Build a Data Classification MVP for M365

  • Buy Link or Shortcode: {j2store}67|cart{/j2store}
  • member rating overall impact: N/A
  • member rating average dollars saved: N/A
  • member rating average days saved: N/A
  • Parent Category Name: End-User Computing Applications
  • Parent Category Link: /end-user-computing-applications
  • Resources are the primary obstacle to getting a foot hold in O365 governance, whether it is funding or FTE resources.
  • Data is segmented and is difficult to analyze when you can’t see it or manage the relationships between sources.
  • Organizations expect results early and quickly and a common obstacle is that building a proper data classification framework can take more than two years and the business can't wait that long.

Our Advice

Critical Insight

  • Data classification is the lynchpin to ANY effective governance of O/M365 and your objective is to navigate through this easily and effectively and build a robust, secure, and viable governance model.
  • Start your journey by identifying what and where your data is and how much data you have. You need to understand what sensitive data you have and where it is stored before you can protect it or govern that data.
  • Ensure there is a high-level leader who is the champion of the governance objective.

Impact and Result

  • Using least complex sensitivity labels in your classification are your building blocks to compliance and security in your data management schema; they are your foundational steps.

Build a Data Classification MVP for M365 Research & Tools

Besides the small introduction, subscribers and consulting clients within this management domain have access to:

1. Build a Data Classification MVP for M365 Deck – A guide for how to build a minimum-viable product for data classification that end users will actually use.

Discover where your data resides, what governance helps you do, and what types of data you're classifying. Then build your data and security protection baselines for your retention policy, sensitivity labels, workload containers, and both forced and unforced policies.

  • Build a Data Classification MVP for M365 Storyboard
[infographic]

Further reading

Build a Data Classification MVP for M365

Kickstart your governance with data classification users will actually use!

Executive Summary

Info-Tech Insight

  • Creating an MVP gets you started in data governance
    Information protection and governance are not something you do once and then you are done. It is a constant process where you start with the basics (a minimum-viable product or MVP) and enhance your schema over time. The objective of the MVP is reducing obstacles to establishing an initial governance position, and then enabling rapid development of the solution to address a variety of real risks, including data loss prevention (DLP), data retention, legal holds, and data labeling.
  • Define your information and protection strategy
    The initial strategy is to start looking across your organization and identifying your customer data, regulatory data, and sensitive information. To have a successful data protection strategy you will include lifecycle management, risk management, data protection policies, and DLP. All key stakeholders need to be kept in the loop. Ensure you keep track of all available data and conduct a risk analysis early. Remember, data is your highest valued intangible asset.
  • Planning and resourcing are central to getting started on MVP
    A governance plan and governance decisions are your initial focus. Create a team of stakeholders that include IT and business leaders (including Legal, Finance, HR, and Risk), and ensure there is a top-level leader who is the champion of the governance objective, which is to ensure your data is safe, secure, and not prone to leakage or theft, and maintain confidentiality where it is warranted.

Executive Summary

Your Challenge
  • Today, the amount of data companies are gathering is growing at an explosive rate. New tools are enabling unforeseen channels and ways of collaborating.
  • Combined with increased regulatory oversight and reporting obligations, this makes the discovery and management of data a massive undertaking. IT can’t find and protect the data when the business has difficulty defining its data.
  • The challenge is to build a framework that can easily categorize and classify data yet allows for sufficient regulatory compliance and granularity to be useful. Also, to do it now because tomorrow is too late.
Common Obstacles

Data governance has several obstacles that impact a successful launch, especially if governing M365 is not a planned strategy. Below are some of the more common obstacles:

  • Resources are the primary obstacle to starting O365 governance, whether it is funding or people.
  • Data is segmented and is difficult to analyze when you can’t see it or manage the relationships between sources.
  • Organizations expect results early and quickly and a common obstacle is that building a "proper data classification framework” is a 2+ year project and the business can't wait that long.
Info-Tech’s Approach
  • Start with the basics: build a minimum-viable product (MVP) to get started on the path to sustainable governance.
  • Identify what and where your data resides, how much data you have, and understand what sensitive data needs to be protected.
  • Create your team of stakeholders, including Legal, records managers, and privacy officers. Remember, they own the data and should manage it.
  • Categorization comes before classification, and discovery comes before categorization. Use easy-to-understand terms like high, medium, or low risk.

Info-Tech Insight

Data classification is the lynchpin to any effective governance of O/M365 and your objective is to navigate through this easily and effectively and build a robust, secure, and viable governance model. Start your journey by identifying what and where your data is and how much data do you have. You need to understand what sensitive data you have and where it is stored before you can protect or govern it. Ensure there is a high-level leader who is the champion of the governance objectives. Data classification fulfills the governance objectives of risk mitigation, governance and compliance, efficiency and optimization, and analytics.

Questions you need to ask

Four key questions to kick off your MVP.

1

Know Your Data

Do you know where your critical and sensitive data resides and what is being done with it?

Trying to understand where your information is can be a significant project.

2

Protect Your Data

Do you have control of your data as it traverses across the organization and externally to partners?

You want to protect information wherever it goes through encryption, etc.

3

Prevent Data Loss

Are you able to detect unsafe activities that prevent sharing of sensitive information?

Data loss prevention (DLP) is the practice of detecting and preventing data breaches, exfiltration, or unwanted destruction of sensitive data.

4

Govern Your Data

Are you using multiple solutions (or any) to classify, label, and protect sensitive data?

Many organizations use more than one solution to protect and govern their data, making it difficult to determine if there are any coverage gaps.

Classification tiers

Build your schema.

Pyramid visualization for classification tiers. The top represents 'Simplicity', and the bottom 'Complexity' with the length of the sides at each level representing the '# of policies' and '# of labels'. At the top level is 'MVP (Minimum-Viable Product) - Confidential, Internal (Subcategory: Personal), Public'. At the middle level is 'Regulated - Highly Confidential, Confidential, Sensitive, General, Internal, Restricted, Personal, Sub-Private, Public'. And a the bottom level is 'Government (DOD) - Top Secret (TS), Secret, Confidential, Restricted, Official, Unclassified, Clearance'

Info-Tech Insight

Deciding on how granular you go into data classification will chiefly be governed by what industry you are in and your regulatory obligations – the more highly regulated your industry, the more classification levels you will be mandated to enforce. The more complexity you introduce into your organization, the more operational overhead both in cost and resources you will have to endure and build.

Microsoft MIP Topology

Microsoft Information Protection (MIP), which is Microsoft’s Data Classification Services, is the key to achieving your governance goals. Without an MVP, data classification will be overwhelming; simplifying is the first step in achieving governance.

A diagram of multiple offerings all connected to 'MIP Data Classification Service'. Circled is 'Sensitivity Labels' with an arrow pointing back to 'MIP' at the center.
(Source: Microsoft, “Microsoft Purview compliance portal”)

Info-Tech Insight

Using least-complex sensitivity labels in your classification are your building blocks to compliance and security in your data management schema; they are your foundational steps.

MVP RACI Chart

Data governance is a "takes a whole village" kind of effort.

Clarify who is expected to do what with a RACI chart.

End User M365 Administrator Security/ Compliance Data Owner
Define classification divisions R A
Appy classification label to data – at point of creation A R
Apply classification label to data – legacy items R A
Map classification divisions to relevant policies R A
Define governance objectives R A
Backup R A
Retention R A
Establish minimum baseline A R

What and where your data resides

Data types that require classification.

Logos for 'Microsoft', 'Office 365', and icons for each program included in that package.
M365 Workload Containers
Icon for MS Exchange. Icon for MS SharePoint.Icon for MS Teams. Icon for MS OneDrive. Icon for MS Project Online.
Email
  • Attachments
Site Collections, Sites Sites Project Databases
Contacts Teams and Group Site Collections, Sites Libraries and Lists Sites
Metadata Libraries and Lists Documents
  • Versions
Libraries and Lists
Teams Conversations Documents
  • Versions
Metadata Documents
  • Versions
Teams Chats Metadata Permissions
  • Internal Sharing
  • External Sharing
Metadata
Permissions
  • Internal Sharing
  • External Sharing
Files Shared via Teams Chats Permissions
  • Internal Sharing
  • External Sharing

Info-Tech Insight

Knowing where your data resides will ensure you do not miss any applicable data that needs to be classified. These are examples of the workload containers; you may have others.

Discover and classify on- premises files using AIP

AIP helps you manage sensitive data prior to migrating to Office 365:
  • Use discover mode to identify and report on files containing sensitive data.
  • Use enforce mode to automatically classify, label, and protect files with sensitive data.
Can be configured to scan:
  • SMB files
  • SharePoint Server 2016, 2013
Stock image of a laptop uploading to the cloud with a padlock and key in front of it.
  • Map your network and find over-exposed file shares.
  • Protect files using MIP encryption.
  • Inspect the content in file repositories and discover sensitive information.
  • Classify and label file per MIP policy.
Azure Information Protection scanner helps discover, classify, label, and protect sensitive information in on-premises file servers. You can run the scanner and get immediate insight into risks with on-premises data. Discover mode helps you identify and report on files containing sensitive data (Microsoft Inside Track and CIAOPS, 2022). Enforce mode automatically classifies, labels, and protects files with sensitive data.

Info-Tech Insight

Any asset deployed to the cloud must have approved data classification. Enforcing this policy is a must to control your data.

Understanding governance

Microsoft Information Governance

Information Governance
  • Retention policies for workloads
  • Inactive and archive mailboxes

Arrow pointing down-right

Records Management
  • Retention labels for items
  • Disposition review

Arrow pointing down-left

Retention and Deletion

‹——— Connectors for Third-Party Data ———›

Information governance manages your content lifecycle using solutions to import, store, and classify business-critical data so you can keep what you need and delete what you do not. Backup should not be used as a retention methodology since information governance is managed as a “living entity” and backup is a stored information block that is “suspended in time.” Records management uses intelligent classification to automate and simplify the retention schedule for regulatory, legal, and business-critical records in your organization. It is for that discrete set of content that needs to be immutable.
(Source: Microsoft, “Microsoft Purview compliance portal”)

Retention and backup policy decision

Retention is not backup.

Info-Tech Insight

Retention is not backup. Retention means something different: “the content must be available for discovery and legal document production while being able to defend its provenance, chain of custody, and its deletion or destruction” (AvePoint Blog, 2021).

Microsoft Responsibility (Microsoft Protection) Weeks to Months Customer Responsibility (DLP, Backup, Retention Policy) Months to Years
Loss of service due to natural disaster or data center outage Loss of data due to departing employees or deactivated accounts
Loss of service due to hardware or infrastructure failure Loss of data due to malicious insiders or hackers deleting content
Short-term (30 days) user error with recycle bin/ version history (including OneDrive “File Restore”) Loss of data due to malware or ransomware
Short-term (14 days) administrative error with soft- delete for groups, mailboxes, or service-led rollback Recovery from prolonged outages
Long-term accidental deletion coverage with selective rollback

Understand retention policy

What are retention policies used for? Why you need them as part of your MVP?

Do not confuse retention labels and policies with backup.

Remember: “retention [policies are] auto-applied whereas retention label policies are only applied if the content is tagged with the associated retention label” (AvePoint Blog, 2021).

E-discovery tool retention policies are not turned on automatically.

Retention policies are not a backup tool – when you activate this feature you are unable to delete anyone.

“Data retention policy tools enable a business to:

  • “Decide proactively whether to retain content, delete content, or retain and then delete the content when needed.
  • “Apply a policy to all content or just content meeting certain conditions, such as items with specific keywords or specific types of sensitive information.
  • “Apply a single policy to the entire organization or specific locations or users.
  • “Maintain discoverability of content for lawyers and auditors, while protecting it from change or access by other users. […] ‘Retention Policies’ are different than ‘Retention Label Policies’ – they do the same thing – but a retention policy is auto-applied, whereas retention label policies are only applied if the content is tagged with the associated retention label.

“It is also important to remember that ‘Retention Label Policies’ do not move a copy of the content to the ‘Preservation Holds’ folder until the content under policy is changed next.” (Source: AvePoint Blog, 2021)

Definitions

Data classification is a focused term used in the fields of cybersecurity and information governance to describe the process of identifying, categorizing, and protecting content according to its sensitivity or impact level. In its most basic form, data classification is a means of protecting your data from unauthorized disclosure, alteration, or destruction based on how sensitive or impactful it is.

Once data is classified, you can then create policies; sensitive data types, trainable classifiers, and sensitivity labels function as inputs to policies. Policies define behaviors, like if there will be a default label, if labeling is mandatory, what locations the label will be applied to, and under what conditions. A policy is created when you configure Microsoft 365 to publish or automatically apply sensitive information types, trainable classifiers, or labels.

Sensitivity label policies show one or more labels to Office apps (like Outlook and Word), SharePoint sites, and Office 365 groups. Once published, users can apply the labels to protect their content.

Data loss prevention (DLP) policies help identify and protect your organization's sensitive info (Microsoft Docs, April 2022). For example, you can set up policies to help make sure information in email and documents is not shared with the wrong people. DLP policies can use sensitive information types and retention labels to identify content containing information that might need protection.

Retention policies and retention label policies help you keep what you want and get rid of what you do not. They also play a significant role in records management.

Data examples for MVP classification

  • Examples of the type of data you consider to be Confidential, Internal, or Public.
  • This will help you determine what to classify and where it is.
Internal Personal, Employment, and Job Performance Data
  • Social Security Number
  • Date of birth
  • Marital status
  • Job application data
  • Mailing address
  • Resume
  • Background checks
  • Interview notes
  • Employment contract
  • Pay rate
  • Bonuses
  • Benefits
  • Performance reviews
  • Disciplinary notes or warnings
Confidential Information
  • Business and marketing plans
  • Company initiatives
  • Customer information and lists
  • Information relating to intellectual property
  • Invention or patent
  • Research data
  • Passwords and IT-related information
  • Information received from third parties
  • Company financial account information
  • Social Security Number
  • Payroll and personnel records
  • Health information
  • Self-restricted personal data
  • Credit card information
Internal Data
  • Sales data
  • Website data
  • Customer information
  • Job application data
  • Financial data
  • Marketing data
  • Resource data
Public Data
  • Press releases
  • Job descriptions
  • Marketing material intended for general public
  • Research publications

New container sensitivity labels (MIP)

New container sensitivity labels

Public Private
Privacy
  1. Membership to group is open; anyone can join
  2. “Everyone except external guest” ACL onsite; content available in search to all tenants
  1. Only owner can add members
  2. No access beyond the group membership until someone shares it or changes permissions
Allowed Not Allowed
External guest policy
  1. Membership to group is open; anyone can join
  2. “Everyone except external guest” ACL onsite; content available in search to all tenants
  1. Only owner can add members
  2. No access beyond the group membership until someone shares it or changes permissions

What users will see when they create or label a Team/Group/Site

Table of what users will see when they create or label a team/group/site highlighting 'External guest policy' and 'Privacy policy options' as referenced above.
(Source: Microsoft, “Microsoft Purview compliance portal”)

Info-Tech Insights

Why you need sensitivity container labels:
  • Manage privacy of Teams Sites and M365 Groups
  • Manage external user access to SPO sites and teams
  • Manage external sharing from SPO sites
  • Manage access from unmanaged devices

Data protection and security baselines

Data Protection Baseline

“Microsoft provides a default assessment in Compliance Manager for the Microsoft 365 data protection baseline" (Microsoft Docs, June 2022). This baseline assessment has a set of controls for key regulations and standards for data protection and general data governance. This baseline draws elements primarily from NIST CSF (National Institute of Standards and Technology Cybersecurity Framework) and ISO (International Organization for Standardization) as well as from FedRAMP (Federal Risk and Authorization Management Program) and GDPR (General Data Protection Regulation of the European Union).

Security Baseline

The final stage in M365 governance is security. You need to implement a governance policy that clearly defines storage locations for certain types of data and who has permission to access it. You need to record and track who accesses content and how they share it externally. “Part of your process should involve monitoring unusual external sharing to ensure staff only share documents that they are allowed to” (Rencore, 2021).

Info-Tech Insights

  • Controls are already in place to set data protection policy. This assists in the MVP activities.
  • Finally, you need to set your security baseline to ensure proper permissions are in place.

Prerequisite baseline

Icon of crosshairs.
Security

MFA or SSO to access from anywhere, any device

Banned password list

BYOD sync with corporate network

Icon of a group.
Users

Sign out inactive users automatically

Enable guest users

External sharing

Block client forwarding rules

Icon of a database.
Resources

Account lockout threshold

OneDrive

SharePoint

Icon of gears.
Controls

Sensitivity labels, retention labels and policies, DLP

Mobile application management policy

Building baselines

Sensitivity Profiles: Public, Internal, Confidential; Subcategory: Highly Confidential

Microsoft 365 Collaboration Protection Profiles

Sensitivity Public External Collaboration Internal Highly Confidential
Description Data that is specifically prepared for public consumption Not approved for public consumption, but OK for external collaboration External collaboration highly discouraged and must be justified Data of the highest sensitivity: avoid oversharing, internal collaboration only
Label details
  • No content marking
  • No encryption
  • Public site
  • External collaboration allowed
  • Unmanaged devices: allow full access
  • No content marking
  • No encryption
  • Private site
  • External collaboration allowed
  • Unmanaged devices: allow full access
  • Content marking
  • Encryption
  • Private site
  • External collaboration allowed but monitored
  • Unmanaged devices: limited web access
  • Content marking
  • Encryption
  • Private site
  • External collaboration disabled
  • Unmanaged devices: block access
Teams or Site details Public Team or Site open discovery, guests are allowed Private Team or Site members are invited, guests are allowed Private Team or Site members are invited, guests are not allowed
DLP None Warn Block

Please Note: Global/Compliance Admins go to the 365 Groups platform, the compliance center (Purview), and Teams services (Source: Microsoft Documentation, “Microsoft Purview compliance documentation”)

Info-Tech Insights

  • Building baseline profiles will be a part of your MVP. You will understand what type of information you are addressing and label it accordingly.
  • Sensitivity labels are a way to classify your organization's data in a way that specifies how sensitive the data is. This helps you decrease risks in sharing information that shouldn't be accessible to anyone outside your organization or department. Applying sensitivity labels allows you to protect all your data easily.

MVP activities

PRIMARY
ACTIVITIES
Define Your Governance
The objective of the MVP is reducing barriers to establishing an initial governance position, and then enabling rapid progression of the solution to address a variety of tangible risks, including DLP, data retention, legal holds, and labeling.
Decide on your classification labels early.

CATEGORIZATION





CLASSIFICATION

MVP
Data Discovery and Management
AIP (Azure Information Protection) scanner helps discover, classify, label, and protect sensitive information in on-premises file servers. You can run the scanner and get immediate insight into risks with on-premises data.
Baseline Setup
Building baseline profiles will be a part of your MVP. You will understand what type of information you are addressing and label it accordingly. Microsoft provides a default assessment in Compliance Manager for the Microsoft 365 data protection baseline.
Default M365 settings
Microsoft provides a default assessment in Compliance Manager for the Microsoft 365 data protection baseline. This baseline assessment has a set of controls for key regulations and standards for data protection and general data governance.
SUPPORT
ACTIVITIES
Retention Policy
Retention policy is auto-applied. Decide whether to retain content, delete content, or retain and then delete the content.
Sensitivity Labels
Automatically enforce policies on groups through labels; classify groups.
Workload Containers
M365: SharePoint, Teams, OneDrive, and Exchange, where your data is stored for labels and policies.
Unforced Policies
Written policies that are not enforceable by controls in Compliance Manager such as acceptable use policy.
Forced Policies
Restrict sharing controls to outside organizations. Enforce prefix or suffix to group or team names.

ACME Company MVP for M/O365

PRIMARY
ACTIVITIES
Define Your Governance


Focus on ability to use legal hold and GDPR compliance.

CATEGORIZATION





CLASSIFICATION

MVP
Data Discovery and Management


Three classification levels (public, internal, confidential), which are applied by the user when data is created. Same three levels are used for AIP to scan legacy sources.

Baseline Setup


All data must at least be classified before it is uploaded to an M/O365 cloud service.

Default M365 settings


Turn on templates 1 8 the letter q and the number z

SUPPORT
ACTIVITIES
Retention Policy


Retention policy is auto-applied. Decide whether to retain content, delete content, or retain and then delete the content.

Sensitivity Labels


Automatically enforce policies on groups through labels; classify groups.

Workload Containers


M365: SharePoint, Teams, OneDrive, and Exchange, where your data is stored for labels and policies.

Unforced Policies


Written policies that are not enforceable by controls in Compliance Manager such as acceptable use policy.

Forced Policies


Restrict sharing controls to outside organizations. Enforce prefix or suffix to group or team names.

Related Blueprints

Govern Office 365

Office 365 is as difficult to wrangle as it is valuable. Leverage best practices to produce governance outcomes aligned with your goals.

Map your organizational goals to the administration features available in the Office 365 console. Your governance should reflect your requirements.

Migrate to Office 365 Now

Jumping into an Office 365 migration project without careful thought of the risks of a cloud migration will lead to project halt and interruption. Intentionally plan in order to expose risk and to develop project foresight for a smooth migration.

Microsoft Teams Cookbook

Remote work calls for leveraging your Office 365 license to use Microsoft Teams – but IT is unsure about best practices for governance and permissions. Moreover, IT has few resources to help train end users with Teams best practices

IT Governance, Risk & Compliance

Several blueprints are available on a broader topic of governance, from Make Your IT Governance Adaptable to Improve IT Governance to Drive Business Results and Build an IT Risk Management Program.

Bibliography

“Best practices for sharing files and folders with unauthenticated users.” Microsoft Build, 28 April 2022. Accessed 2 April 2022.

“Build and manage assessments in Compliance Manager.” Microsoft Docs, 15 June 2022. Web.

“Building a modern workplace with Microsoft 365.” Microsoft Inside Track, n.d. Web.

Crane, Robert. “June 2020 Microsoft 365 Need to Know Webinar.” CIAOPS, SlideShare, 26 June 2020. Web.

“Data Classification: Overview, Types, and Examples.” Simplilearn, 27 Dec. 2021. Accessed 11 April 2022.

“Data loss prevention in Exchange Online.” Microsoft Docs, 19 April 2022. Web.

Davies, Nahla. “5 Common Data Governance Challenges (and How to Overcome Them).” Dataversity. 25 October 2021. Accessed 5 April 2022.

“Default labels and policies to protect your data.” Microsoft Build, April 2022. Accessed 3 April 2022.

M., Peter. "Guide: The difference between Microsoft Backup and Retention." AvePoint Blog, 9 Oct. 2021. Accessed 4 April 2022.

Meyer, Guillaume. “Sensitivity Labels: What They Are, Why You Need Them, and How to Apply Them.” nBold, 6 October 2021. Accessed 2 April 2022.

“Microsoft 365 guidance for security & compliance.” Microsoft, 27 April 2022. Accessed 28 April 2022.

“Microsoft Purview compliance portal.” Microsoft, 19 April 2022. Accessed 22 April 2022.

“Microsoft Purview compliance documentation.” Microsoft, n.d. Accessed 22 April 2022.

“Microsoft Trust Center: Products and services that run on trust.” Microsoft, 2022. Accessed 3 April 2022.

“Protect your sensitive data with Microsoft Purview.” Microsoft Build, April 2022. Accessed 3 April 2022.

Zimmergren, Tobias. “4 steps to successful cloud governance in Office 365.” Rencore, 9 Sept. 2021. Accessed 5 April 2022.

Develop a Web Experience Management Strategy

  • Buy Link or Shortcode: {j2store}555|cart{/j2store}
  • member rating overall impact: N/A
  • member rating average dollars saved: N/A
  • member rating average days saved: N/A
  • Parent Category Name: Marketing Solutions
  • Parent Category Link: /marketing-solutions
  • Web Experience Management (WEM) solutions have emerged as applications that provide marketers and other customer experience professionals with a complete set of tools for web content management, delivery, campaign execution, and site analytics.
  • However, many organizations are unsure of how to leverage these new technologies to enhance their customer interaction strategy.

Our Advice

Critical Insight

  • WEM products are not a one-size-fits-all investment: unique evaluations and customization is required in order to deploy a solution that fits your organization.
  • WEM technology often complements core CRM and marketing management products – it does not supplant it, and must augment the rest of your customer experience management portfolio.
  • WEM provides benefits by giving web visitors a better experience – leveraging tools such as web analytics gives the customer a tailored experience. Marketing can then monitor their behavior and use this information to warm leads.

Impact and Result

  • Deploy a WEM platform and execute initiatives that will strengthen the web-facing customer experience, improving customer satisfaction and unlocking new revenue opportunities.
  • Avoid making unnecessary new WEM investments.
  • Make informed decisions about the types of technologies and initiatives that are necessary to support WEM.

Develop a Web Experience Management Strategy Research & Tools

Start here – read the Executive Brief

Read our concise Executive Brief to find out why you should develop a WEM strategy, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

Besides the small introduction, subscribers and consulting clients within this management domain have access to:

1. Harness the value of web experience management

Make the case for a web experience management suite and structure the WEM strategy project.

  • Develop a Web Experience Management Strategy Phase 1: Harness the Value of Web Experience Management
  • Web Experience Management Strategy Summary Template
  • WEM Project Charter Template

2. Create the vision for web experience management

Identify the target state WEM strategy, assess current state, and identify gaps.

  • Develop a Web Experience Management Strategy Phase 2: Create the Vision for Web Experience Management

3. Execute initiatives for WEM deployment

Build the WEM technology stack and create a web strategy initiatives roadmap.

  • Develop a Web Experience Management Strategy Phase 3: Execute Initiatives for WEM Deployment
  • Web Process Automation Investment Appropriateness Assessment Tool
[infographic]

Workshop: Develop a Web Experience Management Strategy

Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

1 Launch the WEM Selection Project

The Purpose

Discuss the general project overview for the WEM selection.

Key Benefits Achieved

Launch of your WEM selection project.

Development of your organization’s WEM requirements. 

Activities

1.1 Facilitation of activities from the Launch the WEM Project and Collect Requirements phase, including project scoping and resource planning.

1.2 Conduct overview of the WEM market landscape, trends, and vendors.

1.3 Conduct process mapping for selected marketing processes.

1.4 Interview business stakeholders.

1.5 Prioritize WEM functional requirements.

Outputs

WEM Procurement Project Charter

WEM Use-Case Fit Assessment

2 Plan the Procurement and Implementation Process

The Purpose

Plan the procurement and the implementation of the WEM solution.

Key Benefits Achieved

Selection of a WEM solution.

A plan for implementing the selected WEM solution. 

Activities

2.1 Complete marketing process mapping with business stakeholders.

2.2 Interview IT staff and project team, identify technical requirements for the WEM suite, and document high-level solution requirements.

2.3 Perform a use-case scenario assessment, review use-case scenario results, identify use-case alignment, and review the WEM Vendor Landscape vendor profiles and performance.

2.4 Create a custom vendor shortlist and investigate additional vendors for exploration in the marketplace.

2.5 Meet with project manager to discuss results and action items.

Outputs

Vendor Shortlist

WEM RFP

Vendor Evaluations

Selection of a WEM Solution

WEM projected work break-down

Implementation plan

Framework for WEM deployment and CRM/Marketing Management Suite Integration

Extend Agile Practices Beyond IT

  • Buy Link or Shortcode: {j2store}175|cart{/j2store}
  • member rating overall impact: N/A
  • member rating average dollars saved: N/A
  • member rating average days saved: N/A
  • Parent Category Name: Architecture & Strategy
  • Parent Category Link: /architecture-and-strategy
  • Your organization has started to realize benefits from adopting Agile principles and practices. However, these advances are contained within your IT organization.
  • You are seeking to extend Agile development beyond IT into other areas of the organization. You are looking for a coordinated approach aligned to business priorities.

Our Advice

Critical Insight

  • Not all lessons from scaling Agile to IT are transferable. IT Agile scaling processes are tailored to IT’s scope, team, and tools, which may not account for diverse attributes within your organization.
  • Control may be necessary for coordination. With increased time-to-value, enforcing consistent cadences, reporting, and communication is a must if teams are not disciplined or lack good governance.
  • Extend Agile in departments tolerant to change. Incrementally roll out Agile in departments where its principles are accepted (e.g. a culture that embraces failures as lessons).

Impact and Result

  • Complete an assessment of your prior efforts to scale Agile across IT to gauge successful, consistent adoption. Identify the business objectives and the group drivers that are motivating the extension of Agile to the business.
  • Understand the challenges that you may face when extending Agile to business partners. Investigate the root causes of existing issues that can derail your efforts.
  • Ideate solutions to your scaling challenges and envision a target state for your growing Agile environment. Your target state should realize new opportunities to drive more business value and eliminate current activities driving down productivity.
  • Coordinate the implementation and execution of your scaling Agile initiatives with an implementation action plan. This collaborative document will lay out the process, roles, goals, and objectives needed to successfully manage your Agile environment.

Extend Agile Practices Beyond IT Research & Tools

Start here – read the Executive Brief

Read our concise Executive Brief to find out why you should extend Agile practices to improve product delivery, review Info-Tech’s methodology, and understand the ways we can support you in completing this project.

Besides the small introduction, subscribers and consulting clients within this management domain have access to:

1. Assess your readiness to scale agile vertically

Assess your readiness to scale Agile vertically by identifying and mitigating potential Agile maturity gaps remaining after scaling Agile across your IT organization.

  • Extend Agile Practices Beyond IT – Phase 1: Assess Your Readiness to Scale Agile Vertically
  • Agile Maturity Assessment Tool

2. Establish an enterprise scaled agile framework

Complete an overview of various scaled Agile models to help you develop your own customized delivery framework.

  • Extend Agile Practices Beyond IT – Phase 2: Establish an Enterprise Scaled Agile Framework
  • Framework Selection Tool

3. Create your implementation action plan

Determine the effort and steps required to implement your extended delivery framework.

  • Extend Agile Practices Beyond IT – Phase 3: Create Your Implementation Action Plan
[infographic]

Workshop: Extend Agile Practices Beyond IT

Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

1 Assess Current State of Agile Maturity

The Purpose

Assess your readiness to scale Agile vertically.

Identify and mitigate potential Agile maturity gaps remaining after scaling Agile across your IT organization.

Key Benefits Achieved

IT Agile maturity gaps identified and mitigated to ensure successful extension of Agile to the business

Activities

1.1 Characterize your Agile implementation using the CLAIM model.

1.2 Assess the maturity of your Agile teams and organization.

Outputs

Maturity gaps identified with mitigation requirements

2 Establish an Enterprise Scaled Agile Framework

The Purpose

Complete a review of scaled Agile models to help you develop your own customized delivery framework.

Key Benefits Achieved

A customized Agile delivery framework

Activities

2.1 Explore various scaled frameworks.

2.2 Select an appropriate scaled framework for your enterprise.

2.3 Define the future state of your team and the communication structure of your functional business group.

Outputs

Blended framework delivery model

Identification of team and communication structure impacts resulting from the new framework

3 Create Your Implementation Action Plan

The Purpose

Create your implementation action plan for the new Agile delivery framework.

Key Benefits Achieved

A clearly defined action plan

Activities

3.1 Define your value drivers.

3.2 Brainstorm the initiatives that must be completed to achieve your target state.

3.3 Estimate the effort of your Agile initiatives.

3.4 Define your Agile implementation action plan.

Outputs

List of target state initiatives

Estimation of effort to achieve target state

An implementation action plan

Map Technical Skills for a Changing Infrastructure & Operations Organization

  • Buy Link or Shortcode: {j2store}333|cart{/j2store}
  • member rating overall impact: 10.0/10 Overall Impact
  • member rating average dollars saved: 5 Average Days Saved
  • member rating average days saved: After each Info-Tech experience, we ask our members to quantify the real-time savings, monetary impact, and project improvements our research helped them achieve.
  • Parent Category Name: Strategy and Organizational Design
  • Parent Category Link: /strategy-and-organizational-design
  • Infrastructure & Operations is changing rapidly. It’s a constant challenge to find the right skills to support the next new technology while at the same time maintaining the skills in house that allow you to support your existing platforms.
  • A lack of clarity around required skills makes finding the right skills difficult, and it’s not clear whether you should train, hire, contract, or outsource to address gaps.
  • You need to keep up with changes and new strategy while continuing to support your existing environment.

Our Advice

Critical Insight

  • Take a strategic approach to acquiring skills – looking only as far as the needs of the next project will lead to a constant skills shortage with no plan for it to be addressed.
  • Begin by identifying your future state. Identify needed skills in the organization to support planned projects and initiatives, and to mitigate skills-related risks.

Impact and Result

  • Leverage your infrastructure roadmap and cloud strategy to identify needed skills in your future state environment.
  • Decide how you’ll acquire needed skills based on the characteristics of need for each skill.
  • Communicate the change and create a plan of action for the skills transformation.

Map Technical Skills for a Changing Infrastructure & Operations Organization Research & Tools

Start here – read the Executive Brief

Read our concise Executive Brief to find out why you should map technical skills for a changing Infrastructure & Operations organization, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

Besides the small introduction, subscribers and consulting clients within this management domain have access to:

1. Identify skills needs for the future state environment

Identify what skills are needed based on where the organization is going.

  • Map Technical Skills for a Changing Infrastructure & Operations Organization – Phase 1: Identify Skills Needs for Your Future State Environment
  • Future State Playbook
  • IT/Cloud Solutions Architect
  • IT/Cloud Engineer
  • IT/Cloud Administrator
  • IT/Cloud Demand Billing & Accounting Analyst

2. Acquire needed skills

Ground skills acquisition decisions in the characteristics of need.

  • Map Technical Skills for a Changing Infrastructure & Operations Organization – Phase 2: Acquire Needed Skills
  • Technical Skills Map

3. Maximize the value of the skills map

Get stakeholder buy-in; leverage the skills map in other processes.

  • Map Technical Skills for a Changing Infrastructure & Operations Organization – Phase 3: Maximize the Value of Your Skills Map
  • Technical Skills Map Communication Deck Template
[infographic]

Workshop: Map Technical Skills for a Changing Infrastructure & Operations Organization

Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

1 Review Initiatives and Skills-Related Risks

The Purpose

Identify process and skills changes required by the future state of your environment.

Key Benefits Achieved

Set foundation for alignment between strategy-defined technology initiatives and needed skills.

Activities

1.1 Review the list of initiatives and projects with the group.

1.2 Identify how key support, operational, and deployment processes will change through planned initiatives.

1.3 Identify skills-related risks and pain points.

Outputs

Future State Playbook

2 Identify Needed Skills and Roles

The Purpose

Identify process and skills changes required by the future state of your environment.

Key Benefits Achieved

Set foundation for alignment between strategy-defined technology initiatives and needed skills.

Activities

2.1 Identify skills required to support the new environment.

2.2 Map required skills to roles.

Outputs

IT/Cloud Architect Role Description

IT/Cloud Engineer Role Description

IT/Cloud Administrator Role Description

3 Create a Plan to Acquire Needed Skills

The Purpose

Create a skills acquisition strategy based on the characteristics of need.

Key Benefits Achieved

Optimal skills acquisition strategy defined.

Activities

3.1 Modify impact scoring scale for key skills decision factors.

3.2 Apply impact scoring scales to needed skills

3.3 Decide whether to train, hire, contract, or outsource to acquire needed skills.

Outputs

Technical Skills Map

4 Develop a Communication Plan

The Purpose

Create an effective communication plan for different stakeholders across the organization.

Identify opportunities to leverage the skills map elsewhere.

Key Benefits Achieved

Create a concise, clear, consistent, and relevant change message for stakeholders across the organization.

Activities

4.1 Review skills decisions and decide how you will acquire skills in each role.

4.2 Update roles descriptions.

4.3 Create a change message.

4.4 Identify opportunities to leverage the skills map in other processes.

Outputs

Technical Skills Map Communication Deck

Execute an Emergency Remote Work Plan

  • Buy Link or Shortcode: {j2store}421|cart{/j2store}
  • member rating overall impact: N/A
  • member rating average dollars saved: N/A
  • member rating average days saved: N/A
  • Parent Category Name: DR and Business Continuity
  • Parent Category Link: /business-continuity
  • Many organizations do not have developed plans for how to turn on-premises employees into remote workers in an emergency.
  • In an emergency situation, such as a pandemic, sending employees home to work remotely without time to prepare presents daunting challenges, such as trying to comprehend and prioritize the myriad of tasks that need accomplishing for human resources, the business, and IT in a VUCA (volatile, uncertain, complex, and ambiguous) world.
  • Security issues may arise from employees not used to working remotely. Indeed, employees sent home to work remotely in an emergency may not have been eligible otherwise. This creates security risks, including the proliferation of shadow IT.

Our Advice

Critical Insight

  • The emergency will restructure the business: make sure it’s done right. While your organization may need quick fixes for day one of an emergency remote work plan, these are not viable long-term solutions. The emergency will vividly reinforce to the business side that more resources need to be directed to IT to enable strong business continuity and employee safety. Make sure the right plan is put in place during the crucial first weeks. The next emergency is just around the corner.
  • Prioritize key business processes. Before getting into the details of a work from home policy, identify which crucial business processes need to continue for the company to survive. Build the remote work policy around supporting those workflows.
  • Where the “carrot” is not possible, emergencies may require the “stick.” To ensure secure endpoints and prevent proliferation of shadow IT, you may need to enforce certain rules through policy. However, disenfranchising employees is not a long-term solution: once the emergency subsides, use this basis to explore end-user requirements properly and ensure employee-driven adoption plans. Where possible, for this latter scenario, always use the carrot.

Impact and Result

  • A prioritized plan for IT processes through Info-Tech’s cascading responsibility checklists for emergency remote work.
  • A codified emergency remote work policy document to better prepare for future emergencies.

Execute an Emergency Remote Work Plan Research & Tools

Start here

Read our concise Executive Brief for why you need prioritized emergency remote work checklists and an accompanying policy document and review Info-Tech’s methodology.

Besides the small introduction, subscribers and consulting clients within this management domain have access to:

  • Execute an Emergency Remote Work Plan Storyboard

1. Day one preparations

Prioritize key action items on day one of sending your employees home to remotely work during an emergency.

  • Emergency Remote Work Plan Checklists
  • Home Office Survey
  • Checklist for Securing Remote Workers
  • None
  • Remote Access Policy
  • Equipment Loan Policy
  • None
  • Develop a Security Awareness and Training Program That Empowers End Users – Phases 1-2
  • Remote Work Assignment Log
  • Wiki Collection for Collaboration Tools
  • Pandemic Preparation: The People Playbook

2. One-to-two weeks preparations

Address key action items in the one-to-two weeks following an emergency that forced your employees to work remotely.

  • None

3. Codify an emergency remote work policy

Turn your emergency remote work checklists into policy.

  • Emergency Remote Work Policy
  • Execute an Emergency Remote Work Plan Executive Presentation
[infographic]

Audit the Project Portfolio

  • Buy Link or Shortcode: {j2store}442|cart{/j2store}
  • member rating overall impact: N/A
  • member rating average dollars saved: N/A
  • member rating average days saved: N/A
  • Parent Category Name: Portfolio Management
  • Parent Category Link: /portfolio-management
  • As a CIO you know you should audit your portfolio, but you don’t know where to start.
  • There is a lack of portfolio and project visibility.
  • Projects are out of scope, over budget, and over schedule.

Our Advice

Critical Insight

  • Organizations establish processes and assume people are following them.
  • There is a dilution of practices from external influences and rapid turnover rates.
  • Many organizations build their processes around existing frameworks. These frameworks are great resources but they’re often missing context and clear links to tools, templates, and fiduciary duty.

Impact and Result

  • The best way to get insight into your current state is to get an objective set of observations of your processes.
  • Use Info-Tech’s framework to audit your portfolios and projects:
    • Triage at a high level to assess the need for an audit by using the Audit Standard Triage Tool to assess your current state and the importance of conducting a deeper audit.
    • Complete Info-Tech’s Project Portfolio Audit Tool:
      • Validate the inputs.
      • Analyze the data.
      • Review the findings and create your action plan.

Audit the Project Portfolio Research & Tools

Start here – read the Executive Brief

Read our concise Executive Brief to find out why you should audit the project portfolio, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

Besides the small introduction, subscribers and consulting clients within this management domain have access to:

1. Assess readiness

Understand your current state and determine the need for a deeper audit.

  • Audit the Project Portfolio – Phase 1: Assess Readiness
  • Info-Tech Audit Standard for Project Portfolio Management
  • Audit Glossary of Terms
  • Audit Standard Triage Tool

2. Perform project portfolio audit

Audit your selected projects and portfolios. Understand the gaps in portfolio practices.

  • Audit the Project Portfolio – Phase 2: Perform Project Portfolio Audit
  • Project Portfolio Audit Tool

3. Establish a plan

Document the steps you are going to take to address any issues that were uncovered in phase 2.

  • Audit the Project Portfolio – Phase 3: Establish a Plan
  • PPM Audit Timeline Template
[infographic]

Workshop: Audit the Project Portfolio

Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

1 Portfolio Audit

The Purpose

An audit of your portfolio management practices.

Key Benefits Achieved

Analysis of audit results.

Activities

1.1 Info-Tech’s Audit Standard/Engagement Context

1.2 Portfolio Audit

1.3 Input Validation

1.4 Portfolio Audit Analysis

1.5 Start/Stop/Continue

Outputs

Audit Standard and Audit Glossary of Terms

Portfolio and Project Audit Tool

Start/Stop/Continue

2 Project Audit

The Purpose

An audit of your project management practices.

Key Benefits Achieved

Analysis of audit results.

Activities

2.1 Project Audit

2.2 Input Validation

2.3 Project Audit Analysis

2.4 Start/Stop/Continue

Outputs

Portfolio and Project Audit Tool

Start/Stop/Continue

3 Action Plan

The Purpose

Create a plan to start addressing any vulnerabilities.

Key Benefits Achieved

A plan to move forward.

Activities

3.1 Action Plan

3.2 Key Takeaways

Outputs

Audit Timeline Template

Estimate Software Delivery With Confidence

  • Buy Link or Shortcode: {j2store}147|cart{/j2store}
  • member rating overall impact: 10.0/10 Overall Impact
  • member rating average dollars saved: $50,000 Average $ Saved
  • member rating average days saved: 20 Average Days Saved
  • Parent Category Name: Development
  • Parent Category Link: /development
  • Estimation and planning practices set and reinforce the expectations of product delivery, which is a key driver of IT satisfaction.
  • However, today’s rapidly scaling and increasingly complex products and business needs create mounting pressure for teams to make accurate estimates with little knowledge of the problem or solution to it, risking poor-quality products.
  • Many organizations lack the critical foundations involved in making acceptable estimates in collaboration with the various perspectives and estimation stakeholders.

Our Advice

Critical Insight

  • Estimation reflects your culture and operating model. The accuracy of your estimates is dependent on the roles involved, which is not encouraged in traditional and top-down methodologies. Stakeholders must respect and support the team’s estimates.
  • Estimates support value delivery. IT satisfaction is driven by the delivery of valuable products and services. Estimates set the appropriate stakeholder expectations to ensure successful delivery and make the right decisions.
  • Estimates are more than just guesses. They are tools used to make critical business, product, and technical decisions and inform how to best utilize resources and funding.

Impact and Result

  • Establish the right expectations. Gain a grounded understanding of estimation value and limitations. Discuss estimation challenges to determine if poor practices and tactics are the root causes or symptoms.
  • Strengthen analysis and estimation practices. Obtain a thorough view of the product backlog item (PBI) through good analysis tactics. Incorporate multiple analysis and estimation tactics to verify and validate assumptions.
  • Incorporate estimates into your delivery lifecycle. Review and benchmark estimates, and update expectations as more is learned.

Estimate Software Delivery With Confidence Research & Tools

Start here – read the Executive Brief

Read our concise Executive Brief to find out why you should optimize your estimation practice, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

Besides the small introduction, subscribers and consulting clients within this management domain have access to:

1. Justify estimation optimization

Set the right stakeholder expectations for your delivery estimates and plans.

  • Estimate Software Delivery With Confidence – Phase 1: Justify Estimation Optimization
  • Estimation Quick Reference Template

2. Commit to achievable delivery

Adopt the analysis, estimation, commitment, and communication tactics to successfully develop your delivery plan.

  • Estimate Software Delivery With Confidence – Phase 2: Commit to Achievable Delivery

3. Mature your estimation practice

Build your estimation optimization roadmap.

  • Estimate Software Delivery With Confidence – Phase 3: Mature Your Estimation Practice
[infographic]

Workshop: Estimate Software Delivery With Confidence

Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

1 Set the Context

The Purpose

Discuss the decisions that estimates will help make.

Level set estimation expectations by clarifying what they can and cannot do.

Review the current state of your estimation practice.

Key Benefits Achieved

Grounded understanding of estimation that is accepted by all audiences and stakeholders.

Identification of whether estimation practices are the root cause of estimation challenges or a symptom of a different issue.

Activities

1.1 Define estimation expectations.

1.2 Reveal your root cause challenges.

Outputs

Estimation expectations

Root causes of estimation challenges

2 Build Your Estimation Practice

The Purpose

Discuss the estimation and planning practices used in the industry.

Define the appropriate tactics to use to make key business and delivery decisions.

Simulate the tactics to verify and validate their fit with your teams.

Key Benefits Achieved

Knowledge of good practices that can improve the effectiveness of your estimates and plans.

Practice using new tactics.

Activities

2.1 Ground estimation fundamentals.

2.2 Strengthen your analysis tactics.

2.3 Strengthen your estimation tactics.

2.4 Commit and communicate delivery.

2.5 Simulate your target state planning and estimation tactics.

Outputs

Estimation glossary and guiding principles

Defined analysis tactics

Defined estimation and consensus-building tactics

Defined commitment and communication tactics

Lessons learned

3 Define Your Optimization Roadmap

The Purpose

Review the scope and achievability of your improved estimation and planning practice.

Key Benefits Achieved

Realistic and achievable estimation optimization roadmap.

Activities

3.1 Mature your estimation practice.

Outputs

Estimation optimization roadmap

Build a Data Warehouse

  • Buy Link or Shortcode: {j2store}200|cart{/j2store}
  • member rating overall impact: 8.7/10 Overall Impact
  • member rating average dollars saved: $94,499 Average $ Saved
  • member rating average days saved: 30 Average Days Saved
  • Parent Category Name: Big Data
  • Parent Category Link: /big-data
  • Relational data warehouses, although reliable, centralized repositories for corporate data, were not built to handle the speed and volume of data and analytics today.
  • IT is under immense pressure from business units to provide technology that will yield greater agility and insight.
  • While some organizations are benefitting from modernization technologies, the majority of IT departments are unfamiliar with the technologies and have not yet defined clear use cases.

Our Advice

Critical Insight

  • The vast majority of your corporate data is not being properly leveraged. Modernize the data warehouse to get value from the 80% of unstructured data that goes unused.
  • Avoid rip and replace. Develop a future state that complements your existing data warehouse with emerging technologies.
  • Be flexible in your roadmap. Create an implementation roadmap that’s incremental and adapts to changing business priorities.

Impact and Result

  • Establish both the business and IT perspectives of today’s data warehouse environment.
  • Explore the art-of-the-possible. Don’t get stuck trying to gather technical requirements from business users who don’t know what they don’t know. Use Info-Tech’s interview guide to discuss the pains of the current environment, and more importantly, where stakeholders want to be in the future.
  • Build an internal knowledgebase with respect to emerging technologies. The technology landscape is constantly shifting and often difficult for IT staff to keep track of. Use Info-Tech’s Data Warehouse Modernization Technology Education Deck to ensure that IT is able to appropriately match the right tools to the business’ use cases.
  • Create a compelling business case to secure investment and support.

Build a Data Warehouse Research & Tools

Start here – read the Executive Brief

Read our concise Executive Brief to find out why you should be looking to modernize the relational data warehouse, review Info-Tech’s framework for identifying modernization opportunities, and understand the four ways we can support you in completing this project.

Besides the small introduction, subscribers and consulting clients within this management domain have access to:

1. Assess the current data warehouse environment

Review the business’ perception and architecture of the current data warehouse environment.

  • Drive Business Innovation With a Modernized Data Warehouse Environment – Phase 1: Assess the Current Data Warehouse Environment
  • Data Warehouse Maturity Assessment Tool

2. Define modernization drivers

Collaborate with business users to identify the strongest motivations for data warehouse modernization.

  • Drive Business Innovation With a Modernized Data Warehouse Environment – Phase 2: Define Modernization Drivers
  • Data Warehouse Modernization Stakeholder Interview Guide
  • Data Warehouse Modernization Technology Education Deck
  • Data Warehouse Modernization Initiative Building Tool

3. Create the modernization future state

Combine business ideas with modernization initiatives and create a roadmap.

  • Drive Business Innovation With a Modernized Data Warehouse Environment – Phase 3: Create the Modernization Future State
  • Data Warehouse Modernization Technology Architectural Template
  • Data Warehouse Modernization Deployment Plan
[infographic]

Workshop: Build a Data Warehouse

Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

1 Assess the Current Data Warehouse Environment

The Purpose

Discuss the general project overview for data warehouse modernization.

Establish the business and IT perspectives of the current state.

Key Benefits Achieved

Holistic understanding of the current data warehouse.

Business user engagement from the start of the project.

Activities

1.1 Review data warehouse project history.

1.2 Evaluate data warehouse maturity.

1.3 Draw architecture diagrams.

1.4 Review supporting data management practices.

Outputs

Data warehouse maturity assessment

Data architecture diagrams

2 Explore Business Opportunities

The Purpose

Conduct a user workshop session to elicit the most pressing needs of business stakeholders.

Key Benefits Achieved

Modernization technology selection is directly informed by business drivers.

In-depth IT understanding of the business pains and opportunities.

Activities

2.1 Review general trends and drivers in your industry.

2.2 Identify primary business frustrations, opportunities, and risks.

2.3 Identify business processes to target for modernization.

2.4 Capture business ideas for the future state.

Outputs

Business ideas for modernization

Defined strategic direction for data warehouse modernization

3 Review the Technology Landscape

The Purpose

Educate IT staff on the most common technologies for data warehouse modernization.

Key Benefits Achieved

Improved ability for IT to match technology with business ideas.

Activities

3.1 Appoint Modernization Advisors.

3.2 Hold an open education and discussion forum for modernization technologies.

Outputs

Modernization Advisors identified

Modernization technology education deck

4 Define Modernization Solutions

The Purpose

Consolidate business ideas into modernization initiatives.

Key Benefits Achieved

Refinement of the strategic direction for data warehouse modernization.

Activities

4.1 Match business ideas to technology solutions.

4.2 Group similar ideas to create modernization initiatives.

4.3 Create future-state architecture diagrams.

Outputs

Identified strategic direction for data warehouse modernization

Defined modernization initiatives

Future-state architecture for data warehouse

5 Establish a Modernization Roadmap

The Purpose

Validate and build out initiatives with business users.

Define benefits and costs to establish ROI.

Identify enablers and barriers to modernization.

Key Benefits Achieved

Completion of materials for a compelling business case and roadmap.

Activities

5.1 Validate use cases with business users.

5.2 Define initiative benefits.

5.3 Identify enablers and barriers to modernization.

5.4 Define preliminary activities for initiatives.

5.5 Evaluate initiative costs.

5.6 Determine overall ROI.

Outputs

Validated modernization initiatives

Data warehouse modernization roadmap

Develop a Security Awareness and Training Program That Empowers End Users

  • Buy Link or Shortcode: {j2store}370|cart{/j2store}
  • member rating overall impact: 9.4/10 Overall Impact
  • member rating average dollars saved: $12,075 Average $ Saved
  • member rating average days saved: 11 Average Days Saved
  • Parent Category Name: Security Strategy & Budgeting
  • Parent Category Link: /security-strategy-and-budgeting
  • The fast evolution of the cybersecurity landscape requires security training and awareness programs that are frequently updated and improved.
  • Security and awareness training programs often fail to engage end users. Lack of engagement can lead to low levels of knowledge retention.
  • Irrelevant or outdated training content does not properly prepare your end users to effectively defend the organization against security threats.

Our Advice

Critical Insight

  • One-time, annual training is no longer sufficient for creating an effective security awareness and training program.
  • By presenting security as a personal and individualized issue, you can make this new personal focus a driver for your organizational security awareness and training program.

Impact and Result

  • Create a training program that delivers smaller amounts of information on a more frequent basis to minimize effort, reduce end-user training fatigue, and improve content relevance.
  • Evaluate and improve your security awareness and training program continuously to keep its content up-to-date. Leverage end-user feedback to ensure content remains relevant to those who receive it.

Develop a Security Awareness and Training Program That Empowers End Users Research & Tools

Start here – read the Executive Brief

Read our concise Executive Brief to find out why you should develop a security awareness and training program that empowers end users, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

Besides the small introduction, subscribers and consulting clients within this management domain have access to:

1. Develop your training program

Create or mature a security awareness and training program that is tailored to your organization.

  • Develop a Security Awareness and Training Program That Empowers End Users – Phase 1: Develop Your Training Program
  • Security Awareness and Training Program Development Tool
  • End-User Security Job Description Template
  • Training Materials – Physical Computer Security
  • Training Materials – Cyber Attacks
  • Training Materials – Incident Response
  • Training Materials – Mobile Security
  • Training Materials – Passwords
  • Training Materials – Phishing
  • Training Materials – Social Engineering
  • Training Materials – Web Usage
  • Security Awareness and Training Vendor Evaluation Tool
  • Security Awareness and Training Metrics Tool
  • End-User Security Knowledge Test Template
  • Security Training Campaign Development Tool

2. Design an effective training delivery plan

Explore methods of training delivery and select the most effective solutions.

  • Develop a Security Awareness and Training Program That Empowers End Users – Phase 2: Design an Effective Training Delivery Plan
  • Information Security Awareness and Training Policy
  • Security Awareness and Training Gamification Guide
  • Mock Spear Phishing Email Examples
  • Security Training Email Templates
  • Security Awareness and Training Module Builder and Training Schedule
  • Security Training Campaign Development Tool
  • Security Training Program Manual
  • Security Awareness and Training Feedback Template
  • Security Awareness Month Week 1: Staying in Touch
  • Security Awareness Month Week 2: Sharing Special Moments
  • Security Awareness Month Week 3: Working and Networking
  • Security Awareness Month Week 4: Families and Businesses
[infographic]

Workshop: Develop a Security Awareness and Training Program That Empowers End Users

Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

1 Outline the Plan for Long-term Program Improvement

The Purpose

Identify the maturity level of the existing security awareness and training program and set development goals.

Establish program milestones and outline key initiatives for program development.

Identify metrics to measure program effectiveness.

Key Benefits Achieved

Identified the gaps between the current maturity level of the security awareness and training program and future target states.

Activities

1.1 Create a program development plan.

1.2 Investigate and select metrics to measure program effectiveness.

1.3 Execute some low-hanging fruit initiatives for collecting metrics: e.g. create a knowledge test, feedback survey, or gamification guide.

Outputs

Customized development plan for program.

Tool for tracking metrics.

Customized knowledge quiz ready for distribution.

Customized feedback survey for training.

Gamification program outline.

2 Identify and Assess Audience Groups and Security Training Topics

The Purpose

Determine the unique audience groups within your organization and evaluate their risks and vulnerabilities.

Prioritize training topics and audience groups to effectively streamline program development.

Key Benefits Achieved

Created a comprehensive list of unique audience groups and the corresponding security training that each group should receive.

Determined priority ratings for both audience groups and the security topics to be delivered.

Activities

2.1 Identify the unique audience groups within your organization and the threats they face.

2.2 Determine the priority levels of the current security topics.

2.3 Review audience groups and determine which topics need to be delivered to each group.

Outputs

Risk profile for each identified audience group.

Priority scores for all training topics.

List of relevant security topics for each identified audience group.

3 Plan the Training Delivery

The Purpose

Identify all feasible delivery channels for security training within your organization.

Build a vendor evaluation tool and shortlist or harvest materials for in-house content creation.

Key Benefits Achieved

List of all potential delivery mechanisms for security awareness and training.

Built a vendor evaluation tool and discussed a vendor shortlist.

Harvested a collection of free online materials for in-house training development.

Activities

3.1 Discuss potential delivery mechanisms for training, including the purchase and use of a vendor.

3.2 If selecting a vendor, review vendor selection criteria and discuss potential vendor options.

3.3 If creating content in-house, review and select available resources on the web.

Outputs

List of available delivery mechanisms for training.

Vendor assessment tool and shortlist.

Customized security training presentations.

4 Create a Training Schedule for Content Deployment

The Purpose

Create a plan for deploying a pilot program to gather valuable feedback.

Create an ongoing training schedule.

Define the end users’ responsibilities towards security within the organization.

Key Benefits Achieved

Created a plan to deploy a pilot program.

Created a schedule for training deployment.

Defined role of end users in helping protect the organization against security threats.

Activities

4.1 Build training modules.

4.2 Create an ongoing training schedule.

4.3 Define and document your end users’ responsibilities towards their security.

Outputs

Documented modular structure to training content.

Training schedule.

Security job description template.

End-user training policy.

IT Risk management

  • Buy Link or Shortcode: {j2store}40|cart{/j2store}
  • Related Products: {j2store}40|crosssells{/j2store}
  • member rating overall impact: N/A
  • member rating average dollars saved: N/A
  • member rating average days saved: N/A
  • Parent Category Name: Security and Risk
  • Parent Category Link: /security-and-risk
Mitigation is about balance: take a cost-focused approach to risk management.

Build an IT Succession Plan

  • Buy Link or Shortcode: {j2store}476|cart{/j2store}
  • member rating overall impact: 9.0/10 Overall Impact
  • member rating average dollars saved: $338,474 Average $ Saved
  • member rating average days saved: 17 Average Days Saved
  • Parent Category Name: Lead
  • Parent Category Link: /lead
  • Pending retirements in key roles create workforce risks and potentially impact business continuity.
  • Fifty-six percent of organizations have not engaged in succession planning, so they haven’t identified at-risk key roles or successors for those roles.

Our Advice

Critical Insight

  • Just under 60% of organizations haven't tackled succession planning.
  • This means that three out of five organizations don’t know what skills they need for the future or what their key roles truly are. They also haven’t identified at-risk key roles or successors for those roles.
  • In addition, 74% of organizations have no formal process for facilitating knowledge transfer between individuals, so knowledge will be lost.

