taken during meeting
• Minutes or follow-up circulated

Town hall meeting

Objectives: Update public; answer questions; solicit feedback.

Major content

• Public notice of meeting announced
• Agenda circulated prior to meeting
• Speakers addressing large audience from stage
• Presentation of information pertinent to public interest
• Audience members line up to ask questions/provide feedback
• Translation of proceedings
• Recording of meeting archived

Workshop

Objectives: Make progress on objective; achieve consensus; knowledge transfer.

Major content

• Scheduling of workshop
• Agenda circulated prior to meeting
• Facilitator leads group activities
• Participants develop alignment on project
• Progress achieved on workshop project
• Feedback on workshop shared with facilitator

Decision point: Analyze your event’s purpose and value

Use the event archetypes to help you identify your event’s core components and value proposition.

1. Attendee types: Who typically attends your event? Exclusively internal participants? External participants? A mix of the two?
2. Communication: How do participants usually communicate with each other during this event? How do they communicate with the event organizers? Include both formal types of communication (listening to panel sessions) and informal (serendipitous conversations in the hallway).
3. Connection: What types of connections do your attendees need to experience? (networking with peers; interactions with booth reps; consensus building with colleagues).
4. Exchange of material: What kind of material is usually exchanged at this event and between whom? (Pamphlets, brochures, business cards, booth swag).
5. Engagement: How do you usually retain attendees' attention and make sure they remain engaged throughout the event?
6. Length: How long does the event typically last?
7. Location and setup: Where does the event usually take place and who is involved in its setup?
8. Success metrics: How do you usually measure your event's success?

Info-Tech Insight

Avoid trying to exactly reproduce the formerly in-person event online. Instead, identify the value proposition of each event component, then determine what its virtual expression could be.

Example: Trade show

Goals: Information transfer; sales; lead generation.

1. Identify event component(s)
2. Document its face-to-face expression(s)
3. Identify the expression’s value proposition
4. Translate the value proposition to a virtual component that facilitates overall event goal

Plan your metrics

Use the analytics and reporting features available in your event technology toolset to capture the data you want to measure. Decide how each metric will impact your planning process for the next event.

Examples of metrics:

• Number of overall participants/registrants: Did you have more or fewer registrants/attendees than previous iterations of the event? What is the difference between number of registrants and number of real attendees?
• Locations of participants: Where are people participating from? How many are attending for the first time? Are there new audiences you can pursue next time?
• Most/least popular sessions: How long did people stay in the sessions and the event overall?
• Most/least popular breakout rooms and discussion boards: Which topics should be repeated/skipped next time?
• Social media mentions: Which topics received the most engagement on social media?
• Surveys: What do participants report enjoying most? Least?
• Technical failures: Can your software report on failures? Identify what technical problems arose and prepare a plan to mitigate them next time.

Ensure the data you capture feeds into better planning for the next event

Determine compliance requirements

A greater event reach also means new data privacy considerations, depending on the location of your guests.

General Data Protection Regulation (GDPR)

Concerns over the collection of personal electronic data may not have previously been a part of your event planning considerations. However, now that your event is online, it’s wise to explore which data protection regulations apply to you. Remember, even if your organization is not located in the EU, if any of your attendees are European data subjects you may still be required to comply with GDPR, which involves the notification of data collected, allowing for opt-out options and the right to have data purged. The data must be collected for a specific purpose; if that purpose is expired, it can no longer be retained. You also have an obligation to report any breaches.

Accessibility requirements

What kind of accessibility laws are you subject to (AODA, WCAG2)? Regardless of compliance requirements, it is a good idea to ensure the online event follows accessibility best practices.

Decision point: Set event policies

What event policies need to be documented?
How will you communicate them to attendees?

Code of conduct

One trend in the large event and conference space in recent years has been the development of codes of conduct that attendees are required to abide by to continue participating in the event.
Now that your event is online, consider whether your code of conduct requires updating. Are there new types of appropriate/inappropriate online behavior that you need to define for your attendees?

Harassment reporting

If your organization has an event harassment reporting process, determine how this process will transfer over to the digital event.
Ensure the reporting process has an owner and a clear methodology to follow to deal with complaints, as well as a digital reporting channel (a dedicated email or form) that is only accessed by approved staff to protect sensitive information.

Develop a risk management plan

Plan for how you will mitigate technical risks during your virtual event
Provide presenters with a process to follow if technical problems arise.

• Presenter’s internet connection cuts out
• Attendees cannot log in to event platform
• Attendees cannot hear/see video feed
• What process will be followed when technical problems occur: ticketing system; chatbot; generic email accessible by all IT support assigned

Testing/Rehearsal

Test audio hardware: Ensure speakers use headphones/earbuds and mics (they do not have to be fancy/expensive). Relying on the computer/laptop mic can lead to more ambient noise and potential feedback problems.

Check lighting: Avoid backlighting. Reposition speakers so they are not behind windows. Ask them to open/close shades. Add lamps as needed.

Prevent interruptions: Before the event, ask panelists to turn phone and computer notifications to silent. Put a sign on the door saying Do not Disturb.

Control audience view of screenshare: If your presenters will be sharing their screens, teach them how this works on the platform they are using. Advise them to exit out of any other application that is not part of their presentation, so they do not share the wrong screen unintentionally. Advise them to remove anything from the desktop that they do not want the audience to see, in case their desktop becomes visible at any point.

Control audience view of physical environment: Before the event, advise participants to turn their cameras on and examine their backgrounds. Remove anything the audience should not be able to see.

Test network connectivity: Send the presenters a link to a speed test and check their internet speed.

Emergency contact: Exchange cell phone numbers for emergency backchannel conversations if problems arise on the day of the event.

Set expectations: Presenting to an online audience feels very different to a live crowd. Prepare presenters for a lack of applause and lack of ability to see their audience, and that this does not mean the presentation was unsuccessful.

Identify requirements

To determine what kind of technical requirements you need to build the virtual expression of your event, consult the Virtual Event Platform Requirements Tool.

1. If you have determined that the requirements you wish to use for the event exceed the capabilities of your existing communication and collaboration toolset, identify whether these gaps tip the scale toward purchasing a new tool. Use the requirement gaps to make the business case for purchasing a new tool.
2. Use the Virtual Event Platform Requirements Tool to create a list of requirements.
3. Consult the Software Reviews category for Virtual Event Platform Data Quadrant and Emotional Footprint reports.
4. Assemble your documentation for approvals and the Rapid Application Selection Process.

Download the Virtual/Hybrid Event Software Feature Analysis Tool

Rapid Application Selection Framework and Contract Review

Launch Info-Tech’s Rapid Application Selection Framework.

Using the requirements you’ve just gathered as a base, use Info-Tech’s complete framework to improve the efficiency and effectiveness of software selection.

Once you’ve selected a vendor(s), review the contract. Does it define an exit strategy? Does it define when your data will be deleted? Does it set service-level agreements that you find acceptable? Leverage Info-Tech’s contract review service once you have selected the virtual event solution and have received a contract from the vendor.

Further research

Run Better Meetings

Bibliography

Dutt, Raj. “7 Lessons from This Company’s First-Ever Virtual Conference.” Fast Company, 29 Jul 2020. Web.

Kelly, Samantha Murphy. “Microsoft Build Proves Splashy Tech Events Can Thrive Online.” CNN, 21 May 2020. Web.

“Phases.” Event Management Body of Knowledge (EMBOK), n.d. Web.

Price, Michael. “As COVID-19 Forces Conferences Online, Scientists Discover Upsides of Virtual Format.” Science, 28 Apr 2020. Web.

“Stanford HAI Spring Conference - Key Advances in Artificial Intelligence.” Stanford Digital Economy Lab, 2022. Web.

“Virtual Event Tech Guide 2022.” Skift Meetings, April 2022. Web.

Warren, Tom. “Microsoft Build 2022 Will Take Place May 24th–26th.” The Verge, 30 March 2022. Web.

Contributors

6 anonymous contributors

Analyst Perspective

"Customer service issues are rarely based on personality but are almost always a symptom of poor and inconsistent process. When service desk managers are looking to hire to resolve customer service issues and executives are pushing back, it’s time to look at improving process and the support strategy to make the best use of technicians’ time, tools, and knowledge sharing. Once improvements have been made, it’s easier to make the case to add people or introduce automation.

Replacing service desk solutions will also highlight issues around poor process. Without fixing the baseline services, the new solution will simply wrap your issues in a prettier package.

Ultimately, the service desk needs to be the entry point for users to get help and the rest of IT needs to provide the appropriate support to ensure the first line of interaction has the knowledge and tools they need to resolve quickly and preferably on first contact. If your plans include optimization to self-serve or automation, you’ll have a hard time getting there without standardizing first."

Sandi Conrad

Principal Research Director, Infrastructure & Operations Practice

Info-Tech Research Group

A method for getting your service desk out of firefighter mode

This Research Is Designed For:

• The CIO and senior IT management who need to increase service desk effectiveness and timeliness and improve end-user satisfaction.
• The service desk manager who wants to lead the team from firefighting mode to providing consistent and proactive support.

This Research Will Also Assist:

• Service desk teams who want to increase their own effectiveness and move from a help desk to a service desk.
• Infrastructure and applications managers who want to decrease reactive support activities and increase strategic project productivity by shifting repetitive and low-value work left.

This Research Will Help You:

• Create a consistent customer service experience for service desk patrons.
• Increase efficiency, first-call resolution, and end-user satisfaction with the Service Desk.
• Decrease time and cost to resolve service desk tickets.
• Understand and address reporting needs to address root causes and measure success.
• Build a solid foundation for future IT service improvements.

Executive Summary

Situation

• The CIO and senior IT management who need to increase service desk effectiveness and timeliness and improve end-user satisfaction.
• If only the phone could stop ringing, the Service Desk could become proactive, address service levels, and improve end-user IT satisfaction.

Complication

• Not everyone embraces their role in service support. Specialists would rather work on projects than provide service support.
• The Service Desk lacks processes and workflows to provide consistent service. Service desk managers struggle to set and meet service-level expectations, which further compromises end-user satisfaction.

Resolution

• Go beyond the blind adoption of best-practice frameworks. No simple formula exists for improving service desk maturity. Use diagnostic tools to assess the current state of the Service Desk. Identify service support challenges and draw on best-practice frameworks intelligently to build a structured response to those challenges.
• An effective service desk must be built on the right foundations. Understand how:
  • Service desk structure affects cost and ticket volume capacity.
  • Incident management workflows can improve ticket handling, prioritization, and escalation.
  • Request fulfillment processes create opportunities for streamlining and automating services.
  • Knowledge sharing supports the processes and workflows essential to effective service support.

Info-Tech Insight

Service desk improvement is an exercise in organizational change. Engage specialists across the IT organization in building the solution. Establish a single service-support team across the IT group and enforce it with a cooperative, customer-focused culture. Don’t be fooled by a tool that’s new. A new service desk tool alone won’t solve the problem. Service desk maturity improvements depend on putting in place the right people and processes to support the technology

Directors and executives understand the importance of the service desk and believe IT can do better

Source: Info-Tech, 2019 Responses (N=189 organizations)

Service Desk Importance Scores

No Importance: 1.0-6.9

Limited Importance: 7.0-7.9

Significant Importance: 8.0-8.9

Critical Importance: 9.0-10.0

Service Desk Effectiveness Scores

Not in Place: N/A

Not Effective: 0.0-4.9

Somewhat Ineffective: 5.0-5.9

Somewhat Effective: 6.0-6.9

Very Effective: 7.0-10.0

Info-Tech Research Group’s IT Management and Governance Diagnostic (MGD) program assesses the importance and effectiveness of core IT processes. Since its inception, the MGD has consistently identified the service desk as an area to leverage.

Having an effective and timely service desk correlates with higher end-user satisfaction with all other IT services

On average, organizations that were satisfied with service desk effectiveness rated all other IT processes 46% higher than dissatisfied end users.

Organizations that were satisfied with service desk timeliness rated all other IT processes 37% higher than dissatisfied end users.

“Satisfied” organizations had average scores =8.“Dissatisfied" organizations had average scores “Dissatisfied" organizations had average scores =6. Source: Info-Tech Research Group, 2019 (N=18,500+ respondents from 75 organizations)

Standardize the service desk the Info-Tech way to get measurable results

More than one hundred organizations engaged with Info-Tech, through advisory calls and workshops, for their service desk projects in 2016. Their goal was either to improve an existing service desk or build one from scratch.

Organizations that estimate the business impact of each project phase help us shed light on the average measured value of the engagements.

"The analysts are an amazing resource for this project. Their approach is very methodical, and they have the ability to fill in the big picture with detailed, actionable steps. There is a real opportunity for us to get off the treadmill and make real IT service management improvements"

- Rod Gula, IT Director

American Realty Advisors

Info-Tech’s approach to service desk standardization focuses on building service management essentials

Info-Tech draws on the COBIT framework, which focuses on consistent delivery of IT services across the organization

The service desk is the foundation of all other service management processes.

Standardize the Service Desk – project overview

Info-Tech delivers: Use our tools and templates to accelerate your project to completion

Project Summary

Service Desk Standard Operating Procedures

Service Desk Maturity Assessment Tool

Service Desk Implementation Roadmap

Incident, knowledge, and request management workflows

Workshop Overview

Contact your account representative or email Workshops@InfoTech.com for more information.

Phase 1

Step 1.1:Assess current state

Standardizing the service desk benefits the whole business

Embrace standardization

• Standardization prevents wasted energy on reinventing solutions to recurring issues.
• Standardized processes are scalable so that process maturity increases with the size of your organization.

Increase business satisfaction

• Improve confidence that the service desk can meet service levels.
• Create a single point of contact for incidents and requests and escalate quickly.
• Analyze trends to forecast and meet shifting business requirements.

Reduce recurring issues

• Create tickets for every task and categorize them accurately.
• Generate reliable data to support root-cause analysis.

Increase efficiency and lower operating costs

• Empower end users and technicians with a targeted knowledgebase (KB).
• Cross-train to improve service consistency.

Assess current service desk maturity to establish a baseline and create a plan for service desk improvement

A current-state assessment will help you build a foundation for process improvements. Current-state assessments follow a basic formula:

1. Determine the current state of the service desk.
2. Determine the desired state of the service desk.
3. Build a practical path from current to desired state.

Ideally, the current-state assessment should align the delivery of IT services with organizational needs. The assessment should achieve the following goals:

1. Identify service desk pain points.
2. Map each pain point to business services.
3. Assign a broad business value to the resolution of each pain point.
4. Map each pain point to a process.

Expert Insight

“How do you know if you aren’t mature enough? Nothing – or everything – is recorded and tracked, customer satisfaction is low, frustration is high, and there are multiple requests and incidents that nobody ever bothers to address.”

Rob England

IT Consultant & Commentator

Owner Two Hills

Also known as The IT Skeptic

Assess the process maturity of the service desk to determine which project phase and steps will bring the most value

1.1.2 Measure which activity will have the greatest impact

The Service Desk Maturity Assessmenttool helps organizations assess their service desk process maturity and focus the project on the activities that matter most.

The tool will help guide improvement efforts and measure your progress.

• The second tab of the tool walks through a qualitative assessment of your service desk practices. Questions will prompt you to evaluate how you are executing key activities. Select the answer in the drop-down menus that most closely aligns with your current state.
• The third tab displays your rate of process completeness and maturity. You will receive a score for each phase, an overall score, and advice based on your performance.
• Document the results of the efficiency assessment in the Service Desk Project Summary.

The tool is intended for periodic use. Review your answers each year and devise initiatives to improve the process performance where you need it most.

Where do I find the data?

Consult:

• Service Manager
• Service Desk Tools

Step 1.2:Review service support best practices

This step will walk you through the following activities:

1. 1.2.1 Identify roles and responsibilities in your organization
2. 1.2.2 Map out the current and target structure of the service desk

This step involves the following participants:

• Project Sponsor
• IT Director, CIO
• IT Managers and Service Desk Manager(s)
• Representation from tier 2 and tier 3 specialists

Outcomes

Identifying who is accountable for different support practices in the service desk will allow workload to be distributed effectively between functional teams and individuals. Closing the gaps in responsibilities will enable the execution of a shift-left strategy.

Deliverables

• Roles & responsibilities guide
• Service desk structure

A RACI chart outlines which positions are Responsible, Accountable, Consulted, and Informed

Build a single point of contact for the service desk

Regardless of the service desk structure chosen to meet your service support requirements, end users should be in no doubt about how to access the service.

Provide end users with:

• A single phone number.
• A single email address.
• A single web portal for all incidents and requests.

A single point of contact will ensure:

• An agent is available to field incidents and requests.
• Incidents and requests are prioritized according to impact and urgency.
• Work is tracked to completion.

This prevents ad hoc ticket channels such as shoulder grabs or direct emails, chats, or calls to a technician from interrupting work.

A single point of contact does not mean the service desk is only accessible through one intake channel, but rather all tickets are directed to the service desk (i.e. tier 1) to be resolved or redirected appropriately.

Directors and executives understand the importance of the service desk and believe IT can do better

Source: Info-Tech, 2019 Responses (N=189 organizations)

Service Desk Importance Scores

No Importance: 1.0-6.9

Limited Importance: 7.0-7.9

Significant Importance: 8.0-8.9

Critical Importance: 9.0-10.0

Service Desk Effectiveness Scores

Not in Place: N/A

Not Effective: 0.0-4.9

Somewhat Ineffective: 5.0-5.9

Somewhat Effective: 6.0-6.9

Very Effective: 7.0-10.0

Info-Tech Research Group’s IT Management and Governance Diagnostic (MGD) program assesses the importance and effectiveness of core IT processes. Since its inception, the MGD has consistently identified the service desk as an area to leverage.

Business stakeholders consistently rank the service desk as one of the top five most important services that IT provides

Since 2013, Info-Tech has surveyed over 40,000 business stakeholders as part of our CIO Business Vision program.

Business stakeholders ranked the following 12 core IT services in terms of importance:

*Note: IT Security was added to CIO Business Vision 2.0 in 2019

Top IT Services for Business Stakeholders

1. Network Infrastructure
2. IT Security*
3. Data Quality
4. Service Desk
5. Business Applications
6. Devices
7. Client-Facing Technology
8. Analytical Capability
9. IT Innovation Leadership
10. Projects
11. Work Orders
12. IT Policies
13. Requirements Gathering

Source: Info-Tech Research Group, 2019 (N=224 organizations)

Having an effective and timely service desk correlates with higher end-user satisfaction with all other IT services

On average, organizations that were satisfied with service desk effectiveness rated all other IT processes 46% higher than dissatisfied end users.

“Satisfied” organizations had average scores =8.“Dissatisfied" organizations had average scores “Dissatisfied" organizations had average scores =6. Source: Info-Tech Research Group, 2019 (N=18,500+ respondents from 75 organizations)

Standardize the service desk the Info-Tech way to get measurable results

More than one hundred organizations engaged with Info-Tech, through advisory calls and workshops, for their service desk projects in 2016. Their goal was either to improve an existing service desk or build one from scratch.

Organizations that estimate the business impact of each project phase help us shed light on the average measured value of the engagements.

"The analysts are an amazing resource for this project. Their approach is very methodical, and they have the ability to fill in the big picture with detailed, actionable steps. There is a real opportunity for us to get off the treadmill and make real IT service management improvements"

- Rod Gula, IT Director

American Realty Advisors

Info-Tech’s approach to service desk standardization focuses on building service management essentials

Info-Tech draws on the COBIT framework, which focuses on consistent delivery of IT services across the organization

The service desk is the foundation of all other service management processes.

Info-Tech offers various levels of support to best suit your needs

DIY Toolkit

“Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful.”

Guided Implementation

“Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track.”

Workshop

“We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place.”

Consulting

“Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project.”

Diagnostics and consistent frameworks used throughout all four options

Standardize the Service Desk – project overview

Info-Tech delivers: Use our tools and templates to accelerate your project to completion

Project Summary

Service Desk Standard Operating Procedures

Service Desk Maturity Assessment Tool

Service Desk Implementation Roadmap

Incident, knowledge, and request management workflows

The project’s key deliverable is a service desk standard operating procedure

Benefits of documented SOPs:

Improved training and knowledge transfer: Routine tasks can be delegated to junior staff (freeing senior staff to work on higher priority tasks).

IT automation, process optimization, and consistent operations: Defining, documenting, and then optimizing processes enables IT automation to be built on sound processes, so consistent positive results can be achieved.

Compliance: Compliance audits are more manageable because the documentation is already in place.

Transparency: Visually documented processes answer the common business question of “why does that take so long?”

Cost savings: Work solved at first contact or with a minimal number of escalations will result in greater efficiency and more cost-effective support. This will also lead to better customer service.

Impact of undocumented/undefined SOPs:

Tasks will be difficult to delegate, key staff become a bottleneck, knowledge transfer is inconsistent, and there is a longer onboarding process for new staff

IT automation built on poorly defined, unoptimized processes leads to inconsistent results.

Documenting SOPs to prepare for an audit becomes a major time-intensive project.

Other areas of the organization may not understand how IT operates, which can lead to confusion and unrealistic expectations.

Support costs are highest through inefficient processes, and proactive work becomes more difficult to schedule, making the organization vulnerable to costly disruptions.

Workshop Overview

Contact your account representative or email Workshops@InfoTech.com for more information.

Phase 1

Lay Service Desk Foundations

Step 1.1:Assess current state

This step will walk you through the following activities:

• 1.1.1 Outline service desk challenges
• 1.1.2 Assess the service desk maturity

This step involves the following participants:

• Project Sponsor
• IT Director, CIO
• IT Managers and Service Desk Manager(s)
• Representation from tier 2 and tier 3 specialists

Outcomes

Alignment on the challenges that the service desk faces, an assessment of the current state of service desk processes and technologies, and baseline metrics against which to measure improvements.

Deliverables

• Service Desk Maturity Assessment

Standardizing the service desk benefits the whole business

Embrace standardization

• Standardization prevents wasted energy on reinventing solutions to recurring issues.
• Standardized processes are scalable so that process maturity increases with the size of your organization.

Increase business satisfaction

• Improve confidence that the service desk can meet service levels.
• Create a single point of contact for incidents and requests and escalate quickly.
• Analyze trends to forecast and meet shifting business requirements.

Reduce recurring issues

• Create tickets for every task and categorize them accurately.
• Generate reliable data to support root-cause analysis.

Increase efficiency and lower operating costs

• Empower end users and technicians with a targeted knowledgebase (KB).
• Cross-train to improve service consistency.

Case Study: The CIO of Westminster College took stock of existing processes before moving to empower the “helpless desk”

Scott Lowe helped a small staff of eight IT professionals formalize service desk processes and increase the amount of time available for projects.

When he joined Westminster College as CIO in 2006, the department faced several infrastructure challenges, including:

• An unreliable network
• Aging server replacements and no replacement plan
• IT was the “department of no”
• A help desk known as the “helpless desk”
• A lack of wireless connectivity
• Internet connection speed that was much too slow

As the CIO investigated how to address the infrastructure challenges, he realized people cared deeply about how IT spent its time.

The project load of IT staff increased, with new projects coming in every day.

With a long project list, it became increasingly important to improve the transparency of project request and prioritization.

Some weeks, staff spent 80% of their time working on projects. Other weeks, support requirements might leave only 10% for project work.

He addressed the infrastructure challenges in part by analyzing IT’s routine processes.

Internally, IT had inefficient support processes that reduced the amount of time they could spend on projects.

They undertook an internal process analysis effort to identify processes that would have a return on investment if they were improved. The goal was to reduce operational support time so that project time could be increased.

Five years later, they had a better understanding of the organization's operational support time needs and were able to shift workloads to accommodate projects without compromising support.

Common challenges experienced by service desk teams

Unresolved issues

• Tickets are not created for all incidents.
• Tickets are lost or escalated to the wrong technicians.
• Poor data impedes root-cause analysis of incidents.

Lost resources/accountability

• Lack of cross-training and knowledge sharing.
• Lack of skills coverage for critical applications and services.
• Time is wasted troubleshooting recurring issues.
• Reports unavailable due to lack of data and poor categorization.

High cost to resolve

• Tier 2/3 resolve issues that should be resolved at tier 1.
• Tier 2/3 often interrupt projects to focus on service support.