Impact and Result

  • Info-Tech's Key Roles Succession Planning Tool will help you assess key role incumbent risk factors as well as identify potential successors and their readiness. Pay particular attention to those employees in key roles that are nearing retirement, and flag them as high risk.
  • Plan for the transfer of critical knowledge held by key role incumbents. Managers and HR leaders see significant tacit knowledge gaps in younger workers; prioritize tacit knowledge in your transfer plan and leverage multiple transfer methods.
  • Explore alternative work arrangements to ensure sufficient time to prepare successors. A key role incumbent must be available to complete knowledge transfer.
  • Define formal transition plans for all employees in at-risk key roles and their successors by leveraging your workforce and succession planning outputs, knowledge transfer strategy, and selected alternative work arrangements.

Build an IT Succession Plan Research & Tools

Besides the small introduction, subscribers and consulting clients within this management domain have access to:

1. Build an IT Succession Plan Deck – A step-by-step document that walks you through how to future-proof your IT team.

Protect your team and organization from losses associated with departure of people from key roles. This blueprint will help you build an IT succession plan to ensure critical knowledge doesn’t walk out the door and continuity of business when people in key roles leave.

  • Build an IT Succession Plan Storyboard

2. Critical Role Identifier – A tool to help you determine which roles are most critical to the success of your team.

The purpose of this tool is to help facilitate a conversation around critical roles.

  • Critical Role Identifier

3. Key Role Succession Planning Template – A tool that walks you through reviewing your talent, succession planning, and determining successor readiness.

This tool will help IT leaders work through key steps in succession development for each employee in the team, and present summaries of the findings for easy reference and defensibility.

  • Key Roles Succession Planning Tool

4. Role Profile Template – A template that helps you outline the minimum requirements for each critical role addressed in succession planning.

This template is a guide and the categories can be customized to your organization.

  • Role Profile Template

5. Individual Talent Profile Template – A template to assess an employee against the role profiles of critical roles.

This profile provides the basis for evidence-based comparison of talent in talent calibration sessions.

  • Individual Talent Profile Template

6. Role Transition Plan Template – A template to help you plan to implement knowledge transfer and alternative work arrangements.

As one person exits a role and a successor takes over, a clear checklist-based plan will help ensure a smooth transition.

  • Role Transition Plan Template
[infographic]

Further reading

INFO~TECH RESEARCH GROUP

Build an IT Succession Plan

Future-proof your IT team.


Build an IT Succession Plan

Future-proof your IT team.

EXECUTIVE BRIEF

Executive Summary

Your Challenge

Most organizations are unprepared for the loss of employees who hold key roles.

  • The departure of employees in key roles results in the loss of valuable knowledge, core business relationships, and profits.
  • Pending retirements in key roles create workforce risks and potentially impact business continuity.

Planning and executing on key role transition can take years. CIOs should prepare now to mitigate the risk of loss later.

Common Obstacles
  • The number of organizations which have not engaged in succession planning is 56%; they haven’t identified at-risk key roles, or successors for those roles.
  • Analyzing key roles at the incumbent and successor level introduces real-life, individual-focused factors that have a major impact on role-related risk.
Info-Tech’s Approach
  • Plan for the transfer of critical knowledge held by key role incumbents.
  • Explore alternative work arrangements to ensure sufficient time to prepare successors.
  • Define formal transition plans for all employees in at-risk key roles and their successors.

Info-Tech Insight

Losing employees in key roles without adequate preparation hinders productivity, knowledge retention, relationships, and opportunities. Implement scalable succession planning to mitigate the risks.

Most organizations are unprepared for the loss of employees who hold key roles

Due to the atmosphere of uncertainty.

Not only do they not have the right processes in place, but they are also ill-equipped to deal with the sheer volume of retirees in the future.

Over 58% of organizations are unprepared for Baby Boomer retirement. Only 8% said they were very prepared.

Pie chart with percentages of organizations who are prepared for Baby Boomer retirement.
(Source: McLean & Company, 2013; N=120)

A survey done by SHRM and AARP found similar results: 41% of HR professionals said their organizations have done nothing and don’t plan to do anything to prepare for a possible worker shortage as Boomers retire.

(Source: Poll: Organizations Can Do More to Prepare for Talent Shortage as Boomers Retire)
This means that three out of five organizations don’t know what skills they need for the future, or what their key roles truly are. They also have not identified at-risk key roles or successors for those roles.
(Source: McLean & Company, 2013, N=120)

To make matters worse, 74% of organizations have no formal process for facilitating knowledge transfer between individuals, so knowledge will be lost.

Pie chart with percentages of organizations with a formal process for facilitating knowledge transfer.
(Source: McLean & Company, 2013; N=120)

Most organizations underestimate the costs associated with ignoring succession planning

“In many cases, executives have no idea what knowledge they are losing.” (TLNT: Lost Knowledge – What Are You and Your Organization Doing About It?”)
Objections to succession planning now: The risks of this mindset…
“The recession bought us time to plan for Baby Boomer retirement.” Forty-two percent of organizations believe this to be true and may feel a false sense of security. Assume it takes three years to identify an internal successor for a key role, develop them, and execute the transition. Add the idea that, like most organizations, you don’t have a repeatable process for doing this. Do you still have enough time?
“The skills possessed by my organization’s Baby Boomers are easy to develop in others internally.” Forty percent of organizations agree with this statement, but given the low rate of workforce planning taking place, most may not actually know the skills and knowledge they need to meet future business goals. These organizations may realize their loss too late.
“We don’t have the time to invest in succession planning.” Thirty-nine percent of organizations cite this as an obstacle, which is a very real concern. Adopting a simple, scalable process that focuses on the most mission critical key roles will be easier to digest, as well as eliminate time wasted trying to recoup losses in the long run. The costs of not planning are much higher than the costs of planning.
“We don’t know when our boomers plan to retire, so we can’t really plan for it.” The fact that 42% of organizations do not know employees’ retirement plans is proof positive that they’re operating blind. You can’t plan for something if you don’t have any information about what to plan for or the time frame you’re working against.
“My organization puts a premium on fresh ideas over experience.” While nearly 45% of organizations prioritize fresh ideas, 50% value experience more. Succession planning and knowledge transfer are important strategies for ensuring experience is retained long enough for it to be passed along in the organization.

Use Info-Tech’s tools and templates

Talent Review

Succession Planning

Knowledge Transfer

Key tools and templates to help you complete your project deliverables
Key Roles Succession Planning Tool
Critical Role Identifier
Role Profile Template
Individual Talent Profile Template
Key Roles Succession Planning Tool
Role Profile Template
Individual Talent Profile Template
Role Transition Plan Template
Key Roles Succession Planning Tool
Role Profile Template
Individual Talent Profile Template
Your completed project deliverables

Critical Role Identifier

Key Roles Succession Plan

Key Role Profiles

Individual Talent Profiles

Key Role Transition Plans

Ignoring succession planning could cause significant costs

Losing knowledge will undermine your strategy in four ways:

Inefficiency

Inefficiency due to “reinvention of the wheel.” When workers leave and don’t effectively transfer their knowledge, duplication of effort to solve problems and find solutions occurs.

Innovation

Reduced capacity to innovate. Older workers know what works and what doesn’t, what’s new and what’s not. They can identify the status quo faster to make way for novel thinking.

Competitive Advantage

Loss of competitive advantage. Losing knowledge and/or established client relationships hurts your asset base and stifles growth.

Vulnerability

Increased vulnerability. Losing knowledge can impede your organizational ability to identify, understand, and mitigate risks. You’ll have to learn through experience all over again.

Succession planning improves performance by reducing the impact of sudden departures

Business Continuity

Succession planning limits disruption to daily operations and minimizes recruitment costs:

  • The average time to fill a vacant role externally in the US is approximately 43 days (Workable). Succession planning can reduce this via a talent pool of ready-now successors.
Engagement & Retention

Effective succession planning is a tool for engaging, developing, and retaining employees:

  • Of departing employees, 45% cite lack of opportunities for career advancement as the moderate, major, or primary reason they left (McLean & Company Exit Survey, 2018, N=7,530).
Innovation & Growth

Knowledge is a strategic asset, and succession planning can help retain, grow, and capitalize on it:

  • Retaining the experience and expertise of individuals departing from critical roles supports and enhances the quality of innovation (Harvard Business Review, 2008).

Info-Tech’s approach

Talent Review

Conduct a talent review to identify key roles

Short bracket.
Succession Planning

Succession planning helps you assess which key roles are most at risk

Long bracket.
Knowledge Transfer

Utilize methods that make it easy to apply the knowledge in day-to-day practice.

Long bracket.
Identify Critical Roles Assess Talent Identify Successors Develop Successors Select Successors Identify Critical Knowledge Select Transfer Methods Document Role Transition Plans

Future-Proofed IT Team
  • Business continuity
  • The right people, in the right positions, at the right time
  • Retention due to employee development & growth
  • IT success
  • Decreased impact of sudden departures
  • Improved performance

Info-Tech’s methodology for building an IT succession plan

1. Talent Review 2. Succession Planning 3. Knowledge Transfer
Phase Steps
  1. Identify critical roles
  2. Assess talent
  1. Identify successor pool
  2. Develop successors
  3. Select successors
  1. Identify critical knowledge
  2. Select knowledge transfer methods
  3. Document role transition plans
Phase Outcomes
  • Documented business priorities
  • Identified critical roles including required skills and knowledge that support achievement of business strategy
  • Key at-risk roles identified.
  • Potential successors for key roles identified.
  • Gap assessment between key role incumbents and potential successors.
  • Critical knowledge risks identified.
  • Appropriate knowledge transfer methods selected.
  • Documented knowledge transfer initiatives for key role transition plans.

Info-Tech offers various levels of support to best suit your needs

DIY Toolkit

Guided Implementation

Workshop

Consulting

"Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful." "Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track." "We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place." "Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project."

Diagnostics and consistent frameworks used throughout all four options

Guided Implementation

A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization.

A typical GI is six to ten calls over the course of four to eight months.

What does a typical GI on this topic look like?

Phase 1

Phase 2

Phase 3

Call #1: Scope requirements, objectives, and your specific challenges. Call #2:Review business priorities and clarify criteria weighting.

Call #3: Review key role criteria. Explain information collection process.

Call #4: Review risk and readiness assessments.

Call #5: Analyze gaps between key roles and successors for key considerations.

Call #6: Feedback and recommendations on critical knowledge risks.

Call #7: Review selected transfer methods.

Call #8: Analyze role transition plans for flags.

Build an IT Succession Plan

Phase 1

Talent Review

Phase 1

1.1 Identify Critical Roles

1.2 Assess Talent

Phase 2

2.1 Identify Successors

2.2 Develop Successors

2.3 Select Successors

Phase 3

3.1 Identify Critical Knowledge

3.2 Select Transfer Methods

3.3 Document Role Transition Plan

This phase will walk you through:

  • Identifying your business priorities
  • Identifying your critical roles including required skills and knowledge that support achievement of business strategy

Tools and resources used:

  • Key Roles Succession Planning Tool
  • Key Role Profile
  • Individual Talent Profile
  • Critical Role Identifier

This phase involves the following participants:

  • IT leadership/management team
  • HR

Conduct a talent review to identify key roles

Sixty percent of organizations have not engaged in formal workforce planning, so they don’t know what skills they need or what their key roles truly are. (Source: McLean & Company, 2013; N=139)
  1. A talent review ensures that each work unit has the right people, in the right place, at the right time to successfully execute the business strategy.
  2. Only 40% of organizations have engaged in some form of workforce planning.
  3. The first step is to identify your business focus; with this information you can start to note the key roles that drive your business strategy.

Key roles

Where an organization’s most valued skills and knowledge reside

Organizations should prepare now to mitigate the risk of loss later.

Key roles are:

  • Held by the most senior people in the organization, who carry the bulk of leadership and decision-making responsibility.
  • Highly technical or specialized, and therefore difficult to replace.
  • Tied closely to unique or proprietary processes or possess knowledge that cannot be procured externally.
  • Critical to the continuation of business and cannot be left vacant without risking business operations.

Info-Tech Insight

Losing employees in key roles without adequate preparation for their departure has a direct impact on the bottom line in terms of disrupted productivity, lost knowledge, severed relationships, and missed opportunities.

A tree of key roles, starting with CEO and branching down.

Identifying key roles is the first step in a range of workforce management activities because it helps establish organizational needs and priorities, as well as focusing planning effort.

A talent review allows you to identify the knowledge and skills you need today and for the long term.

Knowing what you need is the first step in determining what you have and what you need to keep.

  • A talent review is an analytic planning process used to ensure a work unit has the right people, in the right place, at the right time, and for the right cost in order to successfully execute its business strategy. It allows organizations to:
  • Evaluate workforce demographics, review skills, and conduct position inventories.
  • Evaluate business continuity risk from a talent perspective by identifying potential workforce shortages.
  • Identify critical positions, critical skills for each position, and percentage of critical workers retiring to assess the potential impact of losing them.
  • Look at the effect of loss on new product development, revenues, costs, and business strategic objectives.

Caution

A talent review is a high-level planning process which does not take individual employees into consideration. Succession planning looks at individuals and will be discussed in Phase 2.

A talent review gets you to think in terms of:

  • Where your organization wants to be in five years.
  • What skills the organization needs to meet business goals between now and then.
  • How it can be best positioned for the longer-term future.

Note: Planning against a time frame longer than five years is difficult because uncertainty in the external business environment will have unforeseen effects. Revisit your plan annually and update it, considering changes.

Step 1.1

Identify critical roles

Activities
  • 1.1.1 Document Business Priorities, Goals, and Challenges
  • 1.1.2 Clarify Key Role Criteria and Weighting
  • 1.1.3 Evaluate Role Importance
  • 1.1.4 Key Role Selection and Comparison
  • 1.1.5 Capture Key Elements of Critical Roles

The primary goal of this step is to ensure we have effectively identified key roles based on business priorities, goals, and challenges, and to capture the key elements of critical roles.

Outcomes of this step

  • Documented business priorities, goals, and challenges.
  • Key elements of critical roles captured.
  • Key role criteria and weighting.
Talent Review
Step 1.1 Step 1.2

Business priorities will determine the knowledge and skills you value most

Venn diagram of business priorities: 'Customer Focus', 'Operational Focus', and 'Product Focus'.
Note: Most organizations will be a blend of all three, with one predominating
“I’ve been in the position where the business assumes everyone knows what is required. It’s not until you get people into a room that it becomes clear there is misalignment. It all seems very intuitive but in a lot of cases they haven’t made the critical distinctions regarding what exactly the competencies are. They haven’t spent the time figuring out what they know.” (Anne Roberts, Principal, Leadership Within Inc.)

1.1.1 Document business priorities

Input: Business strategic plan

Output: Completed workforce planning worksheet (Tab 2) of the Key Roles Succession Planning Tool

Materials: Key Roles Succession Planning Tool

Participants: IT leadership

Start by identifying your business priorities based on your strategic plan. The goal of this exercise is to blast away assumptions and make sure leadership has a common understanding of your target.

With the questions on the previous slide in mind document your business priorities, business goals, and business challenges in Tab 2 of the Key Roles Succession Planning Tool worksheet.

Get clear answers to these questions:

  • Are we customer focused, product focused, or operationally focused? In other words, is your organization known for:
    • Great customer service or a great customer experience?
    • The lowest price?
    • Having the latest technology, or the best quality product?
  • What are our organizational/departmental business goals? To improve operational effectiveness, are we really talking about reducing operational costs?
  • What are the key business challenges to address within the context of our focus?

Key Roles Succession Planning Tool

Clarify what defines a key role

A key role is crucial to achieving organizational objectives, drives business performance, and includes specialized and rare competencies. Key roles are high in strategic value and rarity – for example, the developer role for a tech company.
Chart with axes 'Rarity' and 'Strategic Value'. Lowest in both are 'Supporting Roles', Highest in both are 'Critical Roles', and the space in the middle are 'Core Roles'. Look at two dimensions when examining roles:
  • Strategic value refers to the importance of the role in keeping the organization functioning and executing on the strategic objectives.
  • Rarity refers to how difficult it is to find and develop the competencies in the role.

Info-tech insight

Traditionally, succession planning has only addressed top management roles. However, until you look at the evidence, you won’t know if these are indeed high-value roles, and you may be missing other critical roles further down the hierarchy.

Use the Critical Role Identifier to facilitate the identification of critical roles with your leaders.

1.1.2 Clarify key role criteria & weighting

Input: Business strategic plan

Output: Weighted criteria to help identify critical roles

Materials: Critical Role Identifier

Participants: IT leadership

  1. Using Tab 2 of the Critical Role Identifier tool, along with the information on the previous slide, determine the relative importance of four criteria as contributing to the importance of a role within the organization.
  2. Rate each of the four criteria: strategic value, rarity, revenue generation, business/operation continuity, and any custom criteria numerically. You might choose only one or two criteria – they all do not need to be included.
  3. Document your decisions in Tab 2 of the Critical Role Identifier.

Critical Role Identifier

1.1.3 Evaluate role importance

Input: List of IT roles

Output: Full list of roles and a populated Critical Role Selection sheet (Tab 4)

Materials: Critical Role Identifier

Participants: IT leadership

  1. Using Tab 3 of the Critical Role Identifier, collect information about IT roles.
  2. Start by listing each role under consideration, and its department or subcategory.
  3. For each criteria statement listed across the top of the sheet, select an option from the drop-down menu to reflect the appropriate answer scale rating. Replace the text in grey with information customized to your team. If criteria has a weighting of zero in Tab 2, the questions associated with that criteria will be greyed out and do not have to be answered.

Critical Role Identifier

Identify the key roles that support and drive your business priorities

Focus on key IT roles instead of all roles to save time and concentrate effort on your highest risk areas.

Key Roles include:

  • Strategic Roles: Roles that give the greatest competitive advantage. Often these are roles that involve decision-making responsibility.
  • Core Roles: Roles that must provide consistent results to achieve business goals.
  • Proprietary Roles: Roles that are tied closely to unique or proprietary internal processes or knowledge that cannot be procured externally. These are often highly technical or specialized.
  • Required Roles: Roles that support the department and are required to keep it moving forward day-to-day.
  • Influential Roles: Positions filled by employees who are the backbone of the organization, the go-to people who are the corporate culture.
Ask these questions to identify key roles:
  1. What are the roles that have a significant impact on delivering the business strategy?
  2. What are the key differentiating roles for our organization?
  3. Which roles, if vacant, would leave the organization open to non-compliance with regulatory or legal requirements?
  4. Which roles have a direct impact on the customer?
  5. Which roles, if vacant, would create system, function, or process failure for the organization?

1.1.4 Key role selection and comparison

Input: Tab 3 of the Critical Role Identifier

Output: List of roles from highest to lowest criticality score, List of key roles entered in Tab 2 of the Key Roles Succession Planning Tool

Materials: Critical Role Identifier, Key Roles Succession Planning Tool

Participants: IT leadership

  1. Using tab 4 of the Critical Role Identifier, which displays the results of the role importance evaluation, review the weighted criticality score. To add or remove roles or departments make changes on Tab 3.
  2. Use this table to see the scores and roles from highest to lowest based on your weightings and scoring.
  3. In column J, classify the roles as critical, core, or supporting based on the weighted overall score and the individual criteria scores.
    1. Critical – is crucial to achieving organizational objectives, drives business performance, and includes specialized and rare skills.
    2. Core – is related to operational excellence. Highly strategically valuable but easy to find or develop.
    3. Supporting – is important in keeping business functioning; however, the strategic value is low. Competencies are easy to develop.
  4. Once you’ve selected the key roles, transfer them into Tab 2 of the Key Roles Succession Planning Tool worksheet where you have documented your business priorities.

Critical Role Identifier

Key Roles Succession Planning Tool

1.1.5 Capture key elements of critical roles

Input: Job descriptions, Success profiles, Competency profiles

Output: List of required skills and knowledge for key roles, Role profiles documented for key roles

Materials: Key Roles Succession Planning Tool, Role Profile Template

Participants: IT leadership

  1. Document the minimum requirements for critical roles in column E and F of Tab 2 of the Key Roles Succession Planning Tool. Include elements that drive talent decisions, are measurable, and are oriented to future organizational needs.
  2. Consider how leadership competencies and technical skills tie to business expansion plans, new service offerings, etc.
  3. Use the Role Profile Template to help in this process and to maintain up-to-date information.
  4. Role profiles may be informed by existing job descriptions, success profiles, or competency profiles.
  5. Conduct regular maintenance on your role profiles. Outdated and inaccurate role-related information can make succession planning efforts ineffective.

Key Roles Succession Planning Tool

Role Profile Template

Case Study

Conduct a “sanity check” by walking through a checklist of all roles to ensure you haven’t missed anything.
INDUSTRY
Large Provincial Hospital
SOURCE
Payroll Manager
Challenge
  • Key roles may not be what you think they are.
  • The Payroll Manager of a large Provincial hospital, with 20-year tenure, announced her retirement.
  • Throughout her tenure, this employee took on many tasks outside the scope of her role, including pension calculations/filings and other finance-related tasks that required a high level of specialized knowledge of internal systems.
Solution
  • Little time or effort was placed on fully understanding what she did day-to-day.
  • Furthermore, the search for a replacement was left far too late, which meant that she vacated the role without training a replacement.
  • Low level roles can become critical to business continuation if they’re occupied by only one person, creating a “single point of failure” if they become vacant.
Results
  • It wasn’t until after she left that it became obvious how much extra work she was doing, which made it nearly impossible to find a replacement.
  • Her manager found a replacement to take the payroll duties but had to distribute the other duties to colleagues (who were very unhappy about the extra tasks).
  • This role may not seem like a “key role,” but the incumbent turned it into one. Keep tabs on what people are working on to avoid overly nuanced role requirements.

Step 1.2

Assess talent

Activities
  • 1.2.1 Identify Current Incumbents’ Information
  • 1.2.2 Identify Potential Successors and Collect Information

The primary goal of this step is to assess departmental talent and identify gaps between potential successors and key roles. This analysis is intended to support departmental access to suitable talent ensuring future business success.

Outcomes of this step

  • Collection of current incumbents’ information.
  • Collection of potential successor information.
  • Gap assessment.

Talent Review

Step 1.1 Step 1.2

Find out key role incumbents’ career plans

Have career discussions with key role incumbents

  • Do not ask employees directly about their retirement plans as this can be misconstrued as age discrimination – let them take the initiative.
  • To take the spotlight away from older workers and potential feelings of discrimination, supervisors should be having these discussions with their employees at least annually.
  • Having this discussion creates an opportunity for employees to share their retirement plans, if they have any.
  • Warning: This is not the time to make promises about the future. For example, alternative work arrangements cannot be guaranteed without further analysis and planning.
Do the following:
  1. Book a meeting with employees and ask them to prepare for a career development discussion.
  2. Ask direct questions about motivation, lifestyle preferences, and passions.
  3. Spend the time to understand your employees’ goals and their development needs.
If an employee discloses that they plan to leave within the next few years:
  1. Gather information about approximate exit dates (non-binding).
  2. Find out their opinions about how they would like to transition out of their role, including any alternative work arrangements they would like to pursue.

Potential questions to ask during career discussions with key role incumbents

  • Where do you see yourself in five years?
  • What role would you see yourself in after this one?
  • What gets you excited about coming to work?
  • Describe your greatest strengths. How would you like to use those strengths in the future?
  • What is standing in the way of your career goals?
** Do not ask employees directly about their retirement plans as this can be misconstrued as age discrimination – let them take the initiative.**
Stock photo of a smiling employee with grey hair.

1.2.1 Identify current incumbents' information

Input: Key roles list, Employee information

Output: List of key roles with individual incumbent information

Materials: Key Roles Succession Planning Tool – Succession Plan Worksheet (Tab 3)

Participants: IT leadership/management team, HR, Current incumbents if necessary

Identify current incumbents for all key roles and collect information about them.

Using Tab 3 of the Key Roles Succession Planning Tool identify the incumbent (the person currently in the role) for all key roles.

Distribute the worksheet to department managers and team leaders to complete the information below for each key role.

For that incumbent, also document:

  1. Their time in that role.
  2. Their overall performance in current role (does not meet, meets, or exceeds expectations).
  3. Next step in career (target role or retirement).
  4. Time until exit from the current role (known or estimated).
  5. Development needs for next step in career.
  6. Any additional knowledge and skills they possess beyond the role description that is of value to the organization.

Upon completion, managers and team leaders should review the results with the department leader.

Key Roles Succession Planning Tool

Identify potential successors for all key roles

It’s imperative that multiple sources of information are used to ensure no potential successor is missed and to gain a complete candidate picture.

Work collaboratively with the management team and HR business partners for names of potential successors.

The management team includes:

  • The incumbent’s direct supervisor.
  • Managers from the department in which the key role exists.
  • Leaders of teams with which potential successors have worked.
  • The key role incumbent (assuming it’s appropriate to do so).

Use management roundtable discussions to identify and analyze each potential successor.

  • Participants should come equipped with names of potential successors and be prepared to provide a rationale for their recommendation.
  • Provide all participants with the key role job description in advance of the meeting, including responsibilities and required knowledge and skills.

Don’t confuse successors with high potentials!

  • Identifying high potential employees involves recognizing those employees who consistently outperform their peers, progress more quickly than their peers, and live the company culture. They are usually striving for leadership roles.
  • While you also want your successors to exemplify these qualities of excellence, succession planning is specifically about identifying the employees who currently possess (or soon will possess) the skills and knowledge required to take over a key role.
  • Remember: Key roles are not limited to leadership roles, so cast a wider net when identifying succession candidates.
See the following slide for sources of information participants should consult to back up their recommendations and vet succession candidates.

Determine how employees will be identified for talent assessment

Description Advice
Management-nominated employees
  • Managers or skip-level leaders nominate potential successors within or outside their team.
  • Limit bias by requiring management nominations to be based on specific evidence of performance and potential.
High-potential employees (HiPos)
  • Consider employees who are in an existing high-potential program.
  • Determine whether the HiPo program sufficiently assesses for critical role requirements. Successors must possess the skills and knowledge required for specific critical roles. Expand assessment beyond just HiPo.
Self-nominated employees
  • Employees are informed about succession planning and asked to indicate their interest in critical roles.
  • Train managers to support the program and to handle difficult conversations (e.g. employee submitted self-nomination and was unsuccessful).
All employees
  • All employees across a division, geography, function, or leadership level are invited for assessment.
  • While less common, this approach is appropriate for highly inclusive cultures. Be prepared to invest significantly more time and resources.
When identifying employees, keep the following advice in mind:

Widen the net

Don’t limit yourself to the next level down or the same functional group.

Match transparency

With less transparency, there are fewer options, and you risk missing out on potential successors.

Select the appropriate talent assessment methods

Identify all talent assessment types used in your organization and examine their ability to inform decision-making for critical role assignments. Select multiple sources to ensure a robust talent assessment approach:

A sound talent assessment methodology will involve both quantitative and qualitative components. Multiple data inputs and perspectives will help ensure relevant information is prioritized and suitable candidates aren’t overlooked.

However, beware that too many inputs may slow down the process and frustrate managers.

Beware of biases in talent assessments. A common tendency is for people to recommend successors who are exactly like them or who they like personally, not necessarily the best person for the job. HR must (diplomatically) challenge leaders to use evidence-based assessments.

Good Successor Information Sources

  • 360-Degree Feedback – (breadth and accuracy)
  • HR-led Interviews – (objectivity and confirmation)
  • Talent Review Meetings – (leadership input)
  • Stretch Assignments – (challenge comfort zones)
  • Competency-Based Aptitude Tests – (objective data)
  • Job Simulations – (real-life testing)
  • Recent Performance Evaluations – (predictor of future performance)

Prepare to customize the Individual Talent Profile Template

Ensure the role profile and individual talent profile are synchronized to enable comparing employee qualifications and readiness to critical role requirements. Sample of the Role Profile.

Role Profile

A role profile contains information on the skills, competencies, and other minimum requirements for the critical role. It details the type of incumbent that would fit a critical role.
Stock image of a chain link.

Use both in conjunction during:

  • Talent assessment
  • Successor identification
  • Successor development
  • Successor selection
Sample the Individual Talent Profile.

Individual Talent Profile

A talent profile provides information about a person. In addition to responding to role profile criteria, it provides information on an employee’s past experiences and performance, career aspirations, and future potential.

1.2.2 Identify Potential Successors’ Information

Input: Key roles list, Employee information, Completed role profiles and/or Tab 2 role information.

Output: List of potential successors for key roles that are selected for talent assessment

Materials: Key Roles Succession Planning Tool – Succession Plan Worksheet (Tab 3)

Participants: IT leadership, IT team leads, Employees

Identify potential successors for key roles and collect critical information.

Have managers and team leads complete column I on Tab 3 of the Key Roles Succession Planning Tool and review with the department leader.

There may be more than one potential successor for key roles; this is okay.

Once the list is compiled, complete an individual talent profile for each potential successor. Record an employee’s:

  1. Employee information
  2. Career goals
  3. Experience and education
  4. Achievements
  5. Competencies
  6. Performance
  7. Any assessment results

Once the profiles are completed, they can be compared to the role profile to identify development needs.

Key Roles Succession Planning Tool

Individual Talent Profile Template

Build an IT Succession Plan

Phase 2

Succession Planning

Phase 1

1.1 Identify Critical Roles

1.2 Assess Talent

Phase 2

2.1 Identify Successors

2.2 Develop Successors

2.3 Select Successors

Phase 3

3.1 Identify Critical Knowledge

3.2 Select Transfer Methods

3.3 Document Role Transition Plan

This phase will walk you through how to:

  • Conduct an assessment to identify “at risk” key role incumbents.
  • Identify potential successors for key roles and collect critical information.
  • Assess gaps between key role incumbents and potential successors.

Tools and resources used:

  • Key Roles Succession Planning Tool
  • Key Role Profile
  • Individual Talent Profile

This phase involves the following participants:

  • IT leadership/management team
  • HR

Succession planning helps you assess which key roles are most at risk

Drilling down to the incumbent and successor level introduces “real life,” individual-focused factors that have a major impact on role-related risk.

Succession planning is an organizational process for identifying and developing talent internally to fill key business roles. It allows organizations to:

  • Understand the career plans of employees to allow organizations to plan more accurately.
  • Identify suitable successors for key roles and assess their readiness.
  • Mitigate risks to long-term business continuity and growth.
  • Avoid external replacement costs including headhunting and recruitment, HR administration, and productivity loss.
  • Retain internal tacit knowledge.
  • Increase engagement and retention; keeping talented people reinforces career path opportunities and builds team culture.

Caution:

Where the talent review was about high-level strategic planning for talent requirements, succession planning looks at individual employees and plans for which employees will fulfill which key roles next.
“I ask the questions, What are the risks we have with these particular roles? Is there a way to disperse this knowledge to other members of the group? If yes, then how do we do that?” (Director of HR, Service Industry)

Succession planning ultimately must drill down to individual people – namely, the incumbent and potential successors.

This is because individual human beings possess a unique knowledge and skill set, along with their own personal aspirations and life circumstances.

The risks associated with a key role are theoretical. When people are introduced into the equation, the “real life” risk of loss for that key role can change dramatically.

Succession Planning

Funnel titled 'Succession Planning' with 'Critical Roles' at the top of the funnel, 'Critical Knowledge and Skills' as the middle of the funnel, 'Individuals' as the bottom of the funnel, and it drains into 'Incumbent's Potential Successors'.

Step 2.1

Identify Successors

Activities
  • 2.1.1 Conduct Individual Risk Assessment
  • 2.1.2 Successor Readiness Assessment

This step highlights the relative positioning of all employees assessed for departure risk compared to the potential successors’ readiness, identifying gaps that create risk for the organization, and need mitigation strategies.

Outcomes of this step

  • Individual risk assessment results – mitigate, manage, accept matrix.
  • Potential successor readiness ranking.
  • Determination on transparency level with successors.

Succession Planning

Step 2.1 Step 2.2 Step 2.3

Decide how to obtain information on employee interest in critical roles

Not all employees may want to be considered as part of the succession planning program. It might not fit their short- or long-term plans. Avoid misalignment and outline steps to ascertain employee interest.

Transparency

  • Use your target transparency level to:
    • Determine the degree of employees’ participation in self-assessment.
    • Guide organization-wide and targeted messaging about succession planning (see Step 3).

Timing

  • Ensure program-level communication has occurred before asking employees about their interests in critical roles, in order to garner more trust and engagement.
  • Decide at what point along the succession planning process (if at all) that employee’s career interests will be collected and incorporated.

Manager accountability and resources

  • Identify resources needed for managers to conduct targeted career conversations with employees (e.g. training, communication guides, key messaging).
  • If program communication is to be implemented organization-wide, approach accordingly.

Obtaining employee interest ensures process efficiency because:

  • Time isn’t wasted focusing on candidates who aren’t interested.
  • The assessment group is narrowed down through self-selection.

Level-set expectations with employees:

  • Communicate that they will be considered for assessment and talent review discussions.
  • Ensure they understand that everyone assessed will not necessarily be identified or selected as a successor.

Conduct a risk assessment

Identify key role incumbents who may leave before you’re ready.

Pay particular attention to those employees nearing retirement and flag them as high risk.

Understand the impact that employee age has on key role risk. Keep the following in mind when filling out the Individual Risk Assessment of the Key Roles Succession Planning Tool. See the next slide for more details on this.

High Risk Arrow pointing both ways vertically. Anyone 60 years of age or older, or anyone who has indicated they will be retiring within five years.
Moderate Risk Employees in their early 50s are still many years away from retirement but have enough years remaining in their career to make a significant move to a new role outside of your organization. Furthermore, they have specialized skills making them more attractive to external organizations.
Employees in their late 50s are likely more than five years away from retirement but are also less likely than younger employees to leave your organization for another role elsewhere. This is because of increasing personal risk in making such a move, and persistent employer unwillingness to hire older employees.
Low Risk Technically, when it comes to succession planning for key roles held by employees over the age of 50, no one should be considered “low risk for departure.
Pull some hard demographic data.

Compile a report that breaks down employees into age-based demographic groups.

Flag those over the age of 50 – they’re in the “retirement zone” and could decide to leave at any time.

Check to see which key role incumbents fall into the “over 50” age demographic. You’ll want to shortlist these people for an individual risk assessment.

Update this report twice a year to keep it current.

For those people on your shortlist, gather the information that supervisors gained from the career discussions that took place. Specifically, draw out information that indicates their retirement plans.

2.1.1 Conduct Individual Risk Assessment

Input: Completed Succession Plan worksheet

Output: Risk assessment of key role incumbents, understanding of which key role departures to manage, mitigate, and accept

Materials: Key Roles Succession Planning Tool – Individual Risk Assessment (Tab 4), Key Roles Succession Planning Tool – Risk Assessment Results (Tab 5)

Participants: IT leadership/management team

Assign values for probability of departure and impact of departure using the Key Roles Succession Planning Tool.

For those in key roles and those over 50, complete the Individual Risk Assessment (Tab 4) of the Key Roles Succession Planning Tool:

  1. Assess each key role incumbent’s probability of departure based on your knowledge. If the person is going to another job, is a known flight risk, or faces dismissal, the probability is high.
    • 0-40: Unlikely to Leave. If the employee is new to the role, highly engaged, or a high potential.
    • 41-60: Unknown. If the employee is sending mixed messages about happiness at work, or sending no messages, it may be difficult to guess.
    • 61-100: Likely to Leave. If the employee is nearing retirement, actively job searching, disengaged, or faces dismissal, then the probability of departure is high.
  2. Assess the role and the individual’s impact of departure on a scale of 1 (no impact) to 100 (devasting impact).
  3. Review the risk assessment results on tab 5 of the planning tool. The employees that appear in the mitigate quadrant are your succession planning priorities.

Key Roles Succession Planning Tool

Define readiness criteria for successor identification

  1. Select the types of readiness and the number of levels:

    Readiness by time horizon:

    • Successors are identified as ready based on how long it is estimated they will take to acquire the minimum requirements of the critical role.
    • Levels example: Ready Now, Ready in 1-2 Years, Ready in 3-5 Years.

    Readiness by moves:

    • Successors are identified as ready based on how many position moves they have made or how many developmental experiences they have had.
    • Levels example: Ready Now, Ready after 1 Move, Ready after 2 Moves.
  2. Create definitions for each readiness level:
    Example:

    Performance

    Potential

    Ready Now Definition: Ability to deliver in current role Requirement: Meets or exceeds expectations Definition: Ability to take on greater responsibility Requirement: Demonstrates learning agility
    The 9-box is an effective way to map performance and potential requirements and can guide management decision making in talent review and calibration sessions. See McLean & Company’s 9-Box Job Aid for more information. Sample of the 9-Box Job Aid, a 9-field matrix with axes 'Potential: Low to High' and 'Performance: Low to High'.
    “Time means nothing. If you say someone will be ready in a year, and you’ve done nothing in that year to develop them, they won’t be ready. We look at it as moves or experiences: ready now, ready in one move, ready in two moves.” (Amanda Mathieson, Senior Manager, Talent Management, Tangerine)

2.1.2 Successor Readiness Assessment

Input: Individual talent profiles, List of potential successors (Tab 3)

Output: Readiness ranking for each potential successor

Materials: Key Roles Succession Planning Tool

Participants: IT leadership/management team

Assign values for probability of departure and impact of departure using the Key Roles Succession Planning Tool.

Using Tab 6 of the Key Roles Succession Planning Tool, evaluate the readiness of each potential successor that you previously identified.

  1. Enter the name, current role, and target role of each potential successor into the spreadsheet.
  2. For each employee, fill in a response from “strongly agree” to “strongly disagree” for the assessment criteria statements listed in column B of Tab 6. This will give you a readiness ranking in row 68.

Key Roles Succession Planning Tool

Decide if and how successors will be told about their status in the succession plan

  1. Decide if employees will be told. Be as transparent as possible. This will provide several benefits to your organization (e.g. higher engagement, retention) while managing potential risks (e.g. perception that the process is unfair, reducing motivation to perform).
  2. Decide who will tell them. Decide based on the culture of your organization; are official communications usually conveyed through the direct manager, HR, senior leaders, or steering committee?
  1. Determine how you will tell them.

    Suggested messaging to non-successors:

    • Not being identified as a successor does not mean that an employee is not valued by the organization, nor does it indicate the employee will be let go. It simply means that the organization needs a backup plan to manage risk.
    • Employees can still develop toward a critical role they are interested in, and the organization will continue to evaluate whether they can be a potential successor.
    • It is the employee’s responsibility to own their development and communicate to their manager any interest they have in critical roles.

    Suggested messaging to successors:

    • Being identified as a successor is an investment in employee development – not a guaranteed promotion.
    • Successor status may change based on changes to the critical role itself, or if performance is not on par with expectations.
    • The organization strives to be as fair and objective as possible through evidence-based assessments of performance and potential.

Case Study

Failing to have a career aspiration discussion with a potential successor leaves a sales director in a bind.

INDUSTRY
Professional Services
SOURCE
Confidential
Challenge
  • A senior sales director in a medium-sized private company knew there would be a key management opportunity opening up in six months. He had one candidate in mind: a key contributor from the sales floor.
  • The sales manager assumed that the sales representative would want the management position and began planning the candidate’s required training in order to get him ready.
Solution
  • Three months before the position opened up, the manager finally approached the representative about the opportunity, telling the representative that he was an excellent candidate for the role.
  • However, the sales representative was not interested in managing people. He wanted to come in, do a really great day’s worth of work, and then go home and be done. He already loved what he did.
Results
  • The sales representative turned down the offer point blank, leaving the manager with less than three months to find and groom a new internal successor.
  • The manager failed on several fronts. First, he did not ask the employee about his career aspirations. Second, he did not groom a pool of potential successors for the role, affording no protection in the event that the primary candidate couldn’t or wouldn’t assume the role.

Step 2.2

Develop Successors

Activities
  • 2.2.1 Outline Successor Development Process

The primary goal of this step is to identify the steps that need to be taken to develop potential successors. Focus on training employees for their future role, not just their current one.

Outcomes of this step

  • Identified gaps between key role exits and successor readiness.

Succession Planning

Step 2.1 Step 2.2 Step 2.3

2.2.1 Outline Successor Development Process

Input: Role profiles, Talent profiles, Talent assessments

Output: Identified gaps between key role exits and successor readiness

Materials: Key Roles Succession Planning Tool – Successor Identification (Tab 7)

Participants: IT leadership/management team

Prepare successors for their next role, not just their current one.

Use role and talent profiles and any talent assessment results to identify gaps for development.

  1. Outline the steps involved in the individual development planning process for successors. Key steps include identifying development timeline, learning needs, learning resources and strategies, and accomplishment metrics/evidence.
  2. Identify learning elements successor development will involve based on critical role type. For example, coaching and/or mentoring, leadership training, functional skills training, or targeted experiences/projects.
  3. Select metrics with associated timelines to measure the progress of successor development plans. Establish guidelines for employee and manager accountability in developing prioritized competencies.
  4. Determine monitoring cadence of successor development plans (i.e. how often successor development plans will be tracked to ensure timely progress). Identify who will be involved in monitoring the process (e.g. steering committee).

Info-Tech insight

Succession planning without integrated efforts for successor development is simply replacement planning. Get successors ready for promotion by ensuring a continuously monitored and customized development plan is in place.

Integrate knowledge transfer in the successor development process

1

Brainstorm ideas to encourage knowledge-sharing and transfer from incumbent to successor.

2

Integrate knowledge-transfer methods into the successor development process.
Identify key knowledge areas to include:
  • Specialized technical knowledge
  • Specialized research and development processes
  • Unique design capabilities/methods/models
  • Special formulas/algorithms/techniques
  • Proprietary production processes
  • Decision-making criteria
  • Innovative sales methods
  • Knowledge about key customers
  • Relationships with key stakeholders
  • Company history and values
Use multiple methods for effective knowledge transfer.

Explicit knowledge is easily explained and codified, such as facts and procedures. Knowledge transfer methods tend to be more formal and one-way. For example:

  • Formal documentation of processes and best practices
  • Self-published knowledgebase
  • Formal training sessions

Tacit knowledge accumulates over years of experience and is hard to articulate. Knowledge transfer methods are often informal and interactive. For example:

  • Mentoring and job shadowing
  • Multigenerational work teams
  • Networks and communities
Knowledge transfer can occur via a wide range of methods that need to be selected and integrated into daily work to suit the needs of the knowledge to be transferred and of the people involved. See Phase 3 for more details on knowledge transfer.

Step 2.3

Select Successors

The goal of this step is to determine how critical roles will be filled when vacancies arise.

Outcomes of this step

  • Agreement with HR on the process to fill vacancies when key roles exit.

Succession Planning

Step 2.1 Step 2.2 Step 2.3

Determine how critical roles will be filled when vacancies arise

Choose one of two approaches to successor selection:
  • Talent review meeting:
    • Conduct a talent review meeting with functional leaders to discuss key open positions and select the right successors. Ascertain successor interest prior to the meeting, if not obtained already.
    • If multiple successors are ready now, use both role and talent profiles to arrive at a final decision.
    • If only one successor is ready now, outline steps for their promotion process. Which leaders should be involved for final approval? What is TA’s role?
  • Talent acquisition (TA) process:
    • Align with TA to implement a formal recruitment process to select the right successor (open application and interview process to talent pool).
    • Decide if a talent review meeting is required afterwards to agree on the final successor or if the interview panel will make the final decision.

Work together with Talent Acquisition (TA) to outline special treatment of critical role vacancies. Ensure TA is aware of succession plan(s).

Explicitly determine the level of preference for internal successors versus external hires to your TA team to ensure alignment. This will create an environment where promotion from within is customary.

Build an IT Succession Plan

Phase 3

Knowledge Transfer

Phase 1

1.1 Identify Critical Roles

1.2 Assess Talent

Phase 2

2.1 Identify Successors

2.2 Develop Successors

2.3 Select Successors

Phase 3

3.1 Identify Critical Knowledge

3.2 Select Transfer Methods

3.3 Document Role Transition Plan

This phase will show you to:

  • Identify critical knowledge risks.
  • Select appropriate transfer methods.
  • Document knowledge transfer initiatives for key role transition plans.

Tools and resources used:

  • Role Transition Plan Template

This phase involves the following participants:

  • IT leadership/management team
  • HR
  • Incumbent & successor managers

Mitigate risk – formalize knowledge transfer

Use Info-Tech’s Mitigate Key IT Employee Knowledge Loss blueprint to build and implement your knowledge transfer plan.

Effective knowledge transfer allows organizations to:
  • Maintain or improve speed and productivity by ensuring the right people have the right skills to do their jobs well.
  • Increase agility because knowledge is more evenly distributed amongst employees. Multiple people can perform a given task and no one person becomes a bottleneck.
  • Capture and sustain knowledge; creating a knowledge database provides all employees access to the information, now and in the future.
Knowledge transfer between those in key roles and potential successors yields the highest dividends for:
  • Senior level successions.
  • External hires.
  • Senior expatriate transfers.
  • Developmental stretch assignments.
  • Internal cross-divisional transfers and promotions.
  • High organizational dependency on unique expert knowledge.
  • Critical function/project/team transitions.
  • Large scale reorganizations and mergers & acquisitions.
(Source: Piktialis and Greenes, 2008)
Sample of the Mitigate Key IT Employee Knowledge Loss blueprint.

Mitigate Key IT Employee Knowledge Loss

Knowledge transfer is complex and must be both multi-faceted and well supported

Knowledge transfer is the capture, organization, and distribution of knowledge held by individuals to ensure that it is accessible and usable by others.

Knowledge transfer is not stopping, learning, and returning to work. Nor is it simply implementing a document management system.  Arrow pointing right. Knowledge transfer is a wide range of methods that must be carefully selected and integrated into daily work in order to meet the needs of the knowledge to be transferred and the people involved.

Knowledge transfer works best when the following techniques are applied

  • Use multiple methods and media to transfer the knowledge.
  • Ensure a two-way interaction between the knowledge source and recipient.
  • Support knowledge transfer with active mentoring.
  • Transfer knowledge at the point of need; that is, when it’s immediately useful.
  • Offer experience-oriented training to reinforce knowledge absorption.
  • Use a knowledge management system to permanently capture knowledge shared.
Personalization is the key.

Dwyer & Dwyer say that providing “insights to a particular person (or people) needing knowledge at the time of the requirement” is the difference between knowledge transfer that sticks and knowledge that is forgotten.

“Designing a system in which the employee must interrupt his or her work to learn or obtain new knowledge is not productive. Focus on ‘teachable moments.” (Karl Kapp, “Tools and Techniques for Transferring Know-How from Boomers to Gamers”)

Step 3.1

Identify Critical Knowledge to Transfer

The goal of this step is to understand what knowledge and skills much be transferred, keeping in mind the various types of knowledge.

Outcomes of this step

  • Critical knowledge and skills for key roles documented in the Key Role Transition plans.

Knowledge Transfer

Step 3.1 Step 3.2 Step 3.3

Understand what knowledge and skills must be transferred

There are two basic types of knowledge:

Explicit knowledge:
Easily explained and codified, e.g. facts and procedures.
Image of a head with gears inside. Tacit knowledge:
Accumulates over years of experience and is hard to verbalize.
  • You should already have a good idea of what knowledge and skills are valued from the worksheets completed earlier.
  • Focus on identifying the knowledge, skills, and relationships essential to the specific incumbent in a key role and what it is he or she does to perform that key role well.
Document critical knowledge and skills for key roles in the:

Role Transition Plan Template

  1. Identify key knowledge areas. These include:
    • Specialized technical knowledge and research and development process.
    • Unique design capabilities/methods/models.
    • Special formulas/algorithms/techniques.
    • Proprietary production processes.
    • Decision-making criteria.
    • Innovative sales methods.
    • Knowledge about key customers.
    • Relationships with key stakeholders.
    • Company history and values.
  2. Ask questions of both sources and receivers of knowledge to help determine the best knowledge transfer methods to use.
    • What is the nature of the knowledge? Explicit or tacit?
    • Why is it important to transfer?
    • How will the knowledge be used?
    • What knowledge is critical for success?
    • How will the users find and access it?
    • How will it be maintained and remain relevant and usable?
    • What are the existing knowledge pathways or networks connecting sources to recipients?

Step 3.2

Select Knowledge Transfer Methods

Activities
  • 3.2.1 Select Knowledge Transfer Methods

This step helps you identify the knowledge transfer methods that will be the most effective, considering the knowledge or skill that needs to be transferred and the individuals involved.

Outcomes of this step

  • Knowledge transfer methods chosen documented in the Key Role Transition Plans.

Knowledge Transfer

Step 3.1 Step 3.2 Step 3.3

Knowledge transfer methods available

Be prepared to use various methods to transfer knowledge and use them all liberally.

The most common knowledge transfer method is simply to have a collaborative culture

Horizontal bar chart ranking knowledge transfer methods by commonality.
(Source: McLean & Company, 2013; N=121)

A basic willingness for a role incumbent to share with a successor is the most powerful item in your tacit knowledge transfer toolkit.

Formal documentation is critical for explicit knowledge sharing, yet only 40% of organizations use it.

Rewarding and recognizing employees for doing knowledge transfer well is underutilized yet has emerged as an important reinforcing component of any effective knowledge transfer program.
Don’t forget it!

3.2.1 Select Knowledge Transfer Methods

Input: Role profiles, Talent profiles

Output: Methods for integrating knowledge transfer into day-to-day practice

Materials: Role Transition Plan Template

Participants: IT leadership/management team, HR, Knowledge source, Knowledge recipient

Utilize methods that make it easy to apply the knowledge in day-to-day practice.

Select your method according to the following criteria:

  1. The type of knowledge. A soft skill, like professionalism, is best taught via mentoring, while a technical process is best documented and applied on-the-job.
  2. What the knowledge recipient is comfortable with. The recipient may get bored during formal training sessions and retain more during job shadowing.
  3. What the knowledge source is comfortable with. The source may be uncomfortable with blogs and wikis, but comfortable with SharePoint.
  4. The cost. Some methods require an investment in time (e.g. mentoring), while others require an investment in technology (e.g. knowledge bases).
    • The good news is that many supporting technologies may already exist in your organization or can be acquired for free.
    • Methods that cost time may be difficult to get underway since employees may feel they don’t have the time or must change the way they work.

The more integrated knowledge transfer is in day-to-day activities, the more likely it is to be successful and the lower the time cost. This is because real learning is happening at the same time real work is being accomplished.

Document the knowledge transfer methods in the Role Transition Plan Template.

Role Transition Plan Template

Explore alternative work arrangements

Ensure sufficient time to prepare successors

If a key role incumbent isn’t around to complete knowledge transfer, it’s all for naught.

Alternative work arrangements are critical tools that employers can use to achieve a mutually beneficial solution that mitigates the risk of loss associated with key roles.

Alternative work arrangements not only support employees who want to keep working, but they allow the business to retain employees that are needed in key roles.

In a survey from The Conference Board, one out of four older workers indicated that they continue to work because their company provided them with needed flexibility.

And, nearly half said that more flexibility would make them less likely to retire. (Source: Ivey Business Journal)

Flexible work options are the most used form of alternative work arrangement

Horizontal bar chart ranking alternative work arrangements by usage.
(Source: McLean & Company, N=44)

Choose the alternative work arrangement that works best for you and the employee

Alternative Work Arrangement

Description

Ideal Use

Caveats

Flexible work options Employees work the same number of hours but have flexibility in when and where they work (e.g. from home, evenings). Employees who work fairly independently, with no or few direct reports. Employee may become isolated or disconnected, impeding knowledge transfer methods that require interaction or one-on-one time.
Contract-based work Working for a defined period of time on a specific project on a non-salaried or non-wage basis. Project-oriented work that requires specialized knowledge or skills. Available work may be sporadic or specific projects more intensive than the employee wants. Knowledge transfer must be built into the contractual arrangement.
Part-time roles Half-days or a certain number of days per week; indefinite with no end date in mind. Employees whose roles can be readily narrowed and upon whom people and critical processes are not dependent. It may be difficult to break a traditionally full-time job down into a part-time role given the size and nature of associated tasks.
Graduated retirement Retiring employee has a set retirement date, gradually reducing hours worked per week over time. Roles where a successor has been identified and is available to work alongside the incumbent in an overlapping capacity while he or she learns. The role may only require a single FTE, and the organization may not be able to afford the amount of redundancy inherent in this arrangement.

The arrangement chosen may be a combination of multiple options

Alternative Work Arrangement

Description

Ideal Use

Caveats

Part-year jobs or job sharingWorking part of the year and having the rest of the year off, unpaid.Project-oriented work where ongoing external relationships do not need to be maintained. The employee is unavailable for knowledge transfer activities for a large portion of the year. Another risk is that the employee may opt not to return at the end of the extended time off, with little notice.
Increased paid time offAdditional vacation days upon reaching a certain age.Best used as recognition or reward for long-term service. This may be a particularly useful retention incentive in organizations that do not offer pension plans. The company may not be able to financially afford to pay for such extensive time off. If the role incumbent is the only one in the role, this may mean crucial work is not being done.
Altered rolesConcentration of a job description on fewer tasks that allows the employee to focus on his or her specific expertise.Roles where a successor has been identified and is available to work alongside the incumbent, with the incumbent’s new role highly focused on mentoring. The role may only require a single FTE, and the organization may not be able to afford the amount of redundancy inherent in this arrangement.

Alternative work arrangements require senior management support

Senior management and other employees must see the value of retaining older workers, or they will not be supportive of these solutions.

Any changes made to an employee’s work arrangement has an impact on people, processes, and policies.

If the knowledge and skills of older employees aren’t valued, then:

  • Alternative arrangements will be seen as wasteful accommodation of a low-value employee.
  • Time won’t be allowed to manage the transition properly and make appropriate changes.
  • Other employees may resent any workload spillover.
Alternate work arrangements can’t be implemented on a whim.

Make sure alternative work arrangements can be done right and are supported – they’re often solutions that come with additional work. Determine the effects and make appropriate adjustments.

  • Review processes, particularly hand-off and approval points, to ensure tasks will still be handled seamlessly.
  • Assess organizational policies to ensure no violations are occurring or to rework policies (where possible) to accommodate alternative work arrangements.
  • Speak to affected employees to answer questions, identify obstacles, gain support, redefine their job descriptions if required, and make appropriate compensation adjustments. Always provide appropriate training when skills requirements are expanded.

Step 3.3

Document Role Transition Plans for all Key Roles

Activities
  • 3.3.1 Document Role Transition Plans

The primary goal of this step is to build clear checklist-based plans for each key role to help ensure a smooth transition as a successor takes over.

Outcomes of this step

  • Completed key role transition plans

Knowledge Transfer

Step 3.1 Step 3.2 Step 3.3

3.3.1 Document Role Transition Plans

Input: Role profiles, Talent profiles, Talent assessments, Workforce plans

Output: A clear checklist-based plan to help ensure a smooth transition.

Materials: Role Transition Plan Template

Participants: IT leadership/management team, Incumbent, Successor(s), HR

Define a transition plan for all employees in at-risk key roles, and their successors.

You should already have a good idea of what knowledge and skills are valued from the worksheets completed earlier. Focus on identifying the knowledge, skills, and relationships essential to the specific incumbent in a key role and what it is they do to perform that key role well.

Using the Role Transition Plan Template develop a plan to transfer what needs to be transferred from the incumbent to the successor.

  1. Record the incumbent and successor information in the template.
  2. Summarize the key accountabilities and expectations of the incumbent’s role. This summary should highlight specific tasks and initiatives that the successor must take on, including success enablers. Attach the job description for a full description of accountabilities and expectations.
  3. Document the knowledge and skills requirements for the key role, as well as any additional knowledge and skills possessed by the key role incumbent that will aid the successor.
  4. Document any alternative work arrangements to the incumbent’s roles.
  5. Populate the Role Transition Checklist for key transition activities that must be completed by certain dates. A list of sample checklist items has been provided. Add, delete, or modify list items to suit your needs.

Role Transition Plan Template

DairyNZ leverages alternative work arrangements

Ensures successful knowledge transfer
INDUSTRY
Agricultural research
SOURCE
Rose Macfarlane, General Manager Human Resources, DairyNZ
Challenge
  • DairyNZ employs many people in specialized science research roles. Some very senior employees are international experts in their field.
  • Several experts have reached or are nearing retirement age. These pending retirements have come as no surprise.
  • However, due to the industry’s lack of development investment in the past, there is a 20–30-year experience gap in the organization for some key roles.
Solution
  • One principal scientist gave over two years’ notice. His replacement – an external candidate – had been identified in advance and was hired once retirement notice was given.
  • The incumbent’s role was amended. He worked alongside his successor for 18 months in a controlled hand-over process.
Results
  • The result was ideal in that the advance notice allowed full knowledge transfer to take place.

Research Contributors and Experts

Anne Roberts
Principal, Leadership Within Inc. al,
  • Anne T. Roberts is an experienced organization development professional and executive business coach who works with leaders and their organizations to help them create, articulate and implement their change agenda. Her extensive experience in change management, organizational design, meeting design and facilitation, communication and leadership alignment has helped leaders tap into their creativity, drive and energy. Her ability to work with and coach people at the leadership level on a wide range of topics has them face their own organizational stories.
Amanda Mathieson
Senior Manager, Talent Management, Tangerine
  • Amanda is responsible for researching people- and leadership-focused trends, developing thought models, and providing resources, tools, and processes to build and drive the success of leaders in a disruptive world.
  • Her expertise in leadership development, organizational change management, and performance and talent management comes from her experience in various industries spanning pharmaceutical, retail insurance, and financial services. She takes a practical, experiential approach to people and leadership development that is grounded in adult learning methodologies and leadership theory. She is passionate about identifying and developing potential talent, as well as ensuring the success of leaders as they transition into more senior roles.

Related Info-Tech Research

Stock image of a brain. Mitigate Key IT Employee Knowledge Loss
  • Transfer IT knowledge before it’s gone.
  • Effective knowledge transfer mitigates risks from employees leaving the organization and is a key asset driving innovation and customer service.
Stock image of sticky notes being organized on a board. Implement an IT Employee Development Plan
  • There is a growing gap between the competencies organizations have been focused on developing, and what is needed in the future.
  • Employees have been left to drive their own development, with little direction or support and without the alignment of development to organizational needs.

Bibliography

“Accommodating Older Workers’ Needs for Flexible Work Options.” Ivey Business Journal, July/August 2005. Accessed Jan 7, 2013.

Christensen, Kathleen and Marcie Pitt-Catsouphes. “Approaching 65: A Survey of Baby Boomers Turning 65 Years Old”. AARP, Dec. 2010.

Coyne, Kevin P. and Shawn T. Coyne. “The Baby Boomer Retirement Fallacy and What It Means to You. “ HBR Blog Network. Harvard Business Review, May 16, 2008. Accessed 8 Jan. 2013.

Dwyer, Kevin and Ngoc Luong Dwyer. “Managing the Baby Boomer Brain Drain: The Impact of Generational Change on Human Resource Management.” ChangeFactory, April 2010. Accessed Jan 9, 2013.

Gurchiek, Kathy. “Poll: Organizations Can Do More to Prepare for Talent Shortage as Boomers Retire.” SHRM, Nov 17, 2010. Accessed Jan 3, 2013.

Howden, Daniel. “What Is Time to Fill? KPIs for Recruiters.” Workable, 24 March 2016. Web.

Kapp, Karl M. “Tools and Techniques for Transferring Know-How from Boomers to Gamers.” Global Business and Organizational Excellence, July/August 2007. Web.

Piktialis, Diane and Kent A. Greenes. Bridging the Gaps: How to Transfer Knowledge in Today’s Multigenerational Workplace. The Conference Board, 2008.

Pisano, Gary P. “You need an Innovation Strategy.” Harvard Business Review, June 2015.

Vilet, Jacque. “Lost Knowledge – What Are You and Your Organization Doing About It?” TLNT, 25 April 2012. Accessed 5 Jan. 2013.

Proactively Identify and Mitigate Vendor Risk

  • Buy Link or Shortcode: {j2store}227|cart{/j2store}
  • member rating overall impact: N/A
  • member rating average dollars saved: N/A
  • member rating average days saved: N/A
  • Parent Category Name: Vendor Management
  • Parent Category Link: /vendor-management
  • IT priorities are focused on daily tasks, pushing risk management to secondary importance and diverging from a proactive environment.
  • IT leaders are relying on an increasing number of third-party technology vendors and outsourcing key functions to meet the rapid pace of change within IT.
  • Risk levels can fluctuate over the course of the partnership, requiring manual process checks and/or automated solutions.

Our Advice

Critical Insight

  • Every IT vendor carries risks that have business implications. These legal, financial, security, and operational risks could inhibit business continuity and IT can’t wait until an issue arises to act.
  • Making intelligent decisions about risks without knowing what their financial impact will be is difficult. Risk impact must be quantified.
  • You don’t know what you don’t know, and what you don’t know, can hurt you. To find hidden risks, you must use a structured risk identification method.

Impact and Result

  • A thorough risk assessment in the selection phase is your first line of defense. If you follow the principles of vendor risk management, you can mitigate collateral losses following an adverse event.
  • Make a conscious decision whether to accept the risk based on time, priority, and impact. Spend the required time to correctly identify and enact defined vendor management processes that determine spend categories and appropriately evaluate potential and preferred suppliers. Ensure you accurately assess the partnership potential.
  • Take a proactive stance against IT threats and vulnerabilities by identifying and assessing IT’s most significant risks before they happen.

Proactively Identify and Mitigate Vendor Risk Research & Tools

Start here – read the Executive Brief

Read our concise Executive Brief to find out how to create a vendor risk management program that minimizes your organization’s vulnerability and mitigates adverse scenarios.

Besides the small introduction, subscribers and consulting clients within this management domain have access to:

1. Review vendor risk fundamentals and establish governance

Review IT vendor risk fundamentals and establish a risk governance framework.

  • Proactively Identify and Mitigate Vendor Risk – Phase 1: Review Vendor Risk Fundamentals and Establish Governance
  • Vendor Risk Management Maturity Assessment Tool
  • Vendor Risk Management Program Manual
  • Risk Event Action Plan

2. Assess vendor risk and define your response strategy

Categorize, prioritize, and assess your vendor risks. Follow up with creating effective response strategies.

  • Proactively Identify and Mitigate Vendor Risk – Phase 2: Assess Vendor Risk and Define Your Response Strategy
  • Vendor Classification Model Tool
  • Vendor Risk Profile and Assessment Tool
  • Risk Costing Tool
  • Risk Register Tool

3. Monitor, communicate, and improve IT vendor risk process

Assign accountability and responsibilities to formalize ongoing risk monitoring. Communicate your findings to management and share the plan moving forward.

  • Proactively Identify and Mitigate Vendor Risk – Phase 3: Monitor, Communicate, and Improve IT Vendor Risk Process
  • Risk Report
[infographic]

Workshop: Proactively Identify and Mitigate Vendor Risk

Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

1 Prepare for the Workshop

The Purpose

To prepare the team for the workshop.

Key Benefits Achieved

Avoids delays and interruptions once the workshop is in progress.

Activities

1.1 Send workshop agenda to all participants.

1.2 Prepare list of vendors and review any contracts provided by them.

1.3 Review current risk management process.

Outputs

All necessary participants assembled

List of vendors and vendor contracts

Understanding of current risk management process

2 Review Vendor Risk Fundamentals and Establish Governance

The Purpose

Review IT vendor risk fundamentals.

Assess current maturity and set risk management program goals.

Engage stakeholders and establish a risk governance framework.

Key Benefits Achieved

Understanding of organizational risk culture and the corresponding risk threshold.

Obstacles to effective IT risk management identified.

Attainable goals to increase maturity established.

Understanding of the gap to achieve vendor risk readiness.

Activities

2.1 Brainstorm vendor-related risks.

2.2 Assess current program maturity.

2.3 Identify obstacles and pain points.

2.4 Develop risk management goals.

2.5 Develop key risk indicators (KRIs) and escalation protocols.

2.6 Gain stakeholders’ perspective.

Outputs

Vendor risk management maturity assessment

Goals for vendor risk management

Stakeholders’ opinions

3 Assess Vendor Risk and Define Your Response Strategy

The Purpose

Categorize vendors.

Prioritize assessed risks.

Key Benefits Achieved

Risk events prioritized according to risk severity – as defined by the business.

Activities

3.1 Categorize vendors.

3.2 Map vendor infrastructure.

3.3 Prioritize vendors.

3.4 Identify risk contributing factors.

3.5 Assess risk exposure.

3.6 Calculate expected cost.

3.7 Identify risk events.

3.8 Input risks into the Risk Register Tool.

Outputs

Vendors classified and prioritized

Vendor risk exposure

Expected cost calculation

4 Assess Vendor Risk and Define Your Response Strategy (continued)

The Purpose

Determine risk threshold and contract clause relating to risk prevention.

Identify and assess risk response actions.

Key Benefits Achieved

Thorough analysis has been conducted on the value and effectiveness of risk responses for high-severity risk events.

Risk response strategies have been identified for all key risks.

Authoritative risk response recommendations can be made to senior leadership.

Activities

4.1 Determine the threshold for (un)acceptable risk.

4.2 Match elements of the contract to related vendor risks.

4.3 Identify and assess risk responses.

Outputs

Thresholds for (un)acceptable risk

Risk responses

5 Monitor, Communicate, and Improve IT Vendor Risk Process

The Purpose

Communicate top risks to management.

Assign accountabilities and responsibilities for risk management process.

Establish monitoring schedule.

Key Benefits Achieved

Risk monitoring responsibilities are established.

Transparent accountabilities and established ongoing improvement of the vendor risk management program.

Activities

5.1 Create a stakeholder map.

5.2 Complete RACI chart.

5.3 Establish the reporting schedule.

5.4 Finalize the vendor risk management program.

Outputs

Stakeholder map

Assigned accountability for risk management

Established monitoring schedule

Risk report

Vendor Risk Management Program Manual

Mergers & Acquisitions: The Buy Blueprint

  • Buy Link or Shortcode: {j2store}325|cart{/j2store}
  • member rating overall impact: 9.0/10 Overall Impact
  • member rating average dollars saved: 5 Average Days Saved
  • member rating average days saved: After each Info-Tech experience, we ask our members to quantify the real-time savings, monetary impact, and project improvements our research helped them achieve.
  • Parent Category Name: IT Strategy
  • Parent Category Link: /it-strategy

There are four key scenarios or entry points for IT as the acquiring organization in M&As:

  • IT can suggest an acquisition to meet the business objectives of the organization.
  • IT is brought in to strategy plan the acquisition from both the business’ and IT’s perspectives.
  • IT participates in due diligence activities and valuates the organization potentially being acquired.
  • IT needs to reactively prepare its environment to enable the integration.

Consider the ideal scenario for your IT organization.

Our Advice

Critical Insight

Acquisitions are inevitable in modern business, and IT’s involvement in the process should be too. This progression is inspired by:

  • The growing trend for organizations to increase, decrease, or evolve through these types of transactions.
  • A maturing business perspective of IT, preventing the difficulty that IT is faced with when invited into the transaction process late.
  • Transactions that are driven by digital motivations, requiring IT’s expertise.
  • There never being such a thing as a true merger, making the majority of M&A activity either acquisitions or divestitures.

Impact and Result

Prepare for a growth/integration transaction by:

  • Recognizing the trend for organizations to engage in M&A activity and the increased likelihood that, as an IT leader, you will be involved in a transaction in your career.
  • Creating a standard strategy that will enable strong program management.
  • Properly considering all the critical components of the transaction and integration by prioritizing tasks that will reduce risk, deliver value, and meet stakeholder expectations.

Mergers & Acquisitions: The Buy Blueprint Research & Tools

Start here – read the Executive Brief

Read our concise Executive Brief to find out how your organization can excel its growth strategy by engaging in M&A transactions. Review Info-Tech’s methodology and understand the four ways we can support you in completing this project.

Besides the small introduction, subscribers and consulting clients within this management domain have access to:

1. Proactive Phase

Be an innovative IT leader by suggesting how and why the business should engage in an acquisition or divestiture.

  • One-Pager: M&A Proactive
  • Case Study: M&A Proactive
  • Information Asset Audit Tool
  • Data Valuation Tool
  • Enterprise Integration Process Mapping Tool
  • Risk Register Tool
  • Security M&A Due Diligence Tool

2. Discovery & Strategy

Create a standardized approach for how your IT organization should address acquisitions.

  • One-Pager: M&A Discovery & Strategy – Buy
  • Case Study: M&A Discovery & Strategy – Buy

3. Due Diligence & Preparation

Evaluate the target organizations to minimize risk and have an established integration project plan.

  • One-Pager: M&A Due Diligence & Preparation – Buy
  • Case Study: M&A Due Diligence & Preparation – Buy
  • IT Due Diligence Charter
  • Technical Debt Business Impact Analysis Tool
  • IT Culture Diagnostic
  • M&A Integration Project Management Tool (SharePoint)
  • SharePoint Template: Step-by-Step Deployment Guide
  • M&A Integration Project Management Tool (Excel)
  • Resource Management Supply-Demand Calculator

4. Execution & Value Realization

Deliver on the integration project plan successfully and communicate IT’s transaction value to the business.

  • One-Pager: M&A Execution & Value Realization – Buy
  • Case Study: M&A Execution & Value Realization – Buy

Infographic

Workshop: Mergers & Acquisitions: The Buy Blueprint

Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

1 Pre-Transaction Discovery & Strategy

The Purpose

Establish the transaction foundation.

Discover the motivation for acquiring.

Formalize the program plan.

Create the valuation framework.

Strategize the transaction and finalize the M&A strategy and approach.

Key Benefits Achieved

All major stakeholders are on the same page.

Set up crucial elements to facilitate the success of the transaction.

Have a repeatable transaction strategy that can be reused for multiple organizations.

Activities

1.1 Conduct the CIO Business Vision and CEO-CIO Alignment Diagnostics.

1.2 Identify key stakeholders and outline their relationship to the M&A process.

1.3 Identify the rationale for the company's decision to pursue an acquisition.

1.4 Assess the IT/digital strategy.

1.5 Identify pain points and opportunities tied to the acquisition.

1.6 Create the IT vision and mission statements and identify IT guiding principles and the transition team.

1.7 Document the M&A governance.

1.8 Establish program metrics.

1.9 Create the valuation framework.

1.10 Establish the integration strategy.

1.11 Conduct a RACI.

1.12 Create the communication plan.

1.13 Prepare to assess target organization(s).

Outputs

Business perspectives of IT

Stakeholder network map for M&A transactions

Business context implications for IT

IT’s acquiring strategic direction

Governance structure

M&A program metrics

IT valuation framework

Integration strategy

RACI

Communication plan

Prepared to assess target organization(s)

2 Mid-Transaction Due Diligence & Preparation

The Purpose

Establish the transaction foundation.

Discover the motivation for integration.

Assess the target organization(s).

Create the valuation framework.

Plan the integration roadmap.

Key Benefits Achieved

All major stakeholders are on the same page.

Methodology identified to assess organizations during due diligence.

Methodology can be reused for multiple organizations.

Integration activities are planned and assigned.

Activities

2.1 Gather and evaluate the stakeholders involved, M&A strategy, future-state operating model, and governance.

2.2 Review the business rationale for the acquisition.

2.3 Establish the integration strategy.

2.4 Create the due diligence charter.

2.5 Create a list of IT artifacts to be reviewed in the data room.

2.6 Conduct a technical debt assessment.

2.7 Assess the current culture and identify the goal culture.

2.8 Identify the needed workforce supply.

2.9 Create the valuation framework.

2.10 Establish the integration roadmap.

2.11 Establish and align project metrics with identified tasks.

2.12 Estimate integration costs.

Outputs

Stakeholder map

IT strategy assessment

IT operating model and IT governance structure defined

Business context implications for IT

Integration strategy

Due diligence charter

Data room artifacts

Technical debt assessment

Culture assessment

Workforce supply identified

IT valuation framework

Integration roadmap and associated resourcing

3 Post-Transaction Execution & Value Realization

The Purpose

Establish the transaction foundation.

Discover the motivation for integration.

Plan the integration roadmap.

Prepare employees for the transition.

Engage in integration.

Assess the transaction outcomes.

Key Benefits Achieved

All major stakeholders are on the same page.

Integration activities are planned and assigned.

Employees are set up for a smooth and successful transition.

Integration strategy and roadmap executed to benefit the organization.

Review what went well and identify improvements to be made in future transactions.

Activities

3.1 Identify key stakeholders and determine IT transaction team.

3.2 Gather and evaluate the M&A strategy, future-state operating model, and governance.

3.3 Review the business rationale for the acquisition.

3.4 Establish the integration strategy.

3.5 Prioritize integration tasks.

3.6 Establish the integration roadmap.

3.7 Establish and align project metrics with identified tasks.

3.8 Estimate integration costs.

3.9 Assess the current culture and identify the goal culture.

3.10 Identify the needed workforce supply.

3.11 Create an employee transition plan.

3.12 Create functional workplans for employees.

3.13 Complete the integration by regularly updating the project plan.

3.14 Begin to rationalize the IT environment where possible and necessary.

3.15 Confirm integration costs.

3.16 Review IT’s transaction value.

3.17 Conduct a transaction and integration SWOT.

3.18 Review the playbook and prepare for future transactions.

Outputs

M&A transaction team

Stakeholder map

IT strategy assessed

IT operating model and IT governance structure defined

Business context implications for IT

Integration strategy

Integration roadmap and associated resourcing

Culture assessment

Workforce supply identified

Employee transition plan

Employee functional workplans

Updated integration project plan

Rationalized IT environment

SWOT of transaction

M&A Buy Playbook refined for future transactions

Further reading

Mergers & Acquisitions: The Buy Blueprint

For IT leaders who want to have a role in the transaction process when their business is engaging in an M&A purchase.

EXECUTIVE BRIEF

Analyst Perspective

Don’t wait to be invited to the M&A table, make it.

Photo of Brittany Lutes, Research Analyst, CIO Practice, Info-Tech Research Group.
Brittany Lutes
Research Analyst,
CIO Practice
Info-Tech Research Group
Photo of Ibrahim Abdel-Kader, Research Analyst, CIO Practice, Info-Tech Research Group.
Ibrahim Abdel-Kader
Research Analyst,
CIO Practice
Info-Tech Research Group

IT has always been an afterthought in the M&A process, often brought in last minute once the deal is nearly, if not completely, solidified. This is a mistake. When IT is brought into the process late, the business misses opportunities to generate value related to the transaction and has less awareness of critical risks or inaccuracies.

To prevent this mistake, IT leadership needs to develop strong business relationships and gain respect for their innovative suggestions. In fact, when it comes to modern M&A activity, IT should be the ones suggesting potential transactions to meet business needs, specifically when it comes to modernizing the business or adopting digital capabilities.

IT needs to stop waiting to be invited to the acquisition or divestiture table. IT needs to suggest that the table be constructed and actively work toward achieving the strategic objectives of the business.

Executive Summary

Your Challenge

There are four key scenarios or entry points for IT as the acquiring organization in M&As:

  • IT can suggest an acquisition to meet the business objectives of the organization.
  • IT is brought in to strategy plan the acquisition from both the business’ and IT’s perspectives.
  • IT participates in due diligence activities and valuates the organization potentially being acquired.
  • IT needs to reactively prepare its environment to enable the integration.

Consider the ideal scenario for your IT organization.

Common Obstacles

Some of the obstacles IT faces include:

  • IT is often told about the transaction once the deal has already been solidified and is now forced to meet unrealistic business demands.
  • The business does not trust IT and therefore does not approach IT to define value or reduce risks to the transaction process.
  • The people and culture element are forgotten or not given adequate priority.

These obstacles often arise when IT waits to be invited into the transaction process and misses critical opportunities.

Info-Tech's Approach

Prepare for a growth/integration transaction by:

  • Recognizing the trend for organizations to engage in M&A activity and the increased likelihood that, as an IT leader, you will be involved in a transaction in your career.
  • Creating a standard strategy that will enable strong program management.
  • Properly considering all the critical components of the transaction and integration by prioritizing tasks that will reduce risk, deliver value, and meet stakeholder expectations.

Info-Tech Insight

As the number of merger, acquisition, and divestiture transactions continues to increase, so too does IT’s opportunity to leverage the growing digital nature of these transactions and get involved at the onset.

The changing M&A landscape

Businesses will embrace more digital M&A transactions in the post-pandemic world

  • When the pandemic occurred, businesses reacted by either pausing (61%) or completely cancelling (46%) deals that were in the mid-transaction state (Deloitte, 2020). The uncertainty made many organizations consider whether the risks would be worth the potential benefits.
  • However, many organizations quickly realized the pandemic is not a hindrance to M&A transactions but an opportunity. Over 16,000 American companies were involved in M&A transactions in the first six months of 2021 (The Economist). For reference, this had been averaging around 10,000 per six months from 2016 to 2020.
  • In addition to this transaction growth, organizations have increasingly been embracing digital. These trends increase the likelihood that, as an IT leader, you will engage in an M&A transaction. However, it is up to you when you get involved in the transactions.

The total value of transactions in the year after the pandemic started was $1.3 billion – a 93% increase in value compared to before the pandemic. (Nasdaq)

Virtual deal-making will be the preferred method of 55% of organizations in the post-pandemic world. (Wall Street Journal, 2020)

Your challenge

IT is often not involved in the M&A transaction process. When it is, it’s often too late.

  • The most important driver of an acquisition is the ability to access new technology (DLA Piper), and yet 50% of the time, IT isn’t involved in the M&A transaction at all (IMAA Institute, 2017).
  • Additionally, IT’s lack of involvement in the process negatively impacts the business:
    • Most organizations (60%) do not have a standardized approach to integration (Steeves and Associates).
    • Weak integration teams contribute to the failure of 70% of M&A integrations (The Wall Street Journal, 2019).
    • Less than half (47%) of organizations actually experience the positive results sought by the M&A transaction (Steeves and Associates).
  • Organizations pursuing M&A and not involving IT are setting themselves up for failure.

Only half of M&A deals involve IT (Source: IMAA Institute, 2017)

Common Obstacles

These barriers make this challenge difficult to address for many organizations:

  • IT is rarely afforded the opportunity to participate in the transaction deal. When IT is invited, this often happens later in the process where integration will be critical to business continuity.
  • IT has not had the opportunity to demonstrate that it is a valuable business partner in other business initiatives.
  • One of the most critical elements that IT often doesn’t take the time or doesn’t have the time to focus on is the people and leadership component.
  • IT waits to be invited to the process rather then actively involving themselves and suggesting how value can be added to the process.

In hindsight, it’s clear to see: Involving IT is just good business.

47% of senior leaders wish they would have spent more time on IT due diligence to prevent value erosion. (Source: IMAA Institute, 2017)

40% of acquiring businesses discovered a cybersecurity problem at an acquisition.” (Source: Okta)

Info-Tech's approach

Acquisitions & Divestitures Framework

Acquisitions and divestitures are inevitable in modern business, and IT’s involvement in the process should be too. This progression is inspired by:

  1. The growing trend for organizations to increase, decrease, or evolve through these types of transactions.
  2. Transactions that are driven by digital motivations, requiring IT’s expertise.
  3. A maturing business perspective of IT, preventing the difficulty that IT is faced with when invited into the transaction process late.
  4. There never being such a thing as a true merger, making the majority of M&A activity either acquisitions or divestitures.
A diagram highlighting the 'IT Executives' Role in Acquisitions and Divestitures' when they are integrated at different points in the 'Core Business Timeline'. There are four main entry points 'Proactive', 'Discovery and Strategy', 'Due Diligence and Preparation', and 'Execution and Value Realized'. It is highlighted that IT can and should start at 'Proactive', but most organizations start at 'Execution and Value Realized'. 'Proactive': suggest opportunities to evolve the organization; prove IT's value and engage in growth opportunities early. Innovators start here. Steps of the business timeline in 'Proactive' are 'Organization strategies are defined' and 'M and A is considered to enable strategy'. After a buy or sell transaction is initiated is 'Discovery and Strategy': pre-transaction state. If it is a Buy transaction, 'Establish IT's involvement and approach'. If it is a Sell transaction, 'Prepare to engage in negotiations'. Business Partners start here. Steps of the business timeline in 'Discovery and Strategy' are 'Searching criteria is set', 'Potential candidates are considered', and 'LOI is sent/received'. 'Due Diligence and Preparation': mid-transaction state. If it is a Buy transaction, 'Identify potential transaction benefits and risks'. If it is a Sell transaction, 'Comply, communicate, and collaborate in transaction'. Trusted Operators start here. Steps of the business timeline in 'Due Diligence and Preparation' are 'Due diligence engagement occurs', 'Final agreement is reached', and 'Preparation for transaction execution occurs'. 'Execution and Value Realization': post-transaction state. If it is a Buy transaction, 'Integrate the IT environments and achieve business value'. If it is a Sell transaction, 'Separate the IT environment and deliver on transaction terms'. Firefighters start here. Steps of the business timeline in 'Execution and Value Realization' are 'Staff and operations are addressed appropriately', 'Day 1 of implementation and integration activities occurs', '1st 100 days of new entity state occur' and 'Ongoing risk mitigating and value creating activities occur'.

The business’ view of IT will impact how soon IT can get involved

There are four key entry points for IT

A colorful visualization of the four key entry points for IT and a fifth not-so-key entry point. Starting from the top: 'Innovator', Information and Technology as a Competitive Advantage, 90% Satisfaction; 'Business Partner', Effective Delivery of Strategic Business Projects, 80% Satisfaction; 'Trusted Operator', Enablement of Business Through Application and Work Orders, 70% Satisfaction; 'Firefighter', Reliable Infrastructure and IT Service Desk, 60% Satisfaction; and then 'Unstable', Inability to Consistently Deliver Basic Services, <60% Satisfaction.
  1. Innovator: IT suggests an acquisition to meet the business objectives of the organization.
  2. Business Partner: IT is brought in to strategy plan the acquisition from both the business’ and IT’s perspective.
  3. Trusted Operator: IT participates in due diligence activities and valuates the organization potentially being acquired.
  4. Firefighter: IT reactively engages in the integration with little time to prepare.

Merger, acquisition, and divestiture defined

Merger

A merger looks at the equal combination of two entities or organizations. Mergers are rare in the M&A space, as the organizations will combine assets and services in a completely equal 50/50 split. Two organizations may also choose to divest business entities and merge as a new company.

Acquisition

The most common transaction in the M&A space, where an organization will acquire or purchase another organization or entities of another organization. This type of transaction has a clear owner who will be able to make legal decisions regarding the acquired organization.

Divestiture

An organization may decide to sell partial elements of a business to an acquiring organization. They will separate this business entity from the rest of the organization and continue to operate the other components of the business.

Info-Tech Insight

A true merger does not exist, as there is always someone initiating the discussion. As a result, most M&A activity falls into acquisition or divestiture categories.

Buying vs. selling

The M&A process approach differs depending on whether you are the executive IT leader on the buy side or sell side

This blueprint is only focused on the buy side:

  • More than two organizations could be involved in a transaction.
  • Examples of buy-related scenarios include:
    • Your organization is buying another organization with the intent of having the purchased organization keep its regular staff, operations, and location. This could mean minimal integration is required.
    • Your organization is buying another organization in its entirety with the intent of integrating it into your original company.
    • Your organization is buying components of another organization with the intent of integrating them into your original company.
  • As the purchasing organization, you will probably be initiating the purchase and thus will be valuating the selling organization during due diligence and leading the execution plan.

The sell side is focused on:

  • Examples of sell-related scenarios include:
    • Your organization is selling to another organization with the intent of keeping its regular staff, operations, and location. This could mean minimal separation is required.
    • Your organization is selling to another organization with the intent of separating to be a part of the purchasing organization.
    • Your organization is engaging in a divestiture with the intent of:
      • Separating components to be part of the purchasing organization permanently.
      • Separating components to be part of a spinoff and establish a unit as a standalone new company.
  • As the selling organization, you could proactively seek out suitors to purchase all or components of your organization, or you could be approached by an organization.

For more information on divestitures or selling your entire organization, check out Info-Tech’s Mergers & Acquisitions: The Sell Blueprint.

Core business timeline

For IT to be valuable in M&As, you need to align your deliverables and your support to the key activities the business and investors are working on.

Info-Tech’s methodology for Buying Organizations in Mergers, Acquisitions, or Divestitures

1. Proactive

2. Discovery & Strategy

3. Due Diligence & Preparation

4. Execution & Value Realization

Phase Steps

  1. Identify Stakeholders and Their Perspective of IT
  2. Assess IT’s Current Value and Future State
  3. Drive Innovation and Suggest Growth Opportunities
  1. Establish the M&A Program Plan
  2. Prepare IT to Engage in the Acquisition
  1. Assess the Target Organization
  2. Prepare to Integrate
  1. Execute the Transaction
  2. Reflection and Value Realization

Phase Outcomes

Be an innovative IT leader by suggesting how and why the business should engage in an acquisition or divestiture.

Create a standardized approach for how your IT organization should address acquisitions.

Evaluate the target organizations successfully and establish an integration project plan.

Deliver on the integration project plan successfully and communicate IT’s transaction value to the business.

Potential metrics for each phase

1. Proactive

2. Discovery & Strategy

3. Due Diligence & Preparation

4. Execution & Value Realization

  • % Share of business innovation spend from overall IT budget
  • % Critical processes with approved performance goals and metrics
  • % IT initiatives that meet or exceed value expectation defined in business case
  • % IT initiatives aligned with organizational strategic direction
  • % Satisfaction with IT's strategic decision-making abilities
  • $ Estimated business value added through IT-enabled innovation
  • % Overall stakeholder satisfaction with IT
  • % Percent of business leaders that view IT as an Innovator
  • % IT budget as a percent of revenue
  • % Assets that are not allocated
  • % Unallocated software licenses
  • # Obsolete assets
  • % IT spend that can be attributed to the business (chargeback or showback)
  • % Share of CapEx of overall IT budget
  • % Prospective organizations that meet the search criteria
  • $ Total IT cost of ownership (before and after M&A, before and after rationalization)
  • % Business leaders that view IT as a Business Partner
  • % Defects discovered in production
  • $ Cost per user for enterprise applications
  • % In-house-built applications vs. enterprise applications
  • % Owners identified for all data domains
  • # IT staff asked to participate in due diligence
  • Change to due diligence
  • IT budget variance
  • Synergy target
  • % Satisfaction with the effectiveness of IT capabilities
  • % Overall end-customer satisfaction
  • $ Impact of vendor SLA breaches
  • $ Savings through cost-optimization efforts
  • $ Savings through application rationalization and technology standardization
  • # Key positions empty
  • % Frequency of staff turnover
  • % Emergency changes
  • # Hours of unplanned downtime
  • % Releases that cause downtime
  • % Incidents with identified problem record
  • % Problems with identified root cause
  • # Days from problem identification to root cause fix
  • % Projects that consider IT risk
  • % Incidents due to issues not addressed in the security plan
  • # Average vulnerability remediation time
  • % Application budget spent on new build/buy vs. maintenance (deferred feature implementation, enhancements, bug fixes)
  • # Time (days) to value realization
  • % Projects that realized planned benefits
  • $ IT operational savings and cost reductions that are related to synergies/divestitures
  • % IT staff–related expenses/redundancies
  • # Days spent on IT integration
  • $ Accurate IT budget estimates
  • % Revenue growth directly tied to IT delivery
  • % Profit margin growth

The IT executive’s role in the buying transaction is critical

And IT leaders have a greater likelihood than ever of needing to support a merger, acquisition, or divestiture.

  1. Reduced Risk

    IT can identify risks that may go unnoticed when IT is not involved.
  2. Increased Accuracy

    The business can make accurate predictions around the costs, timelines, and needs of IT.
  3. Faster Integration

    Faster integration means faster value realization for the business.
  4. Informed Decision Making

    IT leaders hold critical information that can support the business in moving the transaction forward.
  5. Innovation

    IT can suggest new opportunities to generate revenue, optimize processes, or reduce inefficiencies.

The IT executive’s critical role is demonstrated by:

  • Reduced Risk

    47% of senior leaders wish they would have spent more time on IT due diligence to prevent value erosion (IMAA Institute, 2017).
  • Increased Accuracy

    87% of respondents to a Deloitte survey effectively conducted a virtual deal, with a focus on cybersecurity and integration (Deloitte, 2020).
  • Faster Integration

    Integration costs range from as low as $4 million to as high as $3.8 billion, making the process an investment for the organization (CIO Dive).
  • Informed Decision Making

    Only 38% of corporate and 22% of private equity firms include IT as a significant aspect in their transaction approach (IMAA Institute, 2017).
  • Innovation

    Successful CIOs involved in M&As can spend 70% of their time on aspects outside of IT and 30% of their time on technology and delivery (CIO).

Playbook benefits

IT Benefits

  • IT will be seen as an innovative partner to the business, and its suggestions and involvement in the organization will lead to benefits, not hindrances.
  • Develop a streamlined method to valuate the potential organization being purchased and ensure risk management concerns are brought to the business’ attention immediately.
  • Create a comprehensive list of items that IT needs to do during the integration that can be prioritized and actioned.

Business Benefits

  • The business will get accurate and relevant information about the organization being acquired, ensuring that the anticipated value of the transaction is correctly planned for.
  • Fewer business interruptions will happen, because IT can accurately plan for and execute the high-priority integration tasks.
  • The business can make a fair offer to the purchased organization, having properly valuated all aspects being bought, including the IT environment.

Insight summary

Overarching Insight

As an IT executive, take control of when you get involved in a growth transaction. Do this by proactively identifying acquisition targets, demonstrating the value of IT, and ensuring that integration of IT environments does not lead to unnecessary and costly decisions.

Proactive Insight

CIOs on the forefront of digital transformation need to actively look for and suggest opportunities to acquire or partner on new digital capabilities to respond to rapidly changing business needs.

Discovery & Strategy Insight

IT organizations that have an effective M&A program plan are more prepared for the buying transaction, enabling a successful outcome. A structured strategy is particularly necessary for organizations expected to deliver M&As rapidly and frequently.

Due Diligence & Preparation Insight

Most IT synergies can be realized in due diligence. It is more impactful to consider IT processes and practices (e.g. contracts and culture) in due diligence rather than later in the integration.

Execution & Value Realization Insight

IT needs to realize synergies within the first 100 days of integration. The most successful transactions are when IT continuously realizes synergies a year after the transaction and beyond.

Blueprint deliverables

Key Deliverable: M&A Buy Playbook

The M&A Buy Playbook should be a reusable document that enables your IT organization to successfully deliver on any acquisition transaction.

Screenshots of the 'M and A Buy Playbook' deliverable.

M&A Buy One-Pager

See a one-page overview of each phase of the transaction.

Screenshots of the 'M and A Buy One-Pagers' deliverable.

M&A Buy Case Studies

Read a one-page case study for each phase of the transaction.

Screenshots of the 'M and A Buy Case Studies' deliverable.

M&A Integration Project Management Tool (SharePoint)

Manage the integration process of the acquisition using this SharePoint template.

Screenshots of the 'M and A Integration Project Management Tool (SharePoint)' deliverable.

M&A Integration Project Management Tool (Excel)

Manage the integration process of the acquisition using this Excel tool if you can’t or don’t want to use SharePoint.

Screenshots of the 'M and A Integration Project Management Tool (Excel)' deliverable.

Info-Tech offers various levels of support to best suit your needs

DIY Toolkit

Guided Implementation

Workshop

Consulting

"Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful." "Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track." "We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place." "Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project."

Diagnostics and consistent frameworks used throughout all four options

Guided Implementation

What does a typical GI on this topic look like?

A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization.

A typical GI is between 6 to 10 calls over the course of 2 to 4 months.

    Proactive Phase

  • Call #1: Scope requirements, objectives, and your specific challenges.
  • Discovery & Strategy Phase

  • Call #2: Determine stakeholders and their perspectives of IT.
  • Call #3: Identify how M&A could support business strategy and how to communicate.
  • Due Diligence & Preparation Phase

  • Call #4: Establish a transaction team and acquisition strategic direction.
  • Call #5: Create program metrics and identify a standard integration strategy.
  • Call #6: Assess the potential organization(s).
  • Call #7: Identify the integration program plan.
  • Execution & Value Realization Phase

  • Call #8: Establish employee transitions to retain key staff.
  • Call #9: Assess IT’s ability to deliver on the acquisition transaction.

The Buy Blueprint

Phase 1

Proactive

Phase 1

Phase 2 Phase 3 Phase 4
  • 1.1 Identify Stakeholders and Their Perspective of IT
  • 1.2 Assess IT’s Current Value and Future State
  • 1.3 Drive Innovation and Suggest Growth Opportunities
  • 2.1 Establish the M&A Program Plan
  • 2.2 Prepare IT to Engage in the Acquisition
  • 3.1 Assess the Target Organization
  • 3.2 Prepare to Integrate
  • 4.1 Execute the Transaction
  • 4.2 Reflection and Value Realization

This phase will walk you through the following activities:

  • Conduct the CEO-CIO Alignment diagnostic
  • Conduct the CIO Business Vision diagnostic
  • Visualize relationships among stakeholders to identify key influencers
  • Group stakeholders into categories
  • Prioritize your stakeholders
  • Plan to communicate
  • Valuate IT
  • Assess the IT/digital strategy
  • Determine pain points and opportunities
  • Align goals to opportunities
  • Recommend growth opportunities

This phase involves the following participants:

  • IT and business leadership

What is the Proactive phase?

Embracing the digital drivers

As the number of merger, acquisition, or divestiture transactions driven by digital means continues to increase, IT has an opportunity to not just be involved in a transaction but actively seek out potential deals.

In the Proactive phase, the business is not currently considering a transaction. However, the business could consider one to reach its strategic goals. IT organizations that have developed respected relationships with the business leaders can suggest these potential transactions.

Understand the business’ perspective of IT, determine who the critical M&A stakeholders are, valuate the IT environment, and examine how it supports the business goals in order to suggest an M&A transaction.

In doing so, IT isn’t waiting to be invited to the transaction table – it’s creating it.

Goal: To support the organization in reaching its strategic goals by suggesting M&A activities that will enable the organization to reach its objectives faster and with greater-value outcomes.

Proactive Prerequisite Checklist

Before coming into the Proactive phase, you should have addressed the following:

  • Understand what mergers, acquisitions, and divestitures are.
  • Understand what mergers, acquisitions, and divestitures mean for the business.
  • Understand what mergers, acquisitions, and divestitures mean for IT.

Review the Executive Brief for more information on mergers, acquisitions, and divestitures for purchasing organizations.

Proactive

Step 1.1

Identify M&A Stakeholders and Their Perspective of IT

Activities

  • 1.1.1 Conduct the CEO-CIO Alignment diagnostic
  • 1.1.2 Conduct the CIO Business Vision diagnostic
  • 1.1.3 Visualize relationships among stakeholders to identify key influencers
  • 1.1.4 Group stakeholders into categories
  • 1.1.5 Prioritize your stakeholders
  • 1.16 Plan to communicate

This step involves the following participants:

  • IT executive leader
  • IT leadership
  • Critical M&A stakeholders

Outcomes of Step

Understand how the business perceives IT and establish strong relationships with critical M&A stakeholders.

Business executives' perspectives of IT

Leverage diagnostics and gain alignment on IT’s role in the organization

  • To suggest or get involved with a merger, acquisition, or divestiture, the IT executive leader needs to be well respected by other members of the executive leadership team and the business.
  • Specifically, the Proactive phase relies on the IT organization being viewed as an Innovator within the business.
  • Identify how the CEO/business executive currently views IT and where they would like IT to move within the Maturity Ladder.
  • Additionally, understand how other critical department leaders view IT and how they view the partnership with IT.
A colorful visualization titled 'Maturity Ladder' detailing levels of IT function that a business may choose from based on the business executives' perspectives of IT. Starting from the bottom: 'Struggle', Does not embarrass, Does not crash; 'Support', Keeps business happy, Keeps costs low; 'Optimize', Increases efficiency, Decreases costs; 'Expand', Extends into new business, Generates revenue; 'Transform', Creates new industry.

Misalignment in target state requires further communication between the CIO and CEO to ensure IT is striving toward an agreed-upon direction.

Info-Tech’s CIO Business Vision (CIO BV) diagnostic measures a variety of high-value metrics to provide a well-rounded understanding of stakeholder satisfaction with IT.

Sample of Info-Tech's CIO Business Vision diagnostic measuring percentages of high-value metrics like 'IT Satisfaction' and 'IT Value' regarding business leader satisfaction. A note for these two reads 'Evaluate business leader satisfaction with IT this year and last year'. A section titled 'Relationship' has metrics such as 'Understands Needs' and 'Trains Effectively'. A note for this section reads 'Examine indicators of the relationship between IT and the business'. A section titled 'Security Friction' has metrics such as 'Regulatory Compliance-Driven' and 'Office/Desktop Security'.

Business Satisfaction and Importance for Core Services

The core services of IT are important when determining what IT should focus on. The most important services with the lowest satisfaction offer the largest area of improvement for IT to drive business value.

Sample of Info-Tech's CIO Business Vision diagnostic specifically comparing the business satisfaction of 12 core services with their importance. Services listed include 'Service Desk', 'IT Security', 'Requirements Gathering', 'Business Apps', 'Data Quality', and more. There is a short description of the services, a percentage for the business satisfaction with the service, a percentage comparing it to last year, and a numbered ranking of importance for each service. A note reads 'Assess satisfaction and importance across 12 core IT capabilities'.

1.1.1 Conduct the CEO-CIO Alignment diagnostic

2 weeks

Input: IT organization expertise and the CEO-CIO Alignment diagnostic

Output: An understanding of an executive business stakeholder’s perception of IT

Materials: CEO-CIO Alignment diagnostic, M&A Buy Playbook

Participants: IT executive/CIO, Business executive/CEO

  1. The CEO-CIO Alignment diagnostic can be a powerful input. Speak with your Info-Tech account representative to conduct the diagnostic. Use the results to inform current IT capabilities.
  2. You may choose to debrief the results of your diagnostic with an Info-Tech analyst. We recommend this to help your team understand how to interpret and draw conclusions from the results.
  3. Examine the results of the survey and note where there might be specific capabilities that could be improved.
  4. Determine whether there are any areas of significant disagreement between the you and the CEO. Mark down those areas for further conversations. Additionally, take note of areas that could be leveraged to support growth transactions or support your rationale in recommending growth transactions.

Download the sample report.

Record the results in the M&A Buy Playbook.

1.1.2 Conduct the CIO Business Vision diagnostic

2 weeks

Input: IT organization expertise, CIO BV diagnostic

Output: An understanding of business stakeholder perception of certain IT capabilities and services

Materials: CIO Business Vision diagnostic, Computer, Whiteboard and markers, M&A Buy Playbook

Participants: IT executive/CIO, Senior business leaders

  1. The CIO Business Vision (CIO BV) diagnostic can be a powerful tool for identifying IT capability focus areas. Speak with your account representative to conduct the CIO BV diagnostic. Use the results to inform current IT capabilities.
  2. You may choose to debrief the results of your diagnostic with an Info-Tech analyst. We recommend this to help your team understand how to interpret the results and draw conclusions from the diagnostic.
  3. Examine the results of the survey and take note of any IT services that have low scores.
  4. Read through the diagnostic comments and note any common themes. Especially note which stakeholders identified they have a favorable relationship with IT and which stakeholders identified they have an unfavorable relationship. For those who have an unfavorable relationship, identify if they will have a critical role in a growth transaction.

Download the sample report.

Record the results in the M&A Buy Playbook.

Create a stakeholder network map for M&A transactions

Follow the trail of breadcrumbs from your direct stakeholders to their influencers to uncover hidden stakeholders.

Example:

Diagram of stakeholders and their relationships with other stakeholders, such as 'Board Members', 'CFO/Finance', 'Compliance', etc. with 'CIO/IT Leader' highlighted in the middle. There are unidirectional black arrows and bi-directional green arrows indicating each connection.

    Legend
  • Black arrows indicate the direction of professional influence
  • Dashed green arrows indicate bidirectional, informal influence relationships

Info-Tech Insight

Your stakeholder map defines the influence landscape that the M&A transaction will occur within. This will identify who holds various levels of accountability and decision-making authority when a transaction does take place.

Use connectors to determine who may be influencing your direct stakeholders. They may not have any formal authority within the organization, but they may have informal yet substantial relationships with your stakeholders.

1.1.3 Visualize relationships among stakeholders to identify key influencers

1-3 hours

Input: List of M&A stakeholders

Output: Relationships among M&A stakeholders and influencers

Materials: M&A Buy Playbook

Participants: IT executive leadership

  1. The purpose of this activity is to list all the stakeholders within your organization that will have a direct or indirect impact on the M&A transaction.
  2. Determine the critical stakeholders, and then determine the stakeholders of your stakeholders and consider adding each of them to the stakeholder list.
  3. Assess who has either formal or informal influence over your stakeholders; add these influencers to your stakeholder list.
  4. Construct a diagram linking stakeholders and their influencers together.
    • Use black arrows to indicate the direction of professional influence.
    • Use dashed green arrows to indicate bidirectional, informal influence relationships.

Record the results in the M&A Buy Playbook.

Categorize your stakeholders with a prioritization map

A stakeholder prioritization map helps IT leaders categorize their stakeholders by their level of influence and ownership in the merger, acquisition, or divestiture process.

A prioritization map of stakeholder categories split into four quadrants. The vertical axis is 'Influence', from low on the bottom to high on top. The horizontal axis is 'Ownership/Interest', from low on the left to high on the right. 'Spectators' are low influence, low ownership/interest. 'Mediators' are high influence, low ownership/interest. 'Noisemakers' are low influence, high ownership/interest. 'Players' are high influence, high ownership/interest.

There are four areas in the map, and the stakeholders within each area should be treated differently.

Players – players have a high interest in the initiative and the influence to effect change over the initiative. Their support is critical, and a lack of support can cause significant impediment to the objectives.

Mediators – mediators have a low interest but significant influence over the initiative. They can help to provide balance and objective opinions to issues that arise.

Noisemakers – noisemakers have low influence but high interest. They tend to be very vocal and engaged, either positively or negatively, but have little ability to enact their wishes.

Spectators – generally, spectators are apathetic and have little influence over or interest in the initiative.

1.1.4 Group stakeholders into categories

30 minutes

Input: Stakeholder map, Stakeholder list

Output: Categorization of stakeholders and influencers

Materials: Flip charts, Markers, Sticky notes, M&A Buy Playbook

Participants: IT executive leadership, Stakeholders

  1. Identify your stakeholders’ interest in and influence on the M&A process as high, medium, or low by rating the attributes below.
  2. Map your results to the model to the right to determine each stakeholder’s category.

Same prioritization map of stakeholder categories as before. This one has specific stakeholders mapped onto it. 'CFO' is mapped as low interest and middling influence, between 'Mediator' and 'Spectator'. 'CIO' is mapped as higher than average interest and high influence, a 'Player'. 'Board Member' is mapped as high interest and high influence, a 'Player'.

Level of Influence
  • Power: Ability of a stakeholder to effect change.
  • Urgency: Degree of immediacy demanded.
  • Legitimacy: Perceived validity of stakeholder’s claim.
  • Volume: How loud their “voice” is or could become.
  • Contribution: What they have that is of value to you.
Level of Interest

How much are the stakeholder’s individual performance and goals directly tied to the success or failure of the product?

Record the results in the M&A Buy Playbook.

Prioritize your stakeholders

There may be too many stakeholders to be able to manage them all. Focus your attention on the stakeholders that matter most.

Level of Support

Supporter

Evangelist

Neutral

Blocker

Stakeholder Category Player Critical High High Critical
Mediator Medium Low Low Medium
Noisemaker High Medium Medium High
Spectator Low Irrelevant Irrelevant Low

Consider the three dimensions for stakeholder prioritization: influence, interest, and support. Support can be determined by answering the following question: How significant is that stakeholder to the M&A or divestiture process?

These parameters are used to prioritize which stakeholders are most important and should receive your focused attention.

1.1.5 Prioritize your stakeholders

30 minutes

Input: Stakeholder matrix

Output: Stakeholder and influencer prioritization

Materials: Flip charts, Markers, Sticky notes, M&A Buy Playbook

Participants: IT executive leadership, M&A/divestiture stakeholders

  1. Identify the level of support of each stakeholder by answering the following question: How significant is that stakeholder to the M&A transaction process?
  2. Prioritize your stakeholders using the prioritization scheme on the previous slide.

Stakeholder

Category

Level of Support

Prioritization

CMO Spectator Neutral Irrelevant
CIO Player Supporter Critical

Record the results in the M&A Buy Playbook.

Define strategies for engaging stakeholders by type

A revisit to the map of stakeholder categories, but with strategies listed for each one, and arrows on the side instead of an axis. The vertical arrow is 'Authority', which increases upward, and the horizontal axis is Ownership/Interest which increases as it moves to the right. The strategy for 'Players' is 'Engage', for 'Mediators' is 'Satisfy', for 'Noisemakers' is 'Inform', and for 'Spectators' is 'Monitor'.

Type

Quadrant

Actions

Players High influence, high interest – actively engage Keep them updated on the progress of the project. Continuously involve Players in the process and maintain their engagement and interest by demonstrating their value to its success.
Mediators High influence, low interest – keep satisfied They can be the game changers in groups of stakeholders. Turn them into supporters by gaining their confidence and trust and including them in important decision-making steps. In turn, they can help you influence other stakeholders.
Noisemakers Low influence, high interest – keep informed Try to increase their influence (or decrease it if they are detractors) by providing them with key information, supporting them in meetings, and using Mediators to help them.
Spectators Low influence, low interest – monitor They are followers. Keep them in the loop by providing clarity on objectives and status updates.

Info-Tech Insight

Each group of stakeholders draws attention and resources away from critical tasks. By properly identifying stakeholder groups, the IT executive leader can develop corresponding actions to manage stakeholders in each group. This can dramatically reduce wasted effort trying to satisfy Spectators and Noisemakers while ensuring the needs of Mediators and Players are met.

1.1.6 Plan to communicate

30 minutes

Input: Stakeholder priority, Stakeholder categorization, Stakeholder influence

Output: Stakeholder communication plan

Materials: Flip charts, Markers, Sticky notes, M&A Buy Playbook

Participants: IT executive leadership, M&A/divestiture stakeholders

The purpose of this activity is to make a communication plan for each of the stakeholders identified in the previous activities, especially those who will have a critical role in the M&A transaction process.

  1. In the M&A Buy Playbook, input the type of influence each stakeholder has on IT, how they would be categorized in the M&A process, and their level of priority. Use this information to create a communication plan.
  2. Determine the methods and frequency of communication to keep the necessary stakeholder satisfied and maintain or enhance IT’s profile within the organization.

Record the results in the M&A Buy Playbook.

Proactive

Step 1.2

Assess IT’s Current Value and Method to Achieve a Future State

Activities

  • 1.2.1 Valuate IT
  • 1.2.2 Assess the IT/digital strategy

This step involves the following participants:

  • IT executive leader
  • IT leadership
  • Critical stakeholders to M&A

Outcomes of Step

Identify critical opportunities to optimize IT and meet strategic business goals through a merger, acquisition, or divestiture.

How to valuate your IT environment

And why it matters so much

  • Valuating your current organization’s IT environment is a critical step that all IT organizations should take, whether involved in an M&A or not, to fully understand what it might be worth.
  • The business investments in IT can be directly translated into a value amount. For every $1 invested in IT, the business might be gaining $100 in value back or possibly even loosing $100.
  • Determining, documenting, and communicating this information ensures that the business takes IT’s suggestions seriously and recognizes why investing in IT is so critical.
  • There are three ways a business or asset can be valuated:
    • Cost Approach: Look at the costs associated with building, purchasing, replacing, and maintaining a given aspect of the business.
    • Market Approach: Look at the relative value of a particular aspect of the business. Relative value can fluctuate and depends on what the markets and consequently society believe that particular element is worth.
    • Discounted Cash Flow Approach: Focus on what the potential value of the business could be or the intrinsic value anticipated due to future profitability.
  • (Source: “Valuation Methods,” Corporate Finance Institute)

Four ways to create value through digital

  1. Reduced costs
  2. Improved customer experience
  3. New revenue sources
  4. Better decision making
  5. (Source: McKinsey & Company)

1.2.1 Valuate IT

1 day

Input: Valuation of data, Valuation of applications, Valuation of infrastructure and operations, Valuation of security and risk

Output: Valuation of IT

Materials: Relevant templates/tools listed on the following slides, Capital budget, Operating budget, M&A Buy Playbook

Participants: IT executive/CIO, IT senior leadership

The purpose of this activity is to demonstrate that IT is not simply an operational functional area that diminishes business resources. Rather, IT contributes significant value to the business.

  1. Review each of the following slides to valuate IT’s data, applications, infrastructure and operations, and security and risk. These valuations consider several tangible and intangible factors and result in a final dollar amount.
  2. Input the financial amounts identified for each critical area into a summary slide. Use this information to determine where IT is delivering value to the organization.

Info-Tech Insight

Consistency is key when valuating your IT organization as well as other IT organizations throughout the transaction process.

Record the results in the M&A Buy Playbook.

Data valuation

Data valuation identifies how you monetize the information that your organization owns.

Create a data value chain for your organization

When valuating the information and data that exists in an organization, there are many things to consider.

Info-Tech has two tools that can support this process:

  1. Information Asset Audit Tool: Use this tool first to take inventory of the different information assets that exist in your organization.
  2. Data Valuation Tool: Once information assets have been accounted for, valuate the data that exists within those information assets.

Data Collection

Insight Creation

Value Creation

Data Valuation

01 Data Source
02 Data Collection Method
03 Data
04 Data Analysis
05 Insight
06 Insight Delivery
07 Consumer
08 Value in Data
09 Value Dimension
10 Value Metrics Group
11 Value Metrics
Screenshots of Tab 2 of Info-Tech's Data Valuation Tool.

Instructions

  1. Using the Data Valuation Tool, start gathering information based on the eight steps above to understand your organization’s journey from data to value.
  2. Identify the data value spectrum. (For example: customer sales service, citizen licensing service, etc.)
  3. Fill out the columns for data sources, data collection, and data first.
  4. Capture data analysis and related information.
  5. Then capture the value in data.
  6. Add value dimensions such as usage, quality, and economic dimensions.
    • Remember that economic value is not the only dimension, and usage/quality has a significant impact on economic value.
  7. Collect evidence to justify your data valuation calculator (market research, internal metrics, etc.).
  8. Finally, calculate the value that has a direct correlation with underlying value metrics.

Application valuation

Calculate the value of your IT applications

When valuating the applications and their users in an organization, consider using a business process map. This shows how business is transacted in the company by identifying which IT applications support these processes and which business groups have access to them. Info-Tech has a business process mapping tool that can support this process:

  • Enterprise Integration Process Mapping Tool: Complete this tool first to map the different business processes to the supporting applications in your organization.

Instructions

  1. Start by calculating user costs. This is the product of the (# of users) × (% of time spent using IT) × (fully burdened salary).
  2. Identify the revenue per employee and divide that by the average cost per employee to calculate the derived productivity ratio (DPR).
  3. Once you have calculated the user costs and DPR, multiply those total values together to get the application value.
  4. User Costs

    Total User Costs

    Derived Productivity Ratio (DPR)

    Total DPR

    Application Value

    # of users % time spent using IT Fully burdened salary Multiply values from the 3 user costs columns Revenue per employee Average cost per employee (Revenue P.E) ÷ (Average cost P.E) (User costs) X (DPR)

  5. Once the total application value is established, calculate the combined IT and business costs of delivering that value. IT and business costs include inflexibility (application maintenance), unavailability (downtime costs, including disaster exposure), IT costs (common costs statistically allocated to applications), and fully loaded cost of active (full-time equivalent [FTE]) users.
  6. Calculate the net value of applications by subtracting the total IT and business costs from the total application value calculated in step 3.
  7. IT and Business Costs

    Total IT and Business Costs

    Net Value of Applications

    Application maintenance Downtime costs (include disaster exposure) Common costs allocated to applications Fully loaded costs of active (FTE) users Sum of values from the four IT and business costs columns (Application value) – (IT and business costs)

(Source: CSO)

Infrastructure valuation

Assess the foundational elements of the business’ information technology

The purpose of this exercise is to provide a high-level infrastructure valuation that will contribute to valuating your IT environment.

Calculating the value of the infrastructure will require different methods depending on the environment. For example, a fully cloud-hosted organization will have different costs than a fully on-premises IT environment.

Instructions:

  1. Start by listing all of the infrastructure-related items that are relevant to your organization.
  2. Once you have finalized your items column, identify the total costs/value of each item.
    • For example, total software costs would include servers and storage.
  3. Calculate the total cost/value of your IT infrastructure by adding all of values in the right column.

Item

Costs/Value

Hardware Assets Total Value +$3.2 million
Hardware Leased/Service Agreement -$
Software Purchased +$
Software Leased/Service Agreement -$
Operational Tools
Network
Disaster Recovery
Antivirus
Data Centers
Service Desk
Other Licenses
Total:

For additional support, download the M&A Runbook for Infrastructure and Operations.

Risk and security

Assess risk responses and calculate residual risk

The purpose of this exercise is to provide a high-level risk assessment that will contribute to valuating your IT environment. For a more in-depth risk assessment, please refer to the Info-Tech tools below:

  1. Risk Register Tool
  2. Security M&A Due Diligence Tool

Instructions

  1. Review the probability and impact scales below and ensure you have the appropriate criteria that align to your organization before you conduct a risk assessment.
  2. Identify the probability of occurrence and estimated financial impact for each risk category detail and fill out the table on the right. Customize the table as needed so it aligns to your organization.
  3. Probability of Risk Occurrence

    Occurrence Criteria
    (Classification; Probability of Risk Event Within One Year)

    Negligible Very Unlikely; ‹20%
    Very Low Unlikely; 20 to 40%
    Low Possible; 40 to 60%
    Moderately Low Likely; 60 to 80%
    Moderate Almost Certain; ›80%

Note: If needed, you can customize this scale with the severity designations that you prefer. However, make sure you are always consistent with it when conducting a risk assessment.

Financial & Reputational Impact

Budgetary and Reputational Implications
(Financial Impact; Reputational Impact)

Negligible (‹$10,000; Internal IT stakeholders aware of risk event occurrence)
Very Low ($10,000 to $25,000; Business customers aware of risk event occurrence)
Low ($25,000 to $50,000; Board of directors aware of risk event occurrence)
Moderately Low ($50,000 to $100,000; External customers aware of risk event occurrence)
Moderate (›$100,000; Media coverage or regulatory body aware of risk event occurrence)

Risk Category Details

Probability of Occurrence

Estimated Financial Impact

Estimated Severity (Probability X Impact)

Capacity Planning
Enterprise Architecture
Externally Originated Attack
Hardware Configuration Errors
Hardware Performance
Internally Originated Attack
IT Staffing
Project Scoping
Software Implementation Errors
Technology Evaluation and Selection
Physical Threats
Resource Threats
Personnel Threats
Technical Threats
Total:

1.2.2 Assess the IT/digital strategy

4 hours

Input: IT strategy, Digital strategy, Business strategy

Output: An understanding of an executive business stakeholder’s perception of IT, Alignment of IT/digital strategy and overall organization strategy

Materials: Computer, Whiteboard and markers, M&A Buy Playbook

Participants: IT executive/CIO, Business executive/CEO

The purpose of this activity is to review the business and IT strategies that exist to determine if there are critical capabilities that are not being supported.

Ideally, the IT and digital strategies would have been created following development of the business strategy. However, sometimes the business strategy does not directly call out the capabilities it requires IT to support.

  1. On the left half of the corresponding slide in the M&A Buy Playbook, document the business goals, initiatives, and capabilities. Input this information from the business or digital strategies. (If more space for goals, initiatives, or capabilities is needed, duplicate the slide).
  2. On the other half of the slide, document the IT goals, initiatives, and capabilities. Input this information from the IT strategy and digital strategy.

For additional support, see Build a Business-Aligned IT Strategy.

Record the results in the M&A Buy Playbook.

Proactive

Step 1.3

Drive Innovation and Suggest Growth Opportunities

Activities

  • 1.3.1 Determine pain points and opportunities
  • 1.3.2 Align goals with opportunities
  • 1.3.3 Recommend growth opportunities

This step involves the following participants:

  • IT executive leader
  • IT leadership
  • Critical M&A stakeholders

Outcomes of Step

Establish strong relationships with critical M&A stakeholders and position IT as an innovative business partner that can suggest growth opportunities.

1.3.1 Determine pain points and opportunities

1-2 hours

Input: CEO-CIO Alignment diagnostic, CIO Business Vision diagnostic, Valuation of IT environment, IT-business goals cascade

Output: List of pain points or opportunities that IT can address

Materials: Computer, Whiteboard and markers, M&A Buy Playbook

Participants: IT executive/CIO, IT senior leadership, Business stakeholders

The purpose of this activity is to determine the pain points and opportunities that exist for the organization. These can be external or internal to the organization.