Poor planning

• Lack of data for effective trend analysis leads to poor demand planning.
• Lack of data leads to lost opportunities for templating and automation.

Low business satisfaction

• Users are unable to get assistance with IT services quickly.
• Users go to their favorite technician instead of using the service desk.

Outline the organization’s service desk challenges

1.1.1 Brainstorm service desk challenges

Estimated Time: 45 minutes

A. As a group, outline the areas where you think the service desk is experiencing challenges or weaknesses. Use sticky notes or a whiteboard to separate the challenges into People, Process, and Technology so you have a wholistic view of the constraints across the department.

B. Think about the following:

• What have you heard from users? (e.g. slow response time)
• What have you heard from executives? (e.g. poor communication)
• What should you start doing? (e.g. documenting processes)
• What should you stop doing? (e.g. work that is not being entered as tickets)

C. Document challenges in the Service Desk Project Summary.

Participants:

• CIO
• IT Managers
• Service Desk Manager
• Service Desk Agents

Assess current service desk maturity to establish a baseline and create a plan for service desk improvement

A current-state assessment will help you build a foundation for process improvements. Current-state assessments follow a basic formula:

1. Determine the current state of the service desk.
2. Determine the desired state of the service desk.
3. Build a practical path from current to desired state.

Ideally, the current-state assessment should align the delivery of IT services with organizational needs. The assessment should achieve the following goals:

1. Identify service desk pain points.
2. Map each pain point to business services.
3. Assign a broad business value to the resolution of each pain point.
4. Map each pain point to a process.

Expert Insight

“How do you know if you aren’t mature enough? Nothing – or everything – is recorded and tracked, customer satisfaction is low, frustration is high, and there are multiple requests and incidents that nobody ever bothers to address.”

Rob England

IT Consultant & Commentator

Owner Two Hills

Also known as The IT Skeptic

Assess the process maturity of the service desk to determine which project phase and steps will bring the most value

1.1.2 Measure which activity will have the greatest impact

The Service Desk Maturity Assessmenttool helps organizations assess their service desk process maturity and focus the project on the activities that matter most.

The tool will help guide improvement efforts and measure your progress.

• The second tab of the tool walks through a qualitative assessment of your service desk practices. Questions will prompt you to evaluate how you are executing key activities. Select the answer in the drop-down menus that most closely aligns with your current state.
• The third tab displays your rate of process completeness and maturity. You will receive a score for each phase, an overall score, and advice based on your performance.
• Document the results of the efficiency assessment in the Service Desk Project Summary.

The tool is intended for periodic use. Review your answers each year and devise initiatives to improve the process performance where you need it most.

Consult:

• Service Manager
• Service Desk Tools

Step 1.2:Review service support best practices

This step will walk you through the following activities:

1. 1.2.1 Identify roles and responsibilities in your organization
2. 1.2.2 Map out the current and target structure of the service desk

This step involves the following participants:

• Project Sponsor
• IT Director, CIO
• IT Managers and Service Desk Manager(s)
• Representation from tier 2 and tier 3 specialists

Outcomes

Identifying who is accountable for different support practices in the service desk will allow workload to be distributed effectively between functional teams and individuals. Closing the gaps in responsibilities will enable the execution of a shift-left strategy.

Deliverables

• Roles & responsibilities guide
• Service desk structure

Everyone in IT contributes to the success of service support

Regardless of the service desk structure chosen to meet an organization’s service support requirements, IT staff should not doubt the role they play in service support.

If you try to standardize service desk processes without engaging specialists in other parts of the IT organization, you will fail. Everyone in IT has a role to play in providing service support and meeting service-level agreements.

Service Support Engagement Plan

• Identify who is accountable for different service support processes.
• Outline the different responsibilities of service desk agents at tier 1, tier 2, and tier 3 in meeting service-level agreements for service support.
• Draft operational-level agreements between specialty groups and the service desk to improve accountability.
• Configure the service desk tool to ensure ticket visibility and ownership across queues.
• Engage tier 2 and tier 3 resources in building workflows for incident management, request fulfilment, and writing knowledgebase articles.
• Emphasize the benefits of cooperation across IT silos:
  • Better customer service and end-user satisfaction.
  • Shorter time to resolve incidents and implement requests.
  • A higher tier 1 resolution rate, more efficient escalations, and fewer interruptions from project work.

Info-Tech Insight

Specialists tend to distance themselves from service support as they progress through their career to focus on projects.

However, their cooperation is critical to the success of the new service desk. Not only do they contribute to the knowledgebase, but they also handle escalations from tiers 1 and 2.

Clear project complications by leveraging roles and responsibilities

R

Responsible: This person is the staff member who completes the work. Assign at least one Responsible for each task, but this could be more than one.

A

Accountable: This team member delegates a task and is the last person to review deliverables and/or task. Sometimes Responsible and Accountable can be the same staff. Make sure that you always assign only one Accountable for each task and not more.

C

Consulted: People who do not carry out the task but need to be consulted. Typically, these people are subject matter experts or stakeholders.

I

Informed: People who receive information about process execution and quality and need to stay informed regarding the task.

A RACI analysis is helpful with the following:

• Workload Balancing: Allowing responsibilities to be distributed effectively between functional teams and individuals.
• Change Management: Ensuring key functions and processes are not overlooked during organizational changes.
• Onboarding: New employees can identify their own roles and responsibilities.

A RACI chart outlines which positions are Responsible, Accountable, Consulted, and Informed

Create a list of roles and responsibilities in your organization

1.2.1 Create RACI matrix to define responsibilities

1. Use the Service Desk Roles and Responsibilities Guidefor a better understanding of the roles and responsibilities of different service desk tiers.
2. In the RACI chart, replace the top row with specific roles in your organization.
3. Modify or expand the process tasks, as needed, in the left column.
4. For each role, identify the responsibility values that the person brings to the service desk. Fill out each column.
5. Document in the Service Desk SOP. Schedule a time to share the results with organization leads.
6. Distribute the chart between all teams in your organization.

Notes:

• Assign one Accountable for each task.
• Have at least one Responsible for each task.
• Avoid generic responsibilities, such as “team meetings.”
• Keep your RACI definitions in your documents, as they are sometimes tough to remember.

Participants

• CIO
• IT Managers
• Service Desk Manager
• Service Desk Agents

What You'll Need

• Service Desk SOP
• Roles and Responsibilities Guide
• Flip Chart
• Whiteboard

Build a tiered generalist service desk to optimize costs

A tiered generalist service desk with a first-tier resolution rate greater than 60% has the best operating cost and customer satisfaction of all competing service desk structural models.

The success of a tiered generalist model depends on standardized, defined processes

Define the structure of the service desk

1.2.2 Map out the current and target structure of the service desk

Estimated Time: 45 minutes

Instructions:

1. Using the model from the previous slides as a guide, discuss how closely it matches the current service desk structure.
2. Map out a similar diagram of your existing service desk structure, intake channels, and escalation paths.
3. Review the structure and discuss any changes that could be made to improve efficiency. Revise as needed.
4. Document the outcome in the Service Desk Project Summary.

Participants

• CIO
• IT Managers
• Service Desk Manager
• Service Desk Agents

Use a shift-left strategy to lower service support costs, reduce time to resolve, and improve end-user satisfaction

Shift-left strategy:

• Shift service support tasks from specialists to generalists.
• Implement self-service.
• Automate incident resolution.

Work through the implications of adopting a shift-left strategy

Overview:

Identify process gaps that you need to fill to support the shift-left strategy and discuss how you could adopt or improve the shift-left strategy, using the discussion questions below as a guide.

Which process gaps do you need to fill to identify ticket trends?

• What are your most common incidents and service requests?
• Which tickets could be resolved at tier 1?
• Which tickets could be resolved as self-service tickets?
• Which tickets could be automated?

Which processes do you most need to improve to support a shift-left strategy?

• Which incident and request processes are well documented?
• Do you have recurring tickets that could be automated?
• What is the state of your knowledgebase maintenance process?
• Which articles do you most need to support tier 1 resolution?
• What is the state of your web portal? How could it be improved to support self-service?

Document in the Project Summary

Step 1.3: Identify service desk metrics and reports

This step will walk you through the following activities:

• 1.3 Create a list of required reports to identify relevant metrics

This step involves the following participants:

• Project Sponsor
• IT Managers and Service Desk Manager(s)
• Representation from tier 2 and tier 3 specialists

Outcomes

Managers and analysts will have service desk metrics and reports that help set expectations and communicate service desk performance.

Deliverables

• A list of service desk performance metrics and reports

Engage business unit leaders with data to appreciate needs

Service desk reports are an opportunity to communicate the story of IT and collect stakeholder feedback. Interview business unit leaders and look for opportunities to improve IT services.

Start with the following questions:

• What are you hearing from your team about working with IT?
• What are the issues that are contributing to productivity losses?
• What are the workarounds your team does because something isn’t working?
• Are you able to access the information you need?

Work with business unit leaders to develop an action plan.

Remember to communicate what you do to address stakeholder grievances.

The service recovery paradox is a situation in which end users think more highly of IT after the organization has corrected a problem with their service compared to how they would regard the company if the service had not been faulty in the first place.

The point is that addressing issues (and being seen to address issues) will significantly improve end-user satisfaction. Communicate that you’re listening and acting, and you should see satisfaction improve.

Info-Tech Insight

Presentation is everything:

If you are presenting outside of IT, or using operational metrics to create strategic information, be prepared to:

• Discuss trends.
• Identify organizational and departmental impacts.
• Assess IT costs and productivity.

For example, “Number of incidents with ERP system has decreased by 5% after our last patch release. We are working on the next set of changes and expect the issues to continue to decrease.”

Engage technicians to ensure they input quality data in the service desk tool

You need better data to address problems. Communicate to the technical team what you need from them and how their efforts contribute to the usefulness of reports.

Tickets MUST:

• Be created for all incidents and service requests.
• Be categorized correctly, and categories updated when the ticket is resolved.
• Be closed after the incidents and service requests are resolved or implemented.

Emphasize that reports are analyzed regularly and used to manage costs, improve services, and request more resources.

Info-Tech Insight

Service Desk Manager: Technical staff can help themselves analyze the backlog and improve service metrics if they’re looking at the right information. Ensure their service desk dashboards are helping them identify high-priority and quick-win tickets and anticipate potential SLA breaches.

Produce service desk reports targeted to improve IT services

Use metrics and reports to tell the story of IT.

Metrics should be tied to business requirements and show how well IT is meeting those requirements and where obstacles exist.

Tailor metrics and reports to specific stakeholders.

Technicians require mostly real-time information in the form of a dashboard, providing visibility into a prioritized list of tickets for which they are responsible.

Supervisors need tactical information to manage the team and set client expectations as well as track and meet strategic goals.

Managers and executives need summary information that supports strategic goals. Start by looking at executive goals for the support team and then working through some of the more tactical data that will help support those goals.

One metric doesn’t give you the whole picture

• Don’t put too much emphasis on a single metric. At best, it will give you a distorted picture of your service desk performance. At worst, it will distort the behavior of your agents as they may adopt poor practices to meet the metric.
• The solution is to use tension metrics: metrics that work together to give you a better sense of the state of operations.
• Tension metrics ensure a balanced focus toward shared goals.

Example:

First-call resolution (FCR), end-user satisfaction, and number of tickets reopened all work together to give you a complete picture. As FCR goes up, so should end-user satisfaction, as number of tickets re-opened stays steady or declines. If the three metrics are heading in different directions, then you know you have a problem.

Rely on internal metrics to measure and improve performance

External metrics provide useful context, but they represent broad generalizations across different industries and organizations of different sizes. Internal metrics measured annually are more reliable.

Internal metrics provide you with information about your actual performance. With the right continual improvement process, you can improve those metrics year over year, which is a better measure of the performance of your service desk.

Whether a given metric is the right one for your service desk will depend on several different factors, not the least of which include:

• The maturity of your service desk processes.
• Your ticket volume.
• The complexity of your tickets.
• The degree to which your end users are comfortable with self-service.

Info-Tech Insight

Take external metrics with a grain of salt. Most benchmarks represent what service desks do across different industries, not what they should do. There also might be significant differences between different industries in terms of the kinds of tickets they deal with, differences which the overall average obscures.