  1. Identify what opportunities exist for your organization. Opportunities are the potential positives that the organization would want to leverage.
  2. Next, identify pain points, which are the potential negatives that the organization would want to alleviate.
  3. Spend time considering all the options that might exist, and keep in mind what has been identified previously.

Opportunities and pain points can be trends, other departments’ initiatives, business perspectives of IT, etc.

Record the results in the M&A Buy Playbook.

1.3.2 Align goals with opportunities

1-2 hours

Input: CEO-CIO Alignment diagnostic, CIO Business Vision diagnostic, Valuation of IT environment, IT-business goals cascade, List of pain points and opportunities

Output: An understanding of an executive business stakeholder’s perception of IT, Foundations for growth strategy

Materials: Computer, Whiteboard and markers, M&A Buy Playbook

Participants: IT executive/CIO, IT senior leadership, Business stakeholders

The purpose of this activity is to determine whether a growth or separation strategy might be a good suggestion to the business in order to meet its business objectives.

  1. For the top three to five business goals, consider:
    1. Underlying drivers
    2. Digital opportunities
    3. Whether a growth or reduction strategy is the solution
  2. Just because a growth or reduction strategy is a solution for a business goal does not necessarily indicate M&A is the way to go. However, it is important to consider before you pursue suggesting M&A.

Record the results in the M&A Buy Playbook.

1.3.3 Recommend growth opportunities

1-2 hours

Input: Growth or separation strategy opportunities to support business goals, Stakeholder communication plan, Rationale for the suggestion

Output: M&A transaction opportunities suggested

Materials: M&A Buy Playbook

Participants: IT executive/CIO, Business executive/CEO

The purpose of this activity is to recommend a merger, acquisition, or divestiture to the business.

  1. Identify which of the business goals the transaction would help solve and why IT is the one to suggest such a goal.
  2. Leverage the stakeholder communication plan identified previously to give insight into stakeholders who would have a significant level of interest, influence, or support in the process.

Info-Tech Insight

With technology and digital driving many transactions, leverage this opening and begin the discussions with your business on how and why an acquisition would be a great opportunity.

Record the results in the M&A Buy Playbook.

By the end of this Proactive phase, you should:

Be prepared to suggest M&A opportunities to support your company’s goals through growth or acquisition transactions

Key outcome from the Proactive phase

Develop progressive relationships and strong communication with key stakeholders to suggest or be aware of transformational opportunities that can be achieved through growth or reduction strategies such as mergers, acquisitions, or divestitures.

Key deliverables from the Proactive phase
  • Business perspective of IT examined
  • Key stakeholders identified and relationship to the M&A process outlined
  • Ability to valuate the IT environment and communicate IT’s value to the business
  • Assessment of the business, digital, and IT strategies and how M&As could support those strategies
  • Pain points and opportunities that could be alleviated or supported through an M&A transaction
  • Acquisition or buying recommendations

The Buy Blueprint

Phase 2

Discovery & Strategy

Phase 1

Phase 2

Phase 3Phase 4
  • 1.1 Identify Stakeholders and Their Perspective of IT
  • 1.2 Assess IT’s Current Value and Future State
  • 1.3 Drive Innovation and Suggest Growth Opportunities
  • 2.1 Establish the M&A Program Plan
  • 2.2 Prepare IT to Engage in the Acquisition
  • 3.1 Assess the Target Organization
  • 3.2 Prepare to Integrate
  • 4.1 Execute the Transaction
  • 4.2 Reflection and Value Realization

This phase will walk you through the following activities:

  • Create the mission and vision
  • Identify the guiding principles
  • Create the future-state operating model
  • Determine the transition team
  • Document the M&A governance
  • Create program metrics
  • Establish the integration strategy
  • Conduct a RACI
  • Create the communication plan
  • Assess the potential organization(s)

This phase involves the following participants:

  • IT executive/CIO
  • IT senior leadership
  • Company M&A team

Workshop Overview

Contact your account representative for more information.
workshops@infotech.com 1-888-670-8889

Pre-Work

Day 1

Day 2

Day 3

Day 4

Day 5

Establish the Transaction FoundationDiscover the Motivation for AcquiringFormalize the Program PlanCreate the Valuation FrameworkStrategize the TransactionNext Steps and Wrap-Up (offsite)

Activities

  • 0.1 Conduct the CIO Business Vision and CEO-CIO Alignment diagnostics
  • 0.2 Identify key stakeholders and outline their relationship to the M&A process
  • 0.3 Identify the rationale for the company's decisions to pursue an acquisition
  • 1.1 Review the business rationale for the acquisition
  • 1.2 Assess the IT/digital strategy
  • 1.3 Identify pain points and opportunities tied to the acquisition
  • 1.4 Create the IT vision statement, create the IT mission statement, and identify IT guiding principles
  • 2.1 Create the future-state operating model
  • 2.2 Determine the transition team
  • 2.3 Document the M&A governance
  • 2.4 Establish program metrics
  • 3.1 Valuate your data
  • 3.2 Valuate your applications
  • 3.3 Valuate your infrastructure
  • 3.4 Valuate your risk and security
  • 3.5 Combine individual valuations to make a single framework
  • 4.1 Establish the integration strategy
  • 4.2 Conduct a RACI
  • 4.3 Review best practices for assessing target organizations
  • 4.4 Create the communication plan
  • 5.1 Complete in-progress deliverables from previous four days
  • 5.2 Set up review time for workshop deliverables and to discuss next steps

Deliverables

  1. Business perspectives of IT
  2. Stakeholder network map for M&A transactions
  1. Business context implications for IT
  2. IT’s acquisition strategic direction
  1. Operating model for future state
  2. Transition team
  3. Governance structure
  4. M&A program metrics
  1. IT valuation framework
  1. Integration strategy
  2. RACI
  3. Communication plan
  1. Completed M&A program plan and strategy
  2. Prepared to assess target organization(s)

What is the Discovery & Strategy phase?

Pre-transaction state

The Discovery & Strategy phase during an acquisition is a unique opportunity for many IT organizations. IT organizations that can participate in the acquisition transaction at this stage are likely considered a strategic partner of the business.

For one-off acquisitions, IT being invited during this stage of the process is rare. However, for organizations that are preparing to engage in many acquisitions over the coming years, this type of strategy will greatly benefit from IT involvement. Again, the likelihood of participating in an M&A transaction is increasing, making it a smart IT leadership decision to, at the very least, loosely prepare a program plan that can act as a strategic pillar throughout the transaction.

During this phase of the pre-transaction state, IT will also be asked to participate in ensuring that the potential organization being sought will be able to meet any IT-specific search criteria that was set when the transaction was put into motion.

Goal: To identify a repeatable program plan that IT can leverage when acquiring all or parts of another organization’s IT environment, ensuring customer satisfaction and business continuity

Discovery & Strategy Prerequisite Checklist

Before coming into the Discovery & Strategy phase, you should have addressed the following:

  • Understand the business perspective of IT.
  • Know the key stakeholders and have outlined their relationships to the M&A process.
  • Be able to valuate the IT environment and communicate IT's value to the business.
  • Understand the rationale for the company's decisions to pursue an acquisition and the opportunities or pain points the acquisition should address.

Discovery & Strategy

Step 2.1

Establish the M&A Program Plan

Activities

  • 2.1.1 Create the mission and vision
  • 2.1.2 Identify the guiding principles
  • 2.1.3 Create the future-state operating model
  • 2.1.4 Determine the transition team
  • 2.1.5 Document the M&A governance
  • 2.1.6 Create program metrics

This step involves the following participants:

  • IT executive/CIO
  • IT senior leadership
  • Company M&A team

Outcomes of Step

Establish an M&A program plan that can be repeated across acquisitions.

The vision and mission statements clearly articulate IT’s aspirations and purpose

The IT vision statement communicates a desired future state of the IT organization, whereas the IT mission statement portrays the organization’s reason for being. While each serves its own purpose, they should both be derived from the business context implications for IT.

Vision Statements

Mission Statements

Characteristics

  • Describe a desired future
  • Focus on ends, not means
  • Concise
  • Aspirational
  • Memorable
  • Articulate a reason for existence
  • Focus on how to achieve the vision
  • Concise
  • Easy to grasp
  • Sharply focused
  • Inspirational

Samples

To be a trusted advisor and partner in enabling business innovation and growth through an engaged IT workforce. (Source: Business News Daily) IT is a cohesive, proactive, and disciplined team that delivers innovative technology solutions while demonstrating a strong customer-oriented mindset. (Source: Forbes, 2013)

2.1.1 Create the mission and vision statements

2 hours

Input: Business objectives, IT capabilities, Rationale for the transaction

Output: IT’s mission and vision statements for growth strategies tied to mergers, acquisitions, and divestitures

Materials: Flip charts/whiteboard, Markers, M&A Buy Playbook

Participants: IT executive/CIO, IT senior leadership, Company M&A team

The purpose of this activity is to create mission and vision statements that reflect IT’s intent and method to support the organization as it pursues a growth strategy.

  1. Review the definitions and characteristics of mission and vision statements.
  2. Brainstorm different versions of the mission and vision statements.
  3. Edit the statements until you get to a single version of each that accurately reflects IT’s role in the growth process.

Record the results in the M&A Buy Playbook.

Guiding principles provide a sense of direction

IT guiding principles are shared, long-lasting beliefs that guide the use of IT in constructing, transforming, and operating the enterprise by informing and restricting IT investment portfolio management, solution development, and procurement decisions.

A diagram illustrating the place of 'IT guiding principles' in the process of making 'Decisions on the use of IT'. There are four main items, connecting lines naming the type of process in getting from one step to the next, and a line underneath clarifying the questions asked at each step. On the far left, over the question 'What decisions should be made?', is 'Business context and IT implications'. This flows forward to 'IT guiding principles', and they are connected by 'Influence'. Next, over the question 'How should decisions be made?', is the main highlighted section. 'IT guiding principles' flows forward to 'Decisions on the use of IT', and they are connected by 'Guide and inform'. On the far right, over the question 'Who has the accountability and authority to make decisions?', is 'IT policies'. This flows back to 'Decisions on the use of IT', and they are connected by 'Direct and control'.

IT principles must be carefully constructed to make sure they are adhered to and relevant

Info-Tech has identified a set of characteristics that IT principles should possess. These characteristics ensure the IT principles are relevant and followed in the organization.

Approach focused. IT principles should be focused on the approach – how the organization is built, transformed, and operated – as opposed to what needs to be built, which is defined by both functional and non-functional requirements.

Business relevant. Create IT principles that are specific to the organization. Tie IT principles to the organization’s priorities and strategic aspirations.

Long lasting. Build IT principles that will withstand the test of time.

Prescriptive. Inform and direct decision making with actionable IT principles. Avoid truisms, general statements, and observations.

Verifiable. If compliance can’t be verified, people are less likely to follow the principle.

Easily Digestible. IT principles must be clearly understood by everyone in IT and by business stakeholders. IT principles aren’t a secret manuscript of the IT team. IT principles should be succinct; wordy principles are hard to understand and remember.

Followed. Successful IT principles represent a collection of beliefs shared among enterprise stakeholders. IT principles must be continuously communicated to all stakeholders to achieve and maintain buy-in.

In organizations where formal policy enforcement works well, IT principles should be enforced through appropriate governance processes.

Consider the example principles below

IT Principle Name

IT Principle Statement

1. Risk Management We will ensure that the organization’s IT Risk Management Register is properly updated to reflect all potential risks and that a plan of action against those risks has been identified.
2. Transparent Communication We will ensure employees are spoken to with respect and transparency throughout the transaction process.
3. Integration for Success We will create an integration strategy that enables the organization and clearly communicates the resources required to succeed.
4. Managed Data We will handle data creation, modification, integration, and use across the enterprise in compliance with our data governance policy.
5. Establish a single IT Environment We will identify, prioritize, and manage the applications and services that IT provides in order to eliminate redundant technology and maximize the value that users and customers experience.
6. Compliance With Laws and Regulations We will operate in compliance with all applicable laws and regulations for both our organization and the potentially purchased organization.
7. Defined Value We will create a plan of action that aligns with the organization’s defined value expectations.
8. Network Readiness We will ensure that employees and customers have immediate access to the network with minimal or no outages.
9. Operating to Succeed We will bring all of IT into a central operating model within two years of the transaction.

2.1.2 Identify the guiding principles

2 hours

Input: Business objectives, IT capabilities, Rationale for the transaction, Mission and vision statements

Output: IT’s guiding principles for growth strategies tied to mergers, acquisitions, and divestitures

Materials: Flip charts/whiteboard, Markers, M&A Buy Playbook

Participants: IT executive/CIO, IT senior leadership, Company M&A team

The purpose of this activity is to create the guiding principles that will direct the IT organization throughout the growth strategy process.

  1. Review the role of guiding principles and the examples of guiding principles that organizations have used.
  2. Brainstorm different versions of the guiding principles. Each guiding principle should start with the phrase “We will…”
  3. Edit and consolidate the statements until you have a list of approximately eight to ten statements that accurately reflect IT’s role in the growth process.
  4. Review the guiding principles every six months to ensure they continue to support the delivery of the business’ growth strategy goals.

Record the results in the M&A Buy Playbook.

Create two IT teams to support the transaction

IT M&A Transaction Team

  • The IT M&A Transaction Team should consist of the strongest members of the IT team who can be expected to deliver on unusual or additional tasks not asked of them in normal day-to-day operations.
  • The roles selected for this team will have very specific skills sets or deliver on critical integration capabilities, making their involvement in the combination of two or more IT environments paramount.
  • These individuals need to have a history of proving themselves very trustworthy, as they will likely be required to sign an NDA as well.
  • Expect to have to certain duplicate capabilities or roles across the M&A transaction team and operational team.

IT Operational Team

  • This group is responsible for ensuring the business operations continue.
  • These employees might be those who are newer to the organization but can be counted on to deliver consistent IT services and products.
  • The roles of this team should ensure that end users or external customers remain satisfied.

Key capabilities to support M&A

Consider the following capabilities when looking at who should be a part of the M&A transaction team.

Employees who have a significant role in ensuring that these capabilities are being delivered will be a top priority.

Infrastructure

  • Systems Integration
  • Data Management

Business Focus

  • Service-Level Management
  • Enterprise Architecture
  • Stakeholder Management
  • Project Management

Risk & Security

  • Privacy Management
  • Security Management
  • Risk & Compliance Management

Build a lasting and scalable operating model

An operating model is an abstract visualization, used like an architect’s blueprint, that depicts how structures and resources are aligned and integrated to deliver on the organization’s strategy.

It ensures consistency of all elements in the organizational structure through a clear and coherent blueprint before embarking on detailed organizational design.

The visual should highlight which capabilities are critical to attaining strategic goals and clearly show the flow of work so that key stakeholders can understand where inputs flow in and outputs flow out of the IT organization.

As you assess the current operating model, consider the following:

  • Does the operating model contain all the necessary capabilities your IT organization requires to be successful?
  • What capabilities should be duplicated?
  • Are there individuals with the skill set to support those roles? If not, is there a plan to acquire or develop those skills?
  • A dedicated project team strictly focused on M&A is great. However, is it feasible for your organization? If not, what blockers exist?
A diagram with 'Initiatives' and 'Solutions' on the left and right of an area chart, 'Customer' at the top, the area between them labelled 'Functional Area n', and six horizontal bars labelled 'IT Capability' stacked on top of each other. The 'IT Capability' bars are slightly skewed to the 'Solutions' side of the chart.

Info-Tech Insight

Investing time up-front getting the operating model right is critical. This will give you a framework to rationalize future organizational changes, allowing you to be more iterative and allowing your model to change as the business changes.

2.1.3 Create the future-state operating model

4 hours

Input: Current operating model, IT strategy, IT capabilities, M&A-specific IT capabilities, Business objectives, Rationale for the transaction, Mission and vision statements

Output: Future-state operating model

Materials: Operating model, Capability overlay, Flip charts/whiteboard, Markers, M&A Buy Playbook

Participants: IT executive/CIO, IT senior leadership, Company M&A team

The purpose of this activity is to establish what the future-state operating model will be if your organization needs to adjust to support a growth transaction.

  1. Ensuring that all the IT capabilities are identified by the business and IT strategy, document your organization’s current operating model.
  2. Identify what core capabilities would be critical to the buying transaction process and integration. Highlight and make copies of those capabilities in the M&A Buy Playbook.
  3. Arrange the capabilities to clearly show the flow of inputs and outputs. Identify critical stakeholders of the process (such as customers or end users) if that will help the flow.
  4. Ensure the capabilities that will be decentralized are clearly identified. Decentralized capabilities do not exist within the central IT organization but rather in specific lines of businesses or products to better understand needs and deliver on the capability.

An example operating model is included in the M&A Buy Playbook. This process benefits from strong reference architecture and capability mapping ahead of time.

Record the results in the M&A Buy Playbook.

2.1.4 Determine the transition team

3 hours

Input: IT capabilities, Future-state operating model, M&A-specific IT capabilities, Business objectives, Rationale for the transaction, Mission and vision statements

Output: Transition team

Materials: Reference architecture, Organizational structure, Flip charts/whiteboard, Markers

Participants: IT executive/CIO, IT senior leadership, Company M&A team

The purpose of this activity is to create a team that will support your IT organization throughout the transaction. Determining which capabilities and therefore which roles will be required ensures that the business will continue to get the operational support it needs.

  1. Based on the outcome of activity 2.1.3, review the capabilities that your organization will require on the transition team. Group capabilities into functional groups containing capabilities that are aligned well with one another because they have similar responsibilities and functionalities.
  2. Replace the capabilities with roles. For example, stakeholder management, requirements gathering, and project management might be one functional group. Project management and stakeholder management might combine to create a project manager role.
  3. Review the examples in the M&A Buy Playbook and identify which roles will be a part of the transition team.

For more information, see Redesign Your Organizational Structure

What is governance?

And why does it matter so much to IT and the M&A process?

  • Governance is the method in which decisions get made, specifically as they impact various resources (time, money, and people).
  • Because M&A is such a highly governed transaction, it is important to document the governance bodies that exist in your organization.
  • This will give insight into what types of governing bodies there are, what decisions they make, and how that will impact IT.
  • For example, funds to support integration need to be discussed, approved, and supplied to IT from a governing body overseeing the acquisition.
  • A highly mature IT organization will have automated governance, while a seemingly non-existent governance process will be considered ad hoc.
A pyramid with four levels representing the types of governing bodies that are available with differing levels of IT maturity. An arrow beside the pyramid points upward. The bottom of the arrow is labelled 'Traditional (People and document centric)' and the top is labelled 'Adaptive (Data centric)'. Starting at the bottom of the pyramid is level 1 'Ad Hoc Governance', 'Governance that is not well defined or understood within the organization. It occurs out of necessity but often not by the right people'. Level 2 is 'Controlled Governance', 'Governance focused on compliance and decisions driven by hierarchical authority. Levels of authority are defined and often driven by regulatory'. Level 3 is 'Agile Governance', 'Governance that is flexible to support different needs and quick response in the organization. Driven by principles and delegated throughout the company'. At the top of the pyramid is level 4 'Automated Governance', 'Governance that is entrenched and automated into organizational processes and product/service design. Empowered and fully delegated governance to maintain fit and drive organizational success and survival'.

2.1.5 Document M&A governance

1-2 hours

Input: List of governing bodies, Governing body committee profiles, Governance structure

Output: Documented method on how decisions are made as it relates to the M&A transaction

Materials: Flip charts/whiteboard, Markers, M&A Buy Playbook

Participants: IT executive/CIO, IT senior leadership, Company M&A team

The purpose of this activity is to determine the method in which decisions are made throughout the M&A transaction as it relates to IT. This will require understanding both governing bodies internal to IT and those external to IT.

  1. First, determine the other governance structures within the organization that will impact the decisions made about M&A. List out these bodies or committees.
  2. Create a profile for each committee that looks at the membership, purpose of the committee, decision areas (authority), and the process of inputs and outputs. Ensure IT committees that will have a role in this process are also documented. Consider the benefits realized, risks, and resources required for each.
  3. Organize the committees into a structure, identifying the committees that have a role in defining the strategy, designing and building, and running.

Record the results in the M&A Buy Playbook.

Current-state structure map – definitions of tiers

Strategy: These groups will focus on decisions that directly connect to the strategic direction of the organization.

Design & Build: The second tier of groups will oversee prioritization of a certain area of governance as well as design and build decisions that feed into strategic decisions.

Run: The lowest level of governance will be oversight of more-specific initiatives and capabilities within IT.

Expect tier overlap. Some committees will operate in areas that cover two or three of these governance tiers.

Measure the IT program’s success in terms of its ability to support the business’ M&A goals

Upper management will measure IT’s success based on your ability to support the underlying reasons for the M&A. Using business metrics will help assure business stakeholders that IT understands their needs and is working with the business to achieve them.

Business-Specific Metrics

  • Revenue Growth: Increase in the top line as seen by market expansion, product expansion, etc. by percentage/time.
  • Synergy Extraction: Reduction in costs as determined by the ability to identify and eliminate redundancies over time.
  • Profit Margin Growth: Increase in the bottom line as a result of increased revenue growth and/or decreased costs over time.

IT-Specific Metrics

  • IT operational savings and cost reductions due to synergies: Operating expenses, capital expenditures, licenses, contracts, applications, infrastructure over time.
  • Reduction in IT staff expense and headcount: Decreased budget allocated to IT staff, and ability to identify and remove redundancies in staff.
  • Meeting or improving on IT budget estimates: Delivering successful IT integration on a budget that is the same or lower than the budget estimated during due diligence.
  • Meeting or improving on IT time-to-integration estimates: Delivering successful IT integration on a timeline that is the same or shorter than the timeline estimated during due diligence.
  • Business capability support: Delivering the end state of IT that supports the expected business capabilities and growth.

Establish your own metrics to gauge the success of IT

Establish SMART M&A Success Metrics

S pecific Make sure the objective is clear and detailed.
M easurable Objectives are measurable if there are specific metrics assigned to measure success. Metrics should be objective.
A ctionable Objectives become actionable when specific initiatives designed to achieve the objective are identified.
R ealistic Objectives must be achievable given your current resources or known available resources.
T ime-Bound An objective without a timeline can be put off indefinitely. Furthermore, measuring success is challenging without a timeline.
  • What should IT consider when looking to identify potential additions, deletions, or modifications that will either add value to the organization or reduce costs/risks?
  • Provide a definition of synergies.
  • IT operational savings and cost reductions due to synergies: Operating expenses, capital expenditures, licenses, contracts, applications, infrastructure.
  • Reduction in IT staff expense and headcount: Decreased budget allocated to IT staff, and ability to identify and remove redundancies in staff.
  • Meeting or improving on IT budget estimates: Delivering successful IT integration on a budget that is the same or lower than the budget estimated during due diligence.
  • Meeting or improving on IT time-to-integration estimates: Delivering successful IT integration on a timeline that is the same or shorter than the timeline estimated during due diligence.
  • Revenue growth: Increase in the top line as a result, as seen by market expansion, product expansion, etc.
  • Synergy extraction: Reduction in costs, as determined by the ability to identify and eliminate redundancies.
  • Profit margin growth: Increase in the bottom line as a result of increased revenue growth and/or decreased costs.

Metrics for each phase

1. Proactive

2. Discovery & Strategy

3. Valuation & Due Diligence

4. Execution & Value Realization

  • % Share of business innovation spend from overall IT budget
  • % Critical processes with approved performance goals and metrics
  • % IT initiatives that meet or exceed value expectation defined in business case
  • % IT initiatives aligned with organizational strategic direction
  • % Satisfaction with IT's strategic decision-making abilities
  • $ Estimated business value added through IT-enabled innovation
  • % Overall stakeholder satisfaction with IT
  • % Percent of business leaders that view IT as an Innovator
  • % IT budget as a percent of revenue
  • % Assets that are not allocated
  • % Unallocated software licenses
  • # Obsolete assets
  • % IT spend that can be attributed to the business (chargeback or showback)
  • % Share of CapEx of overall IT budget
  • % Prospective organizations that meet the search criteria
  • $ Total IT cost of ownership (before and after M&A, before and after rationalization)
  • % Business leaders that view IT as a Business Partner
  • % Defects discovered in production
  • $ Cost per user for enterprise applications
  • % In-house-built applications vs. enterprise applications
  • % Owners identified for all data domains
  • # IT staff asked to participate in due diligence
  • Change to due diligence
  • IT budget variance
  • Synergy target
  • % Satisfaction with the effectiveness of IT capabilities
  • % Overall end-customer satisfaction
  • $ Impact of vendor SLA breaches
  • $ Savings through cost-optimization efforts
  • $ Savings through application rationalization and technology standardization
  • # Key positions empty
  • % Frequency of staff turnover
  • % Emergency changes
  • # Hours of unplanned downtime
  • % Releases that cause downtime
  • % Incidents with identified problem record
  • % Problems with identified root cause
  • # Days from problem identification to root cause fix
  • % Projects that consider IT risk
  • % Incidents due to issues not addressed in the security plan
  • # Average vulnerability remediation time
  • % Application budget spent on new build/buy vs. maintenance (deferred feature implementation, enhancements, bug fixes)
  • # Time (days) to value realization
  • % Projects that realized planned benefits
  • $ IT operational savings and cost reductions that are related to synergies/divestitures
  • % IT staff–related expenses/redundancies
  • # Days spent on IT integration
  • $ Accurate IT budget estimates
  • % Revenue growth directly tied to IT delivery
  • % Profit margin growth

2.1.6 Create program metrics

1-2 hours

Input: IT capabilities, Mission, vision, and guiding principles, Rationale for the acquisition

Output: Program metrics to support IT throughout the M&A process

Materials: Flip charts/whiteboard, Markers, M&A Buy Playbook

Participants: IT executive/CIO, IT senior leadership, Company M&A team

The purpose of this activity is to determine how IT’s success throughout a growth transaction will be measured and determined.

  1. Document a list of appropriate metrics on the whiteboard. Remember to include metrics that demonstrate the business impact. You can use the sample metrics listed on the previous slide as a starting point.
  2. Set a target and deadline for each metric. This will help the group determine when it is time to evaluate progression.
  3. Establish a baseline for each metric based on information collected within your organization.
  4. Assign an owner for tracking each metric as well as someone to be accountable for performance.

Record the results in the M&A Buy Playbook.

Discovery & Strategy

Step 2.2

Prepare IT to Engage in the Acquisition

Activities

  • 2.2.1 Establish the integration strategy
  • 2.2.2 Conduct a RACI
  • 2.2.3 Create the communication plan
  • 2.2.4 Assess the potential organization(s)

This step involves the following participants:

  • IT executive/CIO
  • IT senior leadership
  • Company M&A team

Outcomes of Step

Identify IT’s plan of action when it comes to the acquisition and align IT’s integration strategy with the business’ M&A strategy.

Integration strategies

There are several IT integration strategies that will help you achieve your target technology environment.

IT Integration Strategies
  • Absorption. Convert the target organization’s strategy, structure, processes, and/or systems to that of the acquiring organization.
  • Best-of-Breed. Pick and choose the most effective people, processes, and technologies to form an efficient operating model.
  • Transformation Retire systems from both organizations and use collective capabilities, data, and processes to create something entirely new.
  • Preservation Retain individual business units that will operate within their own capability. People, processes, and technologies are unchanged.

The approach IT takes will depend on the business objectives for the M&A.

  • Generally speaking, the integration strategy is well understood and influenced by the frequency of and rationale for acquiring.
  • Based on the initiatives generated by each business process owner, you need to determine the IT integration strategy that will best support the desired target technology environment.

Key considerations when choosing an IT integration strategy include:

  • What are the main business objectives of the M&A?
  • What are the key synergies expected from the transaction?
  • What IT integration best helps obtain these benefits?
  • What opportunities exist to position the business for sustainable growth?

Absorption and best-of-breed

Review highlights and drawbacks of absorption and best-of-breed integration strategies

Absorption
    Highlights
  • Recommended for businesses striving to reduce costs and drive efficiency gains.
  • Economies of scale realized through consolidation and elimination of redundant applications.
  • Quickest path to a single company operation and systems as well as lower overall IT cost.
    Drawbacks
  • Potential for disruption of the target company’s business operations.
  • Requires significant business process changes.
  • Disregarding the target offerings altogether may lead to inferior system decisions that do not yield sustainable results.
Best-of-Breed
    Highlights
  • Recommended for businesses looking to expand their market presence or acquire new products. Essentially aligning the two organizations in the same market.
  • Each side has a unique offering but complementing capabilities.
  • Potential for better buy-in from the target because some of their systems are kept, resulting in willingness to
    Drawbacks
  • May take longer to integrate because it tends to present increased complexity that results in higher costs and risks.
  • Requires major integration efforts from both sides of the company. If the target organization is uncooperative, creating the desired technology environment will be difficult.

Transformation and preservation

Review highlights and drawbacks of transformation and preservation integration strategies

Transformation
    Highlights
  • This is the most customized approach, although it is rarely used.
  • It is essential to have an established long-term vision of business capabilities when choosing this path.
  • When executed correctly, this approach presents potential for significant upside and creation of sustainable competitive advantages.
    Drawbacks
  • This approach requires extensive time to implement, and the cost of integration work may be significant.
  • If a new system is created without strategic capabilities, the organizations will not realize long-term benefits.
  • The cost of correcting complexities at later stages in the integration effort may be drastic.
Preservation
    Highlights
  • This approach is appropriate if the merging organizations will remain fairly independent, if there will be limited or no communication between companies, and if the companies’ market strategies, products, and channels are entirely distinct.
  • Environment can be accomplished quickly and at a low cost.
    Drawbacks
  • Impact to each business is minimal, but there is potential for lost synergies and higher operational costs. This may be uncontrollable if the natures of the two businesses are too different to integrate.
  • Reduced benefits and limited opportunities for IT integration.

2.2.1 Establish the integration strategy

1-2 hours

Input: Business integration strategy, Guiding principles, M&A governance

Output: IT’s integration strategy

Materials: Flip charts/whiteboard, Markers, M&A Buy Playbook

Participants: IT executive/CIO, IT senior leadership, Company M&A team

The purpose of this activity is to determine IT’s approach to integration. The approach might differ slightly from transaction to transaction. However, the business’ approach to transactions should give insight into the general integration strategy IT should adopt.

  1. Make sure you have clearly articulated the business objectives for the M&A, the technology end state for IT, and the magnitude of the overall integration.
  2. Review and discuss the highlights and drawbacks of each type of integration.
  3. Use Info-Tech’s Integration Posture Selection Framework on the next slide to select the integration posture that will appropriately enable the business. Consider these questions during your discussion:
    1. What are the main business objectives of the M&A? What key IT capabilities will need to support business objectives?
    2. What key synergies are expected from the transaction? What opportunities exist to position the business for sustainable growth?
    3. What IT integration best helps obtain these benefits?

Record the results in the M&A Buy Playbook.

Integration Posture Selection Framework

Business M&A Strategy

Resultant Technology Strategy

M&A Magnitude (% of Acquirer Assets, Income, or Market Value)

IT Integration Posture

A. Horizontal Adopt One Model ‹10% Absorption
10 to 75% Absorption or Best-of-Breed
›75% Best-of-Breed
B. Vertical Create Links Between Critical Systems Any
  • Preservation (Differentiated Functions)
  • Absorption or Best-of-Breed (Non-Differentiated Functions)
C. Conglomerate Independent Model Any Preservation
D. Hybrid: Horizontal & Conglomerate Independent Model Any Preservation

2.2.2 Conduct a RACI

1-2 hours

Input: IT capabilities, Transition team, Integration strategy

Output: Completed RACI for transition team

Materials: Reference architecture, Organizational structure, Flip charts/whiteboard, Markers, M&A Buy Playbook

Participants: IT executive/CIO, IT senior leadership, Company M&A team

The purpose of this activity is to identify the core accountabilities and responsibilities for the roles identified as critical to your transition team. While there might be slight variation from transaction to transaction, ideally each role should be performing certain tasks.

  1. First, identify a list of critical tasks that need to be completed to support the purchase or acquisition. For example:
    • Communicate with the company M&A team.
    • Identify critical IT risks that could impact the organization after the transaction.
    • Identify key artifacts to collect and review during due diligence.
  2. Next, identify at the activity level which role is accountable or responsible for each activity. Enter an A for accountable, R for responsible, or A/R for both.

Record the results in the M&A Buy Playbook.

Communication and change

Prepare key stakeholders for the potential changes

  • Anytime you are starting a project or program that will depend on users and stakeholders to give up their old way of doing things, change will force people to become novices again, leading to lost productivity and added stress.
  • Change management can improve outcomes for any project where you need people to adopt new tools and procedures, comply with new policies, learn new skills and behaviors, or understand and support new processes.
  • M&As move very quickly, and it can be very difficult to keep track of which stakeholders you need to be communicating with and what you should be communicating.
  • Not all organizations embrace or resist change in the same ways. Base your change communications on your organization’s cultural appetite for change in general.
    • Organizations with a low appetite for change will require more direct, assertive communications.
    • Organizations with a high appetite for change are more suited to more open, participatory approaches.

Three key dimensions determine the appetite for cultural change:

  • Power Distance. Refers to the acceptance that power is distributed unequally throughout the organization.
    In organizations with a high power distance, the unequal power distribution is accepted by the less powerful employees.
  • Individualism. Organizations that score high in individualism have employees who are more independent. Those who score low in individualism fall into the collectivism side, where employees are strongly tied to one another or their groups.
  • Uncertainty Avoidance. Describes the level of acceptance that an organization has toward uncertainty. Those who score high in this area find that their employees do not favor uncertain situations, while those that score low in this area find that their employees are comfortable with change and uncertainty.

2.2.3 Create the communication plan

1-2 hours

Input: IT’s M&A mission, vision, and guiding principles, M&A transition team, IT integration strategy, RACI

Output: IT’s M&A communication plan

Materials: Flip charts/whiteboard, Markers, RACI, M&A Buy Playbook

Participants: IT executive/CIO, IT senior leadership, Company M&A team

The purpose of this activity is to create a communication plan that IT can leverage throughout the initiative.

  1. Create a structured communication plan that allows for continuous communication with the integration management office, senior management, and the business functional heads.
  2. Outline key topics of communication, with stakeholders, inputs, and outputs for each topic.
  3. Review Info-Tech’s example communication plan in the M&A Buy Playbook and update it with relevant information.
  4. Does this communication plan make sense for your organization? What doesn’t make sense? Adjust the communication guide to suit your organization.

Record the results in the M&A Buy Playbook.

Assessing potential organizations

As soon as you have identified organizations to consider, it’s imperative to assess critical risks. Most IT leaders can attest that they will receive little to no notice when they have to assess the IT organization of a potential purchase. As a result, having a standardized template to quickly gauge the value of the business can be critical.

Ways to Assess

  1. News: Assess what sort of news has been announced in relation to the organization. Have they had any risk incidents? Has a critical vendor announced working with them?
  2. LinkedIn: Scan through the LinkedIn profiles of employees. This will give you a sense of what platforms they have based on their employees.
  3. Trends: Some industries will have specific solutions that are relevant and popular. Assess what the key players are (if you don’t already know) to determine the solution.
  4. Business Architecture: While this assessment won’t perfect, try to understand the business’ value streams and the critical business and IT capabilities that would be needed to support them.

2.2.4 Assess the potential organization(s)

1-2 hours

Input: Publicized historical risk events, Solutions and vendor contracts likely in the works, Trends

Output: IT’s valuation of the potential organization(s) for acquisition

Materials: M&A Buy Playbook

Participants: IT executive/CIO

The purpose of this activity is to assess the organization(s) that your organization is considering purchasing.

  1. Complete the Historical Valuation Worksheet in the M&A Buy Playbook to understand the type of IT organization that your company may inherit and need to integrate with.
    • The business likely isn’t looking for in-depth details at this time. However, as the IT leader, it is your responsibility to ensure critical risks are identified and communicated to the business.
  2. Use the information identified to help the business narrow down which organizations should be targeted for the acquisition.

Record the results in the M&A Buy Playbook.

By the end of this pre-transaction phase you should:

Have a program plan for M&As and a repeatable M&A strategy for IT when engaging in growth transactions

Key outcomes from the Discovery & Strategy phase
  • Be prepared to analyze and recommend potential organizations that the business can acquire or merge with, using a strong program plan that can be repeated across transactions.
  • Create a M&A strategy that accounts for all the necessary elements of a transaction and ensures sufficient governance, capabilities, and metrics exist.
Key deliverables from the Discovery & Strategy phase
  • Create vision and mission statements
  • Establish guiding principles
  • Create a future-state operating model
  • Identify the key roles for the transaction team
  • Identify and communicate the M&A governance
  • Determine target metrics
  • Identify the M&A operating model
  • Select the integration strategy framework
  • Conduct a RACI for key transaction tasks for the transaction team
  • Document the communication plan

M&A Buy Blueprint

Phase 3

Due Diligence & Preparation

Phase 1Phase 2

Phase 3

Phase 4
  • 1.1 Identify Stakeholders and Their Perspective of IT
  • 1.2 Assess IT’s Current Value and Future State
  • 1.3 Drive Innovation and Suggest Growth Opportunities
  • 2.1 Establish the M&A Program Plan
  • 2.2 Prepare IT to Engage in the Acquisition
  • 3.1 Assess the Target Organization
  • 3.2 Prepare to Integrate
  • 4.1 Execute the Transaction
  • 4.2 Reflection and Value Realization

This phase will walk you through the following activities:

  • Drive value with a due diligence charter
  • Identify data room artifacts
  • Assess technical debt
  • Valuate the target IT organization
  • Assess culture
  • Prioritize integration tasks
  • Establish the integration roadmap
  • Identify the needed workforce supply
  • Estimate integration costs
  • Create an employee transition plan
  • Create functional workplans for employees
  • Align project metrics with identified tasks

This phase involves the following participants:

  • IT executive/CIO
  • IT senior leadership
  • Company M&A team
  • Business leaders
  • Prospective IT organization
  • Transition team

Workshop Overview

Contact your account representative for more information.
workshops@infotech.com 1-888-670-8889

Pre-Work

Day 1

Day 2

Day 3

Day 4

Day 5

Establish the Transaction FoundationDiscover the Motivation for IntegrationAssess the Target Organization(s)Create the Valuation FrameworkPlan the Integration RoadmapNext Steps and Wrap-Up (offsite)

Activities

  • 0.1 Identify the rationale for the company's decisions to pursue an acquisition.
  • 0.2 Identify key stakeholders and determine the IT transaction team.
  • 0.3 Gather and evaluate the M&A strategy, future-state operating model, and governance.
  • 1.1 Review the business rationale for the acquisition.
  • 1.2 Identify pain points and opportunities tied to the acquisition.
  • 1.3 Establish the integration strategy.
  • 1.4 Create the due diligence charter.
  • 2.1 Create a list of IT artifacts to be reviewed in the data room.
  • 2.2 Conduct a technical debt assessment.
  • 2.3 Assess the current culture and identify the goal culture.
  • 2.4 Identify the needed workforce supply.
  • 3.1 Valuate the target organization’s data.
  • 3.2 Valuate the target organization’s applications.
  • 3.3 Valuate the target organization’s infrastructure.
  • 3.4 Valuate the target organization’s risk and security.
  • 3.5 Combine individual valuations to make a single framework.
  • 4.1 Prioritize integration tasks.
  • 4.2 Establish the integration roadmap.
  • 4.3 Establish and align project metrics with identified tasks.
  • 4.4 Estimate integration costs.
  • 5.1 Complete in-progress deliverables from previous four days.
  • 5.2 Set up review time for workshop deliverables and to discuss next steps.

Deliverables

  1. IT strategy
  2. IT operating model
  3. IT governance structure
  4. M&A transaction team
  1. Business context implications for IT
  2. Integration strategy
  3. Due diligence charter
  1. Data room artifacts
  2. Technical debt assessment
  3. Culture assessment
  4. Workforce supply identified
  1. IT valuation framework to assess target organization(s)
  1. Integration roadmap and associated resourcing
  1. Acquisition integration strategy for IT

What is the Due Diligence & Preparation phase?

Mid-transaction state

The Due Diligence & Preparation phase during an acquisition is a critical time for IT. If IT fails to proactively participate in this phase, IT will have to merely react to integration expectations set by the business.

While not all IT organizations are able to participate in this phase, the evolving nature of M&As to be driven by digital and technological capabilities increases the rationale for IT being at the table. Identifying critical IT risks, which will inevitably be business risks, begins during the due diligence phase.

This is also the opportunity for IT to plan how it will execute the planned integration strategy. Having access to critical information only available in data rooms will further enable IT to successfully plan and execute the acquisition to deliver the value the business is seeking through a growth transaction.

Goal: To thoroughly evaluate all potential risks associated with the organization(s) being pursued and create a detailed plan for integrating the IT environments

Due Diligence Prerequisite Checklist

Before coming into the Due Diligence & Preparation phase, you must have addressed the following:

  • Understand the rationale for the company's decisions to pursue an acquisition and what opportunities or pain points the acquisition should alleviate.
  • Identify the key roles for the transaction team.
  • Identify the M&A governance.
  • Determine target metrics.
  • Select an integration strategy framework.
  • Conduct a RACI for key transaction tasks for the transaction team.

Before coming into the Due Diligence & Preparation phase, we recommend addressing the following:

  • Create vision and mission statements.
  • Establish guiding principles.
  • Create a future-state operating model.
  • Identify the M&A operating model.
  • Document the communication plan.
  • Examine the business perspective of IT.
  • Identify key stakeholders and outline their relationship to the M&A process.
  • Be able to valuate the IT environment and communicate IT’s value to the business.

The Technology Value Trinity

Delivery of Business Value & Strategic Needs

  • Digital & Technology Strategy
    The identification of objectives and initiatives necessary to achieve business goals.
  • IT Operating Model
    The model for how IT is organized to deliver on business needs and strategies.
  • Information & Technology Governance
    The governance to ensure the organization and its customers get maximum value from the use of information and technology.

All three elements of the Technology Value Trinity work in harmony to deliver business value and achieve strategic needs. As one changes, the others need to change as well.

  • Digital and IT Strategy tells you what you need to achieve to be successful.
  • IT Operating Model and Organizational Design is the alignment of resources to deliver on your strategy and priorities.
  • Information & Technology Governance is the confirmation of IT’s goals and strategy, which ensures the alignment of IT and business strategy. It’s the mechanism by which you continuously prioritize work to ensure that what is delivered is in line with the strategy. This oversight evaluates, directs, and monitors the delivery of outcomes to ensure that the use of resources results in the achieving the organization’s goals.

Too often strategy, operating model and organizational design, and governance are considered separate practices. As a result, “strategic documents” end up being wish lists, and projects continue to be prioritized based on who shouts the loudest – not based on what is in the best interest of the organization.

Due Diligence & Preparation

Step 3.1

Assess the Target Organization

Activities

  • 3.1.1 Drive value with a due diligence charter
  • 3.1.2 Identify data room artifacts
  • 3.1.3 Assess technical debt
  • 3.1.4 Valuate the target IT organization
  • 3.1.5 Assess culture

This step involves the following participants:

  • IT executive/CIO
  • IT senior leadership
  • Company M&A team
  • Business leaders
  • Prospective IT organization
  • Transition team

Outcomes of Step

This step of the process is when IT should actively evaluate the target organization being pursued for acquisition.

3.1.1 Drive value with a due diligence charter

1-2 hours

Input: Key roles for the transaction team, M&A governance, Target metrics, Selected integration strategy framework, RACI of key transaction tasks for the transaction team

Output: IT Due Diligence Charter

Materials: M&A Buy Playbook

Participants: IT executive/CIO, IT senior leadership, Company M&A team

The purpose of this activity is to create a charter leveraging the items completed in the previous phase, as listed on the Due Diligence Prerequisite Checklist slide, to gain executive sign-off.

  1. In the IT Due Diligence Charter in the M&A Buy Playbook, complete the aspects of the charter that are relevant for you and your organization.
  2. We recommend including these items in the charter:
    • Communication plan
    • Transition team roles
    • Goals and metrics for the transaction
    • Integration strategy
    • Acquisition RACI
  3. Once the charter has been completed, ensure that business executives agree to the charter and sign off on the plan of action.

Record the results in the M&A Buy Playbook.

3.1.2 Identify data room artifacts

4 hours

Input: Future-state operating model, M&A governance, Target metrics, Selected integration strategy framework, RACI of key transaction tasks for the transaction team

Output: List of items to acquire and review in the data room

Materials: Critical domain lists on following slides, M&A Buy Playbook

Participants: IT executive/CIO, IT senior leadership, Company M&A team, Transition team

The purpose of this activity is to create a list of the key artifacts that should be asked for and reviewed during the due diligence process.

  1. Review the lists on the following pages as a starting point. Identify which domains, stakeholders, artifacts, and information should be requested for the data room. This information should be directed to the target organization.
  2. IT leadership may or may not be asked to enter the data room directly. Therefore, it’s important that you clearly identify these artifacts.
  3. List each question or concern, select the associated workstream in the M&A Buy Playbook, and update the status of the information retrieval.
  4. Use the comments section to document your discoveries or concerns.

Record the results in the M&A Buy Playbook.

Critical domains

Understand the key stakeholders and outputs for each domain

Each critical domain will likely have different stakeholders who know that domain best. Communicate with these stakeholders throughout the M&A process to make sure you are getting accurate information and interpreting it correctly.

Domain

Stakeholders

Key Artifacts

Key Information to request

Business
  • Enterprise Architecture
  • Business Relationship Manager
  • Business Process Owners
  • Business capability map
  • Capability map (the M&A team should be taking care of this, but make sure it exists)
  • Business satisfaction with various IT systems and services
Leadership/IT Executive
  • CIO
  • CTO
  • CISO
  • IT budgets
  • IT capital and operating budgets (from current year and previous year)
Data & Analytics
  • Chief Data Officer
  • Data Architect
  • Enterprise Architect
  • Master data domains, system of record for each
  • Unstructured data retention requirements
  • Data architecture
  • Master data domains, sources, and storage
  • Data retention requirements
Applications
  • Applications Manager
  • Application Portfolio Manager
  • Application Architect
  • Applications map
  • Applications inventory
  • Applications architecture
  • Copy of all software license agreements
  • Copy of all software maintenance agreements
Infrastructure
  • Head of Infrastructure
  • Enterprise Architect
  • Infrastructure Architect
  • Infrastructure Manager
  • Infrastructure map
  • Infrastructure inventory
  • Network architecture (including which data centers host which infrastructure and applications)
  • Inventory (including integration capabilities of vendors, versions, switches, and routers)
  • Copy of all hardware lease or purchase agreements
  • Copy of all hardware maintenance agreements
  • Copy of all outsourcing/external service provider agreements
  • Copy of all service-level agreements for centrally provided, shared services and systems
Products and Services
  • Product Manager
  • Head of Customer Interactions
  • Product lifecycle
  • Product inventory
  • Customer market strategy

Critical domains (continued)

Understand the key stakeholders and outputs for each domain

Domain

Stakeholders

Key Artifacts

Key Information to request

Operations
  • Head of Operations
  • Service catalog
  • Service overview
  • Service owners
  • Access policies and procedures
  • Availability and service levels
  • Support policies and procedures
  • Costs and approvals (internal and customer costs)
IT Processes
  • CIO
  • IT Management
  • VP of IT Governance
  • VP of IT Strategy
  • IT process flow diagram
  • Processes in place and productivity levels (capacity)
  • Critical processes/processes the organization feels they do particularly well
IT People
  • CIO
  • VP of Human Resources
  • IT organizational chart
  • Competency & capacity assessment
  • IT organizational structure (including resources from external service providers such as contractors) with appropriate job descriptions or roles and responsibilities
  • IT headcount and location
Security
  • CISO
  • Security Architect
  • Security posture
  • Information security staff
  • Information security service providers
  • Information security tools
  • In-flight information security projects
Projects
  • Head of Projects
  • Project portfolio
  • List of all future, ongoing, and recently completed projects
Vendors
  • Head of Vendor Management
  • License inventory
  • Inventory (including what will and will not be transitioning, vendors, versions, number of licenses)

Assess the target organization’s technical debt

The other organization could be costly to purchase if not yet modernizing.

  • Consider the potential costs that your business will have to spend to get the other IT organization modernized or even digital.
  • This will be highly affected by your planned integration strategy.
  • A best-of-breed strategy might simply mean there's little to bring over from the other organization’s environment.
  • It’s often challenging to identify a direct financial cost for technical debt. Consider direct costs but also assess categories of impact that can have a long-term effect on your business: lost customer, staff, or business partner goodwill; limited flexibility and resilience; and health, safety, and compliance impacts.
  • Use more objective measures to track subjective impact. For example, consider the number of customers who could be significantly affected by each tech debt in the next quarter.

Focus on solving the problems you need to address.

Analyzing technical debt has value in that the analysis can help your organization make better risk management and resource allocation decisions.

Review these examples of technical debt

Do you have any of these challenges?

Applications
  • Inefficient or incomplete code
  • Fragile or obsolete systems of record that limit the implementation of new functionality
  • Out-of-date IDEs or compilers
  • Unsupported applications
Data & Analytics
  • Data presented via API that does not conform to chosen standards (EDI, NRF-ARTS, etc.)
  • Poor data governance
  • No transformation between OLTP and the data warehouse
  • Heavy use of OLTP for reporting
  • Lack of AI model and decision governance, maintenance
End-User Computing
  • Aging and slow equipment
  • No configuration management
  • No MDM/UEM
Security
  • Unpatched/unpatchable systems
  • Legacy firewalls
  • No data classification system
  • “Perimeter” security architecture
  • No documented security incident response
  • No policies, or unenforced policies
Operations
  • Incomplete, ineffective, or undocumented business continuity and disaster recovery plans
  • Insufficient backups or archiving
  • Inefficient MACD processes
  • Application sprawl with no record of installed applications or licenses
  • No ticketing or ITSM system
  • No change management process
  • No problem management process
  • No event/alert management
Infrastructure
  • End-of-life/unsupported equipment
  • Aging power or cooling systems
  • Water- or halon-based data center fire suppression systems
  • Out-of-date firmware
  • No DR site
  • Damaged or messy cabling
  • Lack of system redundancy
  • Integrated computers on business equipment (e.g. shop floor equipment, medical equipment) running out-of-date OS/software
Project & Portfolio Management
  • No project closure process
  • Ineffective project intake process
  • No resource management practices

“This isn’t a philosophical exercise. Knowing what you want to get out of this analysis informs the type of technical debt you will calculate and the approach you will take.” (Scott Buchholz, CTO, Deloitte Government & Public Services Practice, The Wall Street Journal, 2015)

3.1.3 Assess technical debt

1-2 hours

Input: Participant views on organizational tech debt, Five to ten key technical debts, Business impact scoring scales, Reasonable next-quarter scenarios for each technical debt, Technical debt business impact analysis

Output: Initial list of tech debt for the target organization

Materials: Whiteboard, Sticky notes, Technical Debt Business Impact Analysis Tool, M&A Buy Playbook

Participants: IT executive/CIO, IT senior leadership, Business leaders, Transition team

The purpose of this activity is to assess the technical debt of the other IT organization. Taking on unnecessary technical debt is one of the biggest risks to the IT environment

  1. This activity can be completed by leveraging the blueprint Manage Your Technical Debt, specifically the Technical Debt Business Impact Analysis Tool. Complete the following activities in the blueprint:
    • 1.2.1 Identify your technical debt
    • 1.2.2 Select tech debt for your impact analysis
    • 2.2.2 Estimate tech debt impact
    • 2.2.3 Identify the most-critical technical debts
  2. Review examples of technical debt in the previous slide to assist you with this activity.
  3. Document the results from tab 3, Impact Analysis, in the M&A Buy Playbook if you are trying to record all artifacts related to the transaction in one place.

Record the results in the M&A Buy Playbook.

How to valuate an IT environment

And why it matters so much

  • Valuating the target organization’s IT environment is a critical step to fully understand what it might be worth. Business partners are often not in the position to valuate the IT aspects to the degree that you would be.
  • The business investments in IT can be directly translated to a value amount. Meaning for every $1 invested in IT, the business might be gaining $100 in value back or possibly even loosing $100.
  • Determining, documenting, and communicating this information ensures that the business takes IT’s suggestions seriously and recognizes why investing in IT can be so critical.
  • There are three ways a business or asset can be valuated:
    • Cost Approach: Look at the costs associated with building, purchasing, replacing, and maintaining a given aspect of the business.
    • Market Approach: Look at the relative value of a particular aspect of the business. Relative value can fluctuate and depends on what the markets and consequently society believe that particular element is worth.
    • Discounted Cash Flow Approach: Focus on what the potential value of the business could be or the intrinsic value anticipated due to future profitability.

The IT valuation conducted during due diligence can have a significant impact on the final financials of the transaction for the business.

3.1.4 Valuate the target IT organization

1 day

Input: Valuation of data, Valuation of applications, Valuation of infrastructure and operations, Valuation of security and risk

Output: Valuation of target organization’s IT

Materials: Relevant templates/tools, Capital budget, Operating budget, M&A Buy Playbook

Participants: IT executive/CIO, IT senior leadership, Prospective IT organization

The purpose of this activity is to valuate the other IT organization.

  1. Review each of slides 42 to 45 to generate a valuation of IT’s data, applications, infrastructure, and security and risk. These valuations consider several tangible and intangible factors and result in a final dollar amount. For more information on this activity, review Activity 1.2.1 from the Proactive phase.
  2. Identify financial amounts for each critical area and add the financial output to the summary slide in the M&A Buy Playbook.
  3. Compare this information against your own IT organization’s valuation.
    1. Does it add value to your IT organization?
    2. Is there too much risk to accept if this transaction goes through?

Info-Tech Insight

Consistency is key when valuating your IT organization as well as other IT organizations throughout the transaction process.

Record the results in the M&A Buy Playbook.

Culture should not be overlooked, especially as it relates to the integration of IT environments

  • There are three types of culture that need to be considered.
  • Most importantly, this transition is an opportunity to change the culture that might exist in your organization’s IT environment.
  • Make a decision on which type of culture you’d like IT to have post-transition.

Target Organization’s Culture

The culture that the target organization is currently embracing. Their established and undefined governance practices will lend insight into this.

Your Organization’s Culture

The culture that your organization is currently embracing. Examine people’s attitudes and behaviors within IT toward their jobs and the organization.

Ideal Culture

What will the future culture of the IT organization be once integration is complete? Are there aspects that your current organization and the target organization embrace that are worth considering?

Culture categories

Map the results of the IT Culture Diagnostic to an existing framework

Competitive
  • Autonomy
  • Confront conflict directly
  • Decisive
  • Competitive
  • Achievement oriented
  • Results oriented
  • High performance expectations
  • Aggressive
  • High pay for good performance
  • Working long hours
  • Having a good reputation
  • Being distinctive/different
Innovative
  • Adaptable
  • Innovative
  • Quick to take advantage of opportunities
  • Risk taking
  • Opportunities for professional growth
  • Not constrained by rules
  • Tolerant
  • Informal
  • Enthusiastic
Traditional
  • Stability
  • Reflective
  • Rule oriented
  • Analytical
  • High attention to detail
  • Organized
  • Clear guiding philosophy
  • Security of employment
  • Emphasis on quality
  • Focus on safety
Cooperative
  • Team oriented
  • Fair
  • Praise for good performance
  • Supportive
  • Calm
  • Developing friends at work
  • Socially responsible

Culture Considerations

  • What culture category was dominant for each IT organization?
  • Do you share the same dominant category?
  • Is your current dominant culture category the most ideal to have post-integration?

3.1.5 Assess Culture

3-4 hours

Input: Cultural assessments for current IT organization, Cultural assessment for target IT organization

Output: Goal for IT culture

Materials: IT Culture Diagnostic, M&A Buy Playbook

Participants: IT executive/CIO, IT senior leadership, IT employees of current organization, IT employees of target organization, Company M&A team

The purpose of this activity is to assess the different cultures that might exist within the IT environments of both organizations. More importantly, your IT organization can select its desired IT culture for the long term if it does not already exist.

  1. Complete this activity by leveraging the blueprint Fix Your IT Culture, specifically the IT Culture Diagnostic. Fill out the diagnostic for the IT department in your organization:
    1. Answer the 16 questions in tab 2, Diagnostic.
    2. Find out your dominant culture and review recommendations in tab 3, Results.
  2. Document the results from tab 3, Results, in the M&A Buy Playbook if you are trying to record all artifacts related to the transaction in one place.
  3. Repeat the activity for the target organization.
  4. Leverage the information to determine what the goal for the culture of IT will be post-integration if it will differ from the current culture.

Record the results in the M&A Buy Playbook.

Due Diligence & Preparation

Step 3.2

Prepare to Integrate

Activities

  • 3.2.1 Prioritize integration tasks
  • 3.2.2 Establish the integration roadmap
  • 3.2.3 Identify the needed workforce supply
  • 3.2.4 Estimate integration costs
  • 3.2.5 Create an employee transition plan
  • 3.2.6 Create functional workplans for employees
  • 3.2.7 Align project metrics with identified tasks

This step involves the following participants:

  • IT executive/CIO
  • IT senior leadership
  • Transition team
  • Company M&A team

Outcomes of Step

Have an established plan of action toward integration across all domains and a strategy toward resources.

Don’t underestimate the importance of integration preparation

Integration is the process of combining the various components of one or more organizations into a single organization.

80% of integration should happen within the first two years. (Source: CIO Dive)

70% of M&A IT integrations fail due to components that could and should be addressed at the beginning. (Source: The Wall Street Journal, 2019)

Info-Tech Insight

Integration is not rationalization. Once the organization has integrated, it can prepare to rationalize the IT environment.

Integration needs

Identify your domain needs to support the target technology environment

Set up a meeting with your IT due diligence team to:

  • Address data, applications, infrastructure, and other domain gaps.
  • Discuss the people and processes necessary to achieve the target technology environment and support M&A business objectives.

Use this opportunity to:

  • Identify data and application complexities between your organization and the target organization.
  • Identify the IT people and process gaps, redundancies, and initiatives.
  • Determine your infrastructure needs and identify redundancies.
    • Does IT have the infrastructure to support the applications and business capabilities of the resultant enterprise?
    • Identify any gaps between the current infrastructure in both organizations and the infrastructure required in the resultant enterprise.
    • Identify any redundancies.
    • Determine the appropriate IT integration strategies.
  • Document your gaps, redundancies, initiatives, and assumptions to help you track and justify the initiatives that must be undertaken and help estimate the cost of integration.

Integration implications

Understand the implications for integration with respect to each target technology environment

Domain

Independent Models

Create Links Between Critical Systems

Move Key Capabilities to Common Systems

Adopt One Model

Data & Analytics

  • Consider data sources that might need to be combined (e.g. financials, email lists, internet).
  • Understand where each organization will warehouse its data and how it will be managed in a cost-effective manner.
  • Consider your reporting and transactional needs. Initially systems may remain separate, but eventually they will need to be merged.
  • Analyze whether or not the data types are compatible between companies.
  • Understand the critical data needs and the complexity of integration activities.
  • Consider your reporting and transactional needs. Initially systems may remain separate, but eventually they will need to be merged.
  • Focus on the master data domains that represent the core of your business.
  • Assess the value, size, location, and cleanliness of the target organization’s data sets.
  • Determine the data sets that will be migrated to capture expected synergies and drive core capabilities while addressing how other data sets will be maintained and managed.
  • Decide which applications to keep and which to terminate. This includes setting timelines for application retirement.
  • Establish interim linkages and common interfaces for applications while major migrations occur.

Applications

  • Establish whether or not there are certain critical applications that still need to be linked (e.g. email, financials).
  • Leverage the unique strengths and functionalities provided by the applications used by each organization.
  • Confirm that adequate documentation and licensing exists.
  • Decide which critical applications need to be linked versus which need to be kept separate to drive synergies. For example, financial, email, and CRM may need to be linked, while certain applications may remain distinct.
  • Pay particular attention to the extent to which systems relating to customers, products, orders, and shipments need to be integrated.
  • Determine the key capabilities that require support from the applications identified by business process owners.
  • Assess which major applications need to be adopted by both organizations, based on the M&A goals.
  • Establish interim linkages and common interfaces for applications while major migrations occur.
  • Decide which applications to keep and which to terminate. This includes setting timelines for application retirement.
  • Establish interim linkages and common interfaces for applications while major migrations occur.

Integration implications (continued)

Understand the implications for integration with respect to each target technology environment

Domain

Independent Models

Create Links Between Critical Systems

Move Key Capabilities to Common Systems

Adopt One Model

Infrastructure

  • Assess the infrastructure demands created by retaining separate models (e.g. separate domains, voice, network integration).
  • Evaluate whether or not there are redundant data centers that could be consolidated to reduce costs.
  • Assess the infrastructure demands created by retaining separate models (e.g. separate domains, voice, network integration).
  • Evaluate whether or not there are redundant data centers that could be consolidated to reduce costs.
  • Evaluate whether certain infrastructure components, such as data centers, can be consolidated to support the new model while also eliminating redundancies. This will help reduce costs.
  • Assess which infrastructure components need to be kept versus which need to be terminated to support the new application portfolio. Keep in mind that increasing the transaction volume on a particular application increases the infrastructure capacity that is required for that application.
  • Extend the network to integrate additional locations.

IT People & Processes

  • Retain workers from each IT department who possess knowledge of key products, services, and legacy systems.
  • Consider whether there are redundancies in staffing that could be eliminated.
  • The IT processes of each organization will most likely remain separate.
  • Consider the impact of the target organization on your IT processes.
  • Retain workers from each IT department who possess knowledge of key products, services, and legacy systems.
  • Consider whether there are redundancies in staffing that could be eliminated.
  • Consider how critical IT processes of the target organization fit with your current IT processes.
  • Identify which redundant staff members should be terminated by focusing on the key skills that will be necessary to support the common systems.
  • If there is overlap with the IT processes in both organizations, you may wish to map out both processes to get a sense for how they might work together.
  • Assess what processes will be prioritized to support IT strategies.
  • Identify which redundant staff members should be terminated by focusing on the key skills that will be necessary to support the prioritized IT processes.

Integration implications (continued)

Understand the implications for integration with respect to each target technology environment

Domain

Independent Models

Create Links Between Critical Systems

Move Key Capabilities to Common Systems

Adopt One Model

Leadership/IT Executive

  • Have insight into the goals and direction of the organization’s leadership. Make sure that a communication path has been established to receive information and provide feedback.
  • The decentralized model will require some form of centralization and strong governance processes to enable informed decisions.
  • Ensure that each area can deliver on its needs while not overstepping the goals and direction of the organization.
  • This will help with integration in the sense that front-line employees can see a single organization beginning to form.
  • In this model, there is the opportunity to select elements of each leadership style and strategy that will work for the larger organization.
  • Leadership can provide a single and unified approach to how the strategic goals will be executed.
  • More often than not, this would be the acquiring organization’s strategic direction.

Vendors

  • Determine which contracts the target organization currently has in place.
  • Having different vendors in place will not be a bad model if it makes sense.
  • Spend time reviewing the contracts and ensuring that each organization has the right contracts to succeed.
  • Identify what redundancies might exist (ERPs, for example) and determine if the vendor would be willing to terminate one contract or another.
  • Through integration, it might be possible to engage in one set of contract negotiations for a single application or technology.
  • Identify whether there are opportunities to combine contracts or if they must remain completely separated until the end of the term.
  • In an effort to capitalize on the contracts working well, reduce the contracts that might be hindering the organization.
  • Speak to the vendor offering the contract.
  • Going forward, ensure the contracts are negotiated to include clauses to allow for easier and more cost-effective integration.

Integration implications (continued)

Understand the implications for integration with respect to each target technology environment

Domain

Independent Models

Create Links Between Critical Systems

Move Key Capabilities to Common Systems

Adopt One Model

Security

  • Both organizations would need to have a process for securing their organization.
  • Sharing and accessing information might be more difficult, as each organization would need to keep the other organization separate to ensure the organization remains secure.
  • Creating standard policies and procedures that each organization must adhere to would be critical here (for example, multifactor authentication).
  • Establish a single path of communication between the two organizations, ensuring reliable and secure data and information sharing.
  • Leverage the same solutions to protect the business as a whole from internal and external threats.
  • Identify opportunities where there might be user points of failure that could be addressed early in the process.
  • Determine what method of threat detection and response will best support the business and select that method to apply to the entire organization, both original and newly acquired.

Projects

  • Projects remain ongoing as they were prior to the integration.
  • Some projects might be made redundant after the initial integration is over.
  • Re-evaluate the projects after integration to ensure they continue to deliver on the business’ strategic direction.
  • Determine which projects are similar to one another and identify opportunities to leverage business needs and solutions for each organization where possible.
  • Review project histories to determine the rationale for and success of projects that could be reused in either organization going forward.
  • Determine which projects should remain ongoing and which projects could wait to be implemented or could be completely stopped.
  • There might be certain modernization projects ongoing that cannot be stopped.
  • However, for all other projects, embrace a single portfolio.
  • Completely reduce or remove all ongoing projects from the one organization and continue with only the projects of the other organization.
  • Add in new projects when they arise as needed.

3.2.1 Prioritize integration tasks

2 hours

Input: Integration tasks, Transition team, M&A RACI

Output: Prioritized integration list

Materials: Integration task checklist, Integration roadmap

Participants: IT executive/CIO, IT senior leadership, Company M&A team

The purpose of this activity is to prioritize the different integration tasks that your organization has identified as necessary to this transaction. Some tasks might not be relevant for this particular transaction, and others might be critical.

  1. Download the SharePoint or Excel version of the M&A Integration Project Management Tool. Identify which integration tasks you want as part of your project plan. Alter or remove any tasks that are irrelevant to your organization. Add in tasks you think are missing.
  2. When deciding criticality of the task, consider the effect on stakeholders, those who are impacted or influenced in the process of the task, and dependencies (e.g. data strategy needs to be addressed first before you can tackle its dependencies, like data quality).
  3. Feel free to edit the way you measure criticality. The standard tool leverages a three-point scale. At the end, you should have a list of tasks in priority order based on criticality.

Record the updates in the M&A Integration Project Management Tool (SharePoint).

Record the updates in the M&A Integration Project Management Tool (Excel).

Integration checklists

Prerequisite Checklist
  • Build the project plan for integration and prioritize activities
    • Plan first day
    • Plan first 30/100 days
    • Plan first year
  • Create an organization-aligned IT strategy
  • Identify critical stakeholders
  • Create a communication strategy
  • Understand the rationale for the acquisition or purchase
  • Develop IT's purchasing strategy
  • Determine goal opportunities
  • Create the mission and vision statements
  • Create the guiding principles
  • Create program metrics
  • Consolidate reports from due diligence/data room
  • Conduct culture assessment
  • Create a transaction team
  • Assess workforce demand and supply
  • Plan and communicate potential layoffs
  • Create an employee transition plan
  • Identify the IT investment
Business
  • Design an enterprise architecture
  • Document your business architecture
  • Identify and assess all of IT's risks
Leadership/IT Executive
  • Build an IT budget
  • Structure operating budget
  • Structure capital budget
  • Identify the needed workforce demand vs. capacity
  • Establish and monitor key metrics
  • Communicate value realized/cost savings
Data
  • Confirm data strategy
  • Confirm data governance
  • Data architecture
  • Data sources
  • Data storage (on-premises vs. cloud)
  • Enterprise content management
  • Compatibility of data types between organizations
  • Cleanliness/usability of target organization data sets
  • Identify data sets that need to be combined to capture synergies/drive core capabilities
  • Reporting and analytics capabilities
Applications
  • Prioritize and address critical applications
    • ERP
    • CRM
    • Email
    • HRIS
    • Financial
    • Sales
    • Risk
    • Security
  • Leverage application rationalization framework to determine applications to keep, terminate, or create
  • Develop method of integrating applications
  • Model critical applications that have dependencies on one another
  • Identify the infrastructure capacity required to support critical applications
Operations
  • Communicate helpdesk/service desk information
  • Manage sales access to customer data
  • Determine locations and hours of operation
  • Consolidate phone lists and extensions
  • Synchronize email address books

Integration checklists (continued)

Infrastructure
  • Determine single network access
  • Manage organization domains
  • Consolidate data centers
  • Compile inventory of vendors, versions, switches, and routers
  • Review hardware lease or purchase agreements
  • Review outsourcing/service provider agreements
  • Review service-level agreements
  • Assess connectivity linkages between locations
  • Plan to migrate to a single email system if necessary
Vendors
  • Establish a sustainable vendor management office
  • Review vendor landscape
  • Identify warranty options
  • Rationalize vendor services and solutions
  • Identify opportunities to mature the security architecture
People
  • Design an IT operating model
  • Redesign your IT organizational structure
  • Conduct a RACI
  • Conduct a culture assessment and identify goal IT culture
  • Build an IT employee engagement program
  • Determine critical roles and systems/process/products they support
  • Create a list of employees to be terminated
  • Create employee transition plans
  • Create functional workplans
Projects
  • Stop duplicate or unnecessary target organization projects
  • Communicate project intake process
  • Prioritize projects
Products & Services
  • Ensure customer services requirements are met
  • Ensure customer interaction requirements are met
  • Select a solution for product lifecycle management
Security
  • Conduct a security assessment of target organization
  • Develop accessibility prioritization and schedule
  • Establish an information security strategy
  • Develop a security awareness and training program
  • Develop and manage security governance, risk, and compliance
  • Identify security budget
  • Build a data privacy and classification program
IT Processes
  • Evaluate current process models
  • Determine productivity/capacity levels of processes
  • Identify processes to be terminated
  • Identify process expectations from target organization
  • Establish a communication plan
  • Develop a change management process
  • Establish/review IT policies

3.2.2 Establish the integration roadmap

2 hours

Input: Prioritized integration tasks, Employee transition plan, Integration RACI, Costs for activities, Activity owners

Output: Integration roadmap

Materials: M&A Integration Project Plan Tool (SharePoint), M&A Integration Project Plan Tool (Excel)

Participants: IT executive/CIO, IT senior leadership, Transition team, Company M&A team

The purpose of this activity is to create a roadmap to support IT throughout the integration process. Using the information gathered in previous activities, you can create a roadmap that will ensure a smooth integration.

  1. Leverage our M&A Integration Project Management Tool to track critical elements of the integration project. There are a few options available:
    1. Follow the instructions on the next slide if you are looking to upload our SharePoint project template.
    2. If you cannot or do not want to use SharePoint as your project management solution, download our Excel version of the tool.
      **Remember that this your tool, so customize to your liking.
  2. Identify who will own or be accountable for each of the integration tasks and establish the time frame for when each project should begin and end. This will confirm which tasks should be prioritized.

Record the updates in the M&A Integration Project Management Tool (SharePoint).

Record the updates in the M&A Integration Project Management Tool (Excel).

Integration Project Management Tool (SharePoint Template)

Follow these instructions to upload our template to your SharePoint environment

  1. Create or use an existing SP site.
  2. Download the M&A Integration Project Plan Tool (SharePoint) .wsp file from the Mergers & Acquisitions: The Buy Blueprint landing page.
  3. To import a template into your SharePoint environment, do the following:
    1. Open PowerShell.
    2. Connect-SPO Service (need to install PowerShell module).
    3. Enter in your tenant admin URL.
    4. Enter in your admin credentials.
    5. Set-SPO Site https://YourDomain.sharepoint.com/sites/YourSiteHe... -DenyAddAndCustomizePages 0
    OR
    1. Turn on both custom script features to allow users to run custom
  4. Screenshot of the 'Custom Script' option for importing a template into your SharePoint environment. Feature description reads 'Control whether users can run custom script on personal sites and self-service created sites. Note: changes to this setting might take up to 24 hours to take effect. For more information, see http://go.microsoft.com/fwlink/?LinkIn=397546'. There are options to prevent or allow users from running custom script on personal/self-service created sites.
  5. Enable the SharePoint Server Standard Site Collection features.
  6. Upload the .wsp file in Solutions Gallery.
  7. Deploy by creating a subsite and select from custom options.
    • Allow or prevent custom script
    • Security considerations of allowing custom script
    • Save, download, and upload a SharePoint site as a template
  8. Refer to Microsoft documentation to understand security considerations and what is and isn’t supported:

For more information, check out the SharePoint Template: Step-by-Step Deployment Guide.

Participate in active workforce planning to transition employees

The chosen IT operating model, primary M&A goals, and any planned changes to business strategy will dramatically impact IT staffing and workforce planning efforts.

Visualization of the three aspects of 'IT workforce planning', as listed below.

IT workforce planning

  • Primary M&A goals
    If the goal of the M&A is cost cutting, then workforce planning will be necessary to identify labor redundancies.
  • Changes to business strategy
    If business strategy will change after the merger, then workforce planning will typically be more involved than if business strategy will not change.
  • Integration strategy
    For independent models, workforce planning will typically be unnecessary.
    For connection of essential systems or absorption, workforce planning will likely be an involved, time-consuming process.
  1. Estimate the headcount you will need through the end of the M&A transition period.
  2. Outline the process you will use to assess staff for roles that have more than one candidate.
  3. Review employees in each department to determine the best fit for each role.
  4. Determine whether terminations will happen all together or in waves.

Info-Tech Insight

Don’t be a short-term thinker when it comes to workforce planning! IT teams that only consider the headcount needed on day one of the new entity will end up scrambling to find skilled resources to fill workforce gaps later in the transition period.

3.2.3 Identify the needed workforce supply

3-4 hours

Input: IT strategy, Prioritized integration tasks

Output: A clear indication of how many resources are required for each role and the number of resources that the organization actually has

Materials: Resource Management Supply-Demand Calculator

Participants: IT executive/CIO, IT senior leadership, Target organization employees, Company M&A team, Transition team

The purpose of this activity is to determine the anticipated amount of work that will be required to support projects (like integration), administrative, and keep-the-lights-on activities.

  1. Download the Resource Management Supply-Demand Calculator.
  2. The calculator requires minimal up-front staff participation: You can obtain meaningful results with participation from as few as one person with insight on the distribution of your resources and their average work week or month.
  3. The calculator will yield a report that shows a breakdown of your annual resource supply and demand, as well as the gap between the supply and demand. Further insight on project and non-project supply and demand are provided.
  4. Repeat the tool several times to identify the needs of your IT environment for day one, day 30/100, and year one. Anticipate that these will change over time. Also, do not forget to obtain this information from the target organization. Given that you will be integrating, it’s important to know how many staff they have in which roles.
  5. **For additional information, please review slides starting from slide 44 in Establish Realistic IT Resource Management Practices to see how to use the tool.

Record the results in the Resource Management Supply-Demand Calculator.

Resource Supply-Demand Calculator Output Example

Example of a 'Resource Management Supply-Demand Analysis Report' with charts and tables measuring Annualized Resource Supply and Demand, Resource Capacity Confidence, Project Capacity, and combinations of those metrics.

Resource Capacity Confidence. This figure is based on your confidence in supply confidence, demand stability, and the supply-demand ratio.

Importance of estimating integration costs

Change is the key driver of integration costs

Integration costs are dependent on the following:
  • Meeting synergy targets – whether that be cost saving or growth related.
    • Employee-related costs, licensing, and reconfiguration fees play a huge part in meeting synergy targets.
  • Adjustments related to compliance or regulations – especially if there are changes to legal entities, reporting requirements, or risk-mitigation standards.
  • Governance or third party–related support required to ensure timelines are met and the integration is a success.
Integration costs vary by industry type.
  • Certain industries may have integration costs made up of mostly one type, differing from other industries, due to the complexity and different demands of the transaction. For example:
    • Healthcare integration costs are mostly driven by regulatory, safety, and quality standards, as well as consolidation of the research and development function.
    • Energy and Utilities tend to have the lowest integration costs due to most transactions occurring within the same sector rather than as a cross-sector investment. For example, oil and gas acquisitions tend to be for oil fields and rigs (strategic fixed assets), which can easily be added to the buyer’s portfolio.

Integration costs are more related to the degree of change required than the size of the transaction.

3.2.4 Estimate integration costs

3-4 hours

Input: Integration tasks, Transition team, Valuation of current IT environment, Valuation of target IT environment, Outputs from data room, Technical debt, Employees

Output: List of anticipated costs required to support IT integration

Materials: Integration task checklist, Integration roadmap, M&A Buy Playbook

Participants: IT executive/CIO, IT senior leadership, Company M&A team, Transition team

The purpose of this activity is to estimate the costs that will be associated with the integration. It’s important to ensure a realistic figure is identified and communicated to the larger M&A team within your company as early in the process as possible. This ensures that the funding required for the transaction is secured and budgeted for in the overarching transaction.

  1. On the associated slide in the M&A Buy Playbook, input:
    • Task
    • Domain
    • Cost type
    • Total cost amount
    • Level of certainty around the cost
  2. Provide a copy of the estimated costs to the company’s M&A team. Also provide any additional information identified earlier to help them understand the importance of those costs.

Record the results in the M&A Buy Playbook.

Employee transition planning

Considering employee impact will be a huge component to ensure successful integration

  • Meet With Leadership
  • Plan Individual and Department Redeployment
  • Plan Individual and Department Layoffs
  • Monitor and Manage Departmental Effectiveness
  • For employees, the transition could mean:
    • Changing from their current role to a new role to meet requirements and expectations throughout the transition.
    • Being laid off because the role they are currently occupying has been made redundant.
  • It is important to plan for what the M&A integration needs will be and what the IT operational needs will be.
  • A lack of foresight into this long-term plan could lead to undue costs and headaches trying to retain critical staff, rehiring positions that were already let go, and keeping redundant employees longer then necessary.

Info-Tech Insight

Being transparent throughout the process is critical. Do not hesitate to tell employees the likelihood that their job may be made redundant. This will ensure a high level of trust and credibility for those who remain with the organization after the transaction.

3.2.5 Create an employee transition plan

3-4 hours

Input: IT strategy, IT organizational design, Resource Supply-Demand Calculator output

Output: Employee transition plans

Materials: M&A Buy Playbook, Whiteboard, Sticky notes, Markers

Participants: IT executive/CIO, IT senior leadership, Company M&A team, Transition team

The purpose of this activity is to create a transition plan for employees.

  1. Transition planning can be done at specific individual levels or more broadly to reflect a single role. Consider these four items in the transition plan:
    • Understand the direction of the employee transitions.
    • Identify employees that will be involved in the transition (moved or laid off).
    • Prepare to meet with employees.
    • Meet with employees.
  2. For each employee that will be facing some sort of change in their regular role, permanent or temporary, create a transition plan.
  3. For additional information on transitioning employees, review the blueprint Streamline Your Workforce During a Pandemic.

**Note that if someone’s future role is a layoff, then there is no need to record anything for skills needed or method for skill development.

Record the results in the M&A Buy Playbook.

3.2.6 Create functional workplans for employees

3-4 hours

Input: Prioritized integration tasks, Employee transition plan, Integration RACI, Costs for activities, Activity owners

Output: Employee functional workplans

Materials: M&A Buy Playbook, Learning and development tools

Participants: IT executive/CIO, IT senior leadership, IT management team, Company M&A team, Transition team

The purpose of this activity is to create a functional workplan for the different employees so that they know what their key role and responsibilities are once the transaction occurs.

  1. First complete the transition plan from the previous activity (3.2.5) and the separation roadmap. Have these documents ready to review throughout this process.
  2. Identify the employees who will be transitioning to a new role permanently or temporarily. Creating a functional workplan is especially important for these employees.
  3. Identify the skills these employees need to have to support the separation. Record this in the corresponding slide in the M&A Buy Playbook.
  4. For each employee, identify someone who will be a point of contact for them throughout the transition.

It is recommended that each employee have a functional workplan. Leverage the IT managers to support this task.

Record the results in the M&A Buy Playbook.

Metrics for integration

Valuation & Due Diligence

  • % Defects discovered in production
  • $ Cost per user for enterprise applications
  • % In-house-built applications vs. enterprise applications
  • % Owners identified for all data domains
  • # IT staff asked to participate in due diligence
  • Change to due diligence
  • IT budget variance
  • Synergy target

Execution & Value Realization

  • % Satisfaction with the effectiveness of IT capabilities
  • % Overall end-customer satisfaction
  • $ Impact of vendor SLA breaches
  • $ Savings through cost-optimization efforts
  • $ Savings through application rationalization and technology standardization
  • # Key positions empty
  • % Frequency of staff turnover
  • % Emergency changes
  • # Hours of unplanned downtime
  • % Releases that cause downtime
  • % Incidents with identified problem record
  • % Problems with identified root cause
  • # Days from problem identification to root cause fix
  • % Projects that consider IT risk
  • % Incidents due to issues not addressed in the security plan
  • # Average vulnerability remediation time
  • % Application budget spent on new build/buy vs. maintenance (deferred feature implementation, enhancements, bug fixes)
  • # Time (days) to value realization
  • % Projects that realized planned benefits
  • $ IT operational savings and cost reductions that are related to synergies/divestitures
  • % IT staff–related expenses/redundancies
  • # Days spent on IT integration
  • $ Accurate IT budget estimates
  • % Revenue growth directly tied to IT delivery
  • % Profit margin growth

3.2.7 Align project metrics with identified tasks

3-4 hours

Input: Prioritized integration tasks, Employee transition plan, Integration RACI, Costs for activities, Activity owners, M&A goals

Output: Integration-specific metrics to measure success

Materials: Roadmap template, M&A Buy Playbook

Participants: IT executive/CIO, IT senior leadership, Transition team

The purpose of this activity is to understand how to measure the success of the integration project by aligning metrics to each identified task.

  1. Review the M&A goals identified by the business. Your metrics will need to tie back to those business goals.
  2. Identify metrics that align to identified tasks and measure achievement of those goals. For each metric you consider, ask the following questions:
    • What is the main goal or objective that this metric is trying to solve?
    • What does success look like?
    • Does the metric promote the right behavior?
    • Is the metric actionable? What is the story you are trying to tell with this metric?
    • How often will this get measured?
    • Are there any metrics it supports or is supported by?

Record the results in the M&A Buy Playbook.

By the end of this mid-transaction phase you should:

Have successfully evaluated the target organization’s IT environment, escalated the acquisition risks and benefits, and prepared IT for integration.

Key outcomes from the Due Diligence & Preparation phase
  • Participate in due diligence activities to accurately valuate the target organization(s) and determine if there are critical risks or benefits the current organization should be aware of.
  • Create an integration roadmap that considers the tasks that will need to be completed and the resources required to support integration.
Key deliverables from the Due Diligence & Preparation phase
  • Establish a due diligence charter
  • Create a list of data room artifacts and engage in due diligence
  • Assess the target organization’s technical debt
  • Valuate the target IT organization
  • Assess and plan for culture
  • Prioritize integration tasks
  • Establish the integration roadmap
  • Identify the needed workforce supply
  • Estimate integration costs
  • Create employee transition plans
  • Create functional workplans for employees
  • Align project metrics with identified tasks

M&A Buy Blueprint

Phase 4

Execution & Value Realization

Phase 1Phase 2Phase 3

Phase 4

  • 1.1 Identify Stakeholders and Their Perspective of IT
  • 1.2 Assess IT’s Current Value and Future State
  • 1.3 Drive Innovation and Suggest Growth Opportunities
  • 2.1 Establish the M&A Program Plan
  • 2.2 Prepare IT to Engage in the Acquisition
  • 3.1 Assess the Target Organization
  • 3.2 Prepare to Integrate
  • 4.1 Execute the Transaction
  • 4.2 Reflection and Value Realization

This phase will walk you through the following activities:

  • Rationalize the IT environment
  • Continually update the project plan
  • Confirm integration costs
  • Review IT’s transaction value
  • Conduct a transaction and integration SWOT
  • Review the playbook and prepare for future transactions

This phase involves the following participants:

  • IT executive/CIO
  • IT senior leadership
  • Vendor management team
  • IT transaction team
  • Company M&A team

Workshop Overview

Contact your account representative for more information.
workshops@infotech.com 1-888-670-8889

Pre-Work

Day 1

Day 2

Day 3

Engage in Integration

Day 4

Establish the Transaction FoundationDiscover the Motivation for IntegrationPlan the Integration RoadmapPrepare Employees for the TransitionEngage in IntegrationAssess the Transaction Outcomes (Must be within 30 days of transaction date)

Activities

  • 0.1 Understand the rationale for the company's decisions to pursue an acquisition.
  • 0.2 Identify key stakeholders and determine the IT transaction team.
  • 0.3 Gather and evaluate the M&A strategy, future-state operating model, and governance.
  • 1.1 Review the business rationale for the acquisition.
  • 1.2 Identify pain points and opportunities tied to the acquisition.
  • 1.3 Establish the integration strategy.
  • 1.4 Prioritize Integration tasks.
  • 2.1 Establish the integration roadmap.
  • 2.2 Establish and align project metrics with identified tasks.
  • 2.3 Estimate integration costs.
  • 3.1 Assess the current culture and identify the goal culture.
  • 3.2 Identify the needed workforce supply.
  • 3.3 Create an employee transition plan.
  • 3.4 Create functional workplans for employees.
  • I.1 Complete the integration by regularly updating the project plan.
  • I.2 Begin to rationalize the IT environment where possible and necessary.
  • 4.1 Confirm integration costs.
  • 4.2 Review IT’s transaction value.
  • 4.3 Conduct a transaction and integration SWOT.
  • 4.4 Review the playbook and prepare for future transactions.

Deliverables

  1. IT strategy
  2. IT operating model
  3. IT governance structure
  4. M&A transaction team
  1. Business context implications for IT
  2. Integration strategy
  1. Integration roadmap and associated resourcing
  1. Culture assessment
  2. Workforce supply identified
  3. Employee transition plan
  1. Rationalized IT environment
  2. Updated integration project plan
  1. SWOT of transaction
  2. M&A Buy Playbook refined for future transactions

What is the Execution & Value Realization phase?

Post-transaction state

Once the transaction comes to a close, it’s time for IT to deliver on the critical integration tasks. Set the organization up for success by having an integration roadmap. Retaining critical IT staff throughout this process will also be imperative to the overall transaction success.

Throughout the integration process, roadblocks will arise and need to be addressed. However, by ensuring that employees, technology, and processes are planned for ahead of the transaction, you as IT will be able to weather those unexpected concerns with greater ease.

Now that you as an IT leader have engaged in an acquisition, demonstrating the value IT was able to provide to the process is critical to establishing a positive and respected relationship with other senior leaders in the business. Be prepared to identify the positives and communicate this value to advance the business’ perception of IT.

Goal: To carry out the planned integration activities and deliver the intended value to the business

Execution Prerequisite Checklist

Before coming into the Execution & Value Realization phase, you must have addressed the following:

  • Understand the rationale for the company's decisions to pursue an acquisition and what opportunities or pain points the acquisition should alleviate.
  • Identify the key roles for the transaction team.
  • Identify the M&A governance.
  • Determine target metrics and align to project tasks.
  • Select an integration strategy framework.
  • Conduct a RACI for key transaction tasks for the transaction team.
  • Create a list of data room artifacts and engage in due diligence (directly or indirectly).
  • Prioritize integration tasks.
  • Establish the integration roadmap.
  • Identify the needed workforce supply.
  • Create employee transition plans.

Before coming into the Execution & Value Realization phase, we recommend addressing the following:

  • Create vision and mission statements.
  • Establish guiding principles.
  • Create a future-state operating model.
  • Identify the M&A operating model.
  • Document the communication plan.
  • Examine the business perspective of IT.
  • Identify key stakeholders and outline their relationship to the M&A process.
  • Be able to valuate the IT environment and communicate IT's value to the business.
  • Establish a due diligence charter.
  • Assess the target organization’s technical debt.
  • Valuate the target IT organization.
  • Assess and plan for culture.
  • Estimate integration costs.
  • Create functional workplans for employees.

Integration checklists

Prerequisite Checklist
  • Build the project plan for integration and prioritize activities
    • Plan first day
    • Plan first 30/100 days
    • Plan first year
  • Create an organization-aligned IT strategy
  • Identify critical stakeholders
  • Create a communication strategy
  • Understand the rationale for the acquisition or purchase
  • Develop IT's purchasing strategy
  • Determine goal opportunities
  • Create the mission and vision statements
  • Create the guiding principles
  • Create program metrics
  • Consolidate reports from due diligence/data room
  • Conduct culture assessment
  • Create a transaction team
  • Assess workforce demand and supply
  • Plan and communicate potential layoffs
  • Create an employee transition plan
  • Identify the IT investment
Business
  • Design an enterprise architecture
  • Document your business architecture
  • Identify and assess all of IT's risks
Leadership/IT Executive
  • Build an IT budget
  • Structure operating budget
  • Structure capital budget
  • Identify the needed workforce demand vs. capacity
  • Establish and monitor key metrics
  • Communicate value realized/cost savings
Data
  • Confirm data strategy
  • Confirm data governance
  • Data architecture
  • Data sources
  • Data storage (on-premises vs. cloud)
  • Enterprise content management
  • Compatibility of data types between organizations
  • Cleanliness/usability of target organization data sets
  • Identify data sets that need to be combined to capture synergies/drive core capabilities
  • Reporting and analytics capabilities
Applications
  • Prioritize and address critical applications
    • ERP
    • CRM
    • Email
    • HRIS
    • Financial
    • Sales
    • Risk
    • Security
  • Leverage application rationalization framework to determine applications to keep, terminate, or create
  • Develop method of integrating applications
  • Model critical applications that have dependencies on one another
  • Identify the infrastructure capacity required to support critical applications
Operations
  • Communicate helpdesk/service desk information
  • Manage sales access to customer data
  • Determine locations and hours of operation
  • Consolidate phone lists and extensions
  • Synchronize email address books

Integration checklists (continued)

Infrastructure
  • Determine single network access
  • Manage organization domains
  • Consolidate data centers
  • Compile inventory of vendors, versions, switches, and routers
  • Review hardware lease or purchase agreements
  • Review outsourcing/service provider agreements
  • Review service-level agreements
  • Assess connectivity linkages between locations
  • Plan to migrate to a single email system if necessary
Vendors
  • Establish a sustainable vendor management office
  • Review vendor landscape
  • Identify warranty options
  • Rationalize vendor services and solutions
  • Identify opportunities to mature the security architecture
People
  • Design an IT operating model
  • Redesign your IT organizational structure
  • Conduct a RACI
  • Conduct a culture assessment and identify goal IT culture
  • Build an IT employee engagement program
  • Determine critical roles and systems/process/products they support
  • Create a list of employees to be terminated
  • Create employee transition plans
  • Create functional workplans
Projects
  • Stop duplicate or unnecessary target organization projects
  • Communicate project intake process
  • Prioritize projects
Products & Services
  • Ensure customer services requirements are met
  • Ensure customer interaction requirements are met
  • Select a solution for product lifecycle management
Security
  • Conduct a security assessment of target organization
  • Develop accessibility prioritization and schedule
  • Establish an information security strategy
  • Develop a security awareness and training program
  • Develop and manage security governance, risk, and compliance
  • Identify security budget
  • Build a data privacy and classification program
IT Processes
  • Evaluate current process models
  • Determine productivity/capacity levels of processes
  • Identify processes to be terminated
  • Identify process expectations from target organization
  • Establish a communication plan
  • Develop a change management process
  • Establish/review IT policies

Execution & Value Realization

Step 4.1

Execute the Transaction

Activities

  • 4.1.1 Rationalize the IT environment
  • 4.1.2 Continually update the project plan

This step involves the following participants:

  • IT executive/CIO
  • IT senior leadership
  • Vendor management team
  • IT transaction team
  • Company M&A team

Outcomes of Step

Successfully execute on the integration and strategize how to rationalize the two (or more) IT environments and update the project plan, strategizing against any roadblocks as they might come.

Compile –› Assess –› Rationalize

Access to critical information often does not happen until day one

  • As the transaction comes to a close and the target organization becomes the acquired organization, it’s important to start working on the rationalization of your organization.
  • One of the most important elements will be to have a complete understanding of the acquired organization’s IT environment. Specifically, assess the technology, people, and processes that might exist.
  • This rationalization will be heavily dependent on your planned integration strategy determined in the Discovery & Strategy phase of the process.
  • If your IT organization was not involved until after that phase, then determine whether your organization plans on remaining in its original state, taking on the acquired organization’s state, or forming a best-of-breed state by combining elements.
  • To execute on this, however, a holistic understanding of the new IT environment is required.

Some Info-Tech resources to support this initiative:

  • Reduce and Manage Your Organization’s Insider Threat Risk
  • Build an Application Rationalization Framework
  • Rationalize Your Collaboration Tools
  • Consolidate IT Asset Management
  • Build Effective Enterprise Integration on the Back of Business Process
  • Consolidate Your Data Centers

4.1.1 Rationalize the IT environment

6-12 months

Input: RACI chart, List of critical applications, List of vendor contracts, List of infrastructure assets, List of data assets

Output: Rationalized IT environment

Materials: Software Terms & Conditions Evaluation Tool

Participants: IT executive/CIO, IT senior leadership, Vendor management

The purpose of this activity is to rationalize the IT environment to reduce and eliminate redundant technology.

  1. Compile a list of the various applications and vendor contracts from the acquired organization and the original organization.
  2. Determine where there is repetition. Have a member of the vendor management team review those contracts and identify cost-saving opportunities.

This will not be a quick and easy activity to complete. It will require strong negotiation on the behalf of the vendor management team.

For additional information and support for this activity, see the blueprint Master Contract Review and Negotiations for Software Agreements.

4.1.2 Continually update the project plan

Reoccurring basis following transition

Input: Prioritized integration tasks, Integration RACI, Activity owners

Output: Updated integration project plan

Materials: M&A Integration Project Management Tool

Participants: IT executive/CIO, IT senior leadership, IT transaction team, Company M&A team

The purpose of this activity is to ensure that the project plan is continuously updated as your transaction team continues to execute on the various components outlined in the project plan.

  1. Set a regular cadence for the transaction team to meet, update and review the status of the various integration task items, and strategize how to overcome any roadblocks.
  2. Employ governance best practices in these meetings to ensure decisions can be made effectively and resources allocated strategically.

Record the updates in the M&A Integration Project Management Tool (SharePoint).

Record the updates in the M&A Integration Project Management Tool (Excel).

Execution & Value Realization

Step 4.2

Reflection and Value Realization

Activities

  • 4.2.1 Confirm integration costs
  • 4.2.2 Review IT’s transaction value
  • 4.2.3 Conduct a transaction and integration SWOT
  • 4.2.4 Review the playbook and prepare for future transactions

This step involves the following participants:

  • IT executive/CIO
  • IT senior leadership
  • Transition team
  • Company M&A team

Outcomes of Step

Review the value that IT was able to generate around the transaction and strategize on how to improve future acquisition transactions.

4.2.1 Confirm integration costs

3-4 hours

Input: Integration tasks, Transition team, Previous RACI, Estimated costs

Output: Actual integration costs

Materials: M&A Buy Playbook

Participants: IT executive/CIO, IT senior leadership, IT transaction team, Company M&A team

The purpose of this activity is to confirm the associated costs around integration. While the integration costs would have been estimated previously, it’s important to confirm the costs that were associated with the integration in order to provide an accurate and up-to-date report to the company’s M&A team.

  1. Taking all the original items identified previously in activity 3.2.4, identify if there were changes in the estimated costs. This can be an increase or a decrease.
  2. Ensure that each cost has a justification for why the cost changed from the original estimation.

Record the results in the M&A Buy Playbook.

Track synergy capture through the IT integration

The ultimate goal of the M&A is to achieve and deliver deal objectives. Early in the M&A, IT must identify, prioritize, and execute upon synergies that deliver value to the business and its shareholders. Continue to measure IT’s contribution toward achieving the organization’s M&A goals throughout the integration by keeping track of cost savings and synergies that have been achieved. When these achievements happen, communicate them and celebrate success.

  1. Define Synergy Metrics: Select metrics to track synergies through the integration.
    1. You can track value by looking at percentages of improvement in process-level metrics depending on the synergies being pursued.
    2. For example, if the synergy being pursued is increasing asset utilization, metrics could range from capacity to revenue generated through increased capacity.
  2. Prioritize Synergistic Initiatives: Estimate the cost and benefit of each initiative's implementation to compare the amount of business value to the cost. The benefits and costs should be illustrated at a high level. Estimating the exact dollar value of fulfilling a synergy can be difficult and misleading.
      Steps
    • Determine the benefits that each initiative is expected to deliver.
    • Determine the high-level costs of implementation (capacity, time, resources, effort).
  3. Track Synergy Captures: Develop a detailed workplan to resource the roadmap and track synergy captures as the initiatives are undertaken.

Once 80% of the necessary synergies are realized, executive pressure will diminish. However, IT must continue to work toward the technology end state to avoid delayed progression.

4.2.2 Review IT’s transaction value

3-4 hours

Input: Prioritized integration tasks, Integration RACI, Activity owners, M&A company goals

Output: Transaction value

Materials: M&A Buy Playbook

Participants: IT executive/CIO, IT senior leadership, Company's M&A team

The purpose of this activity is to track how your IT organization performed against the originally identified metrics.

  1. If your organization did not have the opportunity to identify metrics earlier, determine from the company M&A team what those metrics might be. Review activity 3.2.7 for more information on metrics.
  2. Identify whether the metric (which should be used to support a goal) was at, below, or above the original target metric. This is a very critical task for IT to complete because it allows IT to confirm that they were successful engaging in the transaction and that the business can count on them in future transactions.
  3. Be sure to record accurate and relevant information on why the outcomes (good or bad) are supporting the M&A goals that were set out by the business.

Record the results in the M&A Buy Playbook.

4.2.3 Conduct a transaction and integration SWOT

2 hours

Input: Integration costs, Retention rates, Value IT contributed to the transaction

Output: Strengths, weaknesses, opportunities, and threats

Materials: Flip charts, Markers, Sticky notes

Participants: IT executive/CIO, IT senior leadership, Business transaction team

The purpose of this activity is to assess the positive and negative elements of the transaction.

  1. Consider the various internal and external elements that could have impacted the outcome of the transaction.
    • Strengths. Internal characteristics that are favorable as they relate to your development environment.
    • Weaknesses Internal characteristics that are unfavorable or need improvement.
    • Opportunities External characteristics that you may use to your advantage.
    • Threats External characteristics that may be potential sources of failure or risk.

Record the results in the M&A Buy Playbook.

M&A Buy Playbook review

With an acquisition complete, your IT organization is now more prepared then ever to support the business through future M&As

  • Now that the transaction is more than 80% complete, take the opportunity to review the key elements that worked well and the opportunities for improvement in future transactions.
  • Critically examine the M&A Buy Playbook your IT organization created and identify what worked well to help the transaction and where your organization could adjust to do better in future transactions.
  • If your organization were to engage in another acquisition under your IT leadership, how would you go about the transaction to make sure the company meets its goals?

4.2.4 Review the playbook and prepare for future transactions

4 hours

Input: Transaction and integration SWOT

Output: Refined M&A playbook

Materials: M&A Buy Playbook

Participants: IT executive/CIO

The purpose of this activity is to revise the playbook and ensure it is ready to go for future transactions.

  1. Using the outputs from the previous activity, 4.2.3, determine what strengths and opportunities there were that should be leveraged in the next transaction.
  2. Likewise, determine which threats and weaknesses could be avoided in the future transactions.
    Remember, this is your M&A Buy Playbook, and it should reflect the most successful outcome for you in your organization.

Record the results in the M&A Buy Playbook.

By the end of this post-transaction phase you should:

Have completed the integration post-transaction and be fluidly delivering the critical value that the business expected of IT.

Key outcomes from the Execution & Value Realization phase
  • Ensure the integration tasks are being completed and that any blockers related to the transaction are being removed.
  • Determine where IT was able to realize value for the business and demonstrate IT’s involvement in meeting target goals.
Key deliverables from the Execution & Value Realization phase
  • Rationalize the IT environment
  • Continually update the project plan for completion
  • Confirm integration costs
  • Review IT’s transaction value
  • Conduct a transaction and integration SWOT
  • Review the playbook and prepare for future transactions

Summary of Accomplishment

Problem Solved

Congratulations, you have completed the M&A Buy Blueprint!

Rather than reacting to a transaction, you have been proactive in tackling this initiative. You now have a process to fall back on in which you can be an innovative IT leader by suggesting how and why the business should engage in an acquisition. You now have:

  • Created a standardized approach for how your IT organization should address acquisitions.
  • Evaluated the target organizations successfully and established an integration project plan.
  • Delivered on the integration project plan successfully and communicated IT’s transaction value to the business.

Now that you have done all of this, reflect on what went well and what can be improved in case if you have to do this all again in a future transaction.

If you would like additional support, have our analysts guide you through other phases as part of an Info-Tech workshop.

Contact your account representative for more information
workshops@infotech.com 1-888-670-8899

Research Contributors and Experts

Ibrahim Abdel-Kader
Research Analyst | CIO
Info-Tech Research Group
Brittany Lutes
Senior Research Analyst | CIO
Info-Tech Research Group
John Annand
Principal Research Director | Infrastructure
Info-Tech Research Group
Scott Bickley
Principal Research Director | Vendor Management
Info-Tech Research Group
Cole Cioran
Practice Lead | Applications
Info-Tech Research Group
Dana Daher
Research Analyst | Strategy & Innovation
Info-Tech Research Group
Eric Dolinar
Manager | M&A Consulting
Deloitte Canada
Christoph Egel
Director, Solution Design & Deliver
Cooper Tire & Rubber Company
Nora Fisher
Vice President | Executive Services Advisory
Info-Tech Research Group
Larry Fretz
Vice President | Industry
Info-Tech Research Group

Research Contributors and Experts

David Glazer
Vice President of Analytics
Kroll
Jack Hakimian
Senior Vice President | Workshops and Delivery
Info-Tech Research Group
Gord Harrison
Senior Vice President | Research & Advisory
Info-Tech Research Group
Valence Howden
Principal Research Director | CIO
Info-Tech Research Group
Jennifer Jones
Research Director | Industry
Info-Tech Research Group
Nancy McCuaig
Senior Vice President | Chief Technology and Data Office
IGM Financial Inc.
Carlene McCubbin
Practice Lead | CIO
Info-Tech Research Group
Kenneth McGee
Research Fellow | Strategy & Innovation
Info-Tech Research Group
Nayma Naser
Associate
Deloitte
Andy Neill
Practice Lead | Data & Analytics, Enterprise Architecture
Info-Tech Research Group

Research Contributors and Experts

Rick Pittman
Vice President | Research
Info-Tech Research Group
Rocco Rao
Research Director | Industry
Info-Tech Research Group
Mark Rosa
Senior Vice President & Chief Information Officer
Mohegan Gaming and Entertainment
Tracy-Lynn Reid
Research Lead | People & Leadership
Info-Tech Research Group
Jim Robson
Senior Vice President | Shared Enterprise Services (retired)
Great-West Life
Steven Schmidt
Senior Managing Partner Advisory | Executive Services
Info-Tech Research Group
Nikki Seventikidis
Senior Manager | Finance Initiative & Continuous Improvement
CST Consultants Inc.
Allison Straker
Research Director | CIO
Info-Tech Research Group
Justin Waelz
Senior Network & Systems Administrator
Info-Tech Research Group
Sallie Wright
Executive Counselor
Info-Tech Research Group

Bibliography

“5 Ways for CIOs to Accelerate Value During Mergers and Acquisitions.” Okta, n.d. Web.

Altintepe, Hakan. “Mergers and acquisitions speed up digital transformation.” CIO.com, 27 July 2018. Web.

“America’s elite law firms are booming.” The Economist, 15 July 2021. Web.

Barbaglia, Pamela, and Joshua Franklin. “Global M&A sets Q1 record as dealmakers shape post-COVID world.” Nasdaq, 1 April 2021. Web.

Boyce, Paul. “Mergers and Acquisitions Definition: Types, Advantages, and Disadvantages.” BoyceWire, 8 Oct. 2020. Web.

Bradt, George. “83% Of Mergers Fail -- Leverage A 100-Day Action Plan For Success Instead.” Forbes, 27 Jan. 2015. Web.

Capgemini. “Mergers and Acquisitions: Get CIOs, IT Leaders Involved Early.” Channel e2e, 19 June 2020. Web.

Chandra, Sumit, et al. “Make Or Break: The Critical Role Of IT In Post-Merger Integration.” IMAA Institute, 2016. Web.

Deloitte. “How to Calculate Technical Debt.” The Wall Street Journal, 21 Jan. 2015. Web.

Ernst & Young. “IT As A Driver Of M&A Success.” IMAA Institute, 2017. Web.

Fernandes, Nuno. “M&As In 2021: How To Improve The Odds Of A Successful Deal.” Forbes, 23 March 2021. Web.

“Five steps to a better 'technology fit' in mergers and acquisitions.” BCS, 7 Nov. 2019. Web.

Fricke, Pierre. “The Biggest Opportunity You’re Missing During an M&Aamp; IT Integration.” Rackspace, 4 Nov. 2020. Web.

Garrison, David W. “Most Mergers Fail Because People Aren't Boxes.” Forbes, 24 June 2019. Web.

Harroch, Richard. “What You Need To Know About Mergers & Acquisitions: 12 Key Considerations When Selling Your Company.” Forbes, 27 Aug. 2018. Web.

Hope, Michele. “M&A Integration: New Ways To Contain The IT Cost Of Mergers, Acquisitions And Migrations.” Iron Mountain, n.d. Web.

“How Agile Project Management Principles Can Modernize M&A.” Business.com, 13 April 2020. Web.

Hull, Patrick. “Answer 4 Questions to Get a Great Mission Statement.” Forbes, 10 Jan. 2013. Web.

Kanter, Rosabeth Moss. “What We Can Learn About Unity from Hostile Takeovers.” Harvard Business Review, 12 Nov. 2020. Web.

Koller, Tim, et al. “Valuation: Measuring and Managing the Value of Companies, 7th edition.” McKinsey & Company, 2020. Web.

Labate, John. “M&A Alternatives Take Center Stage: Survey.” The Wall Street Journal, 30 Oct. 2020. Web.

Lerner, Maya Ber. “How to Calculate ROI on Infrastructure Automation.” DevOps.com, 1 July 2020. Web.

Loten, Angus. “Companies Without a Tech Plan in M&A Deals Face Higher IT Costs.” The Wall Street Journal, 18 June 2019. Web.

Low, Jia Jen. “Tackling the tech integration challenge of mergers today” Tech HQ, 6 Jan. 2020. Web.

Lucas, Suzanne. “5 Reasons Turnover Should Scare You.” Inc. 22 March 2013. Web.

“M&A Trends Survey: The future of M&A. Deal trends in a changing world.” Deloitte, Oct. 2020. Web.

Maheshwari, Adi, and Manish Dabas. “Six strategies tech companies are using for successful divesting.” EY, 1 Aug. 2020. Web.

Majaski, Christina. “Mergers and Acquisitions: What's the Difference?” Investopedia, 30 Apr. 2021.

“Mergers & Acquisitions: Top 5 Technology Considerations.” Teksetra, 21 Jul. 2020. Web.

“Mergers Acquisitions M&A Process.” Corporate Finance Institute, n.d. Web.

“Mergers and acquisitions: A means to gain technology and expertise.” DLA Piper, 2020. Web.

Nash, Kim S. “CIOs Take Larger Role in Pre-IPO Prep Work.” The Wall Street Journal, 5 March 2015. Web.

Paszti, Laila. “Canada: Emerging Trends In Information Technology (IT) Mergers And Acquisitions.” Mondaq, 24 Oct. 2019. Web.

Patel, Kiison. “The 8 Biggest M&A Failures of All Time” Deal Room, 9 Sept. 2021. Web.

Peek, Sean, and Paula Fernandes. “What Is a Vision Statement?” Business News Daily, 7 May 2020. Web.

Ravid, Barak. “Tech execs focus on growth amid increasingly competitive M&A market.” EY, 28 April 2021. Web.

Resch, Scott. “5 Questions with a Mergers & Acquisitions Expert.” CIO, 25 June 2019. Web.

Salsberg, Brian. “Four tips for estimating one-time M&A integration costs.” EY, 17 Oct. 2019. Web.

Samuels, Mark. “Mergers and acquisitions: Five ways tech can smooth the way.” ZDNet, 15 Aug. 2018. Web.

“SAP Divestiture Projects: Options, Approach and Challenges.” Cognizant, May, 2014. Web.

Steeves, Dave. “7 Rules for Surviving a Merger & Acquisition Technology Integration.” Steeves and Associates, 5 Feb. 2020. Web.

Tanaszi, Margaret. “Calculating IT Value in Business Terms.” CSO, 27 May 2004. Web.

“The CIO Playbook. Nine Steps CIOs Must Take For Successful Divestitures.” SNP, 2016. Web.

“The Role of IT in Supporting Mergers and Acquisitions.” Cognizant, Feb. 2015. Web.

Torres, Roberto. “M&A playbook: How to prepare for the cost, staff and tech hurdles.” CIO Dive, 14 Nov. 2019. Web.

“Valuation Methods.” Corporate Finance Institute, n.d. Web.

Weller, Joe. “The Ultimate Guide to the M&A Process for Buyers and Sellers.” Smartsheet, 16 May 2019. Web.

Threat Preparedness Using MITRE ATT&CK®

  • Buy Link or Shortcode: {j2store}252|cart{/j2store}
  • member rating overall impact: N/A
  • member rating average dollars saved: N/A
  • member rating average days saved: N/A
  • Parent Category Name: Security Strategy & Budgeting
  • Parent Category Link: /security-strategy-and-budgeting
  • To effectively protect your business interests, you need to be able to address what the most pressing vulnerabilities in your network are. Which attack vectors should you model first? How do you adequately understand your threat vectors when attacks continually change and adapt?
  • Security can often be asked the world but given a minimal budget with which to accomplish it.
  • Security decisions are always under pressure from varying demands that pull even the most well-balanced security team in every direction.
  • Adequately modeling any and every possible scenario is ineffective and haphazard at best. Hoping that you have chosen the most pressing attack vectors to model will not work in the modern day of threat tactics.

Our Advice

Critical Insight

  • Precision is critical to being able to successfully defend against threats.
    • Traditional threat modeling such as STRIDE or PASTA is based on a spray-and-pray approach to identifying your next potential threat vector. Instead, take a structured risk-based approach to understanding both an attacker’s tactics and how they may be used against your enterprise. Threat preparedness requires precision, not guesswork.
  • Knowing is half the battle.
    • You may be doing better than you think. Undoubtedly, there is a large surface area to cover with threat modeling. By preparing beforehand, you can separate what’s important from what’s not and identify which attack vectors are the most pressing for your business.
  • Be realistic and measured.
    • Do not try to remediate everything. Some attack vectors and approaches are nearly impossible to account for. Take control of the areas that have reasonable mitigation methods and act on those.
  • Identify blind spots.
    • Understand what is out there and how other enterprises are being attacked and breached. See how you stack up to the myriad of attack tactics that have been used in real-life breaches and how prepared you are. Know what you’re ready for and what you’re not ready for.
  • Analyze the most pressing vectors.
    • Prioritize the attack vectors that are relevant to you. If an attack vector is an area of concern for your business, start there. Do not cover the entire tactics list if certain areas are not relevant.
  • Detection and mitigation lead to better remediation.
    • For each relevant tactic and techniques, there are actionable detection and mitigation methods to add to your list of remediation efforts.

Impact and Result

Using the MITRE ATT&CK® framework, Info-Tech’s approach helps you understand your preparedness and effective detection and mitigation actions.

  • Learn about potential attack vectors and the techniques that hostile actors will use to breach and maintain a presence on your network.
  • Analyze your current protocols versus the impact of an attack technique on your network.
  • Discover detection and mitigation actions.
  • Create a prioritized series of security considerations, with basic actionable remediation items. Plan your next threat model by knowing what you’re vulnerable to.
  • Ensure business data cannot be leaked or stolen.
  • Maintain privacy of data and other information.
  • Secure the network connection points.
  • Mitigate risks with the appropriate services.

This blueprint and associated tool are scalable for all types of organizations within various industry sectors, allowing them to know what types of risk they are facing and what security services are recommended to mitigate those risks.

Threat Preparedness Using MITRE ATT&CK® Research & Tools

Start here – read the Executive Brief

Read our concise Executive Brief to find out why threat preparedness is a crucial first step in defending your network against any attack type. Review Info-Tech’s methodology and understand the ways we can support you in completing this project.

Besides the small introduction, subscribers and consulting clients within this management domain have access to:

1. Attack tactics and techniques

Review a breakdown of each of the various attack vectors and their techniques for additional context and insight into the most prevalent attack tactics.

  • Threat Preparedness Using MITRE ATT&CK® – Phase 1: Attack Tactics and Techniques

2. Threat Preparedness Workbook mapping

Map your current security protocols against the impacts of various techniques on your network to determine your risk preparedness.

  • Threat Preparedness Using MITRE ATT&CK® – Phase 2: Threat Preparedness Workbook Mapping
  • Enterprise Threat Preparedness Workbook

3. Execute remediation and detective measures

Use your prioritized attack vectors to plan your next threat modeling session with confidence that the most pressing security concerns are being addressed with substantive remediation actions.

  • Threat Preparedness Using MITRE ATT&CK® – Phase 3: Execute Remediation and Detective Measures
[infographic]

Understand the Difference Between Backups and Archives

  • Buy Link or Shortcode: {j2store}506|cart{/j2store}
  • member rating overall impact: N/A
  • member rating average dollars saved: N/A
  • member rating average days saved: N/A
  • Parent Category Name: Storage & Backup Optimization
  • Parent Category Link: /storage-and-backup-optimization
  • You don’t understand the difference between a backup and an archive or when to use one or the other.
  • Data is not constant. It is ever-changing and growing. How do you protect it?
  • You just replaced an application that was in use since day one, and even though you have a fully functional replacement, you would like to archive that original application just in case.
  • You want to save money, so you use your backup solution to archive data, but you know that is not ideal. What is the correct solution?

Our Advice

Critical Insight

Keep in mind that backups are for recovery while archives are for discovery. Backups and archives are often confused but understanding the differences can result in significant savings of time and money. Backing up and archiving may be considered IT tasks, but recovery and discovery are capabilities the business wants and is willing to pay for.

Impact and Result

Archives and backups are not the same, and there is a use case for each. Sometimes minor adjustments may be required to make the use case work. Understanding the basics of backups and archives can lead to significant savings at a monetary and effort level.

Understand the Difference Between Backups and Archives Research & Tools

Besides the small introduction, subscribers and consulting clients within this management domain have access to:

1. Understand the Difference Between Backups and Archives

What is the difference between a backup and a data archive? When should I use one over the other? They are not the same and confusing the two concepts could be expensive.

  • Understand the Difference Between Backups and Archives Storyboard
[infographic]

Further reading

Understand the Difference Between Backups and Archives

They are not the same, and confusing the two concepts could be expensive

Analyst Perspective

Backups and archives are not interchangeable, but they can complement each other.

Photo of P.J. Ryan, Research Director, Infrastructure & Operations, Info-Tech Research Group.

Backups and archives are two very different operations that are quite often confused or misplaced. IT and business leaders are tasked with protecting corporate data from a variety of threats. They also must conform to industry, geographical, and legal compliance regulations. Backup solutions keep the data safe from destruction. If you have a backup, why do you also need an archive? Archive solutions hold data for a long period of time and can be searched. If you have an archive, why do you also need a backup solution? Backups and archives used to be the same. Remember when you would keep the DAT tape in the same room as the argon gas fire suppression system for seven years? Now that's just not feasible. Some situations require a creative approach or a combination of backups and archives.

Understand the difference between archives and backups and you will understand why the two solutions are necessary and beneficial to the business.

P.J. Ryan
Research Director, Infrastructure & Operations
Info-Tech Research Group

Executive Summary

Your Challenge
  • You don’t understand the difference between a backup and an archive or when to use one over the other.
  • Data is not constant. It is ever-changing and growing. How do you protect it?
  • You just replaced an application that had been in use since day one, and even though you have a fully functional replacement, you would like to archive that original application just in case.
  • You want to save money, so you use your backup solution to archive data, but you know that is not ideal. What is the correct solution?
Common Obstacles
  • Storage costs can be expensive, as can some backup and archiving solutions.
  • Unclear requirements definition to decide between backups or archives.
  • Historically, people referred to archiving as tossing something into a box and storing it away indefinitely. Data archiving has a different meaning.
  • Executives want retired applications preserved but do not provide reasons or requirements.
Info-Tech’s Approach
  • Spend wisely. Why spend money on an archive solution when a backup will suffice? Don’t leave money on the table.
  • Be creative and assess each backup or archive situation carefully. A custom solution may be required.
  • Backup your production data for the purpose of restoring it and adhere to the 3-2-1 rule of backups (Naviko.com).
  • Archive your older data to an alternate storge platform to save space, allow for searchability, and provide retention parameters.