Use key service desk metrics to build a business case for service support improvements

The right metrics can tell the business how hard IT works and how many resources it needs to perform:

1. End-User Satisfactions:
   • The most important metric for measuring the perceived value of the service desk. Determine this based on a robust annual satisfaction survey of end users and transactional satisfaction surveys sent with a percentage of tickets.
2. Ticket Volume and Cost per Ticket:
   • A key indicator of service desk efficiency, computed as the monthly operating expense divided by the average ticket volume per month.
3. First-Contact Resolution Rate:
   • The biggest driver of end-user satisfaction. Depending on the kind of tickets you deal with, you can measure first-contact, first-tier, or first-day resolution.
4. Average Time to Resolve (Incident) or Fulfill (Service Requests):
   • An assessment of the service desk's ability to resolve tickets effectively, measuring the time elapsed between the moment the ticket status is set to “open” and the moment it is set to “resolved.”

Info-Tech Insight

Metrics should be tied to business requirements. They tell the story of how well IT is meeting those requirements and help identify when obstacles get in the way. The latter can be done by pointing to discrepancies between the internal metrics you expected to reach but didn’t and external metrics you trust.

Use service desk metrics to track progress toward strategic, operational, and tactical goals

Cost per ticket and customer satisfaction are the foundation metrics of service support

Ultimately, everything boils down to cost containment (measured by cost per ticket) and quality of service (measured by customer satisfaction).

Cost per ticket is a measure of the efficiency of service support:

• A higher than average cost per ticket is not necessarily a bad thing, particularly if accompanied by higher-than-average quality levels.
• Conversely, a low cost per ticket is not necessarily good, particularly if the low cost is achieved by sacrificing quality of service.

Cost per ticket is the total monthly operating expense of the service desk divided by the monthly ticket volume. Operating expense includes the following components:

• Salaries and benefits for desktop support technicians
• Salaries and benefits for indirect personnel (team leads, supervisors, workforce schedulers, dispatchers, QA/QC personnel, trainers, and managers)
• Technology expense (e.g. computers, software licensing fees)
• Telecommunications expenses
• Facilities expenses (e.g. office space, utilities, insurance)
• Travel, training, and office supplies

Create a list of required reports to identify metrics to track

1.3.1 Start by identifying the reports you need, then identify the metrics that produce them

1. Answer the following questions to determine the data your reports require:
   • What strategic initiatives do you need to track?
     • Example: reducing mean time to resolve, meeting SLAs
   • What operational areas need attention?
     • Example: recurring issues that need a permanent resolution
   • What kind of issues do you want to solve?
     • Example: automate tasks such as password reset or software distribution
   • What decisions or processes are held up due to lack of information?
     • Example: need to build a business case to justify infrastructure upgrades
   • How can the data be used to improve services to the business?
     • Example: recurring issues by department
2. Document report and metrics requirements in Service Desk SOP.
3. Provide the list to your tool administrator to create reports with auto-distribution.

Participants

• CIO
• IT Managers
• Service Desk Manager
• Service Desk Agents

What You'll Need

• Service Desk SOP
• Flip Chart
• Whiteboard

Step 1.4: Review ticket handling procedures

This step will walk you through the following activities:

• 1.4.1 Review ticket handling practices
• 1.4.2 Identify opportunities to automate ticket creation and reduce recurring tickets

This step involves the following participants:

• Project Sponsor
• IT Managers and Service Desk Manager(s)
• Representation from tier 2 and tier 3 specialists

Outcomes

Managers and analysts will have best practices for ticket handling and troubleshooting to support ITSM data quality and improve first-tier resolution.

DELIVERABLES

• List of ticket templates and recurring tickets
• Ticket and Call QA Template and ticket handling best practices

Start by reviewing the incident intake process to find opportunities for improvement

If end users are avoiding your service desk, you may have an intake problem. Create alternative ways for users to seek help to manage the volume; keep in mind not every request is an emergency.

Identify opportunities for improvement in your ticket channels

The two most efficient intake channels should be encouraged for the majority of tickets.

• Build a self-service portal.
  • Do users know where to find the portal?
  • How many tickets are created through the portal?
  • Is the interface easy to use?
• Deal efficiently with email.
  • How quickly are messages picked up?
  • Are they manually transferred to a ticket or does the service desk tool automatically create a ticket?

The two most traditional and fastest methods to get help must deal with emergencies and escalation effectively.

• Phone should be the fastest way to get help for emergencies.
  • Are enough agents answering calls?
  • Are voicemails picked up on time?
  • Are the automated call routing prompts clear and concise?
• Are walk-ins permitted and formalized?
  • Do you always have someone at the desk?
  • Is your equipment secure?
  • Are walk-ins common because no one picks up the phone or is the traffic as you’d expect?

Ensure technicians create tickets for all incidents and requests

Why Collect Ticket Data?

If many tickets are missing, help service support staff understand the need to collect the data. Reports will be inaccurate and meaningless if quality data isn’t entered into the ticketing system.

Set ticket handling expectations to drive a consistent process

Set expectations:

• Create and update tickets, but not at the expense of good customer service. Agents can start the ticket but shouldn’t spend five minutes creating the ticket when they should be troubleshooting the problem.
• Update the ticket when the issue is resolved or needs to be escalated. If agents are escalating, they should make sure all relevant information is passed along to the next technician.
• Update user of ETA if issue cannot be resolved quickly.
• Ticket templates for common incidents can lead to fast creation, data input, and categorizations. Templates can reduce the time it takes to create tickets from two minutes to 30 seconds.
• Update categories to reflect the actual issue and resolution.
• Reference or link to the knowledgebase article as the documented steps taken to resolve the incident.
• Validate incident is resolved with client; automate this process with ticket closure after a certain time.
• Close or resolve the ticket on time.

Use the Ticket and Call Quality Assessment Tool to improve the quality of service desk data

Build a process to check-in on ticket and call quality monthly

Better data leads to better decisions. Use the Ticket and Call Quality Assessment Toolto check-in on the ticket and call quality monthly for each technician and improve service desk data quality.

1. Fill tab 1 with technician’s name.
2. Use either tab 2 (auto-scoring) or tab 3 (manual scoring) to score the agent. The assessment includes ticket evaluation, call evaluation, and overall metric.
3. Record the results of each review in the score summary of tab 1.

Use ticket templates to make ticket creation, updating, and resolution more efficient

Implement measures to improve ticket handling and identify ticket template candidates

1.4.1 Identify opportunities to automate ticket creation

1. Poll the team and discuss.
   • How many members of the team are not creating tickets? Why?
   • How can we address those barriers?
   • What are the expectations of management?
2. Brainstorm five to ten good candidates for ticket templates.
   • What data can auto-fill?
   • What will help process the ticket faster?
   • What automations can we build to ensure a fast, consistent service?
   • Note:
     • Ticket template name
     • Information that will auto-fill from AD and other applications
     • Categories and resolution codes
     • Automated routing and email responses
3. Document ticket template candidates in the Service Desk Roadmap to capture the actions.

Participants

• Service Desk Manager
• Service Desk Agents

What You'll Needs

• Flip Chart
• Whiteboard

Phase 2

Design Incident Management Processes

Step 2.1: Build incident management workflows

This step will walk you through the following activities:

• 2.1.1 Review incident management challenges
• 2.1.2 Define the incident management workflow
• 2.1.3 Define the critical incident management workflow
• 2.1.4 Design critical incident communication plan

This step involves the following participants:

• IT Managers
• Service Desk Manager(s)
• Representation from tier 2 and tier 3 specialists

Outcomes

Workflows for incident management and critical incident management will improve the consistency and quality of service delivery and prepare the service desk to negotiate reliable service levels with the organization.

DELIVERABLES

• Incident management workflows
• Critical incident management workflows
• Critical incident communication plan

Communicate the great incident resolution work that you do to improve end-user satisfaction

End users think more highly of IT after the organization has corrected a problem with their service than they would have had the service not been faulty in the first place.

Info-Tech Insight

Use the service recovery paradox to your advantage. Address service desk challenges explicitly, develop incident management processes that get services back online quickly, and communicate the changes.

If you show that the service desk recovered well from the challenges end users raised, you will get greater loyalty from them.

Assign incident roles and responsibilities to promote accountability

The role of an incident coordinator or manager can be assigned to anyone inside the service desk that has a strong knowledge of incident resolution, attention to detail, and knows how to herd cats.

In organizations with high ticket volumes, a separate role may be necessary.

Everyone must recognize that incident management is a cross-IT organization process and it does not have to be a unique service desk process.

An incident coordinator is responsible for:

• Improving incident management processes.
• Tracking metrics and producing reports.
• Developing and maintaining the incident management system.
• Developing and maintaining critical incident processes.
• Ensuring the service support team follows the incident management process.
• Gathering post-mortem information from the various technical resources on root cause for critical or severity 1 incidents.

The Director of IT Services invested in incident management to improve responsiveness and set end-user expectations

Practitioner Insight

Ben Rodrigues developed a progressive plan to create a responsive, service-oriented culture for the service support organization.

"When I joined the organization, there wasn’t a service desk. People just phoned, emailed, maybe left [sticky] notes for who they thought in IT would resolve it. There wasn’t a lot of investment in developing clear processes. It was ‘Let’s call somebody in IT.’

I set up the service desk to clarify what we would do for end users and to establish some SLAs.

I didn’t commit to service levels right away. I needed to see how many resources and what skill sets I would need. I started by drafting some SLA targets and plugging them into our tracking application. I then monitored how we did on certain things and established if we needed other skill sets. Then I communicated those SOPs to the business, so that ‘if you have an issue, this is where you go, and this is how you do it,’ and then shared those KPIs with them.

I had monthly meetings with different function heads to say, ‘this is what I see your guys calling me about,’ and we worked on something together to make some of the pain disappear."

-Ben Rodrigues

Director, IT Services

Gamma Dynacare

Sketch out incident management challenges to focus improvements

Common Incident Management Challenges

End Users

• No faith in the service desk beyond speaking with their favorite technician.
• No expectations for response or resolution time.
• Non-IT staff are disrupted as people ask their colleagues for IT advice.

Technicians

• No one manages and escalates incidents.
• Incidents are unnecessarily urgent and more likely to have a greater impact.
• Agents are flooded with requests to do routine tasks during desk visits.
• Specialist support staff are subject to constant interruptions.
• Tickets are lost, incomplete, or escalated incorrectly.
• Incidents are resolved from scratch rather than referring to existing solutions.

Managers

• Tickets are incomplete or lack historical information to address complaints.
• Tickets in system don’t match the perceived workload.
• Unable to gather data for budgeting or business analysis.

Info-Tech Insight

Consistent incident management processes will improve end-user satisfaction with all other IT services.

However, be prepared to overcome these common obstacles as you put the process in place, including:

• Absence of management or staff commitment.
• Lack of clarity on organizational needs.
• Outdated work practices.
• Poorly defined service desk goals and responsibilities.
• Lack of a reliable knowledgebase.
• Inadequate training.
• Resistance to change.

Prepare to implement or improve incident management

2.1.1 Review incident management challenges and metrics

1. Review your incident management challenges and the benefits of addressing them.
2. Review the level of service you are providing with the current resources. Define clear goals and deliverables for the improvement initiative.
3. Decide how the incident management process will interface with the service desk. Who will take on the responsibility for resolving incidents? Specifically, who will:
   • Log incidents.
   • Perform initial incident troubleshooting.
   • Own and monitor tickets.
   • Communicate with end users.
   • Update records with the resolution.
   • Close incidents.
   • Implement next steps (e.g. initiate problem management).
4. Document recommendations and the incident management process requirements in the Service Desk SOP.

Participants

• Service Desk Manager
• Service Desk Agents

What You’ll Need

• Service Desk SOP
• Flip Chart
• Whiteboard

Distinguish between different kinds of tickets for better SLAs

Different ticket types are associated with radically different prioritization, routing, and service levels. For instance, most incidents are resolved within a business day, but requests take longer to implement.

If you fail to distinguish between ticket types, your metrics will obscure service desk performance.

Common Service Desk Tickets

• Incidents
  • An unanticipated interruption of a service.
    • The goal of incident management is to restore the service as soon as possible, even if the resolution involves a workaround.
• Problems
  • The root cause of several incidents.
    • The goal of problem management is to detect the root cause and provide long-term resolution and prevention.
• Requests
  • A generic description for small changes or service access
    • Requests are small, frequent, and low risk. They are best handled by a process distinct from incident, change, and project management.
• Changes
  • Modification or removal of anything that could influence IT services.
    • The scope includes significant changes to architectures, processes, tools, metrics, and documentation.

Info-Tech Insight

Organizations sometimes mistakenly classify small projects as service requests, which can compromise your data, resulting in a negative impact to the perceived value of the service desk.

Separate incidents and service requests for increased customer service and better-defined SLAs

Defining the differences between service requests and incidents is not just for reporting purposes. It also has a major impact on how service is delivered.

Incidents are unexpected disruptions to normal business processes and require attempts to restore services as soon as possible (e.g. the printer is not working).

Service requests are tasks that don’t involve something that is broken or has an immediate impact on services. They do not require immediate resolution and can typically be scheduled (e.g. new software).

Focus on the big picture first to capture and streamline how your organization resolves incidents

Document your incident management workflow to identify opportunities for improvement

Workflow should include:

• Ticket creation and closure
• Triage
• Troubleshooting
• Escalations
• Communications
• Change management
• Documentation
• Vendor escalations

Notes:

• Notification and alerts should be used to set or reset expectations on delivery or resolution
• Identify all the steps where a customer is informed and ensure we are not over or under communicating

Collaborate to define each step of the incident management workflow

2.1.2 Define the incident management workflow

Estimated Time: 60 minutes

Option 1: Whiteboard

1. Discuss the workflow and draw it on the whiteboard.
2. Assess whether you are using the best workflow. Modify it if necessary.
3. Engage the team in refining the process workflow.
4. Transfer data to Visio and add to the SOP.

Option 2: Tabletop Exercise

1. Distribute index cards to each member of the team.
2. Have each person write a single task they perform on the index card. Be granular. Include the title or the name of the person responsible.
3. Mark cards that are decision points. Use a card of a different color or use a marker to make a colored dot.
4. Arrange the index cards in order, removing duplicates.
5. Assess whether you are using the best workflow. Engage the team to refine it if necessary.
6. Transfer data to Visio and add to the Service Desk SOP.

Participants

• Service Manager
• Service Desk Support
• Applications or Infrastructure Support

What You’ll Need

• Flip Chart Paper
• Sticky Notes
• Pens
• Service Desk SOP
• Project Summary

Formalize the process for critical incident management to reduce organizational impact

Discuss these elements to see how the organization will handle them.

• Communication plan:
  • Who communicates with end users?
  • Who communicates with the executive team?
It’s important to separate the role of the technician trying to solve a problem with the need to communicate progress.
• Change management:
Define a separate process for regular and emergency change management to ensure changes are timely and appropriate.
• Business continuity plan:
Identify criteria to decide when a business continuity plan (BCP) must be implemented during a critical incident to minimize the business impact of the incident.
• Post-mortems:
Formalize the process of discussing and documenting lessons learned, understanding outstanding issues, and addressing the root cause of incidents.
• Source of incident notification:
Does the process change if users notify the service desk of an issue or if the systems management tools alert technicians?

Critical incidents are high-impact, high-urgency events that put the effectiveness and timeliness of the service desk center stage.

Build a workflow that focuses on quickly bringing together the right people to resolve the incident and reduces the chances of recurrence.

Document your critical incident management workflow to identify opportunities for improvement

Workflow should include:

• Ticket creation and closure
• Triage
• Troubleshooting
• Escalations
• Communications plan
• Change management
• Disaster recovery or business continuity plan
• Documentation
• Vendor escalations
• Post-mortem

Collaborate to define each step of the critical incident management workflow

2.1.3 Define the critical incident management workflow

Estimated Time: 60 minutes

Option 1: Whiteboard

1. Discuss the workflow and draw it on the whiteboard.
2. Assess whether you are using the best workflow. Modify it if necessary.
3. Engage the team in refining the process workflow.
4. Transfer data to Visio and add to the SOP.

Option 2: Tabletop Exercise

1. Distribute index cards to each member of the team.
2. Have each person write a single task they perform on the index card. Be granular. Include the title or the name of the person responsible.
3. Mark cards that are decision points. Use a card of a different color or use a marker to make a colored dot.
4. Arrange the index cards in order, removing duplicates.
5. Assess whether you are using the best workflow. Engage the team to refine it if necessary.
6. Transfer data to Visio and add to the Service Desk SOP.

Participants

• Service Manager
• Service Desk Support
• Applications or Infrastructure Support

What You’ll Need

• Flip Chart Paper
• Sticky Notes
• Pens
• Service Desk SOP

Establish a critical incident management communication plan

When it comes to communicating during major incidents, it’s important to get the information just right. Users don’t want too little, they don’t want too much, they just want what’s relevant to them, and they want that information at the right time.

As an IT professional, you may not have a background in communications, but it becomes an important part of your job. Broad guidelines for good communication during a critical incident are:

1. Communicate as broadly as the impact of your incident requires.
2. Communicate as much detail as a specific audience requires, but no more than necessary.
3. Communicate as far ahead of impact as possible.

Why does communication matter?

Sending the wrong message, at the wrong time, to the wrong stakeholders, can result in:

• Drop in customer satisfaction.
• Wasted time and resources from multiple customers contacting you with the same issue.
• Dissatisfied executives kept in the dark.
• Increased resolution time if the relevant providers and IT staff are not informed soon enough to help.

Info-Tech Insight

End users understand that sometimes things break. What’s important to them is that (1) you don’t repeatedly have the same problem, (2) you keep them informed, and (3) you give them enough notice when their systems will be impacted and when service will be returned.

Automate communication to save time and deliver consistent messaging to the right stakeholders

In the middle of resolving a critical incident, the last thing you have time for is worrying about crafting a good message. Create a series of templates to save time by providing automated, tailored messages for each stage of the process that can be quickly altered and sent out to the right stakeholders.

Once templates are in place, when the incident occurs, it’s simply a matter of:

1. Choosing the relevant template.
2. Updating recipients and messaging if necessary.
3. Adding specific, relevant data and fields.
4. Sending the message.

When to communicate?

Tell users the information they need to know when they need to know it. If a user is directly impacted, tell them that. If the incident does not directly affect the user, the communication may lead to decreased customer satisfaction or failure to pay attention to future relevant messaging.

What to say?

• Keep messaging short and to the point.
• Only say what you know for sure.
• Provide only the details the audience needs to know to take any necessary action or steps on their side and no more. There’s no need to provide details on the reason for the failure before it’s resolved, though this can be done after resolution and restoration of service.

You’ll need distinct messages for distinct audiences. For example:

• To incident resolvers: “Servers X through Y in ABC Location are failing intermittently. Please test the servers and all the connections to determine the exact cause so we can take corrective action ASAP.”
• To the IT department head: “Servers X through Y in ABC Location are failing intermittently. We are beginning tests. We will let you know when we have determined the exact cause and can give you an estimated completion time.”
• To executives: “We’re having an issue with some servers at ABC Location. We are testing to determine the cause and will let you know the estimated completion time as soon as possible.”
• To end users: “We are experience some service issues. We are working on a resolution diligently and will restore service as soon as possible.”

Map out who will need to be contacted in the event of a critical incident

2.1.4 Design the critical incident communication plan

• Identify critical incidents that require communication.
• Identify stakeholders who will need to be informed about each incident.
• For each audience, determine:
  1. Frequency of communication
  2. Content of communication

Some questions to assist you:

• Whose work will be interrupted, either by their services going down or by their workers having to drop everything to solve the incident?
• What would happen if we didn’t notify this person?
• What level of detail do they need?
• How often would they want to be updated?

Measure and improve customer satisfaction with the use of relationship and transactional surveys

Customer experience programs with a combination of relationship and transactional surveys tend to be more effective. Merging the two will give a wholistic picture of the customer experience.

Relationship Surveys

Relationship surveys focus on obtaining feedback on the overall customer experience.

• Inform how well you are doing or where you need improvement in the broad services provided.
• Provide a high-level perspective on the relationship between the business and IT.
• Help with strategic improvement decisions.
• Should be sent over a duration of time and to the entire customer base after they’ve had time to experience all the services provided by the service desk. This can be done as frequently as per quarter or on a yearly basis.
• E.g. An annual satisfaction survey such as Info-Tech’s End User Satisfaction Diagnostic.

Transactional Surveys

Transactional surveys are tied to a specific interaction or transaction your end users have with a specific product or service.

• Help with tactical improvement decisions.
• Questions should point to a specific interaction.
• Usually only a few questions that are quick and easy to complete following the transaction.
• Since transactional surveys allow you to improve individual relationships, they should be sent shortly after the interaction with the service desk has occurred.
• E.g. How satisfied are you with the way your ticket was resolved?

Add transactional end-user surveys at ticket close to escalate unsatisfactory results

A simple quantitative survey at the closing of a ticket can inform the service desk manager of any issues that were not resolved to the end user’s satisfaction. Take advantage of workflows to escalate poor results immediately for quick follow-up.

If a more complex survey is required, you may wish to include some of these questions:

Please rate your overall satisfaction with the way your issue was handled (1=unsatisfactory, 5=fantastic)

• The professionalism of the analyst.
• The technical skills or knowledge of the analyst.
• The timeliness of the service provided.
• The overall service experience.

Add an open-ended, qualitative question to put the number in context, and solicit critical feedback:

What could the service desk have done to improve your experience?

Define a process to respond to both negative and positive feedback

Successful customer satisfaction programs respond effectively to both positive and negative outcomes. Late or lack of responses to negative comments may increase customer frustration, while not responding at all to the positive comments may give the perception of indifference. If customers are taking the time to fill out the survey, good or bad, they should be followed up with

Take these steps to handle survey feedback:

1. Assign resources to receive, read, and track responses. The entire team doesn’t need to receive every response, while a single resource may not have capacity to respond in a timely manner. Decide what makes the most sense in your environment.
2. Respond to negative feedback: It may not be possible to respond to every customer that fills out a survey. Set guidelines for responding to negative surveys with no details on the issue; don’t spend time guessing why they were upset, simply ask the user why they were unsatisfied. The critical piece of taking advantage of the service recovery paradox is in the follow-up to the customer.
3. Investigate and improve: Make sure you investigate the issue to ensure that it is a justified complaint or whether the issue is a symptom of another issue’s root cause. Identify remediation steps to ensure the issue does not repeat itself, and then communicate to the customer the action you have taken to improve.
4. Act on positive feedback as well: If it’s easy for customers to provide feedback, then make room in your process for handling the positive results. Appreciate the time and effort your customers take to give kudos and use it as a tool to build a long-term relationship with that user. Saying thank you goes a long way and when customers know their time matters, they will be encouraged to fill out those surveys. This is also a good way to show what a great job the service desk team did with the interaction.

Analyze survey feedback month over month to complement and justify metric results already in place

When you combine the tracking and analysis of relationship and transactional survey data you will be able to dive into specific issues, identify trends and patterns, assess impact to users, and build a plan to make improvements.

Once the survey data is centralized, categorized, and available you can start to focus on metrics. At a minimum, for transactional surveys, consider tracking:

• Breakdown of satisfaction scores with trends over time
• Unsatisfactory surveys that are related to incidents and service requests
• Total surveys that have been actioned vs pending

For relationship surveys, consider tracking:

• Satisfaction scores by department and seniority level
• Satisfaction with IT services, applications, and communication
• Satisfaction with IT’s business enablement

Image Source: Info-Tech End User Satisfaction Report

Prioritize company-wide improvement initiatives by those that have the biggest impact to the entire customer base first and then communicate the plan to the organization using a variety of communication channels that will draw your customers in, e.g. dashboards, newsletters, email alerts.

Info-Tech Insight

Consider automating or using your ITSM notification system as a direct communication method to inform the service desk manager of negative survey results.

Step 2.2: Design ticket categorization

This step will walk you through the following activities:

• 2.2.1 Assess ticket categorization
• 2.2.2 Enhance ticket categories with resolution and status codes

This step involves the following participants:

• IT Managers
• Service Desk Manager(s)
• Representation from tier 2 and tier 3 specialists

Outcomes

The reviewed ticket categorization scheme will be easier to use and deploy more consistently, which will improve the categorization of data and the reliability of reports.