Info-Tech Insight

Keep in mind that backups are for recovery while archives are for discovery. Backups and archives are often confused but understanding the differences can result in significant savings of time and money. Backing up and archiving may be considered IT tasks but recovery and discovery are capabilities the business wants and is willing to pay for.

Archive

What it IS

A data archive is an alternate location for your older, infrequently accessed production data. It is indexed and searchable based on keywords. Archives are deleted after a specified period based on your retention policy or compliance directives.

What it IS NOT

Archives are not an emergency copy of your production data. They are not any type of copy of your production data. Archives will not help you if you lose your data or accidentally delete a file. Archives are not multiple copies of production data from various recovery points.

Why use it

Archives move older data to an alternate location. This frees up storage space for your current data. Archives are indexed and can be searched for historical purposes, compliance reasons, or in the event of a legal matter where specific data must be provided to a legal team.

Tips & Tricks – Archiving

  • Archiving will move older data to an alternate location. This will free up storage space in the production environment.
  • Archiving solutions index the data to allow for easier searchability. This will aid in common business searches as well as assist with any potential legal searches.
  • Archiving allows companies to hold onto data for historical purposes as well as for specific retention periods in compliance with industry and regional regulations such as SOX, GDPR, FISMA, as well as others (msp360.com).

Backup

What it IS

A backup is a copy of your data from a specific day and time. It is primarily used for recovery or restoration if something happens to the production copy of data. The restore will return the file or folder to the state it was in at the time of the backup.

Backups occur frequently to ensure the most recent version of data is copied to a safe location.

A typical backup plan makes a copy of the data every day, once a week, and once a month. The data is stored on tapes, disk, or using cloud storage.

What it IS NOT

Backups are not designed for searching or discovery. If you backup your email and must go to that backup in search of all email pertaining to a specific topic, you must restore the full backup and then search for that specific topic or sender. If you kept all the monthly backups for seven years, that will mean repeating that process 84 times to have a conclusive search, assuming you have adequate storage space to restore the email database 84 times.

Backups do not free up space.

Why use it

Backups protect your data in the event of disaster, deletion, or accidental damage. A good backup strategy will include multiple backups on different media and offsite storage of at least one copy.

Tips & Tricks – Backups

  • Production data should be backed up on a regular basis, ideally once a day or more frequently if possible.
  • Backups are intended to restore data when it gets deleted, over-written, or otherwise compromised. Most restore requests are from the last 24 to 48 hours, so it may be advantageous to keep a backup readily available on disk for a quick restore when needed.
  • Some vendors and industry subject matter experts advocate the use of a 3-2-1 rule when it comes to backups:
    • Keep three copies of your production data
    • In at least two separate locations (some advocate two different formats), and
    • One copy should be offsite (nakivo.com)

Cold Storage

  • Cold storage refers to a storage option offered by some cloud vendors. In the context of the discussion between backups and archives, it can be an option for a dedicated backup solution for a specific period. Cost is low and the data is protected from destruction.
  • If an app has been replaced and all data transferred to the replacement solution but for some reason the company wishes to hold onto the data, you want a backup, not an archive. Extract the data, convert it into MongoDB or a similar solution, and drop it into cheap cloud storage (cold storage) for less than $5 per TB/month.

Case Study

Understanding the difference between archives and backups could save you a lot of time and money

INDUSTRY: Manufacturing | SOURCE: Info-Tech Research

Understanding the difference between an archive and a backup was the first step in solving their challenge.

A leading manufacturing company found themselves in a position where they had to decide between archiving or doing nothing.

The company had completed several acquisitions and ended up with multiple legacy applications that had been merged or migrated into replacement solutions. These legacy applications were very important to the original companies and although the data they held had been migrated to a replacement solution, executives felt they should hold onto these applications for a period of time, just in case.

Some of the larger applications were archived using a modern archiving solution, but when it came to the smaller applications, the cost to add them to the archiving solution greatly exceeded the cost to just keep them running and maintain the associated infrastructure.

A research advisor from Info-Tech Research Group joined a call with the manufacturing company and discussed their situation. The difference between archives and backups was explained and through the course of the conversation it was discovered that the solution was a modified backup. The application data had already been preserved through the migration, so data could be accessed in the production environment. The requirement to keep the legacy application up and running was not necessary but in compliance with the request to keep the information, the data could be exported from the legacy application into a non-sequential database, compressed, and stored in cloud-based cold storage for less than five dollars per terabyte per month. The manufacturing company’s staff realized that they could apply this same approach to several of their legacy applications and save tens of thousands of dollars in the process.

Understand the Difference Between Backups and Archives

Backups

Backups are for recovery. A backup is a snapshot copy of production data at a specific point in time. If the production data is lost, destroyed, or somehow compromised, the data can be restored from the backup.

Archives

Archives are for discovery. It is production data that is moved to an alternate location to free up storage space, allow the data to be searchable, and still hold onto the data for historical or compliance purposes.

Info-Tech Insight

Archives and backups are not the same, and there is a use case for each. Sometimes minor adjustments may be required to make the use case work. Understanding the basics of backups and archives can lead to significant savings at a monetary and effort level.

Additional Guidance

Production data should be backed up.

The specific backup solution is up to the business.

Production data that is not frequently accessed should be archived.

The specific solution to perform and manage the archiving of the data is up to the business

  • Archived data should also be backed up at least once.
If the app has been replaced and all data transferred, you want a backup not an archive if you want to keep the data.
  • Short term – fence it off.
  • Long term – extract into Mongo then drop it into cheap cloud storage.

Case Study

Using tape backups as an archive solution could result in an expensive discovery and retrieval exercise.

INDUSTRY: Healthcare | SOURCE: Zasio Enterprises Inc.

“Do not commingle archive data with backup or disaster recovery tapes.”

A court case in the United States District Court for the District of Nevada involving Guardiola and Renown Health in 2015 is a good example of why using a backup solution to solve an archiving challenge is a bad idea.

Renown Health used a retention policy that declared any email older than six months of age as inactive and moved that email to a backup tape. Renown Health was ordered by the court to produce emails from a period of time in the past. Renown estimated that it would cost at least $248,000 to produce those emails, based on the effort involved to restore data from each tape and search for the email in question. Renown Health argued that this long and expensive process would result in undue costs.

The court reviewed the situation and ruled against Renown Health and ordered them to comply with the request (Zasio.com).

A proper archiving solution would have provided a quick and low-cost method to retrieve the emails in question.

Backups and archives are complementary to each other

  • Archives are still production data, but the data does not change. A backup is recommended for the archived data, but the frequency of the backups can be lowered.
  • Backups protect you if a disaster strikes by providing a copy of the production data that was compromised or damaged. Archives allow you to access older data that may have just been forgotten, not destroyed or compromised. Archives could also protect you in a legal court case by providing data that is older but may prove your argument in court.

Archives and backups are not the same.

Backups copy your data. Archives move your data. Backups facilitate recovery. Archives facilitate discovery.

Archive Backup
Definition Move rarely accessed (but still production) data to separate media. Store a copy of frequently used data on a separate media to ensure timely operational recovery.
Use Case Legal discovery, primary storage reduction, compliance requirements, and audits. Accidental deletion and/or corruption of data, hardware/software failures.
Method Disk, cloud storage, appliance. Disk, backup appliance, snapshots, cloud.
Data Older, rarely accessed production data. Current production data.

Is it a backup or archive?

  • You want to preserve older data for legal and compliance reasons, so you put extra effort into keeping your tape backups safe and secure for seven years. That’s a big mistake that may cost you time and money. You want an archive solution.
  • You replace your older application and migrate all data to the new system, but you want to hold onto the old data, just in case. That’s a backup, not an archive.
  • A long serving senior executive recently left the company. You want to preserve the contents of the executive's laptop in case it is needed in the future. That’s a backup.

Considerations When Choosing Between Solutions

1

Backup or archive?

2

What are you protecting?

3

Why are you protecting data?

4

Solution

Backup

Backup and/or archive.
Additional information required.
Column 3 may help

Archive

Device

Data

Application

Operational Environment

Operational recovery

Disaster recovery

Just in case

Production storage space reduction

Retention and preservation

Governance, risk & compliance

Backup

Archive

Related Info-Tech Research

Stock image of light grids and flares. Establish an Effective Data Protection Plan

Give data the attention it deserves by building a strategy that goes beyond backup.

Stock image of old fuse box switches. Modernize Enterprise Storage

Current and emerging storage technologies are disrupting the status quo – prepare your infrastructure for the exponential rise in data and its storage requirements.

Logo for 'Software Reviews' and their information on 'Compare and Evaluate: Data Archiving.'
Sample of Info-Tech's 'Data Archiving Policy'. Data Archiving Policy

Bibliography

“Backup vs. archiving: Know the difference.” Open-E. Accessed 05 Mar 2022.Web.

G, Denis. “How to build retention policy.” MSP360, Jan 3, 2020. Accessed 10 Mar 2022.

Ipsen, Adam. “Archive vs Backup: What’s the Difference? A Definition Guide.” BackupAssist, 28 Mar 2017. Accessed 04 Mar 2022.

Kang, Soo. “Mitigating the expense of E-discovery; Recognizing the difference between back-ups and archived data.” Zasio Enterprises, 08 Oct 2015. Accessed 3 Mar 2022.

Mayer, Alex. “The 3-2-1 Backup Rule – An Efficient Data Protection Strategy.” Naviko. Accessed 12 Mar 2022.

“What is Data-Archiving?” Proofpoint. Accessed 07 Mar 2022.

Mitigate the Risk of Cloud Downtime and Data Loss

  • Buy Link or Shortcode: {j2store}412|cart{/j2store}
  • member rating overall impact: N/A
  • member rating average dollars saved: N/A
  • member rating average days saved: N/A
  • Parent Category Name: DR and Business Continuity
  • Parent Category Link: /business-continuity
  • Senior leadership is asking difficult questions about the organization’s dependency on third-party cloud services and the risk that poses.
  • IT leaders have limited control over third-party incidents and that includes cloud services. Yet they are on the hot seat when cloud services go down.
  • While vendors have swooped in to provide resilience options for the more-common SaaS solutions, it is not the case for all cloud services.

Our Advice

Critical Insight

  • No control over the software does not mean no recovery options. Solutions range from designing an IT workaround using alternate technologies to pre-defined third-party service continuity options (e.g. see options for O365) to business workarounds.
  • Even where there is limited control, you can at least define an incident response plan to streamline notification, assessment, and implementation of workarounds. Leadership wants more options than simply waiting for the service to come back online.
  • At a minimum, IT’s responsibility is to identify and communicate risk to senior leadership. That starts with a vendor review to identify SLA issues and overall resilience gaps.

Impact and Result

  • Follow a structured process to assess cloud resilience risk.
  • Identify opportunities to mitigate risk – at the very least, ensure critical data is protected.
  • Summarize cloud services risk, mitigation options, and incident response for senior leadership.

Mitigate the Risk of Cloud Downtime and Data Loss Research & Tools

Besides the small introduction, subscribers and consulting clients within this management domain have access to:

1. Mitigate the Risk of Cloud Downtime and Data Loss – Step-by-step guide to assess risk, identify risk mitigation options, and create an incident response plan.

Even where there is limited control, you can define an incident response plan to streamline notification, assessment, and implementation of workarounds.

  • Mitigate the Risk of Cloud Downtime and Data Loss Storyboard

2. Cloud Services Incident Risk and Mitigation Review – Review your key cloud vendors’ SLAs, incident preparedness, and data protection strategy.

At a minimum, IT’s responsibility is to identify and communicate risk to senior leadership. That starts with a vendor review to identify SLA and overall resilience gaps.

  • Cloud Services Incident Risk and Mitigation Review Tool

3. SaaS Incident Response Workflows – Use these examples to guide your efforts to create cloud incident response workflows.

The examples illustrate different approaches to incident response depending on the criticality of the service and options available.

  • SaaS Incident Response Workflows (Visio)
  • SaaS Incident Response Workflows (PDF)

4. Cloud Services Resilience Summary – Use this template to capture your results.

Summarize cloud services risk, mitigation options, and incident response for senior leadership.

  • Cloud Services Resilience Summary
[infographic]

Further reading

Mitigate the Risk of Cloud Downtime and Data Loss

Resilience and disaster recovery in an increasingly Cloudy and SaaSy world.

Analyst Perspective

If you think cloud means you don’t need a response plan, then get your resume ready.

Frank Trovato

Most organizations are now recognizing that they can’t ignore the risk of a cloud outage or data loss, and the challenge is “what can I do about it?” since there is limited control.

If you still think “it’s in the cloud, so I don’t need to worry about it,” then get your resume ready. When O365 goes down, your executives are calling IT, not Microsoft, for an answer of what’s being done and what can they do in the meantime to get the business up and running again.

The key is to recognize what you can control and what actions you can take to evaluate and mitigate risk. At a minimum, you can ensure senior leadership is aware of the risk and define a plan for how you will respond to an incident, even if that is limited to monitoring and communicating status.

Often you can do more, including defining IT workarounds, backing up your SaaS data for additional protection, and using business process workarounds to bridge the gap, as illustrated in the case studies in this blueprint.

Frank Trovato
Research Director, Infrastructure & Operations

Info-Tech Research Group

Use this blueprint to expand your DRP and BCP to account for cloud services

As more applications are migrated to cloud-based services, disaster recovery (DR) and business continuity plans (BCP) must include an understanding of cloud risks and actions to mitigate those risks. This includes evaluating vendor and service reliability and resilience, security measures, data protection capabilities, and technology and business workarounds if there is a cloud outage or incident.

Use the risk assessments and cloud service incident response plans developed through this blueprint to supplement your DRP and BCP as well as further inform your crisis management plans (e.g. account for cloud risks in your crisis communication planning).

Overall Business Continuity Plan

IT Disaster Recovery Plan

A plan to restore IT application and infrastructure services following a disruption.

Info-Tech’s Disaster Recovery Planning blueprint provides a methodology for creating the IT DRP. Leverage this blueprint to validate and provide inputs for your IT DRP.

BCP for Each Business Unit

A set of plans to resume business processes for each business unit.

Info-Tech’s Develop a Business Continuity Plan blueprint provides a methodology for creating business unit BCPs as part of an overall BCP for the organization.

Crisis Management Plan

A plan to manage a wide range of crises, from health and safety incidents to business disruptions to reputational damage.

Info-Tech’s Implement Crisis Management Best Practices blueprint provides a framework for planning a response to any crisis, from health and safety incidents to reputational damage.

Executive Summary

Your Challenge

Common Obstacles

Info-Tech’s Approach

  • Senior leadership is asking difficult questions about the organization’s dependency on third-party cloud services and the risk that poses.
  • Migrating to cloud services transfers much of the responsibility for day-to-day platform maintenance but not accountability for resilience.
  • IT leaders are often responsible for not just the organization’s IT DRP but also BCP and other elements of overall resilience. Cloud risk adds another element IT leaders need to consider.
  • IT leaders have limited control over third-party incidents and that includes cloud services. With SaaS services in particular, recovery or continuity options may be limited.
  • While vendors have swooped in to provide resilience options for the more common SaaS solutions, that is not the case for all cloud services.
  • Part of the solution is defining business process workarounds and that depends on cooperation from business leaders.
  • At a minimum, IT’s responsibility is to identify and communicate risk to senior leadership. That starts with a vendor review to identify SLA and overall resilience gaps.
  • Adapt how you approach downtime and data loss risk, particularly for SaaS solutions where there is limited or no control over the system.
  • Even where there is limited control, you can define an incident response plan to streamline notification, assessment, and implementation of workarounds. Leadership wants more options than simply waiting for the service to come back online.

Info-Tech Insight

Asking vendors about their DRP, BCP, and overall resilience has become commonplace. Expect your vendors to provide answers so you can assess risk. Furthermore, your vendor may have additional offerings to increase resilience or recommendations for third parties who can further assist your goals of improving cloud service resilience.

Key deliverable

Cloud Services Resilience Summary

Provide leadership with a summary of cloud risk, downtime workarounds implemented, and additional data protection.

The image contains a screenshot of the Cloud Services Resilience Summary.

Additional tools and templates in this blueprint

Cloud Services Incident Risk and Mitigation Review Tool

Use this tool to gather vendor input, evaluate vendor SLAs and overall resilience, and track your own risk mitigation efforts.

The image contains a screenshot of the Cloud Services Incident Risk and Mitigation Review Tool.

SaaS Incident Response Workflows

Use the examples in this document as a model to develop your own incident response workflows for cloud outages or data loss.

The image contains a screenshot of the SaaS Incident Response Workflows.

This blueprint will step you through the following actions to evaluate and mitigate cloud services risk

  1. Assess your cloud risk
  • Review your cloud services to determine potential impact of downtime/data loss, vendor SLA gaps, and vendor’s current resilience.
  • Identify options to mitigate risk
    • Explore your cloud vendor’s resilience offerings, third-party solutions, DIY recovery options, and business workarounds.
  • Create an incident response plan
    • Document your cloud risk mitigation strategy and incident response plan, which might include a failover strategy, data protection, and/or business continuity.

    Cloud Risk Mitigation

    Identify options to mitigate risk

    Create an incident response plan

    Assess risk

    Phase 1: Assess your cloud risk

    Phase 1

    Phase 2

    Phase 3

    Assess your cloud risk

    Identify options to mitigate risk

    Create an incident response plan

    Cloud does not guarantee uptime

    Public cloud services (e.g. Azure, GCP, AWS) and popular SaaS solutions experience downtime every year.

    A few cloud outage examples:

    • Microsoft Azure AD outage, March 15, 2022:
      Many users could not log into O365, Dynamics, or the Azure Portal.
      Cause: software change.
    • Three AWS outages in December 2021: December 7 (Netflix and others impacted), December 15 (Duo, Zoom, Slack, others), December 20 (Slack, Epic Games, others). Cause: network issues, power outage.
    • Salesforce outage, May 12, 2022: Users could not access the Lightning platform. Cause: expired certificate.

    Cloud availability

    • Migrating to cloud services can improve availability, as they typically offer more resilience than most organizations can afford to implement themselves.
    • However, having multiple data centers, zones, and regions doesn’t prevent all outages, as we see every year with even the largest cloud vendors.

    DR challenges for IaaS, PaaS, and cloud-native

    While there are limits to what you control, often traditional “failover” DR strategy can apply.

    High-level challenges and resilience options:

    • IaaS: No control over the hardware, but you can failover to another region. This is fairly similar to traditional DR.
    • PaaS: No control over the software platform (e.g. SQL server as a service), but you can back up your data and explore vendor options to replicate your environment.
    • Cloud-native applications: As with PaaS, you can back up your data and explore vendor options to replicate your environment.

    Plan for resilience

    • Include DR requirements when designing cloud service implementation. For example, for IaaS solutions, identify what data would need to be replicated and what services may need to be “always on” (e.g. database services where high-availability is demanded).
    • Similarly, for PaaS and cloud-native solutions, consult your vendor regarding options to build in resilience options (e.g. ability to failover to another environment).

    DR challenges for SaaS solutions

    SaaS is the biggest challenge because you have no control over any part of the base application stack.

    High-level challenges and resilience options:

    • No control over the hardware (or the facility, maintenance processes, and so on).
    • No control over the base application (control is limited to configuration settings and add-on customizations or integrations).
    • Options to back up your data will depend on the service.

    Note: The rest of this blueprint is focused primarily on SaaS resilience due to the challenges listed here. For other cloud services, leverage traditional DR strategies and vendor management to mitigate risk (as summarized on the previous slides).

    Focus on what you can control

    • For SaaS solutions in particular, you must toss out traditional DR. If Salesforce has an outage, you won’t be involved in recovering the system.
    • Instead, DR for SaaS needs to focus on improving resilience where you do have control and implementing business workarounds to bridge the gap.

    Evaluate your cloud services to clarify your specific risks

    Time and money is limited, so focus first on cloud services that are most critical and evaluate the vendors’ SLA and existing resilience capabilities.

    The activities on the next two slides will evaluate risk through two approaches:

    Activity 1: Estimate potential impact of downtime and data loss to quantify the risk and determine which cloud services are most critical and need to be prioritized. This is done through a business impact analysis that assesses:

    • Impact on revenue or costs (if applicable).
    • Impact on reputation (e.g. customer impact).
    • Impact on regulatory compliance and health and safety (if applicable).

    Activity 2: Review the vendor to identify risks and gaps. Specifically, evaluate the following:

    • Incident Management SLAs (e.g. does the SLA include RTO/RPO commitments? Do they meet your requirements?)
    • Incident Response Preparedness (e.g. does the vendor have a DRP, BCP, and security incident response plan?)
    • Data Protection (e.g. does their backup strategy and data security meet your standards?)

    Activity 1: Quantify potential impact and prioritize cloud services using a business impact analysis (BIA)

    1-3 hours

    1. Download the latest version of our DRP BIA: DRP Business Impact Analysis Tool. The tool includes instructions.
    2. Include the cloud services you want to assess in the list of applications/systems (see the tool excerpt below), and follow the BIA methodology outlined in the Create a Right-Sized Disaster Recovery Plan blueprint.
    3. Use the results to quantify potential impact and prioritize your efforts on the most-critical cloud services.

    The image contains a screenshot of the DRP Business Impact Analysis Tool.

    Materials
    • DRP BIA Tool
    Participants
    • Core group of IT management and staff who can provide a well-rounded perspective on potential impact. They will create the first draft of the BIA.
    • Review the draft BIA with relevant business leaders to refine and validate the results.

    Activity 2: Review your key cloud vendors’ SLAs, incident preparedness, and data protection strategy

    1-3 hours

    Use the Cloud Services Incident Risk and Mitigation Review Tool as follows:

    1. Send the Vendor Questionnaire tab to your cloud vendors to gather input, and review your existing agreements.
    2. Copy the vendor responses into the tool (see the instructions in the tool) and evaluate. See the example excerpt below.
    3. Identify action items to clarify gaps or address risks. Some action items might not be defined yet and will need to wait until you have had a chance to further explore risk mitigation options.

    The image contains a screenshot of the Cloud Services Incident Risk and Mitigation Review Tool.

    Materials
    • Cloud Services Incident Risk and Mitigation Review Tool
    Participants
    • Core group of IT management and staff tasked with evaluating and improving cloud services’ resilience.

    Phase 2: Identify options to mitigate risk

    Phase 1

    Phase 2

    Phase 3

    Assess your cloud risk

    Identify options to mitigate risk

    Create an incident response plan

    Consult your vendor to identify options to improve resilience, as a starting point

    Your vendor might also be able to suggest third parties that offer additional support, backup, or service continuity options.

    • The Vendor Questionnaire tab in the Cloud Services Incident Risk and Mitigation Review Tool includes a section at the bottom where your vendor can name additional options to improve resilience (e.g. premium support packages, potentially their own DR services).
    • If your vendor has not completed that part of the questionnaire, meet with them to discuss this. Asking service vendors about resilience has become commonplace, so they should be prepared to answer questions about their own offerings and potentially can name trusted third-party vendors who can further assist you.
    • Leverage Info-Tech’s advisory services to evaluate options outlined by your vendor and potential third-party options (e.g. enterprise backup solutions that support backing up SaaS data).

    Some SaaS solutions have plenty of resilience options; others not so much

    • The pervasiveness of O365 has led vendors to close the service continuity gap, with options to send and receive email during an outage and back up your data.
    • With many SaaS solutions, there isn’t going to be a third-party service continuity option, but you might still be able to at least back up your data and implement business process workarounds to close the service gap.

    Example SaaS risk and mitigation: O365

    Risk

    • Several outages every year (e.g. MS Teams July 20, 2022).
    • SLA exceptions include “Scheduled Downtime,” which can occur with just five days’ notice.
    • The Recycling Bin is your data backup, depending on your setup.

    Options to mitigate risk (not an exhaustive list):

    • Third-party solutions for email service continuity.
    • Several backup vendors (e.g. Veeam, Rubrik) can protect most of your O365 suite.
    • Business continuity workarounds leveraging synced OneDrive, SharePoint, and Outlook (access to calendar invites).

    Example SaaS risk and mitigation: Salesforce

    Risk

    • Downtime has been infrequent, but Salesforce did have a major outage in May 2021 (DNS issue) and May 2022 (expired certificate).
    • At the time of this writing, the Main Services Agreement does not commit to a specific uptime value and specifies the usual exclusions.
    • Similarly, there are limited commitments regarding data protection.

    Options to mitigate risk (not an exhaustive list):

    • Salesforce provides a backup and restore service offering.
    • In addition, some third-party vendors support backing up Salesforce data for additional protection against data corruption or data loss.
    • Business continuity workarounds can further reduce the impact of downtime (e.g. record updates in MS Word and leverage Outlook for contact info until Salesforce is recovered).

    Establish a baseline standard for risk mitigation, regardless of cloud service

    At a minimum, set a goal to review vendor risk at least annually, define standard processes for monitoring outages, and review options to back up your SaaS data.

    Example baseline standard for cloud risk mitigation

    • Review vendor risk at least annually. This includes reviewing SLAs, vendor’s incident preparedness (e.g. do they have a current DRP, BCP, and Security IRP?), and the vendor’s data protection strategy.
    • Incident response plans must include, at a minimum, steps to monitor vendor outage and communicate status to relevant stakeholders. Where possible, business process workarounds are defined to bridge the service gap.
    • For critical data (based on your BIA and an evaluation of risk), maintain your own backups of SaaS data for additional protection.

    Embed risk mitigation standards into existing IT operations

    • Include specific SLA requirements, including incident management processes, in your RFP process and annual vendor review.
    • Define cloud incident response in your incident management procedures.
    • Include cloud data considerations in your backup strategy reviews.

    Phase 3: Create an incident response plan

    Phase 1

    Phase 2

    Phase 3

    Assess your cloud risk

    Identify options to mitigate risk

    Create an incident response plan

    Activity 1: Review the example incident response workflows and case studies as a starting point

    1-3 hours

    1. Review the SaaS Incident Response Workflows examples. The examples illustrate different approaches to incident response depending on the criticality of the service and options available.
    2. Review the case studies on the next few slides, which further illustrate the resilience and incident response solutions implemented.
    3. Note the key elements:
    • Detection
    • Assessment
    • Monitoring status / contacting the vendor
    • Communication with key stakeholders
    • Invoking workarounds, if applicable

    Example SaaS Incident Response Workflow Excerpt

    The image contains a screenshot of an example of the SaaS Incident Response Workflow Excerpt.
    Materials
    • SaaS Incident Response Workflows examples
    Participants
    • Core group of IT management and staff tasked with evaluating and improving cloud services’ resilience.
    • Relevant business process owners to provide input and define business workarounds, where applicable.

    Case Study 1: Recovery plan for critical fundraising event

    If either critical SaaS dependency fails, the following plan is executed:

    1. Donors are redirected to a predefined alternate donation page hosted by a different service. The alternate page connects to the backup payment processing service (with predefined integrations).
    2. Marketing communications support the redirect.
    3. While the backup solution doesn’t gather as much data, the payment details provide enough information to follow up with donors where necessary.

    Criticality justified a failover option

    The Annual Day of Giving generates over 50% of fundraising for the year. It’s critically dependent on two SaaS solutions that host the donation page and payment processing.

    To mitigate the risk, the organization implemented the ability to failover to an alternate “environment” – much like a traditional DR solution – supported by workarounds to manage data collection.

    Case Study 2: Protecting customer data

    Daily exports from a SaaS-hosted donations site reduce potential data loss:

    1. Daily exports to a CRM support donor profile updates and follow-ups (tax receipts, thank-you letters, etc.).
    2. The exports also mitigate the risk of data loss due to an incident with the SaaS-hosted donation site.
    3. This company is exploring more-frequent exports to further reduce the risk of data loss.

    Protecting your data gives you options

    For critical data, do you want to rely solely on the vendor’s default backup strategy?

    If your SaaS vendor is hit by ransomware or if their backup frequency doesn’t meet your needs, having your own data backup gives you options.

    It can also support business process workarounds that need to access that data while waiting for SaaS recovery.

    Case Study 3: Recovery plan for payroll

    To enable a more accurate payroll workaround, the following is done:

    1. After each payroll run, export the payroll data from the SaaS solution to a secure location.
    2. If there is a SaaS outage when payroll must be submitted, the exported data can be modified and converted to an ACH file.
    3. The ACH file is submitted to the bank, which has preapproved this workaround.

    BCP can bridge the gap

    When leadership looks to IT to mitigate cloud risk, include BCP in the discussion.

    Payroll is a good example where the best recovery option might be a business continuity workaround.

    IT often still has a role in business continuity workarounds, as in this case study: specifically, providing a solution to modify and convert the payroll data to an ACH file.

    Activity 2: Run tabletop planning exercises as a starting point to build your incident response plan

    1-3 hours

    1. Follow the tabletop planning instructions provided in the Create a Right-Sized Disaster Recovery Plan blueprint.
    2. Run the exercise for each cloud service. Keep the scenario generic at first (e.g. cloud service is down with no reported root cause) so you can focus on your response. Capture response steps and gaps.
    3. Add complexity in subsequent exercises (e.g. data loss plus downtime), and use that to expand and refine the workflow as needed.
    4. Use the resulting workflows as the core piece of your incident response plan.
    5. Supplement the workflow with relevant checklists or procedures. At this point you can choose to incorporate this into your DRP or BCP or maintain these documents as supplements to those plans.
      See the DRP Case Study and BCP Case Study for an example of DRP-BCP documentation.

    Example tabletop planning results excerpt with gaps identified

    The image contains an example tabletop planning results excerpt with gaps identified.

    Materials
    • SaaS Incident Response Workflows examples
    Participants
    • Core group of IT management and staff tasked with evaluating and improving cloud services’ resilience.
    • Review results with relevant business process owners to provide input and define business workarounds where applicable.

    Activity 3: Summarize cloud services resilience to inform senior leadership of current risks and mitigation efforts

    1-3 hours

    1. Use the Cloud Services Resilience Summary example as a template to capture the following:
    • The results of your vendor review (i.e. incident management SLAs, incident response preparedness, data protections strategy).
    • The current state of your downtime workarounds and additional data loss protection.
    • Your baseline standard for cloud services risk mitigation.
    • Summary of resilience, risks, workarounds, and data loss protection for each individual cloud service that you have reviewed.
  • Present the results to senior leadership to:
    • Highlight risks to inform business decisions to mitigate or accept those risks.
    • Summarize actions already taken to mitigate risks.
    • Communicate next steps (e.g. action items to address remaining risks).

    Cloud Services Resilience Summary – Table of Contents

    The image contains a screenshot of Cloud Services Resilience Summary – Table of Contents.
    Materials
    • Cloud Services Resilience Summary
    Participants
    • Core group of IT management and staff tasked with evaluating and improving cloud services’ resilience.
    • Review results with relevant business process owners to provide input and define business workarounds where applicable.

    Summary: For cloud services, after evaluating risk, IT must adapt how they approach risk mitigation

    1. Identify failover options where possible
    • A failover strategy is possible for many cloud services (e.g. IaaS replication to another region, or failing over SaaS to an alternate solution as in case study 1).
  • At least protect your data
    • Explore supplementary backup options to protect against ransomware, data corruption, or data loss and support business continuity workarounds (see case study 2).
  • Leverage BCP to close the gap
    • This doesn’t absolve IT of its role in mitigating cloud incident risk, but business process workarounds can bridge the gap where IT options are limited (see case study 3).

    Related Info-Tech Research

    IT DRP Maturity Assessment

    Get an objective assessment of your DRP program and recommendations for improvement.

    Create a Right-Sized Disaster Recovery Plan

    Close the gap between your DR capabilities and service continuity requirements.

    Develop a Business Continuity Plan

    Streamline the traditional approach to make BCP development manageable and repeatable.

    Implement Crisis Management Best Practices

    Don’t be another example of what not to do. Implement an effective crisis response plan to minimize the impact on business continuity, reputation, and profitability.

    Build a Data Pipeline for Reporting and Analytics

    • Buy Link or Shortcode: {j2store}126|cart{/j2store}
    • member rating overall impact: 9.3/10 Overall Impact
    • member rating average dollars saved: $61,999 Average $ Saved
    • member rating average days saved: 20 Average Days Saved
    • Parent Category Name: Data Management
    • Parent Category Link: /data-management
    • Continuous and disruptive database design updates while trying to have one design pattern to fit all use cases.
    • Sub-par performance while loading, retrieving, and querying data.
    • You want to shorten time-to-market of the projects aimed at data delivery and consumption.
    • Unnecessarily complicated database design limits usability of the data and requires knowledge of specific data structures for their effective use.

    Our Advice

    Critical Insight

    • Evolve your data architecture. Data pipeline is an evolutionary break away from the enterprise data warehouse methodology.
    • Avoid endless data projects. Building centralized all-in-one enterprise data warehouses takes forever to deliver a positive ROI.
    • Facilitate data self-service. Use-case optimized data delivery repositories facilitate data self-service.

    Impact and Result

    • Understand your high-level business capabilities and interactions across them – your data repositories and flows should be just a digital reflection thereof.
    • Divide your data world in logical verticals overlaid with various speed data progression lanes, i.e. build your data pipeline – and conquer it one segment at a time.
    • Use the most appropriate database design pattern for a given phase/component in your data pipeline progression.

    Build a Data Pipeline for Reporting and Analytics Research & Tools

    Start here – read the Executive Brief

    Build your data pipeline using the most appropriate data design patterns.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Understand data progression

    Identify major business capabilities, business processes running inside and across them, and datasets produced or used by these business processes and activities performed thereupon.

    • Build a Data Pipeline for Reporting and Analytics – Phase 1: Understand Data Progression

    2. Identify data pipeline components

    Identify data pipeline vertical zones: data creation, accumulation, augmentation, and consumption, as well as horizontal lanes: fast, medium, and slow speed.

    • Build a Data Pipeline for Reporting and Analytics – Phase 2: Identify Data Pipeline Components

    3. Select data design patterns

    Select the right data design patterns for the data pipeline components, as well as an applicable data model industry standard (if available).

    • Build a Data Pipeline for Reporting and Analytics – Phase 3: Select Data Design Patterns
    [infographic]

    Workshop: Build a Data Pipeline for Reporting and Analytics

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Understand Data Progression

    The Purpose

    Identify major business capabilities, business processes running inside and across them, and datasets produced or used by these business processes and activities performed thereupon.

    Key Benefits Achieved

    Indicates the ownership of datasets and the high-level data flows across the organization.

    Activities

    1.1 Review & discuss typical pitfalls (and their causes) of major data management initiatives.

    1.2 Discuss the main business capabilities of the organization and how they interact.

    1.3 Discuss the business processes running inside and across business capabilities and the datasets involved.

    1.4 Create the Enterprise Business Process Model (EBPM).

    Outputs

    Understanding typical pitfalls (and their causes) of major data management initiatives.

    Business capabilities map

    Business processes map

    Enterprise Business Process Model (EBPM)

    2 Identify Data Pipeline Components

    The Purpose

    Identify data pipeline vertical zones: data creation, accumulation, augmentation, and consumption, as well as horizontal lanes: fast, medium, and slow speed.

    Key Benefits Achieved

    Design the high-level data progression pipeline.

    Activities

    2.1 Review and discuss the concept of a data pipeline in general, as well as the vertical zones: data creation, accumulation, augmentation, and consumption.

    2.2 Identify these zones in the enterprise business model.

    2.3 Review and discuss multi-lane data progression.

    2.4 Identify different speed lanes in the enterprise business model.

    Outputs

    Understanding of a data pipeline design, including its zones.

    EBPM mapping to Data Pipeline Zones

    Understanding of multi-lane data progression

    EBPM mapping to Multi-Speed Data Progression Lanes

    3 Develop the Roadmap

    The Purpose

    Select the right data design patterns for the data pipeline components, as well as an applicable data model industry standard (if available).

    Key Benefits Achieved

    Use of appropriate data design pattern for each zone with calibration on the data progression speed.

    Activities

    3.1 Review and discuss various data design patterns.

    3.2 Discuss and select the data design pattern selection for data pipeline components.

    3.3 Discuss applicability of data model industry standards (if available).

    Outputs

    Understanding of various data design patterns.

    Data Design Patterns mapping to the data pipeline.

    Selection of an applicable data model from available industry standards.

    Select a Sourcing Partner for Your Development Team

    • Buy Link or Shortcode: {j2store}508|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Application Development
    • Parent Category Link: /application-development
    • You have identified that a change to your sourcing strategy is required, based on market and company factors.
    • You are ready to select a new sourcing partner to drive innovation, time to market, increased quality, and improved financial performance.
    • Taking on a new partner is a significant investment and risk, and you must get it right the first time.
    • You need to make a change now to prevent losing clients and falling further behind your performance targets and your market.

    Our Advice

    Critical Insight

    Selecting a sourcing partner is a function of matching complex factors to your own firm. It is not a simple RFP exercise; it requires significant introspection, proactive planning, and in-depth investigation of potential partners to choose the right fit.

    Impact and Result

    Choosing the right sourcing partner is a four-step process:

    1. Assess your companies' skills and processes in the key areas of risk to sourcing initiatives.
    2. Based on the current situation, define a profile for the matching sourcing partner.
    3. Seek matching partners from the market, either in terms of vendor partners or in terms of sourcing locations.
    4. Based on the choice of partner, build a plan to implement the partnership, define metrics to measure success, and a process to monitor.

    Select a Sourcing Partner for Your Development Team Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Select a Sourcing Partner for Your Development Team Storyboard – Use this presentation to select a partner to best fit your sourcing needs and deliver long-term value.

    This project helps select a partner for sourcing of your development team so that you can realize the benefits from changing your sourcing strategy.

    • Select a Sourcing Partner for Your Development Team Storyboard

    2. Select a Sourcing Partner for Your Development Team Presentation Template – Use this template to build a presentation to detail your decision on a sourcing partner for your development team.

    This presentation template is designed to capture the results from the exercises within the storyboard and allow users to build a presentation to leadership showing how selection was done.

    • Select a Sourcing Partner for Your Development Team Presentation Template

    3. Select a Sourcing Partner for Your Development Team Presentation Example – Use this as a completed example of the template.

    This presentation template portrays what the completed template looks like by showing sample data in all tables. It allows members to see how each exercise leads to the final selection of a partner.

    • Select a Sourcing Partner for Your Development Team Example Template
    [infographic]

    Further reading

    Select a Sourcing Partner for Your Application Development Team

    Choose the right partner to enable your firm to maximize the value realized from your sourcing strategy.

    Analyst Perspective

    Selecting the right partner for your sourcing needs is no longer a cost-based exercise. Driving long-term value comes from selecting the partner who best matches your firm on a wide swath of factors and fits your needs like a glove.

    Sourcing in the past dealt with a different kind of conversation involving two key questions:

    Where will the work be done?

    How much will it cost?

    How people think about sourcing has changed significantly. People are focused on gaining a partner, and not just a vendor to execute a single transaction. They will add skills your team lacks, and an ability to adapt to your changing needs, all while ensuring you operate within any constraints based on your business.

    Selecting a sourcing partner is a matching exercise that requires you to look deep into yourself, understand key factors about your firm, and then seek the partner who best meets your profile.

    The image contains a picture of Dr. Suneel Ghei.

    Dr. Suneel Ghei
    Principal Research Director, Application Development
    Info-Tech Research Group

    Executive Summary

    Your Challenge

    Common Obstacles

    Info-Tech’s Approach

    • You have identified that a change to your sourcing strategy is required based on market and company factors.
    • You are ready to select a new sourcing partner to drive innovation, time to market, increased quality, and improve financial performance.
    • Taking on a new partner is a significant investment and risk, and you must get it right the first time.
    • You need to make a change now to avoid falling further behind your performance targets and your market, and losing clients.

    Almost half of all sourcing initiatives do not realize the projected savings, and the biggest reason is the choice of partner.

    The market for Application Development partners has become more diverse, increasing choice and the risk of making a costly mistake by choosing the wrong partner.

    Firms struggle with how best to support the sourcing partner and allocate resources with the right skills to maximize success, increasing the cost and time to implement, and limiting benefits.

    Making the wrong choice means inferior products, and higher costs and losing both clients and reputation.

    • Choosing the right sourcing partner is a four-step process:
    1. Assess your company's skills and processes in the key areas of risk to sourcing initiatives.
    2. Based on the current situation, define a profile for the matching sourcing partner.
    3. Seek matching partners from the market, either in terms of vendor partners or in terms of sourcing locations.
    4. Based on your choice of partner, build a plan to implement the partnership, and define metrics to measure success and a process to monitor.

    Info-Tech Insight

    Successfully selecting a sourcing partner is not a simple RFP exercise to choose the lowest cost. It is a complex process of introspection, detailed examination of partners and locations, and matching the fit. It requires you to seek a partner that is the Yin to your Yang, and failure is not an option.

    You need a new source for development resources

    You are facing immediate challenges that require a new approach to development resourcing.

    • Your firm is under fire; you are facing pressures financially from clients and your competitors.
    • Your pace of innovation and talent sourcing is too slow and too limiting.
    • Your competition is moving faster and your clients are considering their options.
    • Revenues and costs of development are trending in the wrong direction.
    • You need to act now to avoid spiraling further.

    Given how critical our applications are to the business and our clients, there is no room for error in choosing our partner.

    A study of 121 firms outsourcing various processes found that 50% of those surveyed saw no gains from the outsourcing arrangement, so it is critical to make the right choice the first time.

    Source: Zhang et al

    Big challenges await you on the journey

    The road to improving sourcing has many potholes.

    • In a study of 121 firms who moved development offshore, almost 50% of all outsourcing and offshoring initiatives do not achieve the desired results.
    • In another study focused on large corporations, it was shown that 70% of respondents saw negative outcomes from offshoring development.
    • Globalization of IT Services and the ability to work from anywhere have contributed to a significant increase in the number of development firms to choose from.
    • Choosing and implementing a new partner is costly, and the cost of choosing the wrong partner and then trying to correct your course is significant in dollars and reputation:
      • Costs to find a new partner and transition
      • Lost revenue due to product issues
      • Loss of brand and reputation due to poor choice
    • The wrong choice can also cost you in terms of your own resources, increasing the risk of losing more knowledge and skills.

    A survey of 25 large corporate firms that outsourced development offshore found that 70% of them had negative outcomes.

    (Source: University of Oregon Applied Information Management, 2019)

    Info-Tech’s approach

    Selecting the right partner is a matching exercise.

    Selecting the right partner is a complex exercise with many factors

    1. Look inward. Assess your culture, your skills, and your needs.
    • Market
    • People
    • Culture
    • Technical aspects
  • Create a profile for the perfect partner to fit your firm.
    • Sourcing Strategy
    • Priorities
    • Profile
  • Find the partner that best fits your needs
    • Define RFx
    • Target Partners
    • Evaluate
  • Implement the partner and put in metrics and process to manage.
    • Contract Partner
    • Develop Goals
    • Create Process and Metrics

    The Info-Tech difference:

    1. Assess your own organization’s characteristics and capabilities in four key areas.
    2. Based on these characteristics and the sourcing strategy you are seeking to implement, build a profile for your perfect partner.
    3. Define an RFx and assessment matrix to survey the market and select the best partner.
    4. Implement the partner with process and controls to manage the relationship, built collaboratively and in place day 1.

    Insight summary

    Overarching insight

    Successfully selecting a sourcing partner is not a simple RFP exercise to choose the lowest cost. It is a complex process of introspection, detailed examination of partners and locations, and matching the fit. It requires you to seek a partner that is the Yin to your Yang, and failure is not an option.

    Phase 1 insight

    Fitting each of these pieces to the right partner is key to building a long-term relationship of value.

    Selecting a partner requires you to look at your firm in depth from a business, technical, and organizational culture perspective.

    Phase 2 insight

    The factors we have defined serve to build us a profile for the ideal partner to engage in sourcing our development team. This profile will lead us to be able to define our RFP / RFI and assess respondents.

    Phase 3/4 insight

    Implement the relationship the same way you want it to work, as one team. Work together on contract mechanism, shared goals, metrics, and performance measurement. By making this transparent you hasten the development of a joint team, which will lead to long-term success.

    Tactical insight

    Ensure you assess not just where you are but where you are going, in choosing a partner. For example, you must consider future markets you might enter when choosing the right sourcing, or outsourcing location to maintain compliance.

    Tactical insight

    Sourcing is not a replacement for your full team. Skills must be maintained in house as well, so the partner must be willing to work with the in-house team to share knowledge and collaborate on deliverables.

    Addressing the myth – Single country offshoring or outsourcing

    Research shows that a multi-country approach has a higher chance of success.

    • Research shows that firms trying their own captive development centers fail 20% of the time. ( Journal of Information Technology, 2008)
    • Further, the overall cost of ownership for an offshore center has shown to be significantly higher than the cost of outsourcing, as the offshore center requires more internal management and leadership.
    • Research shows that offshoring requires the offshore location to also house business team members to allow key relationships to be built and ensure more access to expertise. (Arxiv, 2021)
    • Given the specificity of employment laws, cultural differences, and leadership needs, it is very beneficial to have a Corporate HR presence in countries where an offshore center is being set up. (Arxiv, 2021)
    • Lastly, given the changing climate on security, geopolitical changes, and economic factors, our research with service providers and corporate clients shows a need to have more diversity in provider location than a single center can provide.

    Info-Tech Insight

    Long-term success of sourcing requires more than a development center. It requires a location that houses business and HR staff to enable the new development team to learn and succeed.

    Addressing the myth – Outsourcing is a simple RFP for skills and lowest cost

    Success in outsourcing is an exercise in finding a match based on complex factors.

    • In the past, outsourcing was a simple RFP exercise to find the cheapest country with the skills.
    • Our research shows this is no longer true; the decision is now more complex.
    • Competition has driven costs higher, while time business integration and security constraints have served to limit the markets available.
    • Company culture fit is key to the ability to work as one team, which research shows is a key element in delivery of long-term value. (University of Oregon, 2019).
    • These are some of the many factors that need to be considered as you choose your outsourcing partner.
    • The right decision is to find the vendor that best matches the current state of your culture, meets your market constraints, and will allow for best integration to your team – it's not about cheapest or pure skills. (IEEE Access, 2020)

    Info-Tech Insight

    Finding the right outsourcing vendor is an exercise in knowing yourself and then finding the best match to align with your key traits. It's not just costs and skills, but the partner who best matches with your ability to mitigate the risks of outsourcing.

    Phase 1

    Look inward to gain insight on key factors

    Introspection

    1.1 Assess your market factors

    1.2 Determine your people factors

    1.3 Review your current culture

    1.4 Document your technical factors

    Profiling

    2.1 Recall your sourcing strategy

    2.2 Prioritize your company factors

    2.3 Create target profile

    Partner selection

    3.1 Review your RFx

    3.2 Identify target vendors

    3.3 Evaluate vendor

    responses

    Implementation

    4.1 Engage partner to choose contract mechanism

    4.2 Engage partner team to define goals

    4.3 Choose your success

    metrics

    This phase will walk you through assessing and documenting the key driving factors about your firm and the current situation.

    By defining these factors, you will be able to apply this information in the matching process to select the best fit in a partner.

    This phase involves the following participants:

    Line of Business leaders

    Technology leaders

    Key criteria to assess your firm

    Research shows firms must assess themselves in different areas.

    Market factors

    • Who are your clients and your competitors, and what legal constraints do you face?

    People / Process factors

    • What employee skills are you seeking, what is your maturity in product management and stakeholder engagement, and what languages are spoken most predominantly?

    Cultural factors

    • What is your culture around communications, collaboration, change management, and conflict resolution?

    Technical factors

    • What is your current / future technical platform, and what is the maturity of your applications?

    Info-Tech Best Practice

    When assessing these areas, consider where you are today and where you want to go tomorrow, as choosing a partner is a long-term endeavor.

    Step 1.1

    Assess your market factors

    Activities

    1.1.1 Review your client list and future projections to determine your market factors.

    1.1.2 Review your competitive analysis to determine your competitive factors

    This step involves the following participants:

    Business leaders

    Product Owners

    Technology leaders

    Outcomes of this step

    Details of key market factors that will drive the selection of the right partner.

    Market factors

    The Market has a lot to say about the best match for your application development partner.

    Research in the space has defined key market-based factors that are critical when selecting a partner.

    1. Market sectors you service or plan to service – This is critical, as many market sectors have constraints on where their data can be accessed or stored. These restrictions also change over time, so they must be consistently reviewed.
    • E.g. Canadian government data must be stored and only accessed in Canada.
    • E.g. US Government contracts require service providers to avoid certain countries.
  • Your competitors – Your competitors can often seize on differences and turn them to differentiators; for example, offshoring to certain countries can be played up as a risk by a competitor who does all their work in a particular country.
  • Your clients – Research shows that clients can have very distinct views on services being performed in certain countries due to perceived risk, culture, and geopolitical factors. Understanding the views of major clients on globalization of services is a key factor in maintaining client satisfaction.
  • Info-Tech Insight

    Understanding your current and future market factors ensure that your business can not only be successful with the chosen partner today, but also in the future.

    1.1.1 Assess your market factors

    30 min

    Market factors

    1. Group your current client list into three categories:
      1. Those that have no restrictions on data security, privacy or location.
      2. Those that ask for assurances on data security, privacy and location.
      3. Those clients who have compliance restrictions related to data security, privacy, and location.
    2. Categorize future markets into the same three categories.
    3. Based on revenue projections, estimate the revenue from each category as a percentage of your total revenue.

    Download the Select a Sourcing Partner Presentation Template

    Input Output
    • Current client list
    • Future market plans
    • Competitive analysis
    • Completion of the Market Factors chart in the Select a Sourcing Partner for Your Development Team template
    Materials Participants
    • Select a Sourcing Partner for Your Development Team Presentation template
    • Technology leaders
    • Product owners
    • Line of business leaders
    • Finance leaders

    Assess your market factors

    Market and sector

    Market share and constraints

    Market category

    Sector – Public, private or both

    Market share of category

    Key areas of concern

    Not constrained by data privacy, security or location

    Private

    50%

    Require assurances on data security, privacy or location

    Public

    45%

    Data access

    Have constraints that preclude choices related to data security, privacy and location

    Public

    5%

    Data residency

    1.1.2 Review your competitive factors

    30 min

    Competitive factors

    1. List your largest competitors.
    2. Document their sourcing strategies for their development team – are they all onshore or nearshore? Do they outsource?
    3. Based on this, identify competitive threats based on changing sourcing strategies.

    Download the Select a Sourcing Partner Presentation Template

    Input Output
    • Current client list
    • Future market plans
    • Competitive analysis
    • Completion of the Market Factors chart in the Select a Sourcing Partner for Your Development Team template
    Materials Participants
    • Select a Sourcing Partner for Your Development Team Presentation template
    • Technology leaders
    • Product owners
    • Line of business leaders
    • Finance leaders

    Review your competitive factors

    Competitors

    Competitor sourcing strategy

    Competitive threats

    Competitor

    Where is the market?

    Is this onshore / near shore / offshore?

    Data residency

    How could competitors take advantage of a change in our sourcing strategy?

    Competitor X

    Canada / US

    All work done in house and onshore

    Kept in Canada / US

    If we source offshore, we will face a Made in Canada / US threat

    Step 1.2

    Consider your people-related factors

    Activities

    1.2.1 Define your people factors

    1.2.2 Assess your process factors

    This step involves the following participants:

    Technical leaders

    Outcomes of this step

    Details of key people factors that will drive the selection of the right partner.

    People / process factors

    People and process have a large hand in the success or failure of a partner relationship.

    • Alignment of people and process are critical to the success of the partner relationship over the long term.
    • In research on outsourcing / offshoring, Rahman et al identified ten factors that directly impact success or failure in offshoring or outsourcing of development.
    • Key among them are the following:
      • Employee skills
      • Project management
      • Maturity of process concerning product and client management
      • Language barrier

    Info-Tech Insight

    People are a critical resource in any sourcing strategy. Making sure the people and the processes will mesh seamlessly is how to ensure success.

    1.2.1 Define your people factors

    30 min

    Skills Inventory

    1. List skills needed in the development team to service current needs.
    2. Based on future innovation and product direction, add skills you foresee needing in the next 12-24 months. Where do you see a new technology platform (e.g. move from .NET to Java) or innovation (addition of Mobile)?
    3. List current skills present in the team.
    4. Identify skills gaps.

    Download the Select a Sourcing Partner Presentation Template

    InputOutput
    • Product plans for current and future products
    • Technology platform plans for current products
    • Future innovation plans
    • People- and process-related factors that influence sourcing decisions
    MaterialsParticipants
    • Select a Sourcing Partner for Your Development Team Presentation template
    • Technology leaders
    • Product owners
    • Solution architects

    Assess your people - Skills inventory

    Skills required

    Strategic value

    Skills present

    Skill you are seeking

    Required today or in the future

    Rate the skill level required in this area

    Is this a strategic focus for the firm for future targets?

    Is this skill present in the team today?

    Rate current skill level (H/M/L)

    Java Development

    Future

    High

    Yes

    No

    Low

    .Net Development

    Today

    Med

    No

    Yes

    High

    1.2.2 Assess your process factors

    30 min

    Process factors

    1. Do you have a defined product ownership practice?
    2. How mature is the product ownership for the product you are seeking to change sourcing for (H/M/L)?
    3. Do you have project management principles and governance in place for software releases?
    4. What is the relative maturity / skill in the areas you are seeking sourcing for (H/M/L)?

    Download the Select a Sourcing Partner Presentation Template

    InputOutput
    • Product plans for current and future products
    • Technology platform plans for current products
    • Future innovation plans
    • People- and process-related factors that influence sourcing decisions
    MaterialsParticipants
    • Select a Sourcing Partner for Your Development Team Presentation template
    • Technology leaders
    • Product owners
    • Solution architects

    Assess your process factors

    Product ownership

    Project management

    Product where sourcing is being changed

    Product ownership in place?

    Skills / maturity rating (H/M/L)

    Project management / governance in place for software releases

    Rate current maturity / skill level (H/M/L)

    ABC

    Yes

    High

    Yes

    High

    SQW

    No

    Low

    Yes

    High

    Step 1.3

    Review your current culture

    Activities

    1.3.1 Assess your communications factors

    1.3.2 Assess your conflict resolution factors

    This step involves the following participants:

    Technical leaders

    Product owners

    Project managers

    Outcomes of this step

    Details of key culture factors that will drive the selection of the right partner.

    Cultural factors

    Organization culture fit is a driver of collaboration between the teams, which drives success.

    • In their study of country attractiveness for sourcing development, Kotlarsky and Oshri point to the ability of the client and their sourcing partner to work as one team as a key to success.
    • This requires synergies in many cultural factors to avoid costly miscommunications and misinterpretations that damage collaboration.
    • Key factors in achieving this are:
      • Communications methodology and frequency; managing and communicating to the teams as one team vs two, and communicating at all levels, vs top down.
      • Managing the team as one integrated team, with collaboration enabled between all resources, rather than the more adversarial client vs partner approach.
      • Conflict resolution strategies must align so all members of the extended team work together to resolve conflict vs the traditional “Blame the Contractors”.
      • Strong change management is required to keep all team members aligned.

    Info-Tech Insight

    Synergy of culture is what enables a good partner selection to become a long-term relationship of value.

    1.3.1 Assess your communications factors

    30 min

    1. List all the methods you use to communicate with your development team – face to face, email, conference call, written.
    2. For each form of communication confirm frequency, medium, and audience (team vs one-on-one)
    3. Confirm if these communications take into account External vs Internal resources and different time zones, languages, and cultures.
    4. Is your development team broken up into teams by function, by location, by skill, etc., or do you operate as one team?

    Download the Select a Sourcing Partner Presentation Template

    Input Output
    • Communication process with existing development team
    • Examples of how external staff have been integrated into the process
    • Examples of conflicts and how they were resolved
    • Documentation of key cultural characteristics that need to be part of provider profiling
    Materials Participants
    • Select a Sourcing Partner for Your Development Team Presentation template
    • Technology leaders
    • Product owners
    • Project managers

    Assess your communications strategy

    Communications

    Type

    Frequency

    Audience

    One communication or one per audience?

    Level of two-way dialogue

    Face-to-face team meetings

    Weekly

    All developers

    One

    High

    Daily standup

    Daily

    Per team

    One per audience

    Low

    1.3.2 Assess your conflict resolution factors

    30 min

    1. How does your organization handle the following types of conflict? Rate from 1-5, with 1 being hierarchical and 5 being openly collaborative.
      1. Developers on a team disagree.
      2. Development team disagrees with manager.
      3. Development team disagrees with product owner.
      4. Development team disagrees with line of business.
    2. Rate each conflict resolution strategy based on effectiveness.
    3. Confirm if this type of strategy is used for internal and external resources, or internal only.

    Download the Select a Sourcing Partner Presentation Template

    InputOutput
    • Communication process with existing development team
    • Examples of how external staff have been integrated into the process
    • Examples of conflicts and how they were resolved
    • Documentation of key cultural characteristics that need to be part of provider profiling
    MaterialsParticipants
    • Select a Sourcing Partner for Your Development Team Presentation template
    • Technology leaders
    • Product owners
    • Project managers

    Assess your conflict resolution strategy

    Conflict

    Resolution strategy

    Effectiveness

    Audience

    Conflict type

    Rate the resolution strategy from hierarchical to collaborative (1-5)

    How effective is this method of resolution from 1-5?

    Is this strategy used for external parties as well as internal?

    Developer to product owner

    44

    Yes

    Developer to manager

    12

    Yes

    Step 1.4

    Document your technical factors

    Activities

    1.4.1 Document your product / platform factors

    1.4.2 Document your environment details

    This step involves the following participants:

    Technical leaders

    Product owners

    Outcomes of this step

    Details of key technical factors that will drive the selection of the right partner.

    Technical factors

    Technical factors are still the foundation for a Development sourcing relationship.

    • While there are many organizational factors to consider, the matching of technological factors is still the root on which the sourcing relationship is built; the end goal is to build better software.
    • Key technical Items that need to be aligned based on the research are:
      • Technical infrastructure
      • Development environments
      • Development methodology and tools
      • Deployment methodology and tools
      • Lack of/poor-quality technical documentation
    • Most RFPs focus purely on skills, but without alignment on the above items, work becomes impossible to move forward quickly, limiting the chances of success.

    Info-Tech Insight

    Technical factors are the glue that enables teams to function together. Ensuring that they are fully integrated is what enables team integration; seams in that integration represent failure points.

    1.4.1 Document your product / platform factors

    30 mins

    1. How many environments does each software release go through from the start of development through release to production?
    2. What is the infrastructure and development platform?

    Download the Select a Sourcing Partner Presentation Template

    InputOutput
    • Development process
    • Deployment process
    • Operations process
    • IT security policies
    • Documentation of key technical characteristics that need to be part of provider profiling
    MaterialsParticipants
    • Select a Sourcing Partner for Your Development Team Presentation template
    • Development leaders
    • Deployment team leaders
    • Infrastructure leaders
    • IT operations leaders
    • Product owners
    • Project managers

    Document your product / platform

    Product / Platform

    Product you are seeking a sourcing solution for

    What is the current infrastructure platform?

    How many environments does the product pass through?

    What is the current development toolset?

    ABC

    Windows

    Dev – QA – Preprod - Prod

    .Net / Visual Studio

    1.4.2 Document your environment details

    30 min

    For each environment detail the following:

    1. Environment on premises or in cloud
    2. Access allowed to external parties
    3. Production data present and unmasked
    4. Deployment process: automated or manual
    5. Tools used for automated deployment
    6. Can the environment be restored to last known state automatically?
    7. Does documentation exist on the environment, processes and procedures?

    Download the Select a Sourcing Partner Presentation Template

    InputOutput
    • Development process
    • Deployment process
    • Operations process
    • IT security policies
    • Documentation of key technical characteristics that need to be part of provider profiling
    MaterialsParticipants
    • Select a Sourcing Partner for Your Development Team Presentation template
    • Development leaders
    • Deployment team leaders
    • Infrastructure leaders
    • IT operations leaders
    • Product owners
    • Project managers

    Document Your Environment Details

    Environment

    Location

    Access

    Deployment

    Data

    Name of Environment

    Is the environment on premises or in the cloud (which cloud)?

    Is external access allowed?

    Is deployment automated or manual?

    Tool used for deployment

    Is reset automated?

    Does the environment contain unmasked production data?

    Dev

    Cloud

    Yes

    Automated

    Azure DevOps

    Yes

    No

    QA

    Cloud

    Yes

    Automated

    Azure DevOps

    Yes

    No

    Preprod

    On Premises

    No

    Manual

    N/A

    No

    Yes

    Phase 2

    Introspection

    1.1 Assess your market factors

    1.2 Determine your people factors

    1.3 Review your current culture

    1.4 Document your technical factors

    Profiling

    2.1 Recall your sourcing strategy

    2.2 Prioritize your company factors

    2.3 Create target profile

    Partner selection

    3.1 Review your RFx

    3.2 Identify target vendors

    3.3 Evaluate vendor

    responses

    Implementation

    4.1 Engage partner to choose contract mechanism

    4.2 Engage partner team to define goals

    4.3 Choose your success

    metrics

    This phase will help you to build a profile of the partner you should target in your search for a sourcing partner.

    This phase involves the following participants:

    Technology leaders

    Procurement leaders

    Product owners

    Project managers

    Build a profile for the right partner

    • Finding the perfect partner is a puzzle to solve, an exercise between the firm and the partners.
    • It is necessary to be able to prioritize and to identify opportunities where you can adapt to create a fit.
    • You must also bring forward the sourcing model you are seeking and prioritize factors based on that; for example, if you are seeking a nearshore partner, language may be less of a factor.

    Review factors based on sourcing choice

    Different factors are more important depending on whether you are insourcing or outsourcing.

    Key risks for insourcing

    • Alignment on communication strategy and method
    • Ability to align culturally
    • Need for face-to-face relationship building
    • Need for coaching skills

    Key risks for outsourcing

    • Giving control to the vendor
    • Legal and regulatory issues
    • Lack of knowledge at the vendor
    • Language and cultural fit

    Assessing your firm's position

    • The model you derived from the Sourcing Strategy research will inform the prioritization of factors for matching partners.

    Info-Tech Insight

    To find the best location for insourcing, or the best vendor for outsourcing, you need to identify your firm's positions on key risk areas.

    Step 2.1

    Recall your sourcing strategy

    Activities

    2.1.1 Define the key factors in your sourcing strategy

    This step involves the following participants:

    Technology Leaders

    Outcomes of this step

    Documentation of the Sourcing Strategy you arrived at in the Define a Sourcing Strategy exercises

    Choosing the right model

    The image contains a screenshot of the legend that will be used down below. The legend contains circles, from the left there is a empty circle, a one quarter filled circle, half filled circle, three-quarter filled circle , and a fully filled in circle.

    Determinant

    Key Questions to Ask

    Onshore

    Nearshore

    Offshore

    Outsource role(s)

    Outsource team

    Outsource product(s)

    Business dependence

    How much do you rely on business resources during the development cycle?

    The image contains a screenshot of the filled in whole circle to demonstrate high. The image contains a screenshot of the three-quarter filled circle to demonstrate medium high. The image contains a screenshot of the one-quarter filled circle to demonstrate medium low. The image contains a screenshot of the half filled circle to demonstrate medium. The image contains a screenshot of the one-quarter filled circle to demonstrate medium low. The image contains a screenshot of the empty circle to demonstrate low.

    Absorptive capacity

    How successful has the organization been at bringing outside knowledge back into the firm?

    The image contains a screenshot of the empty circle to demonstrate low. The image contains a screenshot of the one-quarter filled circle to demonstrate medium low. The image contains a screenshot of the one-quarter filled circle to demonstrate medium low. The image contains a screenshot of the half filled circle to demonstrate medium. The image contains a screenshot of the one-quarter filled circle to demonstrate medium low. The image contains a screenshot of the filled in whole circle to demonstrate high.

    Integration complexity

    How many integrations are required for the product to function – fewer than 5, 5-10, or more than 10?

    The image contains a screenshot of the filled in whole circle to demonstrate high. The image contains a screenshot of the three-quarter filled circle to demonstrate medium high. The image contains a screenshot of the three-quarter filled circle to demonstrate medium high. The image contains a screenshot of the half filled circle to demonstrate medium. The image contains a screenshot of the one-quarter filled circle to demonstrate medium low. The image contains a screenshot of the empty circle to demonstrate low.

    Product ownership

    Do you have full-time product owners in place for the products? Do product owners have control of their roadmaps?

    The image contains a screenshot of the one-quarter filled circle to demonstrate medium low. The image contains a screenshot of the half filled circle to demonstrate medium. The image contains a screenshot of the three-quarter filled circle to demonstrate medium high. The image contains a screenshot of the half filled circle to demonstrate medium. The image contains a screenshot of the filled in whole circle to demonstrate high. The image contains a screenshot of the filled in whole circle to demonstrate high.

    Organization culture fit

    What are your organization’s communication and conflict resolution strategies? Is your organization geographically dispersed?

    The image contains a screenshot of the one-quarter filled circle to demonstrate medium low. The image contains a screenshot of the one-quarter filled circle to demonstrate medium low. The image contains a screenshot of the three-quarter filled circle to demonstrate medium high. The image contains a screenshot of the one-quarter filled circle to demonstrate medium low. The image contains a screenshot of the three-quarter filled circle to demonstrate medium high. The image contains a screenshot of the filled in whole circle to demonstrate high.

    Vendor mgmt skills

    What is your skill level in vendor management? How old are your longest-standing vendor relationships?

    The image contains a screenshot of the empty circle to demonstrate low. The image contains a screenshot of the one-quarter filled circle to demonstrate medium low. The image contains a screenshot of the one-quarter filled circle to demonstrate medium low. The image contains a screenshot of the half filled circle to demonstrate medium. The image contains a screenshot of the three-quarter filled circle to demonstrate medium high. The image contains a screenshot of the filled in whole circle to demonstrate high.

    2.1.1 Define the key factors in your sourcing strategy

    30 min

    For each product you are seeking a sourcing strategy for, document the following:

    1. Product or team name.
    2. Sourcing strategy based on Define a Sourcing Strategy.
    3. The primary drivers that led to this selection – Business Dependence, Absorptive Capacity, Integration Complexity, Product Ownership, Culture or Vendor Management.
    4. The reasoning for the selection based on that factor – e.g. we chose nearshoring based on high business dependence by our development team.

    Download the Select a Sourcing Partner Presentation Template

    Input Output
    • Sourcing Strategy from Define a Sourcing Strategy for your Development Team
    • Reasoning that drove the sourcing strategy selection
    Materials Participants
    • Select a Sourcing Partner for Your Development Team Presentation template
    • Technology leadership

    Define sourcing strategy factors

    Sourcing strategy

    Factors that led to selection

    Product you are seeking a sourcing solution for

    Strategy defined

    Key factors that led to that choice

    Reasoning

    ABC

    Outsourcing - Offshore

    • Product ownership
    • Business integration
    • Product maturity
    • Technical environment

    Mature product ownership and low requirement for direct business involvement.

    Mature product with lower environments in cloud.

    Step 2.2

    Prioritize your company factors

    Activities

    2.2.1 Prioritize the factors from your sourcing strategy and confirm if mitigation or adaptation are possible.

    This step involves the following participants:

    IT Leadership team

    Outcomes of this step

    Prioritized list of key factors

    2.2.1 Prioritize your sourcing strategy factors

    30 min

    1. For each of the factors listed in exercise 2.1, prioritize them by importance to the firm.
    2. For each factor, please confirm if there is room to drive change internally to overcome the lack of a match – for example, if the culture being changed in language and conflict resolution is an option, then say Yes for that factor.

    Download the Select a Sourcing Partner Presentation Template

    InputOutput
    • Sourcing Strategy factors from 2.1
    • Prioritized list of sourcing strategy factors
    MaterialsParticipants
    • Select a Sourcing Partner for Your Development Team Presentation template
    • Technology leaders

    Sourcing strategy factors and priority

    Sourcing strategy

    Factors that led to selection

    Priority of factor in decision

    Change possible

    Product you are seeking a sourcing solution for

    Strategy defined

    Key factors that led to your choice

    Reasoning

    Priority of factor 1-x

    Is there an opportunity to adapt this factor to a partner?

    ABC

    Outsourcing - offshore

    • Product ownership
    • Business integration
    • Product maturity
    • Technical environment

    Mature product ownership

    Low requirement for direct business involvement

    Mature product with lower environments in cloud

    2

    1

    3

    N

    N

    Y

    Step 2.3

    Create target profile

    Activities

    2.3.1 Profile your best fit

    This step involves the following participants:

    IT Leadership team

    Outcomes of this step

    Profile of the target partner

    Profiling your best fit

    Creating a target profile will help you determine which partners should be included in the process.

    Given the complexity of all the factors and trying to find the best fit from a multitude of partners, Info-Tech recommends forming a target profile for your best fit of partner.

    This profile provides a detailed assessment matrix to use to review potential partners.

    Profile should be created based on priority; "must haves" are high priority, while properties that have mitigation opportunities are optional or lower priority.

    Criteria

    Priority

    Some US Govt contracts – data and staff in NATO

    1

    Windows environment – Azure DEVOPS

    2

    Clients in FS

    3

    Agile SDLC

    4

    Collaborative communication and conflict resolution

    5

    Mature product management

    6

    Languages English and Spanish

    7

    Partner Profile

    • Teams in NATO and non-NATO countries
    • Windows skills with Azure
    • Financial Services experience
    • Utilize Agile and willing to plug into our teams
    • Used to collaborating with clients in one team environment
    • One centre in Latin / South America

    Info-Tech Insight

    The factors we have defined serve to build us a profile for the ideal partner to engage in sourcing our development team. This profile will lead us to be able to define our RFP / RFI and assess respondents.

    Case study: Cognizant is partnering with clients on product development

    INDUSTRY: Technology Services

    SOURCE: Interview with Jay MacIsaac, Cognizant

    Cognizant is driving quality solutions for clients

    • Strives to be primarily an industry-aligned organization that delivers multiple service lines in multiple geographies.
    • Seeks to carefully consider client culture to create one team.
    • Value proposition is a consultative approach bringing thought leadership and mutually adding value to the relationship vs the more traditional order taker development partner
    • Wants to share in solution development to facilitate shared successes. Geographic alignment drives knowledge of the client and their challenges, not just about time zone and supportability.
    • Offers one of the largest offshore capabilities in the world, supported by local and nearshore resources to drive local knowledge.
    • Realizes today’s clients don’t typically want a black box, they are sophisticated and want transparency around the process and solution, to have a partner.
    • Understands that clients do want to know where the work is being delivered from and how it's being delivered, and want to help manage expectations and overall risk.

    Synergy with Info-Tech’s approach

    • Best relationship comes when teams operate as one.
    • Clients are seeking value, not a development black box.
    • Clients want to have a partner they can engage with, not just an order taker.
    • Goal is a one-team culture with shared goals and delivering business value.
    • Ideal is a partner that will add to their thinking, not echo it.

    Results of this approach

    • Cognizant is continuing to deliver double-digit growth and continues to strive for top quartile performance.
    • Growth in the client base has seen the company grow to over 340,000 associates worldwide.

    Case study: Cabot Technology Solutions uses industry knowledge to drive successful partnerships

    INDUSTRY: Technology Services

    SOURCE: Interview with Shibu Basheer, Cabot Technology Solutions

    Cabot Technology Solutions findings

    • Cabot Technology Solutions looks to partner with clients and deliver expertise and value, not just application development.
      • Focus on building deep knowledge in their chosen vertical, Healthcare.
      • Focus on partnering with clients in this space who are seeking a partner to provide industry knowledge and use this to propel them forward.
      • Look to work with clients seeking a one team philosophy.
      • Avoid clients looking for a cheap provider.
    • Recognizing the initial apprehension to India as a location, they have built a practice in Ontario that serves as a bridge for their offshore team.
    • Cabot overcame initial views and built trust, while integrating the India team in parallel.

    Synergy with Info-Tech approach

    • Preference is partners, not a client/vendor relationship.
    • Single country model is set aside in favor of mix of near and offshore.
    • Culture is a one team approach, not the more adversarial order-taker approach.
    • Goal is to build long-term relationships of value, not task management.

    Results of this approach

    • Cabot is a recognized as a top software development company in many markets across the USA.
    • Cabot continues to drive growth and build referenceable client relationships across North America.

    2.3.1 Profile your best fit

    30 min

    1. Document the list of skills you are seeking from the People Factors – Skills Inventory in Section 1.2 – these represent the skills you are seeking in a partner.
    2. Document the culture you are looking for in a partner with respect to communications and conflict resolution in the culture section of the requirements – this comes from Section 1.3.
    3. Confirm the type of partner you are seeking – nearshore, offshore, or outsourcing based on the sourcing strategy priorities in Section 2.2.
    4. Confirm constraints that the partner must work under based on constraints from your market and competitor factors in Section 1.1.
    5. Confirm your technical requirements in terms of environments, tools, and processes that the vendor must align to from Section 1.4.

    Download the Select a Sourcing Partner Presentation Template

    Input Output

    All exercises done in Steps 11-1.4 and 2.1-2.2

    Profile of a target partner to drive the RFx Criteria

    Materials Participants

    Select a Sourcing Partner for Your Development Team Presentation template

    Development leaders

    Deployment team leaders

    Infrastructure leaders

    IT operations leaders

    Product owners

    Project managers

    RFP skills requirement

    People skills required

    Product ownership

    Project management

    Skill

    Skill level required

    Tools / platform requirement

    Details of product management methodology and skills

    Details of firm's project management methodology

    .NET

    Medium

    Windows

    Highly mature, high skill

    Highly mature, high skill

    Java

    High

    Windows

    Low

    High

    RFx cultural characteristics

    Communication strategy

    Conflict resolution

    Organization / management

    Communication mediums supported

    Frequency of meetings expected

    Conflict resolutions strategies used at the firm

    Management methodology

    Face to face

    Weekly

    Collaborative

    Online

    Daily

    Hierarchical with manager

    Hierarchical

    RFx market constraints

    Constraints

    Partner proposal

    Constraint type

    Restrictions

    Market size required for

    Reasoning

    Data residency

    Data must stay in Canada for Canadian Gov't clients

    5% Canada public sector

    Competitive

    Offshoring dev means competition can take advantage

    95% Clients

    Need strategy to show data and leadership in NA, but delivering more innovation at lower cost by going offshore

    RFx technical requirements

    Technical environments

    Infrastructure

    Alignment of SDLC

    Tools required for development team

    Access control software required

    Infrastructure location

    Number of environments from development to production

    .Net Visual Studio

    Microsoft

    Azure

    4

    RFx scope of services

    Work being sourced

    Team sizing

    Work being sourced

    Skill level required

    Average size of release

    Releases per year

    Java development of new product

    High

    3-month development

    6

    .NET staff augmentation

    Medium

    ½-month development

    12

    Phase 3

    Choose the partner that will best enable you to move forward as one integrated team.

    Introspection

    1.1 Assess your market factors

    1.2 Determine your people factors

    1.3 Review your current culture

    1.4 Document your technical factors

    Profiling

    2.1 Recall your sourcing strategy

    2.2 Prioritize your company factors

    2.3 Create target profile

    Partner selection

    3.1 Review your RFx

    3.2 Identify target vendors

    3.3 Evaluate vendor

    responses

    Implementation

    4.1 Engage partner to choose contract mechanism

    4.2 Engage partner team to define goals

    4.3 Choose your success

    metrics

    For more details on Partner Selection, please refer to our research blueprint entitled Select an ERP Partner

    This phase will help you define your RFx for your provider search

    This phase involves the following participants:

    Vendor Management Team

    IT Leadership

    Finance Team

    Finding the right fit should always come before rates to determine value

    The right fit

    Determined in previous activities

    Negotiating will eventually bring the two together

    Value

    Rates

    Determined by skill and location

    Statement of Work (SOW) quality

    A quality SOW is the result of a quality RFI/RFP (RFx).

    The process up to now has been gathering the materials needed to build a quality RFx. Take this opportunity to review the outputs of the preceding activities to ensure that:

    • All the right stake holders have been engaged.
    • The requirements are complete.

    Info-Tech’s RFP Review as a Service looks for key items to ensure your RFx will generate quality responses and SOWs.

    • Is it well-structured with a consistent use of fonts and bullets?
    • Is it laid out in sections that are easily identifiable and progress from high-level to more detailed information?
    • Can a vendor quickly identify the ten (or fewer) things that are most important to you?

    The image contains a screenshot of the Request for Proposal Review as a Service.

    Step 3.1

    Review your RFx

    Activities

    3.1.1 Select your RFx template

    3.1.2 Finalize your RFx

    3.1.3 Weight each evaluation criteria

    This step involves the following participants:

    • Project team
    • Evaluation team
    • Vendor management team
    • CIO

    Outcomes of this step

    • Completed RFx

    Info-Tech’s RFI/RFP process

    Info-Tech has well-established vendor management templates and practices

    • Identify Need
    • Define Business Requirements
    • Gain Business Authorization
    • Perform RFI/RFP
    • Negotiate Agreement
    • Purchase Goods and Services
    • Assess and Measure Performance

    Info-Tech Best Practice

    You’ll want to customize templates for your organization, but we strongly suggest that you take whatever you feel best meets your needs from both the long- and short-form RFPs presented in this blueprint.

    The secret to managing an RFP is to make it manageable. And the secret to making an RFP manageable is to treat it like any other aspect of business – by developing a process. With a process in place, you are better able to handle whatever comes your way, because you know the steps you need to follow to produce a top-notch RFP.

    Your RFP process should be tailored to fit the needs and specifics of your organization and IT.

    Info-Tech Insight

    Create a better RFP process using Info-Tech’s well-established templates and methodology.

    Create a Better RFP Process

    In a hurry? Consider an enhanced RFI instead of an RFP.

    While many organizations rarely use RFIs, they can be an effective tool in the vendor manager’s toolbox when used at the right time in the right way. RFIs can be deployed in competitive targeted negotiations. An enhanced RFI (ERFI) is a two-stage strategy that speeds up the typical RFP process. The first stage is like an RFI on steroids, and the second stage is targeted competitive negotiation.

    Stage 1:

    Create an RFI with all the customary components. Next, add a few additional RFP-like requirements (e.g. operational and technical requirements). Make sure you include a request for budgetary pricing and provide any significant features and functionality requirements so that the vendors have enough information to propose solutions. In addition, allow the vendors to ask questions through your single point of coordination and share answers with all the vendors. Finally, notify the vendors that you will not be doing an RFP – this is it!

    Stage 2:

    Review the vendors’ proposals and select the best two. Negotiate with both vendors and then make your decision.

    The ERFI shortens the typical RFP process, maintains leverage for your organization, and works great with low- to medium-spend items (however your organization defines them). You’ll get clarification on vendors’ competencies and capabilities, obtain a fair market price, and meet your internal clients’ aggressive timelines while still taking steps to protect your organization.

    RFI Template

    The image contains a screenshot of the RFI Template.

    Use this template to create your RFI baseline template. Be sure to modify and configure the template to your organization’s specifications.

    Request for Information Template

    Long-Form RFP Template

    Configure Info-Tech’s Long-Form RFP Template for major initiatives

    The image contains a screenshot of the long-form RFP Template.

    A long-form or major RFP is an excellent tool for more complex and complicated requirements. This example is for a baseline RFP.

    It starts with best-in-class RFP terms and conditions that are essential to maintaining your control throughout the RFP process. The specific requirements for the business, functional, technical, and pricing areas should be included in the exhibits at the end of the template. That makes it easier to tailor the RFP for each deal, since you and your team can quickly identify specific areas that need modification. Grouping the exhibits together also makes it convenient for both your team to review, and the vendors to respond.

    You can use this sample RFP as the basis for your template RFP, taking it all as is or picking and choosing the sections that best meet the mission and objectives of the RFP and your organization.

    Source: Info-Tech’s The Art of Creating a Quality RFP

    Short-Form RFP Template

    Configure Info-Tech’s Short-Form RFP Template for minor or smaller initiatives

    The image contains a screenshot of the Short-Form RFP Template.

    This example is for a less complex RFP that has relatively basic requirements and perhaps a small window in which the vendors can respond. As with the long-form RFP, exhibits are placed at the end of the RFP, an arrangement that saves time for both your team and the vendors. Of course, the short-form RFP contains fewer specific instructions, guidelines, and rules for vendors’ proposal submissions.

    We find that short-form RFPs are a good choice when you need to use something more than a request for quote (RFQ) but less than an RFP running 20 or more pages. It’s ideal, for example, when you want to send an RFP to only one vendor or to acquire items such as office supplies, contingent labor, or commodity items that require significant vendor's risk assessment.

    Source: The Art of Creating a Quality RFP

    3.1.1 Select your RFx template

    1-3 hours

    1. As a group, download the RFx templates from the previous three slides.
    2. Review your RFx process as a group. Be sure to include the vendor management team.
    3. Be sure to consider organization-specific procurement guidelines. These can be included. The objective here is to find the template that is the best fit. We will finalize the template in the next activity.
    4. Determine the best template for this project.
    Input Output
    • RFx templates
    • The RFx template that will be used for this project
    Materials Participants
    • Info-Tech’s Enhanced RFI Template, Long-Form RFP Template, and Short-Form RFP Template
    • Vendor management team
    • Project team
    • Project manager

    Finalize your RFx

    Key insights

    Leverage the power of the RFP

    • Too often RFPs fail to achieve their intended purposes, and your organization feels the effects of a poorly created RFP for many years.
    • If you are faced with a single source vendor, you can perform an RFP to one to create the competitive leverage.

    Make the response and evaluation process easier

    • Being strategic in your wording and formatting makes it easier on both parties – easier for the vendors to submit meaningful proposals, and easier for customer teams to evaluate.
    • Create a level playing field to encourage competition. Without multiple proposals, your options are limited and your chances for a successful project plummet.

    Maximize the competition

    • Leverage a pre-proposal conference to resolve vendor questions and to ensure all vendors receive the same answers to all questions. No vendor should have an information advantage.

    Do’s

    • Leverage your team’s knowledge.
    • Document and explain your RFP process to stakeholders and vendors.
    • Include contract terms in your RFP.
    • Measure and manage performance after contract award.
    • Seek feedback from the RFP team on your process and improve it as necessary.

    Don'ts

    • Reveal your budget.
    • Do an RFP in a vacuum.
    • Send an RFP to a vendor your team is not willing to award the business to.
    • Hold separate conversations with candidate vendors during your RFP process.
    • Skimp on the requirements definition to speed the process.
    • Tell the vendor they are selected before negotiating.

    3.1.2 Finalize your RFx

    1-3 hours

    1. As a group, review the selected RFI or RFP template.
    2. This is YOUR document. Modify it to suit the needs of the organization and even add sections from the other RFP templates that are relevant to your project.
    3. Use the Supplementary RFx Material as a guide.
    4. Add the content created in Steps 1 and 2.
    5. Add any organization-specific clauses or requirements.
    6. Have the project team review and comment on the RFP.
    7. Optional: Use Info-Tech’s RFP Review Concierge Service.

    Download the RFx Vendor Evaluation Tool

    Download the Supplementary RFx Material

    InputOutput
    • RFx template
    • Organizational specific guidelines
    • Materials from Steps 1 and 2
    • Supplementary RFx Material
    • Finalized RFx
    MaterialsParticipants
    • Electronic RFP document for editing
    • Vendor management team
    • Project team
    • Project manager

    3.1.2 Bring it all together

    Supplementary RFx Material

    The image contains a screenshot of Supplementary RFx Material.

    Review the sample content to get a feel for how to incorporate the results of the activities you have worked through into the RFx template.

    RFx Templates

    Use one of our templates to build a ready-for-distribution implementation partner RFx tailored to the unique success factors of your implementation.

    Exercises in Steps 1 and 2

    The image contains a screenshot of Exercises in Steps 1 and 2

    Use the material gathered during each activity to inform and populate the implementation partner requirements that are specific for your organization and project.

    The image contains a screenshot of the Long Form RFx template.The image contains a screenshot of the Short Form RFx template.

    3.1.3 Weight each evaluation criteria

    1-3 hours

    1. As a group, review the selected RFI or RFP template.
    2. This is your document. Modify it to suit the needs of the organization and even add sections from the other RFP templates that are relevant to your project.
    3. Use the Supplementary RFx Material as a guide.
    4. Utilize the content defined in Steps 1 and 2.
    5. Add any organization-specific clauses or requirements.
    6. Have the project team review and comment on the RFP.
    7. Optional: Use Info-Tech’s RFP Review Concierge Service.

    Download the Supplementary RFx Material

    InputOutput

    RFx Vendor Evaluation Tool

    Exercises from Steps 1 and 2

    • Weighted scoring tool to evaluate responses
    MaterialsParticipants
    • RFx Vendor Evaluation Tool
    • Supplementary RFx Material
    • Vendor management team
    • Project team
    • Project manager

    3.1.3 Apply weight to each evaluation criteria

    Use this tool to weight each critical success factor based on results of the activities within the vendor selection workbook for later scoring results.

    The image contains a screenshot of the RFx Vendor Evaluation Tool.

    Download the RFx Vendor Evaluation Tool

    Step 3.2

    Identify target vendors

    Activities

    3.2.1 Identify target vendors

    3.2.2 Define your RFx timeline

    This step involves the following participants:

    • Project team
    • Vendor management team

    Outcomes of this step

    • Targeted vendor list
    • Initial RFx timeline

    3.2.1 Identify target vendors

    1-3 hours

    1. Based on the profile defined in Step 2.3, research potential partners that fit the profile, starting with those you may have used in the past. From this, build your initial list of vendors to target with your RFx.
    2. Break into smaller groups (or continue as a single group if it is already small) and review each shortlisted vendor to see if they will likely respond to the RFx.
    Input Output
    • Websites
    • Peers
    • Advisory groups
    • A shortlist of vendors to target with your RFx
    Materials Participants
    • RFx Vendor Evaluation Tool
    • CIO
    • Vendor management team
    • Project team
    • Evaluation team

    Download the RFx Vendor Evaluation Tool

    Define your RFx timeline

    Provider RFx timelines need to be clearly defined to keep the project and participants on track. These projects and processes can be long. Set yourself up for success by identifying the time frames clearly and communicating them to participants.

    1. Current
    • Concurrent ERP product selection
    • RFx preparation
    • Release of RFX
  • Near-term
    • Responses received
    • Scoring responses
    • Shortlisting providers
    • Provider interviews
    • Provider selection
    • Provider contract negotiations
    • Contract with provider
  • Future
    • Initiation of knowledge transfer
    • Joint development period
    • Cutover to provider team

    89% of roadmap views have at least some representation of time. (Roadmunk, n.d.)

    Info-Tech Insight

    The true value of time horizons is in dividing your timeline and applying different standards and rules, which allows you to speak to different audiences and achieve different communication objectives.

    3.2.2 Define your RFx timeline

    1-3 hours

    1. As a group identify an appropriate timeline for your RFP process. Info-Tech recommends no less than three months from RFx release to contract signing.

      Keep in mind that you need to allow for time to engage the team and perform some level of knowledge transfer, and to seed the team with internal resources for the initial period.
    2. Leave enough time for vendor responses, interviews, and reference checks.
    3. Once the timeline is finalized, document it and communicate it to the organization.

    Download the RFx Vendor Evaluation Tool

    Input Output
    • RFx template
    • Provider RFx timeline
    Materials Participants
    • RFx Vendor Evaluation Tool
    • Vendor management team
    • Project team
    • Project manager

    Define your RFx timeline

    The image contains a screenshot of an example of an RFx timeline.

    Step 3.3

    Evaluate vendor responses

    Activities

    3.3.1 Evaluate responses

    This step involves the following participants:

    • Evaluation team

    Outcomes of this step

    • Vendor submission scores

    3.3.1 Evaluate responses

    1-3 hours

    1. Use the RFx Vendor Evaluation Tool to collect and record the evaluation team's scores for each vendor's response to your RFx.
    2. Then record and compare each team member's scores to rank the vendors' responses.
    3. The higher the score, the closer the fit.

    Download the RFx Vendor Evaluation Tool

    InputOutput
    • Vendor responses
    • Vendor presentations
    • Vendor scores
    MaterialsParticipants
    • RFx Vendor Evaluation Tool
    • Evaluation team

    3.3.1 Score vendor results

    Use the RFx Vendor Evaluation Tool to score the vendors' responses to your RFx using the weighted scale from Activity 3.1.3.

    The image contains a screenshot of the RFx Vendor Evaluation Tool.

    Download the RFx Vendor Evaluation Tool

    Phase 4

    Measuring the new relationship

    Introspection

    1.1 Assess your market factors

    1.2 Determine your people factors

    1.3 Review your current culture

    1.4 Document your technical factors

    Profiling

    2.1 Recall your sourcing strategy

    2.2 Prioritize your company factors

    2.3 Create target profile

    Partner selection

    3.1 Review your RFx

    3.2 Identify target vendors

    3.3 Evaluate vendor

    responses

    Implementation

    4.1 Engage partner to choose contract mechanism

    4.2 Engage partner team to define goals

    4.3 Choose your success

    metrics

    This phase will allow you to define the relationship with your newly chosen partner, including choosing the right contract mechanism, defining shared goals for the relationship, and selecting the metrics and processes to measure performance.

    This phase involves the following participants:

    IT leadership

    Procurement team

    Product owners

    Project managers

    Implementing the Partner

    Implementing the new partner is an exercise in collaboration

    • Successfully implementing your new partner is an exercise in working together
    1. Define a contract mechanism that is appropriate for the relationship, but is not meant as punitive, contract-based management – this sets you up for failure.
    2. Engage with your team and your partner as one team to build shared, measurable goals
    3. Work with the team to define the metrics and processes by which progress against these goals will be measured
  • Goals, metrics and process should be transparent to the team so all can see how their performance ties to success
  • Make sure to take time to celebrate successes with the whole team as one
  • Info-Tech Insight

    Implement the relationship the same way you want it to work: as one team. Work together on contract mechanism, shared goals, metrics, and performance measurement. This transparency and collaboration will build a one team view, leading to long-term success.

    Step 4.1

    Engage partner to choose contract mechanism

    Activities

    4.1.1 Confirm your contract mechanism

    This step involves the following participants:

    IT leadership

    Procurement team

    Vendor team

    Outcomes of this step

    Contract between the vendor and the firm for the services

    Negotiate agreement

    Evaluate your RFP responses to see if they are complete and if the vendor followed your instructions.

    Then:

    Plan negotiation(s) with one or more vendors based on your questions and opportunities identified during evaluation.

    Select finalist(s).

    Apply selection criteria.

    Resolve vendors' exceptions.

    Negotiate before you select your vendor:

    Negotiating with two or more vendors will maintain your competitive leverage while decreasing the time it takes to negotiate the deal.

    Perform legal reviews as necessary.

    Use sound competitive negotiations principles.

    Info-Tech Insight

    Be certain to include any commitments made in the RFP, presentations, and proposals in the agreement, as the standard for an underperforming vendor.

    Info-Tech Insight

    Providing contract terms in an RFP can dramatically reduce time for this step by understanding the vendor’s initial contractual position for negotiation.

    Leverage ITRG's negotiation process research for additional information

    For more details on this process please see our research Drive Successful Sourcing Outcomes with a Robust RFP Process

    4.1.1 Confirm your contract mechanism

    30 min

    1. Does the firm have prior experience with this type of sourcing arrangement?
    2. Does the firm have an existing services agreement with the selected partner?
    3. What contract mechanisms have been used in the past for these types of arrangements?
    4. What mechanism was proposed by the partner in their RFP response?

    Download the Select a Sourcing Partner Presentation Template

    Input Output
    • Past sourcing agreements from Procurement
    • Proposed agreement from partner
    • Agreed upon contract mechanism
    Materials Participants
    • Select a Sourcing Partner for Your Development Team Presentation template
    • Technology leaders
    • Vendor management group
    • Partner leaders

    Choose the appropriate contract method

    Work being sourced

    Partner proposal

    Agreed-upon mechanism

    Work being sourced

    Vendor management experience with type

    Partner proposed contract method

    Agreed-upon contract method

    Java development team to build new product

    Similar work done with fixed price with another vendor

    Time and materials per scrum team

    Time and materials per scrum team to avoid vendor conflicts inherent in fixed price which limit innovation

    Step 4.2

    Engage partner team to define shared goals

    Activities

    4.2.1 Define your shared goals

    This step involves the following participants:

    IT leadership

    Vendor leadership

    Outcomes of this step

    Shared goals for the team

    Define success and shared goals

    Work together to define how you will measure yourselves.

    One team

    • Treating the new center and the existing team as one team is critical to long-term success.
    • Having a plan that allows for teams to meet frequently face-to-face "get to know you" and "stay connected" sessions will help the team gel.

    Shared goals

    • New group must share common goals and measurements.

    Common understanding

    • New team must have a common understanding and culture on key facets such as:
      • Measurement of quality
      • Openness to feedback and knowledge sharing
      • Culture of collaboration
      • Issue and Risk Management

    4.2.1 Define your shared goals

    30 min

    1. List each item in the scope of work for the sourcing arrangement – e.g. development of product XXX.
    2. For each scope item, detail the benefit expected by the firm – e.g. development cost expected to drop by 10% per year, or customer satisfaction improvement.
    3. For each benefit define how you will measure success – e.g. track cost of development for the development team assigned, or track Customer Satisfaction Survey results.
    4. For each measure, define a target for this year – e.g. 10% decrease over last year's cost, or customer satisfaction improvement from 6 to 7.

    Download the Select a Sourcing Partner Presentation Template

    InputOutput
    • Services being procured from RFx
    • Benefits expected from the sourcing strategy
    • Baseline scores for measurements
    • Shared goals agreed upon between team and partner
    MaterialsParticipants
    • Select a Sourcing Partner for Your Development Team Presentation template
    • Technology leaders
    • Partner leaders

    Define goals collaboratively

    Role and benefit

    Goals and objectives

    Role / work being sourced

    Benefit expected

    Measure of success

    Year over year targets

    Java development team to build new product

    New product to replace aging legacy

    Launch of new product

    Agree on launch schedule and MVP for each release / roadmap

    Step 4.3

    Choose your success metrics

    Activities

    4,3.1 Define metrics and process to monitor

    This step involves the following participants:

    IT leadership

    Product owners

    Project managers

    Vendor leaders

    Outcomes of this step

    Metrics and process to measure performance

    4.3.1 Define metrics and process to monitor

    30 min

    1. For each goal defined and measure of success, break down the measure into quantifiable, measurable factors – e.g. Development cost is defined as all the costs tracked to the project including development, deployment, project management, etc.
    2. For each factor choose the metric that can be reported on – e.g. project actuals.
    3. For each metric define the report and reporting frequency – e.g. monthly project actuals from project manager.

    Download the Select a Sourcing Partner Presentation Template

    InputOutput
    • Development process
    • Deployment process
    • Operations process
    • IT Security policies
    • Documentation of key technical characteristics that need to be part of provider profiling
    MaterialsParticipants
    • Select a Sourcing Partner for Your Development Team Presentation template
    • Development leaders
    • Deployment team leaders
    • Infrastructure leaders
    • IT operations leaders
    • Product owners
    • Project managers

    Agreed-upon metrics

    Goal

    Metrics and process

    Agreed-upon goal

    Year 1 target

    Metric to measure success

    Measurement mechanism

    Deliver roadmap of releases

    3 releases – MVP in roadmap

    Features and stories delivered

    Measure delivery of stories from Jira

    Research Contributor

    The image contains a picture of Alaisdar Graham.

    Alaisdar Graham

    Executive Counsellor

    Info-Tech Research Group

    During Alaisdar’s 35-year career in information and operational technology, Alaisdar has been CIO for public sector organizations and private sector companies. He has been an entrepreneur with his own consultancy and a founder or business advisor with four cyber-security start-ups, Alaisdar has developed experience across a broad range of industries within a number of different countries and become known for his ability to drive business benefits and improvements through the use of technology.

    Alaisdar has worked with CXO-level executives across different businesses. Whether undertaking a digital transformation, building and improving IT functions across your span of control, or helping you create and execute an integrated technology strategy, Alaisdar can provide insight while introducing you to Info-Tech Research Group’s experts. Alaisdar’s experience with organizational turn- around, governance, project, program and portfolio management, change management, risk and security will support your organization’s success.

    Research Contributor

    The image contains a picture of Richard Nachazel.

    Richard Nachazel

    Executive Counsellor

    Info-Tech Research Group

    • Richard has more than 40 years working in various Fortune 500 organizations. His specialties are collaborating with business and IT executives and senior stakeholders to define strategic goals and transform operational protocols, standards, and methodologies. He has established a reputation at multiple large companies for taking charge of critical, high-profile enterprise projects in jeopardy of failure and turning them around. Colleagues and peers recognize his ability to organize enterprise efforts, build, develop, and motivate teams, and deliver outstanding outcomes.
    • Richard has worked as a Global CISO & Head of IT Governance for a Swiss Insurance company, Richard developed and led a comprehensive Cyber-Security Framework that provided leadership and oversight of the cyber-security program. Additionally, he was responsible for their IT Governance Risk & Compliance Operation and the information data security compliance in a complex global environment. Richard’s experience with organizational turn around, governance, risk, and controls, and security supports technology delivery integration with business success. Richard’s ability to engage executive and senior management decision makers and champion vision will prove beneficial to your organization.

    Research Contributor

    The image contains a picture of Craig Broussard.

    Craig Broussard

    Executive Counsellor

    Info-Tech Research Group

    • Craig has over 35 years of IT experience including software development, enterprise system management, infrastructure, and cyber security operations. Over the last 20 years, his focus has been on infrastructure and security along with IT service management. He’s been an accomplished speaker and panelist at industry trade events over the past decade.
    • Craig has served as Global Infrastructure Director for NCH Corporation, VP of Information Technology at ATOS, and earlier in his career as the Global Head of Data Center Services at Nokia Siemens Networks. Craig also worked for MicroSolutions (a Mark Cuban Company). Additionally, Craig received formal consulting training while working for IBM Global Services.
    • Craig’s deep experience across many aspects of IT from Governance through Delivery makes him an ideal partner for Info-Tech members.

    Bibliography

    Offshore, Onshore or Hybrid–Choosing the Best IT Outsourcing Model. (n.d.).
    Offshore Dedicated Development Team – A Compelling Hiring Guide. (n.d.).
    The Three Non-Negotiables Of IT Offshoring. (n.d.). Forbes.
    Top Ten Countries For Offshoring. Forbes, 2004.
    Nearshoring in Europe: Choose the Best Country for IT Outsourcing - The World Financial Review. (n.d.).
    Select an Offshore Jurisdiction. The Best Countries for Business in 2021-2022! | InternationalWealth.info. (n.d.).
    How to Find the Best Country to Set Up an Offshore Company. (n.d.). biz30.
    Akbar, M. A., Alsanad, A., Mahmood, S., & Alothaim, A. (2021). Prioritization-based taxonomy of global software development challenges: A FAHP based analysis. IEEE Access, 9, 37961–37974
    Ali, S. (2018). Practices in Software Outsourcing Partnership: Systematic Literature Review Protocol with Analysis. Journal of Computers, (February), 839–861
    Baird Georgia, A. (2007). MISQ Research Curation on Health Information Technology 2. Progression of Health IT Research in MIS Quarterly. MIS Quarterly, 2007(June), 1–14.
    Akbar, M. A., Alsanad, A., Mahmood, S., & Alothaim, A. (2021). Prioritization-based taxonomy of global software development challenges: A FAHP based analysis. IEEE Access, 9, 37961–37974
    Ali, S. (2018). Practices in Software Outsourcing Partnership: Systematic Literature Review Protocol with Analysis. Journal of Computers, (February), 839–861
    Baird Georgia, A. (2007). MISQ Research Curation on Health Information Technology 2. Progression of Health IT Research in MIS Quarterly. MIS Quarterly, 2007(June), 1–14.
    Carmel, E., & Abbott, P. (2006). Configurations of global software development: offshore versus nearshore. … on Global Software Development for the Practitioner, 3–7.
    Hanafizadeh, P., & Zare Ravasan, A. (2018). A model for selecting IT outsourcing strategy: the case of e-banking channels. Journal of Global Information Technology Management, 21(2), 111–138.
    Ishizaka, A., Bhattacharya, A., Gunasekaran, A., Dekkers, R., & Pereira, V. (2019). Outsourcing and offshoring decision making. International Journal of Production Research, 57(13), 4187–4193.
    Jeong, J. J. (2021). Success in IT offshoring: Does it depend on the location or the company? Arxiv.
    Joanna Minkiewicz, J. E. (2009). Deakin Research Online Online. 2007, Interrelationships between Innovation and Market Orientation in SMEs, Management Research News, Vol. 30, No. 12, Pp. 878-891., 30(12), 878–891.

    Bibliography

    King, W. R., & Torkzadeh, G. (2016). Special Issue Information Systems Offshoring : Research Status and Issues. MIS Quarterly, 32(2), 205–225.
    Kotlarsky, J., & Oshri, I. (2008). Country attractiveness for offshoring and offshore outsourcing: Additional considerations. Journal of Information Technology, 23(4), 228–231.
    Lehdonvirta, V., Kässi, O., Hjorth, I., Barnard, H., & Graham, M. (2019). The Global Platform Economy: A New Offshoring Institution Enabling Emerging-Economy Microproviders. Journal of Management, 45(2), 567–599.
    Mahajan, A. (2018). Risks and Benefits of Using Single Supplier in Software Development. Oulu University of Applied Sciences. Retrieved from
    Murberg, D. (2019). IT Offshore Outsourcing: Best Practices for U.S.-Based Companies. University of Oregon Applied Information Management, 1277(800), 824–2714.
    Nassimbeni, G., Sartor, M., & Dus, D. (2012). Security risks in service offshoring and outsourcing. Industrial Management and Data Systems, 112(3), 405–440.
    Olson, G. M., & Olson, J. S. (2000). Distance matters. Human-Computer Interaction, 15(2–3), 139–178.
    Pilkova, A., & Holienka, M. (2018). Home-Based Business in Visegrad Countries: Gem Perspective. Innovation Management, Entrepreneurship and Sustainability 2018 Proceedings of the 6th International Conference.
    Rahman, H. U., Raza, M., Afsar, P., Alharbi, A., Ahmad, S., & Alyami, H. (2021). Multi-criteria decision making model for application maintenance offshoring using analytic hierarchy process. Applied Sciences (Switzerland), 11(18).
    Rahman, H. U., Raza, M., Afsar, P., Khan, H. U., & Nazir, S. (2020). Analyzing factors that influence offshore outsourcing decision of application maintenance. IEEE Access, 8, 183913–183926.
    Roadmunk. What is a product roadmap? Roadmunk, n.d. Accessed 12 Oct. 2021.
    Rottman, J. W., & Lacity, M. C. (2006). Proven practices for effectively offshoring IT work. MIT Sloan Management Review.
    Smite, D., Moe, N. B., Krekling, T., & Stray, V. (2019). Offshore Outsourcing Costs: Known or Still Hidden? Proceedings - 2019 ACM/IEEE 14th International Conference on Global Software Engineering, ICGSE 2019, 40–47.
    Welsum, D. Van, & Reif, X. (2005). Potential Offshoring: Evidence from Selected OECD Countries. Brookings Trade Forum, 2005(1), 165–194.
    Zhang, Y., Liu, S., Tan, J., Jiang, G., & Zhu, Q. (2018). Effects of risks on the performance of business process outsourcing projects: The moderating roles of knowledge management capabilities. International Journal of Project Management, 36(4), 627–639.

    Service Management

    • Buy Link or Shortcode: {j2store}46|cart{/j2store}
    • Related Products: {j2store}46|crosssells{/j2store}
    • Parent Category Name: Service Planning and Architecture
    • Parent Category Link: /service-planning-and-architecture

    The challenge

    • We have good, holistic practices, but inconsistent adoption leads to chaotic service delivery and low customer satisfaction.
    • You may have designed your IT services with little structure, formalization, or standardization.
    • That makes the management of these services more difficult and also leads to low business satisfaction.

    Continue reading

    Improve Incident and Problem Management

    • Buy Link or Shortcode: {j2store}290|cart{/j2store}
    • member rating overall impact: 9.6/10 Overall Impact
    • member rating average dollars saved: $43,761 Average $ Saved
    • member rating average days saved: 23 Average Days Saved
    • Parent Category Name: Incident and problem management
    • Parent Category Link: /improve-your-core-processes/infra-and-operations/i-and-o-process-management/incident-and-problem-management
    • IT infrastructure managers have conflicting accountabilities. It can be difficult to fight fires as they appear while engaging in systematic fire prevention.
    • Repetitive interruptions erode faith in IT. If incidents recur consistently, why should the business trust IT to resolve them?

    Continue reading

    Master M&A Cybersecurity Due Diligence

    • Buy Link or Shortcode: {j2store}261|cart{/j2store}
    • member rating overall impact: 10.0/10 Overall Impact
    • member rating average dollars saved: $12,399 Average $ Saved
    • member rating average days saved: 5 Average Days Saved
    • Parent Category Name: Governance, Risk & Compliance
    • Parent Category Link: /governance-risk-compliance

    This research is designed to help organizations who are preparing for a merger or acquisition and need help with:

    • Understanding the information security risks associated with the acquisition or merger.
    • Avoiding the unwanted possibility of acquiring or merging with an organization that is already compromised by cyberattackers.
    • Identifying best practices for information security integration post merger.

    Our Advice

    Critical Insight

    The goal of M&A cybersecurity due diligence is to assess security risks and the potential for compromise. To succeed, you need to look deeper.

    Impact and Result

    • A repeatable methodology to systematically conduct cybersecurity due diligence.
    • A structured framework to rapidly assess risks, conduct risk valuation, and identify red flags.
    • Look deeper by leveraging compromise diagnostics to increase confidence that you are not acquiring a compromised entity.

    Master M&A Cybersecurity Due Diligence Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Start here – read the Executive Brief

    Read our concise Executive Brief to find out how to master M&A cyber security due diligence, review Info-Tech’s methodology, and understand how we can support you in completing this project.

    [infographic]

    Modernize Your SDLC

    • Buy Link or Shortcode: {j2store}148|cart{/j2store}
    • member rating overall impact: 9.5/10 Overall Impact
    • member rating average dollars saved: $30,263 Average $ Saved
    • member rating average days saved: 39 Average Days Saved
    • Parent Category Name: Development
    • Parent Category Link: /development
    • Today’s rapidly scaling and increasingly complex products create mounting pressure on delivery teams to release new features and changes quickly and with sufficient quality.
    • Many organizations lack the critical capabilities and resources needed to satisfy their growing backlog, jeopardizing product success.

    Our Advice

    Critical Insight

    • Delivery quality and throughput go hand in hand. Focus on meeting minimum process and product quality standards first. Improved throughput will eventually follow.
    • Business integration is not optional. The business must be involved in guiding delivery efforts, and ongoing validation and verification product changes.
    • The software development lifecycle (SDLC) must deliver more than software. Business value is generated through the products and services delivered by your SDLC. Teams must provide the required product support and stakeholders must be willing to participate in the product’s delivery.

    Impact and Result

    • Standardize your definition of a successful product. Come to an organizational agreement of what defines a high-quality and successful product. Accommodate both business and IT perspectives in your definition.
    • Clarify the roles, processes, and tools to support business value delivery and satisfy stakeholder expectations. Indicate where and how key roles are involved throughout product delivery to validate and verify work items and artifacts. Describe how specific techniques and tools are employed to meet stakeholder requirements.
    • Focus optimization efforts on most affected stages. Reveal the health of your SDLC from the value delivery, business and technical practice quality standards, discipline, throughput, and governance perspectives with a diagnostic. Identify and roadmap the solutions to overcome the root causes of your diagnostic results.

    Modernize Your SDLC Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should modernize your SDLC, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Set your SDLC context

    State the success criteria of your SDLC practice through the definition of product quality and organizational priorities. Define your SDLC current state.

    • Modernize Your SDLC – Phase 1: Set Your SDLC Context
    • SDLC Strategy Template

    2. Diagnose your SDLC

    Build your SDLC diagnostic framework based on your practice’s product and process objectives. Root cause your improvement opportunities.

    • Modernize Your SDLC – Phase 2: Diagnose Your SDLC
    • SDLC Diagnostic Tool

    3. Modernize your SDLC

    Learn of today’s good SDLC practices and use them to address the root causes revealed in your SDLC diagnostic results.

    • Modernize Your SDLC – Phase 3: Modernize Your SDLC
    [infographic]

    Workshop: Modernize Your SDLC

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Set Your SDLC Context

    The Purpose

    Discuss your quality and product definitions and how quality is interpreted from both business and IT perspectives.

    Review your case for strengthening your SDLC practice.

    Review the current state of your roles, processes, and tools in your organization.

    Key Benefits Achieved

    Grounded understanding of products and quality that is accepted across the organization.

    Clear business and IT objectives and metrics that dictate your SDLC practice’s success.

    Defined SDLC current state people, process, and technologies.

    Activities

    1.1 Define your products and quality.

    1.2 Define your SDLC objectives.

    1.3 Measure your SDLC effectiveness.

    1.4 Define your current SDLC state.

    Outputs

    Product and quality definitions.

    SDLC business and technical objectives and vision.

    SDLC metrics.

    SDLC capabilities, processes, roles and responsibilities, resourcing model, and tools and technologies.

    2 Diagnose Your SDLC

    The Purpose

    Discuss the components of your diagnostic framework.

    Review the results of your SDLC diagnostic.

    Key Benefits Achieved

    SDLC diagnostic framework tied to your SDLC objectives and definitions.

    Root causes to your SDLC issues and optimization opportunities.

    Activities

    2.1 Build your diagnostic framework.

    2.2 Diagnose your SDLC.

    Outputs

    SDLC diagnostic framework.

    Root causes to SDLC issues and optimization opportunities.

    3 Modernize Your SDLC

    The Purpose

    Discuss the SDLC practices used in the industry.

    Review the scope and achievability of your SDLC optimization initiatives.

    Key Benefits Achieved

    Knowledge of good practices that can improve the effectiveness and efficiency of your SDLC.

    Realistic and achievable SDLC optimization roadmap.

    Activities

    3.1 Learn and adopt SDLC good practices.

    3.2 Build your optimization roadmap.

    Outputs

    Optimization initiatives and target state SDLC practice.

    SDLC optimization roadmap, risks and mitigations, and stakeholder communication flow.

    Select an EA Tool Based on Business and User Need

    • Buy Link or Shortcode: {j2store}274|cart{/j2store}
    • member rating overall impact: 10.0/10 Overall Impact
    • member rating average dollars saved: $62,999 Average $ Saved
    • member rating average days saved: 18 Average Days Saved
    • Parent Category Name: Architecture Domains
    • Parent Category Link: /architecture-domains
    • A mature EA function is increasingly becoming an organizational priority to drive innovation, provide insight, and define digital capabilities.
    • Proliferation of digital technology has increased complexity, straining the EA function to deliver insights.
    • An EA tool increases the efficiency with which the EA function can deliver insights, but a large number of organizations have not a selected an EA tool that suits their needs.

    Our Advice

    Critical Insight

    • EA tool value largely comes from tying organizational context and requirements to the selection process.
    • Organizations that have selected an EA tool often fail to have it adopted and show its true value. To ensure successful adoption and value delivery, the EA tool selection process must account for the needs of business stakeholders and tool users.

    Impact and Result

    • Link the need for the EA tool to your organization’s EA value proposition. The connection enables the EA tool to address the future needs of stakeholders and the design style of the EA team.
    • Use Info-Tech’s EA Solution Recommendation Tool to create a shortlist of EA tools that is suited to the preferences of the organization.
    • Gather additional information on the shortlist of EA tool vendors to narrow down the selection using the EA Tool Request for Information Template.

    Select an EA Tool Based on Business and User Need Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should procure an EA tool in the digital age, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    • Select an EA Tool Based on Business and User Need – Executive Brief
    • Select an EA Tool Based on Business and User Need – Phases 1-3

    1. Make the case

    Decide if an EA tool is needed in your organization and define the requirements of EA tool users.

    • Select an EA Tool Based on Business and User Need – Phase 1: Make the Case
    • EA Value Proposition Template
    • EA Tool User Requirements Template

    2. Shortlist EA tools

    Determine your organization’s preferences in terms of product capabilities and vendor characteristics.

    • Select an EA Tool Based on Business and User Need – Phase 2: Shortlist EA Tools
    • EA Solution Recommendation Tool

    3. Select and communicate the process

    Gather information on shortlisted vendors and make your final decision.

    • Select an EA Tool Based on Business and User Need – Phase 3: Select and Communicate the Process
    • EA Tool Request for Information Template
    • EA Tool Demo Script Template
    • Request for Proposal (RFP) Template
    • EA Tool Selection Process Template
    [infographic]

    Automate Work Faster and More Easily With Robotic Process Automation

    • Buy Link or Shortcode: {j2store}237|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Optimization
    • Parent Category Link: /optimization
    • Your organization has many business processes that rely on repetitive, routine manual data collection and processing work, and there is high stakeholder interest in automating them.
    • You’re investigating whether robotic process automation (RPA) is a suitable technological enabler for automating such processes.
    • Being a trending technology, especially with its association with artificial intelligence (AI), there is much marketing fluff, hype, and misunderstanding about RPA.
    • Estimating the potential impact of RPA on business is difficult, as the relevant industry statistics often conflict each other and you aren’t sure how applicable it is to your business.

    Our Advice

    Critical Insight

    • There are no physical robots in RPA. RPA is about software “bots” that interact with applications as if they were human users to perform routine, repetitive work in your place. It’s for any business in any industry, not just for manufacturing.
    • RPA is lightweight IT; it reduces the cost of entry, maintenance, and teardown of automation as well as the technological requirement of resources that maintain it, as it complements existing automation solutions in your toolkit.
    • RPA is rules-based. While AI promises to relax the rigidity of rules, it adds business risks that are poorly understood by both businesses and subject-matter experts. Rules-based “RPA 1.0” is mature and may pose a stronger business case than AI-enabled RPA.
    • RPA’s sweet spot is “swivel chair automation”: processes that require human workers to act as a conduit between several systems, moving between applications, manually keying, re-keying, copying, and pasting information. A bot can take their place.

    Impact and Result

    • Discover RPA and how it differentiates from other automation solutions.
    • Understand the benefits and risks of complementing RPA with AI.
    • Identify existing business processes best suited for automation with RPA.
    • Communicate RPA’s potential business benefits to stakeholders.

    Automate Work Faster and More Easily With Robotic Process Automation Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should use RPA to automate routine, repetitive data collection and processing work, review Info-Tech’s methodology, and understand the ways we can support you.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Discover robotic process automation

    Learn about RPA, including how it compares to IT-led automation rooted in business process management practices and the role of AI.

    • Automate Work Faster and More Easily With Robotic Process Automation – Phase 1: Discover Robotic Process Automation
    • Robotic Process Automation Communication Template

    2. Identify processes best suited for robotic process automation

    Identify and prioritize candidate processes for RPA.

    • Automate Work Faster and More Easily With Robotic Process Automation – Phase 2: Identify Processes Best Suited for Robotic Process Automation
    • Process Evaluation Tool for Robotic Process Automation
    • Minimum Viable Business Case Document
    [infographic]

    Run Better Meetings

    • Buy Link or Shortcode: {j2store}287|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Voice & Video Management
    • Parent Category Link: /voice-video-management

    Your newly hybrid workplace will include virtual, hybrid, and physical meetings, presenting several challenges:

    • The experience for onsite and remote attendees is not equal.
    • Employees are experiencing meeting and video fatigue.
    • Meeting rooms are not optimized for hybrid meetings.
    • The fact is that many people have not successfully run hybrid meetings before.

    Our Advice

    Critical Insight

    • Successful hybrid workplace plans must include planning around hybrid meetings. Seamless hybrid meetings are the result of thoughtful planning and documented best practices.

    Impact and Result

    • Identify your current state and the root cause of unsatisfactory meetings.
    • Review and identify meetings best practices around meeting roles, delivery models, and training.
    • Improve the technology that supports meetings.
    • Use Info-Tech’s quick checklists and decision flowchart to accelerate meeting planning and cover your bases.

    Run Better Meetings Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should run better meetings, review Info-Tech’s methodology, and understand the ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Identify the current state of meetings

    Understand the problem before you try to fix it. Before you can improve meetings, you need to understand what your norms and challenges currently are.

    • Checklist: Run a Virtual or Hybrid Meeting

    2. Publish best practices for how meetings should run

    Document meeting roles, expectations, and how meetings should run. Decide what kind of meeting delivery model to use and develop a training program.