DELIVERABLES

• Optimized ticket categorization

Design a ticket classification scheme to produce useful reports

Reliable reports depend on an effective categorization scheme.

Too many options cause confusion; too few options provide little value. As you build the classification scheme over the next few slides, let call routing and reporting requirements be your guide.

Effective classification schemes are concise, easy to use correctly, and easy to maintain.

Keep these guidelines in mind:

• A good categorization scheme is exhaustive and mutually exclusive: there’s a place for every ticket and every ticket fits in only one place.
• As you build your classification scheme, ensure the categories describe the actual asset or service involved based on final resolution, not how it was reported initially.
• Pre-populate ticket templates with relevant categories to dramatically improve reporting and routing accuracy.
• Use a tiered system to make the categories easier to navigate. Three tiers with 6-8 categories per tier provides up to 512 sub-categories, which should be enough for the most ambitious team.
• Track only what you will use for reporting purposes. If you don’t need a report on individual kinds of laptops, don’t create a category beyond “laptops.”
• Avoid “miscellaneous” categories. A large portion of your tickets will eventually end up there.

Info-Tech Insight

Don’t do it alone! Collaborate with managers in the specialized IT groups responsible for root-cause analysis to develop a categorization scheme that makes sense for them.

The first approach to categorization breaks down the IT portfolio into asset types

WHY SHOULD I START WITH ASSETS?

Start with asset types if asset management and configuration management processes figure prominently in your practice or on your service management implementation roadmap.

Building the Categories

Ask these questions:

• Type: What kind of asset am I working on?
• Category: What general asset group am I working on?
• Subcategory: What particular asset am I working on?

Need to make quick progress? Use Info-Tech Research Group’s Service Desk Ticket Categorization Schemes template.

Info-Tech Insight

Think about how you will use the data to determine which components need to be included in reports. If components won’t be used for reporting, routing, or warranty, reporting down to the component level adds little value.

The second approach to categorization breaks down the IT portfolio into types of services

WHY SHOULD I START WITH SERVICES?

Start with asset services if service management generally figures prominently in your practice, especially service catalog management.

Building the Categories

Ask these questions:

• Type: What kind of service am I working on?
• Category: What general service group am I working on?
• Subcategory: What particular service am I working on?

Need to make quick progress? Use Info-Tech Research Group’s Service Desk Ticket Categorization Schemes template.

Info-Tech Insight

Remember, ticket categories are not your only source of reports. Enhance the classification scheme with resolution and status codes for more granular reporting.

Improve the categorization scheme to enhance routing and reporting

2.2.1 Assess whether the service desk can improve its ticket categorization

1. As a group, review existing categories, looking for duplicates and designations that won’t affect ticket routing. Reconcile duplicates and remove non-essential categories.
2. As a group, re-do the categories, ensuring that the new categorization scheme will meet the reporting requirements outlined earlier.
   • Are categories exhaustive and mutually exclusive?
   • Is the tier simple and easy to use (i.e. 3 tiers x 8 categories)?
3. Test against recent tickets to ensure you have the right categories.
4. Record the ticket categorization scheme in the Service Desk Ticket Categorization Schemes template.

Participants

• Service Desk Manager
• Service Desk Agents

What You’ll Need

• Flip Chart
• Whiteboard
• Service Desk Ticket Categorization Scheme

Enhance the classification scheme with resolution and status codes for more granular reporting

Resolution codes differ from detailed resolution notes.

• A resolution code is a field within the ticketing system that should be updated at ticket close to categorize the primary way the ticket was resolved.
• This is important for reporting purposes as it adds another level to the categorization scheme and can help you identify knowledgebase article candidates, training needs, or problems.

Ticket statuses are a helpful field for both IT and end users to identify the current status of the ticket and to initiate workflows.

• The most common statuses are open, pending/in progress, resolved, and closed (note the difference between resolved and closed).
• Waiting on user or waiting on vendor are also helpful statuses to stop the clock when awaiting further information or input.

Common Examples:

Resolution Codes

• How to/training
• Configuration change
• Upgrade
• Installation
• Data import/export/change
• Information/research
• Reboot

Status Fields

• Declined
• Open
• Closed
• Waiting on user
• Waiting on vendor
• Reopened by user

Identify and document resolution and status codes

2.2.2 Enhance ticket categories with resolution codes

Discuss:

• How can we use resolution information to enhance reporting?
• Are current status fields telling the right story?
• Are there other requirements like project linking?

Draft:

1. Write out proposed resolution codes and status fields and critically assess their value.
2. Resolutions can be further broken down by incident and service request if desired.
3. Test resolution codes against a few recent tickets.
4. Record the ticket categorization scheme in the Service Desk SOP.

Participants

• CIO
• Service Desk Manager
• Service Desk Technician(s)

What You’ll Need

• Whiteboard or Flip Chart
• Markers

Step 2.3: Design incident escalation and prioritization

This step will walk you through the following activities:

• 2.3.1 Build a small number of rules to facilitate prioritization
• 2.3.2 Define escalation rules
• 2.3.3 Define automated escalations
• 2.3.4 Provide guidance to each tier around escalation steps and times

This step involves the following participants:

• IT Managers
• Service Desk Manager(s)
• Representation from tier 2 and tier 3 specialists

Outcomes

The reviewed ticket escalation and prioritization will streamline queue management, improve the quality of escalations, and ensure agents work on the right tickets at the right time.

DELIVERABLES

• Optimized ticket prioritization scheme
• Guidelines for ticket escalations
• List of automatic escalations

Build a ticket prioritization matrix to make escalation assessment less subjective

Most IT leaders agree that prioritization is one of the most difficult aspects of IT in general. Set priorities based on business needs first.

Mission-critical systems or problems that affect many people should always come first (i.e. Severity Level 1).

The bulk of reported problems, however, are often individual problems with desktop PCs (i.e. Severity Level 3 or 4).

Some questions to consider when deciding on problem severity include:

• How is productivity affected?
• How many users are affected?
• How many systems are affected?
• How critical are the affected systems to the organization?

Decide how many severity levels the organization needs the service desk to have. Four levels of severity are ideal for most organizations.

Collect the ticket prioritization scheme in one diagram to ensure service support aligns to business requirements

Prioritize incidents based on severity and urgency to foreground critical issues

2.3.1 Build a clearly defined priority scheme

Estimated Time: 60 minutes

1. Decide how many levels of severity are appropriate for your organization.
2. Build a prioritization matrix, breaking down priority levels by impact and urgency.
3. Build out the definitions of impact and urgency to complete the prioritization matrix.
4. Run through examples of each priority level to make sure everyone is on the same page.

Document in the SOP

Participants

• Service Managers
• Service Desk Support
• Applications or Infrastructure Support

What You'll Need

• Flip Chart Paper
• Sticky Notes
• Pens
• Service Desk SOP

Define response and resolution targets for each priority level to establish service-level objectives for service support

Build clear rules to help agents determine when to escalate

2.3.2 Assign response, resolution, and escalation times to each priority level

Estimated Time: 60 minutes

Instructions:

For each incident priority level, define the associated:

1. Response time – time from when incident record is created to the time the service desk acknowledges to the customer that their ticket has been received and assigned.
2. Resolution time – time from when the incident record is created to the time that the customer has been advised that their problem has been resolved.
3. Escalation time – maximum amount of time that a ticket should be worked on without progress before being escalated to someone else.

Participants

• Service Managers
• Service Desk Support
• Applications or Infrastructure Support

What You'll Need

• Flip Chart Paper
• Sticky Notes
• Pens

Use the table on the previous slide as a guide.

Discuss the possible root causes for escalation issues

WHY IS ESCALATION IMPORTANT?

Escalation is not about admitting defeat, but about using your resources properly.

Defining procedures for escalation reduces the amount of time the service desk spends troubleshooting before allocating the incident to a higher service tier. This reduces the mean time to resolve and increases end-user satisfaction.

You can correlate escalation paths to ticket categories devised in step 2.2.

Build decision rights to help agents determine when to escalate

2.3.3 Provide guidance to each tier around escalation steps and times

Estimated Time: 60 minutes

Instructions

1. For each support tier, define escalation rules for troubleshooting (steps that each tier should take before escalation).
2. For each support tier, define maximum escalation times (maximum amount of time to work on a ticket without progress before escalating).

Create a list of application specialists to get the escalation right the first time

2.3.4 Define automated escalations

Estimated Time: 60 minutes

1. Identify applications that will require specialists for troubleshooting or access rights.
2. Identify primary and secondary specialists for each application.
3. Identify vendors that will receive escalations either immediately or after troubleshooting.
4. Set up application groups in the service desk tool.
5. Set up workflows in the service desk tool where appropriate.
6. Document the automated escalations in the categorization scheme developed in step 2.2 and in the Service Desk Roles and Responsibilities Guide.

Participants

• Service Managers
• Service Desk Support
• Applications or Infrastructure Support

What You'll Need

• Flip Chart Paper
• Sticky Notes
• Pens

Phase 3

Design Request Fulfilment Processes

Step 3.1: Build request workflows

This step will walk you through the following activities:

• 3.1.1 Distinguish between requests and small projects
• 3.1.2 Define service requests with SLAs
• 3.1.3 Build and critique request workflows

This step involves the following participants:

• IT Managers
• Service Desk Manager(s)
• Representation from tier 2 and tier 3 specialists

Outcomes

Workflows for service requests will improve the consistency and quality of service delivery and prepare the service desk to negotiate reliable service levels with the organization.

DELIVERABLES

• Workflows for the most common service requests
• An estimated service level for each service request
• Request vs. project criteria

Standardize service requests for more efficient delivery

Definitions:

• An incident is an unexpected disruption to normal business processes and requires attempts to restore service as soon as possible (e.g. printer not working).
• A service request is a request where nothing is broken or impacting a service and typically can be scheduled rather than requiring immediate resolution (e.g. new software application).

• Service requests are repeatable, predictable, and easier to commit to SLAs.
• By committing to SLAs, expectations can be set for users and business units for service fulfillment.
• Workflows for service requests should be documented and reviewed to ensure consistency of fulfillment.
• Documentation should be created for service request procedures that are complex.
• Efficiencies can be created through automation such as with software deployment.
• All service requests can be communicated through a self-service portal or service catalog.

PREPARE A FUTURE SERVICE CATALOG

Standardize requests to develop a consistent offering and prepare for a future service catalog.

Document service requests to identify time to fulfill and approvals.

Identify which service requests can be auto-approved and which will require a workflow to gain approval.

Document workflows and analyze them to identify ways to improve SLAs. If any approvals are interrupting technical processes, rearrange them so that approvals happen before the technical team is involved.

Determine support levels for each service offering and ensure your team can sustain them.

Where it makes sense, automate delivery of services such as software deployment.

Distinguish between service requests and small projects to ensure agents and end users follow the right process

The distinction between service requests and small projects has two use cases, which are two sides of the same resourcing issue.

• Service desk managers need to understand the difference to ensure the right approval process is followed. Typically, projects have more stringent intake requirements than requests do.
• PMOs need to understand the difference to ensure the right people are doing the work and that small, frequent changes are standardized, automated, and taken out of the project list.

What’s the difference between a service request and a small project?

• The key differences involve resource scope, frequency, and risk.
• Requests are likely to require fewer resources than projects, be fulfilled more often, and involve less risk.
• Requests are typically done by tier 1 and 2 employees throughout the IT organization.
• A request can turn into a small project if the scope of the request grows beyond the bounds of a normal request.

Example: A mid-sized organization goes on a hiring blitz and needs to onboard 150 new employees in one quarter. Submitting and scheduling 150 requests for onboarding new employees would require much more time and resources.

Projects are different from service requests and have different criteria

A project, by terminology, is a temporary endeavor planned around producing a specific organizational or business outcome.

Common Characteristics of Projects:

• Time sensitive, temporary, one-off.
• Uncertainty around how to create the unique thing, product, or service that is the project’s goal.
• Non-repetitive work and sizeable enough to introduce heightened risk and complexity.
• Strategic focus, business case-informed capital funding, and execution activities driven by a charter.
• Introduces change to the organization.
• Multiple stakeholders involved and cross-functional resourcing.

Info-Tech Insight

Projects require greater risk, effort, and resources than a service request and should be redirected to the PMO.

Standard service requests vs. non-standard service requests: criteria to make them distinct

• If there is no differentiation between standard and non-standard requests, those tickets can easily move into the backlog, growing it very quickly.
• Create a process to easily identify non-standard requests when they enter the ticket queue to ensure customers are made aware of any delay of service, especially if it is a product or service currently not offered. This will give time for any approvals or technical solutioning that may need to occur.
• Take recurring non-standard requests and make them standard. This is a good way to determine if there are any gaps in services offered and another vehicle to understand what your customers want.

Standard Requests

• Very common requests, delivered on an on-going basis
• Defined process
• Measured in hours or days
• Uses service catalog, if it exists
• Formalized and should already be documented
• The time to deal with the request is defined

Non-Standard Requests

• Higher level complexity than standard requests
• Cannot be fulfilled via service catalog
• No defined process
• Not supplied by questions that Service Request Definition (SRD) offers
• Product or service is not currently offered, and it may need time for technical review, additional approvals, and procurement processes

The right questions can help you distinguish between standard requests, non-standard requests, and projects

Where do we draw the line between a standard and non-standard request and a project?

The service desk can’t and shouldn’t distinguish between requests and projects on its own. Instead, engage stakeholders to determine where to draw the line.

Whatever criteria you choose, define them carefully.

Be pragmatic: there is no single best set of criteria and no single best definition for each criterion. The best criteria and definitions will be the ones that work in your organizational context.

Common distinguishing factors and thresholds:

Distinguish between standard and non-standard service requests and projects

3.1.1 Distinguish between service requests and projects

1. Divide the group into two small teams.
2. Each team will brainstorm examples of service requests and small projects.
3. Identify factors and thresholds that distinguish between the two groups of items.
4. Bring the two groups together and discuss the two sets of criteria.
5. Consolidate one set of criteria that will help make the distinction between projects and service requests.
6. Capture the table in the Service Desk SOP.

Participants

• Service Desk Manager
• Service Desk Agents

What You'll Need

• Service Desk SOP
• Flip Chart
• Whiteboard

Distinguishing factors and thresholds

Don’t standardize request fulfilment processes alone

Everyone in IT contributes to the fulfilment of requests, but do they know it?

New service desk managers sometimes try to standardize request fulfilment processes on their own only to encounter either apathy or significant resistance to change.

Moving to a tiered generalist service desk with a service-oriented culture, a high first-tier generalist resolution rate, and collaborative T2 and T3 specialists can be a big change. It is critical to get the request workflows right.

Don’t go it alone. Engage a core team of process champions from all service support. With executive support, the right process building exercises can help you overcome resistance to change.

Consider running the process building activities in this project phase in a working session or a workshop setting.

Info-Tech Insight

If they build it, they will come. Service desk improvement is an exercise in organizational change that crosses IT disciplines. Organizations that fail to engage IT specialists from other silos often encounter resistance to change that jeopardizes the process improvements they are trying to make. Overcome resistance by highlighting how process changes will benefit different groups in IT and solicit the feedback of specialists who can affect or be affected by the changes.

Define standard service requests with SLAs and workflows

WHY DO I NEED WORKFLOWS?

Move approvals out of technical IT processes to make them more efficient. Evaluate all service requests to see where auto-approvals make sense. Where approvals are required, use tools and workflows to manage the process.

Example:

Approvals can be the main roadblock to fulfilling service requests

Review the general standard service request and inquiry fulfillment processes

As standard service requests should follow standard, repeatable, and predictable steps to fulfill, they can be documented with workflows.

Review the general standard service request and inquiry fulfillment processes

Ensure there is a standard and predictable methodology for assessing non-standard requests; inevitably those requests may still cause delay in fulfillment.

Create a process to ensure reasonable expectations of delivery can be set with the end user and then identify what technology requests should become part of the existing standard offerings.

Document service requests to ensure consistent delivery and communicate requirements to users

3.1.2 Define service requests with SLAs

1. On a flip chart, list standard service requests.
2. Identify time required to fulfill, including time to schedule resources.
3. Identify approvals required; determine if approvals can be automated through defining roles.
4. Discuss opportunities to reduce SLAs or automate, but recognize that this may not happen right away.
5. Discuss plans to communicate SLAs to the business units, recognizing that some users may take a bit of time to adapt to the new SLAs.
6. Work toward improving SLAs as new opportunities for process change occur.
7. Document SLAs in the Service Desk SOP and update as SLAs change.
8. Build templates in the service desk tool that encapsulate workflows and routing, SLAs, categorization, and resolution.

Participants

• Service Desk Managers
• Service Desk Agents

What You'll Need

• Service Desk SOP
• Flip Chart
• Whiteboard

Info-Tech Insight

These should all be scheduled services. Anything that is requested as a rush needs to be marked as a higher urgency or priority to track end users who need training on the process.

Analyze service request workflows to improve service delivery

3.1.3 Build and critique request workflows

1. Divide the group into small teams.
2. Each team will choose one service request from the list created in the previous module and then draw the workflow. Include decision points and approvals.
3. Discuss availability and technical support:
   • Can the service be fulfilled during regular business hours or 24x7?
   • Is technical support and application access available during regular business hours or 24x7?
4. Reconvene and present workflows to the group.
5. Document workflows in Visio and add to the Service Desk SOP. Where appropriate, enter workflows in the service desk tool.

Critique workflows for efficiencies and effectiveness:

• Do the workflows support the SLAs identified in the previous exercise?
• Are the workflows efficient?
• Is the IT staff consistently following the same workflow?
• Are approvals appropriate? Is there too much bureaucracy or can some approvals be removed? Can they be preapproved?
• Are approvals interrupting technical processes? If so, can they be moved?

Participants

• Service Desk Managers
• Service Desk Agents

What You'll Need

• Service Desk SOP
• Project Summary
• Flip Chart
• Whiteboard

Step 3.2: Build a targeted knowledgebase

This step will walk you through the following activities:

• 3.2.1 Design knowledge management processes
• 3.2.2 Create actionable knowledgebase articles

This step involves the following participants:

• IT Managers
• Service Desk Manager(s)
• Representation from tier 2 and tier 3 specialists

Outcomes

The section will introduce service catalogs and get the organization to envision what self-service tools it might include.

DELIVERABLES

• Knowledgebase policy and process

A knowledgebase is an essential tool in the service management toolbox

Knowledge Management

Gathering, analyzing, storing & sharing knowledge to reduce the need to rediscover known solutions.

Knowledgebase

Organized repository of IT best practices and knowledge gained from practical experiences.

• End-User KB

Give end users a chance to resolve simple issues themselves without submitting a ticket.

• Internal KB

Shared resource for service desk staff and managers to share and use knowledge.

Use the knowledgebase to document:

• Steps for pre-escalation troubleshooting.
• Known errors.
• Workarounds or solutions to recurring issues.
• Solutions that require research or complex troubleshooting.
• Incidents that have many root causes. Start with the most frequent solution and work toward less likely issues.

Draw on organizational goals to define the knowledge transfer target state

*Source: McLean & Company, 2013; N=120

It’s better to start small than to have nothing at all

Service desk teams are often overwhelmed by the idea of building and maintaining a comprehensive integrated knowledgebase that covers an extensive amount of information.

Don’t let this idea stop you from building a knowledgebase! It takes time to build a comprehensive knowledgebase and you must start somewhere.

Start with existing documentation or knowledge that depends on the expertise of only a few people and is easy to document and you will already see the benefits.

Then continue to build and improve from there. Eventually, knowledge management will be a part of the culture.

Engage the team to build a knowledgebase targeted on your most important incidents and requests

WHERE DO I START?

Inventory and consolidate existing documentation, then evaluate it for audience relevancy, accuracy, and usability. Use the exercise and the next slides to develop a knowledgebase template.

Produce a plan to improve the knowledgebase.

• Identify the current top five or ten incidents from the service desk reports and create related knowledgebase articles.
• Evaluate for end-user self-service or technician resolution.
• Note any resolutions that require access rights to servers.
• Assign documentation creation tasks for the knowledgebase to individual team members each week.
• Apply only one incident per article.
• Set goals for each technician to submit one or two meaningful articles per month.
• Assign a knowledge manager to monitor creation and edit and maintain the database.
• Set policy to drive currency of the knowledgebase. See the Service Desk SOP for an example of a workable knowledge policy.

Use a phased approach to build a knowledgebase

Use a quarterly, phased approach to continue to build and maintain your knowledgebase

Continual Knowledgebase Maintenance:

• Once a knowledgebase is in place, future articles should be written using established templates.
• Articles should be regularly reviewed and monitored for usage. Outdated information will be retired and archived.
• Ticket trend analysis should be done on an ongoing basis to identify new articles.
• A proactive approach will anticipate upcoming issues based on planned upgrades and maintenance or other changes, and document resolution steps in knowledgebase articles ahead of time.

Every Quarter:

1. Conduct a ticket trend analysis. Identify the most important and common tickets.
2. Review the knowledgebase to identify relevant articles that need to be revised or written.
3. Use data from knowledge management tool to track expiring content and lesser used articles.
4. Assign the task of writing articles to all IT staff members.
5. Build and revise ticket templates for incident and service requests.

Assign a knowledge manager role to ensure accountability for knowledgebase maintenance

Assign a knowledge manager to monitor creation and edit and maintain database.

Knowledge Manager/Owner Role:

• Has overall responsibility for the knowledgebase.
• Ensures content is consistent and maintains standards.
• Regularly monitors and updates the list of issues that should be added to the knowledgebase.
• Regularly reviews existing knowledgebase articles to ensure KB is up to date and flags content to retire or review.
• Assigns content creation tasks.
• Optimizes knowledgebase structure and organization.
• See Info-Tech’s knowledge manager role description if you need a hand defining this position.

The knowledge manager role will likely be a role assigned to an existing resource rather than a dedicated position.

Develop a template to ensure knowledgebase articles are easy to read and write

QUICK TIPS

• Use non-technical language whenever possible to help less-technical readers.
• Identify error messages and use screenshots where it makes sense.
• Take advantage of social features like voting buttons to increase use.
• Use Info-Tech’s Knowledge Base Article Template to get you started.

Analyze the necessary features for your knowledgebase and compare them against existing tools

Service desk knowledgebases range in complexity from simple FAQs to fully integrated software suites.

Options include:

• Article search with negative and positive filters.
• Tagging, with the option to have keywords generate top matches.
• Role-based permissions (to prevent unauthorized deletions).
• Ability to turn a ticket resolution into a knowledgebase article (typically only available if knowledgebase tool is part of the service desk tool).
• Natural language search.
• Partitioning so relevant articles only appear for specific audiences.
• Editorial workflow management.
• Ability to set alerts for scheduled article review.
• Article reporting (most viewed, was it useful?).
• Rich text fields for attaching screenshots.

Determine which features your organization needs and check to see if your tools have them.

For more information on knowledgebase improvement, refer to Info-Tech’s Optimize the Service Desk With a Shift-Left Strategy.

Document your knowledge management maintenance workflow to identify opportunities for improvement

Workflow should include:

• How you will identify top articles that need to be written
• How you will ensure articles remain relevant
• How you will assign new articles to be written, inclusive of peer review

Design knowledgebase management processes

3.2.1 Design knowledgebase management processes

1. Assign a knowledge manager to monitor creation and edit and maintain the database. See Info-Tech’s knowledge manager role description if you need a hand defining this position.
2. Discuss how you can use the service desk tool to integrate the knowledgebase with incident management, request fulfilment, and self-service processes.
3. Discuss the suitability of a quarterly process to build and edit articles for a target knowledgebase that covers your most important incidents and requests.
4. Set knowledgebase creation targets for tier 1, 2, and 3 analysts.
5. Identify relevant performance metrics.
6. Brainstorm elements that might be used as an incentive program to encourage the creation of knowledgebase articles and knowledge sharing more generally.
7. Set policy to drive currency of knowledgebase. See the Service Desk SOP for an example of a workable knowledge policy.

Participants

• Service Desk Manager
• Service Desk Agents

What You’ll Need

• Service Desk SOP
• Flip Chart
• Whiteboard

Create actionable knowledgebase articles

3.2.2 Run a knowledgebase working group

Write and critique knowledgebase articles.

1. On a whiteboard, build a list of potential knowledgebase articles divided by audience: Technician or End User.
2. Each team member chooses one topic and spends 20 minutes writing.
3. Each team member either reads the article and has the team critique or passes to the technician to the right for peer review. If there are many participants, break into smaller groups.
4. Set a goal with the team for how, when, and how often knowledgebase articles will be created.
5. Capture knowledgebase processes in the Service Desk SOP.

Audience: Technician

• Password update
• VPN printing
• Active directory – policy, procedures, naming conventions
• Cell phones
• VPN client and creation set-up

Audience: End users

• Set up email account
• Password creation policy
• Voicemail – access, change greeting, activities
• Best practices for virus, malware, phishing attempts
• Windows 10 tips and tricks

Participants

• Service Desk Manager
• Service Desk Agents

What You’ll Need

• Service Desk SOP
• Flip Chart
• Whiteboard

Step 3.3: Prepare for a self-service portal project

This step will walk you through the following activities:

• 3.3.1 Develop self-service tools for the end user
• 3.3.2 Make a plan for creating or improving the self-service portal

This step involves the following participants:

• IT Managers
• Service Desk Manager(s)
• Representation from tier 2 and tier 3 specialists

Outcomes

The section prepares you to tackle a self-service portal project once the service desk standardization is complete.

DELIVERABLES

• High-level activities to create a self-service portal

Design the self-service portal with the users’ computer skills in mind

A study by the OECD offers a useful reminder of one of usability’s most hard-earned lessons: you are not the user.

• There is an important difference between IT professionals and the average user that’s even more damaging to your ability to predict what will be a good self-service tool: skills in using computers, the internet, and technology in general.
• An international research study explored the computer skills of 215,942 people aged 16-65 in 33 countries.
• The results show that across 33 rich countries, only 5% of the population has strong computer-related abilities and only 33% of people can complete medium-complexity computer tasks.
• End users are skilled, they just don’t have the same level of comfort with computers as the average IT professional. Design your self-service tools with that fact in mind.

Take an incremental and iterative approach to developing your self-service portal

Use a web portal to offer self-serve functionality or provide FAQ information to your customers to start.

• Don’t build from scratch. Ideally, use the functionality included with your ITSM tool.
• If your ITSM tool doesn’t have an adequate self-service portal functionality, then harness other tools that IT already uses. Common examples include Microsoft SharePoint and Google Forms.
• Make it as easy as possible to access the portal:
  • Deploy an app to managed devices or put the app in your app store.
  • Create a shortcut on people’s start menus or home screens.
  • Print the URL on swag such as mousepads.
• Follow Info-Tech’s approach to developing your user facing service catalog.

Some companies use vending machines as a form of self serve. Users can enter their purchase code and “buy” a thin client, mouse, keyboard, software, USB keys, tablet, headphones, or loaners.

Info-Tech Insight

Building the basics first will provide your users with immediate value. Incrementally add new features to your portal.

Optimize the portal: self-service should be faster and more convenient than the alternative

Design the portal by demand, not supply

Don’t build a portal framed around current offerings and capabilities just for the sake of it. Build the portal based on what your users want and need if you want them to use it.

Make user experience a top priority

The portal should be designed for users to self-serve, and thus self-service must be seamless, clear, and attractive to users.

Speak your users’ language

Keep in mind that users may not have high technical literacy or be familiar with terminology that you find commonplace. Use terms that are easy to understand.

Appeal to both clickers and searchers

Ensure that users can find what they’re looking for both by browsing the site and by using search functionality.

Use one central portal for all departments

If multiple departments (i.e. HR, Finance) use or will use a portal, set up a shared portal so that users won’t have to guess where to go to ask for help.

You won’t know unless you test

You will know how to navigate the portal better than anyone, but that doesn’t mean it’s intuitive for a new user. Test the portal with users to collect and incorporate feedback.

Self-service portal examples (1/2)

Image source: Cherwell Service Management

Self-service examples (2/2)

Image source: Team Dynamix

Keep the end-user facing knowledgebase relevant with workflows, multi-device access, and social features

Workflows:

• Easily manage peer reviews and editorial and relevance review.
• Enable links and importing between tickets and knowledgebase articles.
• Enable articles to appear based on ticket content.

Multi-device access:

• Encourage users to access self-service.
• Enable technicians to solve problems from anywhere.

Social features:

• Display most popular articles first to solve trending issues.
• Enable voting to improve usability of articles.
• Allow collaboration on self-service.

For more information on building self-service portal, refer to Info-Tech’s Optimize the Service Desk with a Shift-Left Strategy

Draft a high-level project plan for a self-service portal project

3.3.1 Draft a high-level project plan for a self-service portal project

1. Identify stakeholders who can contribute to the project.
   • Who will help with FAQ creation?
   • Who can design the self-service portal?
   • Who needs to sign off on the project?
2. Identify the high-level tasks that need to be done.
   • How many FAQs need to be created?
   • How will we design the service catalog’s web portal?
   • What might a phased approach look like?
   • How can we break down the project into design, build, and implementation tasks?
   • What is the rough timeline for these tasks?
3. Capture the high-level activities in the Service Desk Roadmap.

Participants

• Service Desk Manager
• Service Desk Agents

What You’ll Need

• Flip Chart
• Whiteboard
• Implementation Roadmap

Once you have a service portal, you can review the business requirements for a service catalog

A service catalog is a communications device that lists the IT services offered by an organization. The service catalog is designed to enable the creation of a self-service portal for the end user. The portal augments the service desk so analysts can spend time managing incidents and providing technical support.

The big value comes from workflows:

• Improved economics and a means to measure the costs to serve over time.
• Incentive for adoption because things work better.
• Abstracts delivery from offer to serve so you can outsource, insource, crowdsource, slow, speed, reassign, and cover absences without involving the end user.

There are three types of catalogs:

• Static:Informational only, so can be a basic website.
• Routing and workflow: Attached to service desk tool.
• Workflow and e-commerce: Integrated with service desk tool and ERP system.

Image courtesy of University of Victoria

Understand the time and effort involved in building a service catalog

A service catalog will streamline IT service delivery, but putting one together requires a significant investment. Service desk standardization comes first.

• Workflows and back-end services must be in place before setting up a service catalog.
Think of the catalog as just the delivery mechanism for service you currently provide. If they aren’t running well and delivery is not consistent, you don’t want to advertise SLAs and options.
• Service catalogs require maintenance.
It’s not a one-time investment – service catalogs must be kept up to date to be useful.
• Service catalog building requires input from VIPs.
Architects and wordsmiths are not the only ones that spend effort on the service catalog. Leadership from IT and the business also provide input on policy and content.

Sample Service Catalog Efforts

• A college with 17 IT staff spent one week on a simple service catalog.
• A law firm with 110 IT staff spent two months on a service catalog project.
• A municipal government with 300 IT people spent over seven months and has yet to complete the project.
• A financial organization with 2,000 IT people has spent seven months on service catalog automation alone! The whole project has taken multiple years.

“I would say a client with 2,000 users and an IT department with a couple of hundred, then you're looking at six months before you have the catalog there.”

– Service Catalog Implementation Specialist,

Health Services

Draft a high-level project plan for a self-service portal project

3.2.2 Make a plan for creating or improving the self-service portal

Identify stakeholders who can contribute to the project.

• Who will help with FAQs creation?
• Who can design the self-service portal?
• Who needs to sign off on the project?

Evaluate tool options.

• Will you stick with your existing tool or invest in a new tool?

Identify the high-level tasks that need to be done.

• How will we design the web portal?
• What might a phased approach look like?
• What is the rough timeline for these tasks?
• How many FAQs need to be created?
• Will we have a service catalog, and what type?

Document the plan and tasks in the Service Desk Roadmap.

Examples of publicly posted service catalogs:

University of Victoria is an example of a catalog that started simple and now includes multiple divisions, notifications, systems status, communications, e-commerce, incident registration, and more.

Indiana University is a student, faculty, and staff service catalog and self-service portal that goes beyond IT services.

If you are ready to start building a service catalog, use Info-Tech’s Design and Build a User-Facing Service Catalog blueprint to get started.

Phase 4

Plan the Implementation of the Service Desk

Step 4.1: Build communication plan

This step will walk you through the following activities:

• 4.1.1 Create the communication plan

This step involves the following participants:

• CIO
• IT Director
• IT Managers
• Service Desk Manager(s)
• Representation from tier 2 and tier 3 specialists

Outcomes

The communication plan and project summary will help project managers outline recommendations and communicate their benefits.

DELIVERABLES

• Communication plan
• Project summary

Effectively communicate the game plan to IT to ensure the success of service desk improvements

Communication is crucial to the integration and overall implementation of your service desk improvement.

An effective communication plan will:

• Gain support from management at the project proposal phase.
• Create end-user buy-in once the program is set to launch.
• Maintainthe presence of the program throughout the business.
• Instill ownership throughout the business, from top-level management to new hires.

Build a communication plan to:

1. Communicate benefits to IT:
   • Share the standard operating procedures for training and feedback.
   • Train staff on policies as they relate to end users and ensure awareness of all policy changes.
   • As changes are implemented, continue to solicit feedback on what is and is not working and communicate adjustments as appropriate.
2. Train technicians:
   • Make sure everyone is comfortable communicating changes to customers.
3. Measure success:
   • Review SLAs and reports. Are you consistently meeting SLAs?
   • Is it safe to communicate with end users?

Create your communication plan to anticipate challenges, remove obstacles, and secure buy-in

Why:

• What problems are you trying to solve?

What:

• What processes will it affect (that will affect me)?

Who:

• Who will be affected?
• Who do I go to if I have issues with the new process?

When:

• When will this be happening?
• When will it affect me?

How:

• How will these changes manifest themselves?

Goal:

• What is the final goal?
• How will it benefit me?

Create a communication plan to outline the project benefits

Improved business satisfaction:

• Improve confidence that the service desk can solve issues within the service-level agreement.
• Channel incidents and requests through the service desk.
• Escalate incidents quickly and accurately.

Fewer recurring issues:

• Tickets are created for every incident and categorized correctly.
• Reports can be used for root-cause analysis.

Increased efficiency or lower cost to serve:

• Use FAQs to enable end users to self-solve.
• Use knowledgebase to troubleshoot once, solve many times.
• Cross-train to improve service consistency.

Enhanced demand planning:

• Trend analysis and reporting improve IT’s ability to forecast and address the demands of the business.

Organize the information to manage the deployment of key messages

Create the communication plan

4.1.1 Create the communication plan

Estimated Time: 45 minutes

Develop a stakeholder analysis.

1. Identify everyone affected by the project.
2. Assess their level of interest, value, and influence.
3. Develop a communication strategy tailored to their level of engagement.

Craft key messages tailored to each stakeholder group.

Finalize the communication plan.

1. Examine your roadmap and determine the most appropriate timing for communications.
2. Assess when communications must happen with executives, business unit leaders, end users, and technicians.
3. Identify any additional communication challenges that have come up.
4. Identify who will send out the communications.
5. Identify multiple methods for getting the messages out (newsletters, emails, posters, company meetings).
6. For inspiration, you can refer to the Sample Communication Plan for the project.

Participants

• CIO
• IT Managers
• Service Desk Manager
• Service Desk Agents

Step 4.2: Build implementation roadmap

This step will walk you through the following activities:

• 4.2.1 Build implementation roadmap

This step involves the following participants:

• CIO
• IT Director
• IT Managers
• Service Desk Manager
• Representation from tier 2 and tier 3 specialists

Outcomes

The implementation plan will help track and categorize the next steps and finalize the project.

DELIVERABLES

• Implementation roadmap

Collaborate to create an implementation plan

4.2.1 Create the implementation plan

Estimated Time: 45 minutes

Determine the sequence of improvement initiatives that have been identified throughout the project.

The purpose of this exercise is to define a timeline and commit to initiatives to reach your goals.

Instructions:

1. Review the initiatives that will be taken to improve the service desk and revise tasks, as necessary.
2. Input each of the tasks in the data entry tab and provide a description and rationale behind the task.
3. Assign an effort, priority, and cost level to each task (high, medium, low).
4. Assign ownership to each task.
5. Identify the timeline for each task based on the priority, effort, and cost (short, medium, and long term).
6. Highlight risk for each task if it will be deferred.
7. Track the progress of each task with the status column.