    • Meeting Challenges and Best Practices
    • Meeting Type Decision Flowchart (Visio)
    • Meeting Type Decision Flowchart (PDF)

    3. Improve meeting technology

    Always be consulting with users: early in the process to set a benchmark, during and after every meeting to address immediate concerns, and quarterly to identify trends and deeper issues.

    • Team Charter
    • Communications Guide Poster Template
    [infographic]

    Workshop: Run Better Meetings

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Identify Current State of Meetings

    The Purpose

    Understand the current state of meetings in your organization.

    Key Benefits Achieved

    What you need to keep doing and what you need to change

    Activities

    1.1 Brainstorm meeting types.

    1.2 Document meeting norms.

    1.3 Document and categorize meeting challenges.

    Outputs

    Documented challenges with meetings

    Meeting norms

    Desired changes to meeting norms

    2 Review and Identify Best Practices

    The Purpose

    Review and implement meeting best practices.

    Key Benefits Achieved

    Defined meeting best practices for your organization

    Activities

    2.1 Document meeting roles and expectations.

    2.2 Review common meeting challenges and identify best practices.

    2.3 Document when to use a hybrid meeting, virtual meeting, or an in-person meeting.

    2.4 Develop a training program.

    Outputs

    Meeting roles and expectations

    List of meeting best practices

    Guidelines to help workers choose between a hybrid, virtual, or in-person meeting

    Training plan for meetings

    3 Improve Meeting Technology

    The Purpose

    Identify opportunities to improve meeting technology.

    Key Benefits Achieved

    A strategy for improving the underlying technologies and meeting spaces

    Activities

    3.1 Empower virtual meeting attendees.

    3.2 Optimize spaces for hybrid meetings.

    3.3 Build a team of meeting champions.

    3.4 Iterate to build and improve meeting technology.

    3.5 Guide users toward each technology.

    Outputs

    Desired improvements to meeting rooms and meeting technology

    Charter for the team of meeting champions

    Communications Guide Poster

    Take Control of Cloud Costs on AWS

    • Buy Link or Shortcode: {j2store}425|cart{/j2store}
    • member rating overall impact: 9.3/10 Overall Impact
    • member rating average dollars saved: $62,500 Average $ Saved
    • member rating average days saved: 26 Average Days Saved
    • Parent Category Name: Cloud Strategy
    • Parent Category Link: /cloud-strategy
    • Traditional IT budgeting and procurement processes don't work for public cloud services.
    • The self-service nature of the cloud means that often the people provisioning cloud resources aren't accountable for the cost of those resources.
    • Without centralized control or oversight, organizations can quickly end up with massive AWS bills that exceed their IT salary cost.

    Our Advice

    Critical Insight

    • Most engineers care more about speed of feature delivery and reliability of the system than they do about cost.
    • Often there are no consequences for over architecting or overspending on AWS.
    • Many organizations lack sufficient visibility into their AWS spend, making it impossible to establish accountability and controls.

    Impact and Result

    • Define roles and responsibilities.
    • Establish visibility.
    • Develop processes, procedures, and policies.

    Take Control of Cloud Costs on AWS Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should take control of cloud costs, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Build cost accountability framework

    Assess your current state, define your cost allocation model, and define roles and responsibilities.

    • Cloud Cost Management Worksheet
    • Cloud Cost Management Capability Assessment
    • Cloud Cost Management Policy
    • Cloud Cost Glossary of Terms

    2. Establish visibility

    Define dashboards and reports, and document account structure and tagging requirements.

    • Service Cost Cheat Sheet

    3. Define processes and procedures

    Establish governance for tagging and cost control, define processes for right-sizing, and define processes for purchasing commitment discounts.

    • Right-Sizing Workflow (Visio)
    • Right-Sizing Workflow (PDF)
    • Commitment Purchasing Workflow (Visio)
    • Commitment Purchasing Workflow (PDF)

    4. Build implementation plan

    Document process interactions, establish program KPIs, and build implementation roadmap and communication plan.

    • Cloud Cost Management Task List

    Infographic

    Workshop: Take Control of Cloud Costs on AWS

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Build Cost Accountability Framework

    The Purpose

    Establish clear lines of accountability and document roles and responsibilities to effectively manage cloud costs.

    Key Benefits Achieved

    Chargeback/showback model to provide clear accountability for costs.

    Understanding of key areas to focus on to improve cloud cost management capabilities.

    Activities

    1.1 Assess current state

    1.2 Determine cloud cost model

    1.3 Define roles and responsibilities

    Outputs

    Cloud cost management capability assessment

    Cloud cost model

    Roles and responsibilities

    2 Establish Visibility

    The Purpose

    Establish visibility into cloud costs and drivers of those costs.

    Key Benefits Achieved

    Better understanding of what is driving costs and how to keep them in check.

    Activities

    2.1 Develop architectural patterns

    2.2 Define dashboards and reports

    2.3 Define account structure

    2.4 Document tagging requirements

    Outputs

    Architectural patterns; service cost cheat sheet

    Dashboards and reports

    Account structure

    Tagging scheme

    3 Define Processes and Procedures

    The Purpose

    Develop processes, procedures, and policies to control cloud costs.

    Key Benefits Achieved

    Improved capability of reducing costs.

    Documented processes and procedures for continuous improvement.

    Activities

    3.1 Establish governance for tagging

    3.2 Establish governance for costs

    3.3 Define right-sizing process

    3.4 Define purchasing process

    3.5 Define notification and alerts

    Outputs

    Tagging policy

    Cost control policy

    Right-sizing process

    Commitment purchasing process

    Notifications and Alerts

    4 Build Implementation Plan

    The Purpose

    Document next steps to implement and improve cloud cost management program.

    Key Benefits Achieved

    Concrete roadmap to stand up and/or improve the cloud cost management program.

    Activities

    4.1 Document process interaction changes

    4.2 Define cloud cost program KPIs

    4.3 Build implementation roadmap

    4.4 Build communication plan

    Outputs

    Changes to process interactions

    Cloud cost program KPIs

    Implementation roadmap

    Communication plan

    Build a Zero Trust Roadmap

    • Buy Link or Shortcode: {j2store}253|cart{/j2store}
    • member rating overall impact: 9.3/10 Overall Impact
    • member rating average dollars saved: $48,932 Average $ Saved
    • member rating average days saved: 42 Average Days Saved
    • Parent Category Name: Security Strategy & Budgeting
    • Parent Category Link: /security-strategy-and-budgeting
    • Many IT and security leaders struggle to understand zero trust and how best to deploy it with their existing IT resources.
    • The need to move from a perimeter-based approach to security toward an “Always Verify” approach is clear. The path to getting there is complex and expensive.
    • Zero trust as a principle is a moving target due to competing definitions and standards. A strategy that adapts evolving best practices must be supported by business stakeholders.
    • Full zero trust includes many components. Performing an accurate assessment of readiness and benefits to adopt zero trust can be extremely difficult when you don’t know where to start.

    Our Advice

    Critical Insight

    Apply zero trust to key protect surfaces. A successful zero trust strategy should evolve through an iterative and repeatable process by assessing the full spectrum of available technologies to apply zero trust principles to the most relevant protect surfaces.

    Impact and Result

    Every organization should have a zero trust strategy and the roadmap to deploy it must always be tested and refined. Our unique approach:

    • Assess resources and determine zero trust readiness.
    • Prioritize initiatives and build out roadmap.
    • Deploy zero trust and monitor with zero trust progress metrics.

    Build a Zero Trust Roadmap Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Build a Zero Trust Roadmap Deck – The purpose of the storyboard is to provide a detailed description of the steps involving in building a roadmap for implementing zero trust.

    The storyboard contains five easy-to-follow steps on building a roadmap for implementing zero trust, from aligning initiatives to business goals to establishing metrics for measuring the progress and effectiveness of a zero trust implementation.

    • Build a Zero Trust Roadmap – Phases 1-5

    2. Zero Trust Protect Surface Mapping Tool – A tool to identify key protect surfaces and map them to business goals.

    Use this tool to develop your zero trust strategy by having it focus on key protect surfaces that are aligned to the goals of the business.

    • Zero Trust Protect Surface Mapping Tool

    3. Zero Trust Program Gap Analysis Tool – A tool to perform a gap analysis between the organization's current implementation of zero trust controls and its desired target state and to build a roadmap to achieve the target state.

    Use this tool to develop your zero trust strategy by creating a roadmap that is aligned with the current state of the organization when it comes to zero trust and its desired target state.

    • Zero Trust Program Gap Analysis Tool

    4. Zero Trust Candidate Solutions Selection Tool – A tool to identify and evaluate solutions for identified zero trust initiatives.

    Use this tool to develop your zero trust strategy by identifying the best solutions for zero trust initiatives.

    • Zero Trust Candidate Solutions Selection Tool

    5. Zero Trust Progress Monitoring Tool – A tool to identify metrics to measure the progress and efficiency of the zero trust implementation.

    Use this tool to develop your zero trust strategy by identifying metrics that will allow the organization to monitor how the zero trust implementation is progressing, and whether it is proving to be effective.

    • Zero Trust Progress Monitoring Tool

    6. Zero Trust Communication Deck – A template to present the zero trust template to key stakeholders.

    Use this template to present the zero trust strategy and roadmap to ensure all key elements are captured.

    • Zero Trust Communication Deck

    Infographic

    Workshop: Build a Zero Trust Roadmap

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Define Business Goals and Protect Surfaces

    The Purpose

    Align business goals to protect surfaces.

    Key Benefits Achieved

    A better understanding of how business goals can map to key protect surfaces and their associated DAAS elements.

    Activities

    1.1 Understand business and IT strategy and plans.

    1.2 Define business goals.

    1.3 Identify five critical protect surfaces and their associated DAAS elements.

    1.4 Map business goals and protect surfaces.

    Outputs

    Mapping of business goals to key protect surfaces and their associated DAAS elements.

    2 Begin Gap Analysis

    The Purpose

    Identify and define zero trust initiatives.

    Key Benefits Achieved

    A list of zero trust initiatives to be prioritized and set into a roadmap.

    Activities

    2.1 Assess current security capabilities and define the zero trust target state for a set of controls.

    2.2 Identify tasks to close maturity gaps.

    2.3 Assign tasks to zero trust initiatives.

    Outputs

    Security capabilities current state assessment

    Zero trust target state

    Tasks to address maturity gaps

    3 Complete Gap Analysis

    The Purpose

    Complete the zero trust gap analysis and prioritize zero trust initiatives.

    Key Benefits Achieved

    A prioritized list of zero trust initiatives aligned to business goals and key protect surfaces.

    Activities

    3.1 Align initiatives to business goals and key protect surfaces.

    3.2 Conduct cost/benefit analysis on zero trust initiatives.

    3.3 Prioritize initiatives.

    Outputs

    Zero trust initiative list mapped to business goals and key protect surfaces

    Prioritization of zero trust initiatives

    4 Finalize Roadmap and Formulate Policies

    The Purpose

    Finalize the zero trust roadmap and begin to formulate zero trust policies for roadmap initiatives.

    Key Benefits Achieved

    A zero trust roadmap of prioritized initiatives.

    Activities

    4.1 Define solution criteria.

    4.2 Identify candidate solutions.

    4.3 Evaluate candidate solutions.

    4.4 Finalize roadmap.

    4.5 Formulate policies for critical DAAS elements.

    4.6 Establish metrics for high-priority initiatives.

    Outputs

    Zero trust roadmap

    Zero trust policies for critical protect surfaces

    Method for defining zero trust policies for candidate solutions

    Metrics for high-priority initiatives

    Further reading

    Build a Zero Trust Roadmap

    Leverage an iterative and repeatable process to apply zero trust to your organization.

    EXECUTIVE BRIEF

    Analyst Perspective

    Internet is the new corporate network.

    For the longest time we have focused on reducing the attack surface to deter malicious actors from attacking organizations, but I dare say that has made these actors scream “challenge accepted.” With sophisticated tools, time, and money in their hands, they have embarrassed even the finest of organizations. A popular hybrid workforce and rapid cloud adoption have introduced more challenges for organizations, as the security and network perimeter have shifted and the internet is now the corporate network. Suffice it to say that a new mindset needs to be adopted to stay on top of the game.

    The success of most attacks is tied to denial of service, data exfiltration, and ransom. A shift from focusing on the attack surface to the protect surface will help organizations implement an inside-out architecture that protects critical infrastructure, prevents the success of any attack, makes it difficult to gain access, and links directly to business goals.

    Zero trust principles aid that shift across several pillars (Identity, Device, Application, Network, and Data) that make up a typical infrastructure; hence, the need for a zero trust roadmap to accomplish that which we desire for our organization.

    Victor Okorie
    Senior Research Analyst, Security and Privacy
    Info-Tech Research Group

    Executive Summary

    Your Challenge

    • Many IT and security leaders struggle to understand zero trust and how best to deploy it with their existing IT resources.
    • The need to move from a perimeter-based approach to security toward an “Always Verify” approach is clear. The path to getting there is complex and expensive.

    Common Obstacles

    • Zero trust as a principle is a moving target due to competing definitions and standards. A strategy that adapts evolving best practices must be supported by business stakeholders.
    • Full zero trust includes many components. Performing an accurate assessment of readiness and benefits to adopt zero trust can be extremely difficult when you don’t know where to start.

    Info-Tech’s Approach

    • Every organization should have a zero trust strategy and the roadmap to deploy it must always be tested and refined.
    • Our unique approach:
      • Assess resources and determine zero trust readiness.
      • Address barriers and identify enablers.
      • Prioritize initiatives and build out roadmap.
      • Identify most appropriate vendors via vendor selection framework.
      • Deploy zero trust and monitor with zero trust progress metrics.

    Info-Tech Insight

    A successful zero trust strategy should evolve through an iterative and repeatable process by assessing the full spectrum of available technologies to apply zero trust principles to the most relevant protect surfaces.

    Your challenge

    This research is designed to help organizations:

    • Understand what zero trust is and decide how best to deploy it with their existing IT resources. Zero trust is a set of principles that defaults to the highest level of security; a failed implementation can easily disrupt the business. A pragmatic zero trust implementation must be flexible and adaptable yet maintain a consistent level of protection.
    • Move from a perimeter-based approach to security toward an “Always Verify” approach. The path to getting there is complex without a clear understanding of desired outcomes. Focusing efforts on key protection gaps and leveraging capable controls in existing architecture allows for a repeatable process that carries IT, security, and the business along on the journey.

    On this zero trust journey, identify your valuable assets and zero trust controls to protect them.

    Top three reasons for building a zero trust strategy

    44%

    Reduce attacker’s ability to move laterally

    44%

    Enforce least privilege access to critical resources

    41%

    Reduce enterprise attack surface

    Common obstacles

    These barriers make this challenge difficult to address for many organizations:

    • Due to zero trust’s many components, performing an accurate assessment of readiness and benefits to adopt zero trust can be extremely difficult when you don’t know where to start.
      • To feel ready to implement and to understand the benefits of zero trust, IT must first understand what zero trust means to the organization.
    • Zero trust as a set of principles is a moving target, with many developing standards and competing technology definitions. A strategy built around evolving best practices must be supported by related business stakeholders.
      • To ensure support, IT must be able to “sell” zero trust to business stakeholders by illustrating the value zero trust can bring to business objectives.

    43%

    Organizations with a full implementation of zero trust saved 43% on the costs of data breaches.
    (Source: Teramind, 2021)

    96%

    Zero trust is considered key to the success of 96% of organizations in a survey conducted by Microsoft.
    (Source: Microsoft, 2021)

    What is zero trust?

    It depends on who you ask…

    • Vendors use zero trust as a marketing buzzword.
    • Organizations try to comprehend zero trust in their own limited views.
    • Zero trust regulations/standards are still developing.

    “A cybersecurity paradigm focused on resource protection and the premise that trust is never granted implicitly but must be continually evaluated.”

    Source: NIST, SP 800-207: Zero Trust Architecture, 2020

    “An evolving set of cybersecurity paradigms that move defenses from static, network-based perimeters to focus on users, assets, and resources.”

    Source: DOD, Zero Trust Reference Architecture, 2021

    “A security model, a set of system design principles, and a coordinated cybersecurity and system management strategy based on an acknowledgement that threats exist both inside and outside traditional network boundaries.”

    Source: NSA, Embracing a Zero Trust Security Model, 2021

    “Zero trust provides a collection of concepts and ideas designed to minimize uncertainty in enforcing accurate, least privilege per-request access decisions in information systems and services in the face of a network viewed as compromised.”

    Source: CISA, Zero Trust Maturity Model, 2021

    “The foundational tenet of the zero trust model is that no actor, system, network, or service operating outside or within the security perimeter is trusted.”

    Source: OMB, Moving the U.S. Government Toward Zero Trust Cybersecurity Principles, 2022

    What is zero trust?

    From Theoretical to Practical

    Zero trust is an ideal in the literal sense of the word, because it is a standard defined by its perfection. Just as nothing in life is perfect, there is no measure that determines an organization is absolutely zero trust. The best organizations can do is improve their security iteratively and get as close to ideal as possible.

    In the most current application of zero trust in the enterprise, a zero trust strategy applies a set of principles, including least-privilege access and per-request access enforcement, to minimize compromise to critical assets. A zero trust roadmap is a plan that leverages zero trust concepts, considers relationships between technical elements as well as security solutions, and applies consistent access policies to minimize areas of exposure.

    Zero Trust; Identity; Workloads & Applications; Network; Devices; Data

    Info-Tech Insight

    Solutions offering zero trust often align with one of five pillars. A successful zero trust implementation may involve a combination of solutions, each protecting the various data, application, assets, and/or services elements in the protect surface.

    Zero trust business benefits

    Reduce business and organizational risk

    Reduced business risks as continuous verification of identity, devices, network, applications, and data is embedded in the organizations practice.

    36% of data breaches involved internal actors.
    Source: Verizon, 2021

    Reduce CapEx and OpEx

    Reduced CapEx and OpEx due to the scalability, low staffing requirement, and improved time-to-respond to threats.
    Source: SecurityBrief - Australia, 2020.

    Reduce scope and cost of compliance

    Helps achieve compliance with several privacy standards and regulations, improves maturity for cyber insurance premium, and fewer gaps during audits.

    Scope of compliance reduced due to segmentation.

    Reduce risk of data breach

    Reduced risk of data breach in any instance of a malicious attack as there’s no lateral movement, secure segment, and improved visibility.

    10% Increase in data breach costs; costs went from $3.86 million to $4.24 million.
    Source: IBM, 2021

    This is an image of a thought map detailing Info-Tech's Build A Zero Trust Roadmap.  The main headings are: Define; Design; Develop; Monitor

    Info-Tech’s methodology for Building a Zero Trust Roadmap

    1. Define Business Goals and Protect Surfaces

    2. Assess Key Capabilities and Identify Zero Trust Initiatives

    3. Evaluate Candidate Solutions and Finalize Roadmap

    4. Formulate Policies for Roadmap Initiatives

    5. Monitor the Zero Trust Roadmap Deployment

    Phase Steps

    Define business goals

    Identify critical DAAS elements

    Map business goals to critical DAAS elements

    1. Review the Info-Tech framework
    2. Assess current capabilities and define the zero trust target state
    3. Identify tasks to close gaps
    4. Define tasks and initiatives
    5. Align initiatives to business goals and protect surfaces
    1. Define solution criteria
    2. Identify candidate solutions
    3. Evaluate candidate solutions
    4. Perform cost/benefit analysis
    5. Prioritize initiatives
    6. Finalize roadmap
    1. Formulate policies for critical DAAS elements
    2. Formulate policies to secure a path to access critical DAAS elements
    1. Establish metrics for roadmap tasks
    2. Track and report metrics
    3. Build a communication deck

    Phase Outcomes

    Mapping of business goals to protect surfaces

    Gap analysis of security capabilities

    Evaluation of candidate solutions and a roadmap to close gaps

    Method for defining zero trust policies for candidate solutions

    Metrics for measuring the progress and efficiency of the zero trust implementation

    Protect what is relevant

    Apply zero trust to key protect surfaces

    A successful zero trust strategy should evolve through an iterative and repeatable process by assessing the full spectrum of available technologies to apply zero trust principles to the most relevant protect surfaces.

    Align protect surfaces to business objectives

    Developing a zero trust roadmap collaboratively with business stakeholders enables alignment with upcoming business priorities and industry trends.

    Identify zero trust capabilities

    Deriving protect surface elements from business goals reframes how security controls are applied. Assess control effectiveness in this context and identify zero trust capabilities to close any gaps.

    Roadmap first, not solution first

    Don’t let your solution dictate your roadmap. Define your zero trust solution criteria before engaging in vendor selection.

    Create enforceable policies

    The success of a zero trust implementation relies on consistent enforcement. Applying the Kipling methodology to each protect surface is the best way to design zero trust policies.

    Success should benefit the organization

    To measure the efficacy of a zero trust implementation, ensure you know what a successful zero trust implementation means for your organization, and define metrics that demonstrate whether that success is being realized.

    Blueprint deliverables

    Each step of this blueprint is accompanied by supporting deliverables to help you accomplish your goals:

    Key deliverable:

    Zero Trust Communication Deck

    Present your zero trust strategy in a prepopulated document that summarizes the work you have completed as a part of this blueprint.

    Zero Trust Protect Surface Mapping Tool

    Identify critical and vulnerable DAAS elements to protect and align them to business goals.

    Zero Trust Program Gap Analysis Tool

    Perform a gap analysis between current and target states to build a zero trust roadmap.

    Zero Trust Candidate Solutions Selection Tool

    Determine and evaluate candidate solutions based on defined criteria.

    Zero Trust Progress Monitoring Tool

    Develop metrics to track the progress and efficiency of the organization’s zero trust implementation.

    Blueprint benefits

    IT Benefits

    • A mapped transaction flow of critical and vulnerable assets and visibility of where to implement security controls that aligns with the principle of zero trust.
    • Improved security posture across the digital attack surface while focusing on the protect surface.
    • An inside-out architecture that leverages current existing architecture to tighten security controls, is automated, and gives granular visibility.

    Business Benefits

    • Reduced business risks as continuous verification of identity, devices, network, applications, and data is embedded in the organization’s practice.
    • Reduced CapEx and OpEx due to the scalability, low staffing requirement, and improved time-to-respond to threats.
    • Helps achieve compliance with several privacy standards and regulations, improves maturity for cyber insurance premium, and fewer gaps during audits.
    • Reduced risk of data breach in any instance of a malicious attack.

    Measure the value of this blueprint

    Save an average of $1.76 million dollars in the event of a data breach

    • This research set seeks to help organizations develop a mature zero trust implementation which, according to IBM’s “Cost of a Data Breach 2021 Report,” saves organizations an average of $1.76 million in the event of a data breach.
    • Leverage phase 5 of this research to develop metrics to track the implementation progress and efficacy of zero trust tasks.

    43%

    Organizations with a mature implementation of zero trust saved 43%, or $1.76 million, on the costs of data breaches.
    Source: IBM, 2021

    In phase 2 of this blueprint, we will help you establish zero trust implementation tasks for your organization.

    In phase 3, we will help you develop a game plan and a roadmap for implementing those tasks.

    This image contains a screenshot info-tech's methodology for building a zero-trust roadmap, discussed earlier in this blueprint

    Executive Brief Case Study

    National Aeronautics and Space Administration (NASA)

    INDUSTRY: Government

    SOURCE: Zero Trust Architecture Technical Exchange Meeting

    NASA recognized the potential benefits of both adopting a zero trust architecture (including aligning with OMB FISMA and DHS CDM DEFEND) and improving NASA systems, especially those related to user experience with dynamic access, application security with sole access from proxy, and risk-based asset management with trust score. The trust score is continually evaluated from a combination of static factors, such as credential and biometrics, and dynamic factors, such as location and behavior analytics, to determine the level of access. The enhanced access mechanism is projected on use-case flows of users and external partners to analyze the required initiatives.

    The lessons learned in adapting zero trust were:

    • Focus on access to data, assets, applications, and services; and don’t select solutions or vendors too early.
    • Provide support for mobile and external partners.
    • Complete zero trust infrastructure and services design with holistic risk-based management, including network access control with software-defined networking and an identity management program.
    • Develop a zero trust strategy that aligns with mission objectives.

    Results

    NASA implemented zero trust architecture by leveraging the agency existing components on a roadmap with phases related to maturity. The initial development includes privileged access management, security user behavior analytics, and a proof-of-concept lab for evaluating the technologies.
    Case Study Source: NASA, “Planning for a Zero Trust Architecture Target State,” 2019

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    “Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful.”

    Guided Implementation

    “Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track.”

    Workshop

    “We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place.”

    Consulting

    “Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project.”

    Diagnostics and consistent frameworks used throughout all four options

    Guided Implementation

    What does a typical GI on this topic look like?

    Phase 1 Phase 2 Phase 3 Phase 4 Phase 5
    Call #1:
    Scope requirements, objectives, and your specific challenges.

    Call #3:
    Define current security capabilities and zero trust target state.

    Call #5:

    Identify and evaluate solution criteria.

    Call #7:
    Create a process for formulating zero trust policies.

    Call #8:
    Establish metrics for assessing the implementation and effectiveness of zero trust.

    Call #2:
    Identify business goals and protect surfaces.

    Call #4:
    Identify gap-closing tasks and assign to zero trust initiatives.

    Call #6:
    Prioritize zero trust initiatives.

    A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization.
    A typical GI is between 8 to 12 calls over the course of 2 to 4 months.

    Workshop Overview

    Contact your account representative for more information.workshops@infotech.com 1-888-670-8889

    Day 1 Day 2 Day 3 Day 4 Day 5

    Define Business Goals and Protect Surfaces

    Begin Gap Analysis

    Complete Gap Analysis

    Finalize Roadmap and Formulate Policies

    Next Steps and
    Wrap-Up (offsite)

    Activities

    1.1 Understand business and IT strategy and plans.

    1.2 Define business goals.

    1.3 Identify five critical protect surfaces and their associated DAAS elements.

    1.4 Map business goals and protect surfaces.

    2.1 Assess current security capabilities and define the zero Trust target state for a set of controls.

    2.2 Identify tasks to close maturity gaps.

    2.3 Assign tasks to zero trust initiatives.

    3.1 Align initiatives to business goals and key protect surfaces.

    3.2 Conduct cost/benefit analysis on zero trust initiatives.

    3.3 Prioritize initiatives.

    4.1 Define solution criteria.

    4.2 Identify candidate solutions.

    4.3 Evaluate candidate solutions.

    4.4 Finalize roadmap.

    4.5 Formulate policies for critical DAAS elements.

    4.6 Establish metrics for high-priority initiatives.

    5.1 Complete in-progress deliverables from previous four days.

    5.2 Set up review time for workshop deliverables and to discuss next steps.

    Deliverables
    1. 1.Mapping of business goals to key protect surfaces and their associated DAAS elements
    1. Security capabilities current state assessment
    2. Zero trust target state
    3. Tasks to address maturity gaps
    1. Zero trust initiative list mapped to business goals and key protect surfaces
    2. Prioritization of zero trust initiatives
    1. Zero trust roadmap
    2. Zero trust policies for critical protect surfaces
    3. Method for defining zero trust policies for candidate solutions
    4. Metrics for high-priority initiatives
    1. Zero trust roadmap documentation
    2. Mapping of Info-Tech resources against individual initiatives

    Phase 1

    Define Business Objectives and Protect Surfaces

    Build a Zero Trust Roadmap

    This phase will walk you through the following activities:

    • Identify and define the business goals.
    • Identify the critical DAAS elements and protect surface.
    • Align the business goals to the protect surface and critical DAAS elements.

    This phase involves the following participants:

    • Security Team
    • Business Executives
    • Subject Matter Experts From IT, Finance, HR, Legal, Facilities, Compliance, Audit, Risk Management

    Analyze your business goals

    Identifying business goals is the first step in aligning your zero trust roadmap with your business’ vision.

    • Security leaders need to understand the direction the business is headed in.
    • Wise security investments depend on aligning your security initiatives to business objectives.
    • Zero trust, and information security at large, should contribute to your organization’s business objectives by supporting operational performance, ensuring brand protection and shareholder value.
      • For example, if the organization is working on a new business initiative that requires the handling of credit card payments, the security organization needs to know as soon as possible to ensure the zero trust architecture will be extended to protect the PCI data and enable the organization to be PCI compliant.

      Info-Tech Insight

      Security and the business need to be in alignment when implementing zero trust. Defining the business goal helps rationalize the need for a zero trust implementation.

    1.1 Define your organization’s business goals

    Estimated time 1-3 hours

    1. As a group, brainstorm the business goals of the organization.
    2. Review relevant business and IT strategies.
    3. Review the business goal definitions in tab “2. Business Objectives” of the Zero Trust Protect Surface Mapping Tool, including the key goal indicator metrics.
    4. Record the most important business goals in the Business Goal column on tab “3. Protect Surfaces” of the Zero Trust Protect Surface Mapping Tool. Try to limit the number of business goals to no more than five primary goals. This limitation will be critical to help map the protect surface and the zero trust roadmap later.

    Input

    • Business and IT strategies

    Output

    • Prioritized list of business objectives

    Materials

    • Whiteboard/Flip Charts
    • Zero Trust Protect Surface Mapping Tool

    Participants

    • Security Team
    • IT Leadership
    • Business Stakeholders
    • Risk Management
    • Compliance
    • Legal

    Download the Zero Trust Protect Surface Mapping Tool

    Info-Tech Insight

    Developing a zero trust roadmap collaboratively with business stakeholders enables alignment with upcoming business priorities and industry trends.

    What does zero trust mean for you?

    For a successful implementation, focus on your zero trust outcome.

    This image describes the Who, What, When, Where, Why, and How for Zero Trust.

    Regardless of whether the user is accessing resources internally or externally, zero trust is posed to authenticate, authorize, and continuously verify the security policies and posture before access is granted or denied. Many network architecture can be local, cloud based, or hybrid and with users working from any location, there is no network perimeter as we knew it and the internet is now the corporate network.

    Zero trust framework seeks to extend the perimeter-less security to the present digital transformation.

    Understand protect surface

    Data, Application, Asset, and Services

    A protect surface can be described as what’s critical, most vulnerable, or most valuable to your organization. This protect surface could include at least one of the following – data, assets, applications, and services (DAAS) – that requires protection. This is also the area that zero trust policy is aimed to protect. Understanding what your protect surface is can help channel the required energy into protecting that which is crucial to the business, and this aligns with the shift from focusing on the attack surface to narrowing it down to a smaller and achievable area of protection.

    Anything and everything that connects to the internet is a potential attack surface and pursuing every loophole will leave us one step behind due to lack of resources. Since a protect surface contains one or more DAAS element, the micro-perimeter is created around it and the appropriate protection is applied around it. As a team, we can ask ourselves this question when thinking of our protect surface: to what degree does my organization want me to secure things? The knowledge of the answer to this question can be tied to the risk tolerance level of the organization and it is only fair for us to engage the business in identifying what the protect surface should be.

    Components of a protect surface

    • Data
    • Application
    • Asset
    • Services

    Info-Tech Insight

    The protect surface is a shift from focusing on the attack surface. DAAS elements show where the initiatives and controls associated with the zero trust pillars (Identity, Devices, Network, Application, and Data) need to be applied.

    Sample Scenario

    INDUSTRY: Healthcare

    SOURCE: Info-Tech Research Group

    Illustration

    A healthcare provider would consider personal health information a critical resource worthy of being protected against data exfiltration due to a host of reasons including but not limited to privacy regulations, loss of revenue, legal, and reputational loss; hence, this would be considered a protect surface.

    • What is the data that can’t be risked exfiltrated?
    • What application(s) is used to access this data?
    • What assets are used to generate and store the data?
    • What are the services we rely on to be able to access the data?

    DAAS Element

    • The data here is the patient information.
    • The application used to access the personal health information would be EPIC, OR list, and any other application used in that organization.
    • The assets used to store the data and generate the PHI would include physical workstations, medical scanners, etc.
    • The services that can be exploited to disrupt the operation or used to access the data would include active directory, single sign-on, etc.

    DAAS and Zero Trust Pillar

    This granular identification provides an opportunity to not only see what the protect surface and DAAS elements are but also understand where to apply security controls that align with the principle of zero trust as well as how the transaction flows. The application pillar initiatives will provide protection to the EPIC application and the device pillar initiatives will provide protection to the workstations and physical scanners. The identity pillar initiatives will apply protection to the active directory, and single sign-on services. The zero trust pillar initiatives align with the protection of the DAAS elements.

    Shift from attack surface to protect surface

    This image contains a screenshot of the thought map: Shift from attack surface to protect surface.  Go from complex to a micro perimeter approach.

    Info-Tech Insight

    The protect surface is a shift from focusing on the attack surface as it creates a micro-perimeter for the application of zero trust policies on the system. This drastically reduces the success of an attack whether internally or externally, reduces the attack surface, and is also repeatable.

    1.2 Identify critical DAAS elements

    Estimated time 1-3 hours

    1. As a group, brainstorm and identify critical, valuable, sensitive assets or resources requiring high availability in the organization. Each DAAS element is part of a protect surface, or sometimes, the DAAS element itself is a protect surface.
    • Data – The sensitive data that poses the greatest risk if exfiltrated or misused. What data needs to be protected?
    • Applications – The applications that use sensitive data or control critical assets. Which applications are critical for your business functions?
    • Assets – Physical or virtual assets, including an organization’s information technology (IT), operational technology (OT), or Internet of Things devices.
    • Services – The services an organization most depends on. Services that can be exploited to disrupt normal IT or business operations.
  • Record the critical DAAS elements and protect surface in their respective columns of the Zero Trust Protect Surface Mapping Tool. Try to limit the number of business goals to no more than five primary protect surfaces to match with the business goals.
  • Download the Zero Trust Protect Surface Mapping Tool

    Input

    • Critical resources to protect
    • Understanding of how they interoperate or connect

    Output

    • Protect surfaces

    Materials

    • Whiteboard/Flip Charts
    • Zero Trust Protect Surface Mapping Tool

    Participants

    • Security Team
    • IT Leadership
    • Business Stakeholders

    1.3 Map business goals to critical DAAS elements

    Estimated time 1-2 hours

    1. The protect surface will be generated from the critical DAAS elements as a standalone protect surface or a group of interconnected DAAS elements merged into one.
    • Each protect surface can be tied back to a business objective.
  • Select from the drop-down list of business objectives the option that fits the identified protect surface as it relates to the organization.
    • Type in your business objectives if the drop-down list does not apply.

    Download the Zero Trust Protect Surface Mapping Tool

    This image contains a screenshot from the Zero Trust Protect Surface Mapping Tool, with the following columns highlighted: Business Goal Name; Protect Surface Name

    Phase 2

    Assess Key Capabilities and Identify Zero Trust Initiatives

    Build a Zero Trust Roadmap

    This phase will walk you through the following activities:

    • Assess the organization’s current capabilities.
    • Define the zero trust target state.
    • Identify tasks to close gaps
    • Define zero trust initiatives and align zero trust initiatives to business goals and protect surfaces.

    This phase involves the following participants:

    • Security Team
    • Subject Matter Experts From IT, Finance, HR, Legal, Facilities, Compliance, Audit, Risk Management
    • Project Management Office

    The Info-Tech Zero Trust Framework

    Info-Tech’s Zero Trust Framework aligns with zero trust references, including:

    • ACT Zero Trust Cybersecurity Current Trends. 2019
    • NIST SP 800-207: Zero Trust Architecture. 2020
    • DOD Zero Trust Reference Architecture. 2021
    • NSA Embracing a Zero Trust Security Model. 2021
    • CISA Zero Trust Maturity Model. 2021
    • Executive Order (EO) 14028: Improving the Nation’s Cybersecurity, The White House. 2021
    • OMB Moving the U.S. Government Toward Zero Trust Cybersecurity Principles. 2022
    • NSTAC Zero Trust and Trusted Identity Management. 2022
    • NIST SP 800-53 r5: Security and Privacy Controls for Information Systems and Organizations

    Identity

    • Authentication
    • Authorization
    • Privileged Access Management

    Applications

    • Software Defined Compute
    • DevSecOps
    • Software Supply Chain

    Devices

    • Authentication
    • Authorization
    • Compliance

    Networks

    • Software Defined Networking
    • Macro Segmentations
    • Micro Segmentation

    Data

    • Software Defined Storage
    • Data Loss Prevention
    • Data Rights Management

    Info-Tech Insight

    A best-of-breed approach ensures holistic coverage of your zero trust program while refraining from locking you into a specific reference.

    2.1 Review the Info-Tech framework

    Estimated time 30-60 minutes

    1. As a group, have the team review the framework within the Zero Trust Program Gap Analysis Tool.
    2. Customize the tool as required using the instructions in tab “2. Setup”:
    • Define costing criteria
    • Define benefits criteria
    • Configure full-time equivalent hours and start year
    • Input business goals as mapped to protect surfaces (see next slide)

    Download the Zero Trust Program Gap Analysis Tool

    Input

    • Protect surfaces mapped to business objectives

    Output

    • Customized framework

    Materials

    • Zero Trust Program Gap Analysis Tool

    Participants

    • Security Team
    • Subject Matter Experts From IT

    2.1.1 Input business goals as mapped to protect surfaces

    Refer to the Protect Surface Mapping Tool, copy the following elements from the Protect Surface tab.

    1. Enter Business Goals.
    2. Enter Protect Surfaces.
    3. Enter Data.
    4. Enter Application.
    5. Enter Assets.
    6. Enter Services.

    This image contains a screenshot from Info-Tech's Zero Trust Program Gap Analysis Tool.  The Column headings are labeled as follows: 1: Business Goal Name; 2: Protect Surface; 3: DATA; 4: APPLICATION; 5: ASSETS; 6: SERVICES

    Info-Tech Insight

    Deriving protect surface elements from business goals reframes how security controls are applied. Assess control effectiveness in this context and identify zero trust capabilities to close any gaps.

    2.2 Assess current capabilities and define zero trust target state

    Estimated time 6-12 hours

    1. Using the Zero Trust Program Gap Analysis Tool, review each of the controls in the Gap Analysis tab.
    2. Follow the instructions on the next slides to complete your current-state and target-state assessment.
    3. For most organizations, multiple internal subject matter experts will need to be consulted to complete the assessment.

    Download the Zero Trust Program Gap Analysis Tool

    Input

    • Protect surfaces mapped to business objectives
    • Information on current state of controls, including sources such as audit findings, vulnerability and penetration test results, and risk registers

    Output

    • Current-state and target-state assessment for gap analysis

    Materials

    • Zero Trust Program Gap Analysis Tool

    Participants

    • Security Team
    • Subject Matter Experts From IT, Facilities, Audit, Risk Management

    Understanding security target states

    Maturity models are very effective for determining target states. This table provides general descriptions for each maturity level. As a group, consider which description most accurately reflects the ideal target state in your organization.

    AD HOC 01

    Initial/ad hoc security programs are reactive. Lacking strategic vision, these programs are less effective and less responsive to the needs of the business.

    DEVELOPING 02

    Developing security programs can be effective at what they do but are not holistic. Governance is largely absent. These programs tend to rely on the talents of individuals rather than a cohesive plan.

    DEFINED 03

    A defined security program is holistic, documented, and proactive. At least some governance is in place; however, metrics are often rudimentary and operational in nature. These programs still often rely on best practices rather than strong risk management.

    MANAGED 04

    Managed security programs have robust governance and metrics processes. Management and board-level metrics for the overall program are produced. These are reviewed by business leaders and drive security decisions. More mature risk management practices take the place of best practices.

    OPTIMIZED 05

    An optimized security program is based on strong risk management practices, including the production of key risk indicators (KRIs). Individual security services are optimized using key performance indicators (KPIs) that continually measure service effectiveness and efficiency.

    2.2.1 Conduct current-state assessment

    1. Carefully review each of the controls in the Gap Analysis tab that are needed for the protect surfaces. For each control, indicate the current maturity level of the organization. The tool uses the maturity levels of the CMMI model to score maturity.
    • Only use “N/A” if you are confident that the control is not required in your protect surfaces. For example, if the protect surfaces do not require or use software-defined computing, select “N/A” for any controls related to software-defined computing.
  • Provide comments to describe your current state. This step is optional but recommended as it may be important to record this information for future reference.
  • Select the target maturity for the control.
  • This image contains a screenshot from Info-Tech's Zero Trust Program Gap Analysis Tool, with the following column headings highlighted and numbered: 1: Current Maturity; 2: Current State Comments (optional); Target Maturity

    Make sure that the gap between target state and current state is achievable for the current zero trust roadmap. For instance, if you set your current maturity to 1 – Ad Hoc, then having a target maturity of 4 – Managed or 5 – Optimized is not recommended due to the big jump.

    2.2.2 Review the Gap Analysis Dashboard

    1. Use the Dashboard to map your progress on assessing current- and future-state maturities. As you fill out the Zero Trust Program Gap Analysis Tool, check with the Dashboard to see the difference between your current and target state.
    2. Use the color-coded legend to see the size of the gap between your current and target state.
    3. Zero trust processes that appear white have not yet been assessed or are rated as “N/A.”
    this image contains a screenshot of Info-tech's Zero-Trust framework discussed earlier in this blueprint, with the addition of a legend demonstrating how to use the gap analysis tool to identify the size of the gap between current and target states

    2.3 Identify tasks to close gaps

    Estimated time 5 hours

    1. Using the Zero Trust Program Gap Analysis Tool, review each of the controls in the Gap Analysis tab.
    2. Follow the instructions on the next slides to identify gap closure tasks for each control that requires improvement.
    3. For most organizations, multiple internal subject matter experts will need to be consulted to complete the assessment.

    Download the Zero Trust Program Gap Analysis Tool

    Input

    • Zero trust controls gap information

    Output

    • Gap closure task list

    Materials

    • Zero Trust Program Gap Analysis Tool

    Participants

    • Security Team
    • Subject Matter Experts From IT, Facilities, Audit, Risk Management

    2.3 Identify tasks to close gaps (cont.)

    1. For each of the controls where there is a gap between the current and target state, a gap closure task should be identified:
    • Review the example tasks and copy one or more of them if appropriate. Otherwise, enter your own gap closure task.
  • Considerations for identifying gap closure tasks:
    • In small groups, have participants ask, “what would we have to do to achieve the target state?” Document these in the Gap Closure Tasks column.
    • The example gap closure tasks may be appropriate for your organization, but do not simply copy them without considering whether they are right for you.
    • Not all gaps require their own task. You can enter one task that may address multiple gaps.
    • Be aware that tasks that are along the lines of “investigate and make recommendations” may not fully close maturity gaps.
    this image contains a screenshot from Info-Tech's Zero Trust Program Gap Analysis Tool, with the following column heading highlighted and numbered: 1: Gap Closure Tasks

    Make sure that the Gap Closure Tasks are SMART (Specific, Measurable, Achievable, Realistic, Timebound).

    2.4 Define tasks and initiatives

    Estimated time 2-4 hours

    1. As a group, review the gap tasks identified in the Gap Analysis tab.
    2. Using the instructions on the following slides, finalize your tab “5. Task List.”
    3. Using the instructions on the following slides, review and consolidate your tab “6. Initiative List.”

    Download the Zero Trust Program Gap Analysis Tool

    Input

    • Gap analysis

    Output

    • Refined list of tasks
    • List of zero trust initiatives

    Materials

    • Zero Trust Program Gap Analysis Tool

    Participants

    • Security Team
    • Subject Matter Experts From IT, Facilities, Audit, Risk Management
    • Project Management Office

    2.4.1 Finalize your task list

    1. Define the gap closure task list in tab “5. Task List”:
      1. Obtain a list of all your tasks from Gap Closure Tasks column in tab “3. Gap Analysis.”
      2. Paste the list into the table in tab “5. Task List,” Task column.
    • Use Paste Values to retain the table formatting.
  • Consolidate tasks into initiatives when:
      • They have costs associated with them.
      • They require initial effort to implement and ongoing effort to maintain.
      • They must be accomplished dependently of other tasks.
    1. For each new initiative, create the initiative name on Initiative Name column in the tab “6. Initiative List.”
  • For tasks which are not incorporated into initiatives, enter a task owner and due date for each task.
  • this image contains a screenshot from Info-Tech's Zero Trust Gap analysis Tool with the following column headings highlighted and numbered: 1: Task; 2: Initiative Name; 3: (Task Owner; Due Date)

    Example: Initiative consolidation

    In the example below, we see three gap closure tasks within the Authentication process for the Identity pillar being consolidated into a single initiative “IAM modernization.”

    We can also see three gap closure tasks within the Micro Segmentation process for the Network pillar being grouped into another initiative “Network segmentation.”

    This image contains an example of Initiative Consolidation

    Info-Tech Insight

    As you go through this exercise, you may find that some tasks that you previously defined could be consolidated into an initiative.

    2.4.2 Finalize your initiative list

    1. As you go through this exercise, you may find that some tasks that you previously defined could be consolidated into an initiative.
    2. Review your final list of initiatives in tab “6. Initiative List” and make any required updates.
      1. Optionally, add a description or paste in a list of the individual gap closure actions that are associated with the initiative. This will make it easier to perform the cost and benefit analysis.
    3. Obtain a list of all gap closure tasks associated with an initiative by filtering the Initiative Name column in the Task List tab.
    4. Indicate the most appropriate pillar alignment for each initiative using the drop-down list.
      1. Refer to tab “5. Task List” for the pillar associated with an initiative under the Initiative Name column.

    This image contains a screenshot from Info-Tech's Zero Trust Program Gap Analysis Tool, the following column headings are numbered and highlighted: 1: Initiative Name; 2: Description; 3: Pillar

    If the list of tasks is too long for the Description column, then you can also shorten the name of the tasks or group several tasks to a more general task.

    2.5 Align initiatives to business goals and protect surfaces

    Estimated time 30-60 minutes

    1. Using the instructions on the following slides, align initiatives to business goals in tab “6. Initiative List.”
    2. Using the instructions on the following slides, align initiatives to protect surfaces in tab “6. Initiative List.”

    Download the Zero Trust Program Gap Analysis Tool

    Input

    • List of zero trust initiatives
    • Protect surfaces mapped to business objectives

    Output

    • List of zero trust initiatives aligned to business goals and protect surfaces

    Materials

    • Zero Trust Program Gap Analysis Tool

    Participants

    • Security Team
    • Subject Matter Experts From IT, Facilities, Audit, Risk Management
    • Project Management Office

    2.5.1 Align initiatives to business goals

    1. Indicate the most appropriate business goal(s) alignment for each initiative using the drop-down list in “Selection for Business Goal(s)” column.
      1. Use the legend to determine the most appropriate business goal(s).
    2. After that copy the selected business goal(s) to Business Goal(s) Alignment column.
    3. Then reset the selection using the blank cell in Selection for Business Goal(s) column.
    This image contains a screenshot from the Zero Trust Program Gap Analysis Tool, with the following column headings numbered: 1: Selection for Business Goal(s); Business Goals Alignment; 3: Selection for Business Goals

    2.5.2 Align initiatives to protect surfaces

    1. Indicate the most appropriate protect surface(s) for each initiative using the drop-down list in Selection for Protect Surface(s) column.
      1. Use the legend to determine the most appropriate protect surface(s).
    2. After that copy the selected protect surface(s) to Protect Surface(s) Coverage column.
    3. Reset the selection using the blank cell in Selection for Protect Surface(s) column.
    This image contains a screenshot from the Zero Trust Program Gap Analysis Tool, with the following column headings numbered: 1: Description; 2: Protect Surfaces Covered; 3: Selection for Protect Surfaces

    Phase 3

    Evaluate Candidate Solutions and Finalize Roadmap

    Build a Zero Trust Roadmap

    This phase will walk you through the following activities:

    • Define solution criteria.
    • Identify candidate solutions.
    • Evaluate candidate solutions.
    • Perform cost/benefit analysis.
    • Prioritize initiatives and build roadmap.

    This phase involves the following participants:

    • Security Team
    • Subject Matter Experts From IT, Finance, HR, Legal, Facilities, Compliance, Audit, Risk Management
    • Project Management Office

    3.1 Define solution criteria

    Estimated time 30-60 minutes

    1. As a group, review the scoring system within the Zero Trust Candidate Solutions Selection Tool.
    2. Customize the tool as required using the instructions on the following slides.

    Info-Tech Insight

    Don’t let your solution dictate your roadmap. Define your zero trust solution criteria before engaging in vendor selection.

    Download the Zero Trust Candidate Solutions Selection Tool

    Input

    • Zero trust initiative list

    Output

    • Zero trust candidate solutions

    Materials

    • Zero Trust Program Gap Analysis Tool
    • Zero Trust Candidate Solutions Selection Tool

    Participants

    • Security Team
    • Subject Matter Experts From IT

    3.1.1 Define compliance and solution evaluation criteria

    On the Setup tab, provide a weight for each evaluation criterion to evaluate the candidate solutions. You can use “0%” weight if that criterion is not required in your solution selection.

    1. Verify that the Description for each criterion is accurate.
    2. Provide weights for the compliance score and the solution score, which are the overall evaluation:
    • Compliance score consists of tenets score, pillar score, threat protection score, and trust algorithm score.
    • Solution score consists of features score, usability score, affordability score, and architecture score.
    This image contains a screenshot from the Zero Trust Candidate Solutions Selection Tool, which demonstrates how to define compliance and solution evaluation criteria.

    3.1.2 Define remaining evaluation criteria

    On the Setup tab, provide a weight for each evaluation criterion to evaluate the candidate solutions. You can use “0%” weight if that criterion is not required in your solution selection.

    1. Verify that the Description for each criterion is accurate.
    2. Provide weights for the remaining evaluation criteria:
    • Tenets: Considers how well each initiative aligns with zero trust principles.
    • Pillars: Considers how well each initiative aligns with zero trust pillars.
    • Threats: Considers what zero trust threats are relevant with the candidate solution.
    • Trust Algorithm: Considers trust evaluation factors, trust evaluation process score, and input coverage.
    • Cost Estimation: Considers initial costs, which are one-time, upfront capital investments (e.g. hardware and software costs), and ongoing cost, which is any annually recurring operating expenses that are new budgetary costs (e.g. licensing, maintenance, subscription fees).
    • Deployment Architecture: Considers the solutions deployment architecture capabilities.

    This image contains a screenshot from the Zero Trust Candidate Solutions Selection Tool, and demonstrates where to define additional evaluation data

    Review available candidate solutions

    this image contains a list of available candidate Solutions.  This list includes: Zero Trust Identity; Zero-Trust Application & Workloads; Zero-Trust Networks; Zero-Trust Devices; and Zero-Trust Data

    The Rapid Application Selection Framework is a comprehensive yet fast-moving approach to help you select the right software for your organization

    Five key phases sequentially add rigor to your selection efforts while giving you a clear, swift-flowing methodology to follow.

    Awareness Education & Discovery Evaluation Selection Negotiation & Configuration
    1.1 Proactively Lead Technology Optimization & Prioritization 2.1 Understand Marketplace Capabilities & Trends 3.1 Gather & Prioritize Requirements & Establish Key Success Metrics 4.1 Create a Weighted Vendor Selection Decision Model 5.1 Initiate Price Negotiation With Top
    1.2 Scope & Define the Selection Process for Each Selection Request Action 2.2 Discover Alternative Solutions & Conduct Market Education 3.2 Conduct a Data-Driven Comparison of Vendor Features & Capabilities 4.2 Conduct Investigative Interviews Focused on Mission Critical Priorities With Top 2-4 Vendors 5.2 Negotiate Contract Terms & Product Configuration Two Vendors Selected
    1.3 Conduct an Accelerated Business Needs Assessment 2.3 Evaluate Enterprise Architecture & Application Portfolio 3.3 Narrow the Field to Four Top Contenders 4.3 Validate Key Issues With Deep Technical Assessments, Trial Configuration & Reference Checks 5.3 Finalize Budget Approval & Project Implementation Timeline
    1.4 Align Stakeholder Calendars to Reduce Elapsed Time & Asynchronous Evaluation 2.4 Validate the Business Case 5.4 Invest in Training & Onboarding Assistance

    Download the Rapid Application Selection Framework research

    Evaluate software category leaders through vendor rankings and awards

    SoftwareReviews

    The Data Quadrant is a thorough evaluation and ranking of all software in an individual category to compare platforms across multiple dimensions.

    The Data Quadrant Report

    Vendors are ranked by their Composite Score, based on individual feature evaluations, user satisfaction rankings, vendor capability comparisons, and likeliness to recommend the platform.

    Vendors ranked by their Composite Score

    The Emotional Footprint is a powerful indicator of overall user sentiment toward the relationship with the vendor, capturing data across five dimensions.

    Emotional Footprint

    Vendors are ranked by their Customer Experience (CX) Score, which combines the overall Emotional Footprint rating with a measure of the value delivered by the solution.

    Vendors ranked by their Customer Experience (CX) Score

    Sample whiteboard activity

    • Place sticky notes on the zero trust tenet that matches with the identified candidate solution to produce “solution requirements” that can be used to develop an RFP.
    • A sample sticky note is provided below for privileged access management.

    This image contains a screenshot of a sample whiteboard activity which can be done using sticky notes.

    • The PAM solution should support MFA
    • Live session monitoring, audit, and reporting
    • Should have password vaulting to prevent privileged users from knowing the passwords to critical systems and resources

    3.2 Identify candidate solutions

    Estimated time 2 hours

    1. As a group, have the team review the candidate solutions within the Zero Trust Program Gap Analysis Tool.
    2. On tab 3 in the Zero Trust Candidate Solutions Selection Tool:
    • Review the candidate solutions within the Zero Trust Program Gap Analysis Tool. For example, the candidate solutions with multifactor authentication (MFA) options are authenticators with SMS, mobile application, smartcard, or token.

    Input

    • Candidate solutions for zero trust tasks and initiatives

    Output

    • Suitability evaluation of candidate solutions

    Materials

    • Zero Trust Program Gap Analysis Tool
    • Zero Trust Candidate Solutions Selection Tool

    Participants

    • Security Team
    • Subject Matter Experts From IT

    Info-Tech Insight

    Add a description associated with the candidate solution, e.g. reference link to vendors or manufacturers. This will make it easier to perform the evaluation.

    Download the Zero Trust Candidate Solutions Selection Tool

    3.2.1 Review candidate solutions

    1. Review the candidate solutions within the Zero Trust Program Gap Analysis Tool. For example, the candidate solutions with multifactor authentication (MFA) options are authenticators with SMS, mobile application, smartcard, or token.
    2. Enter candidate solutions to the Compliance Data Entry tab on the Solution column within the Zero Trust Candidate Solutions Selection Tool.
    3. Optionally, add a description associated with the candidate solution, e.g. reference link to vendors or manufacturers. This will make it easier to perform the evaluation.
    this image contains a screenshot of a sample candidate solution, which can be done using Info-Tech's Zero Trust Program Gap Analysis Tool

    3.3 Evaluate candidate solutions

    Estimated time 3 hours

    On the Scoring tab, evaluate solution features, usability, affordability, and architecture using the instructions on the following slides. This activity will produce a solution score that can be used to identify the suitability of a solution.

    Input

    • Candidate solutions

    Output

    • Candidate solutions scored

    Materials

    • Zero Trust Program Gap Analysis Tool
    • Zero Trust Candidate Solutions Selection Tool

    Participants

    • Security Team
    • Subject Matter Experts From IT

    Download the Zero Trust Candidate Solutions Selection Tool

    3.3.3 Evaluate solution scores

    After all candidate solutions are evaluated, the Solution Score column can be sorted to rank the candidate solutions. After sorting, the top solutions can be used on prioritization of initiatives on Zero Trust Program Gap Analysis Tool.

    1. On Features
      1. Enter Coverage.
      2. Enter Quality.
    2. Enter Usability.
    3. On Affordability
      1. Enter Initial Cost.
      2. Enter Ongoing Cost (annual).
    4. Enter Architecture.
    this image contains a screenshot of how you can sort the solution score column in Info-Tech's Zero Trust Program Gap Analysis Tool

    3.4 Perform cost/benefit analysis

    Estimated time 1-2 hours

    1. Assign costing and benefits information for each initiative, following the instructions on the next slide.
    2. Define dependencies or business impacts if they will help with prioritization.

    Input

    • Ranked candidate solutions
    • Gap analysis
    • Initiative list

    Output

    • Completed cost/benefit analysis for initiative list

    Materials

    • Zero Trust Program Gap Analysis Tool
    • Zero Trust Candidate Solutions Selection Tool

    Participants

    • Security Team
    • Subject Matter Experts From IT, Facilities, Audit, Risk Management
    • Project Management Office

    Download the Zero Trust Program Gap Analysis Tool

    3.4.1 Complete the cost/benefit analysis

    Use Zero Trust Program Gap Analysis Tool.

    1. On the Prioritization tab, use the drop-down lists to enter the estimated costs and efforts for each initiative, using the criteria defined earlier.
    • Use the result from candidate selection to define the estimated costs.
    • If you have actual costs available, you can optionally enter them under the Detailed Cost Estimates columns.
  • Enter the estimated benefits, also using the criteria defined earlier.
  • This image contains a screenshot of a cost/benefit analysis table which can be found in the Zero Trust Program Gap Analysis Tool

    The Cost / Effort Rating is calculated based on the weight defined on step 2.1.1. The Benefit Rating is calculated based on the weight defined on step 2.1.2.

    3.4.2 Optionally enter detailed cost estimates

    Use Zero Trust Program Gap Analysis Tool.

    1. For each initiative, the tool will automatically populate the Detailed Cost Estimates and Detailed Staffing Estimates columns using the averages that you provided in step 2.1.1. However, if you have more detailed data about the costs and effort requirements for an initiative, you can override the calculated data by manually entering it into these columns. For example:
    • You are planning to subscribe to a security awareness vendor, and you have a quote from them specifying that the initial cost will be $75,000.
    • You have defined your “Medium” cost range as being “$10-100K,” so you select medium as your initial cost for this initiative in step 3.4.1. As you defined the average for medium costs as being $50,000, this is what the tool will put into the detailed cost estimate.
    • You can override this average by entering $75,000 as the initial cost in the detailed cost estimate column.

    This image contains a screenshot of a sample cost/benefit table found in the Zero Trust Program Gap Analysis Tool.

    The Benefits-Cost column will give results after comparing the cost and the benefit. Negative value means that the cost outweighs the benefit. Positive value means that the benefit outweighs the cost. Zero value means that the cost equals the benefit.

    3.5 Prioritize initiatives

    Estimated time 2-3 hours

    1. As a group, review the results of the cost/benefit analysis. Optionally, complete the Other Considerations columns in the Prioritization tab:
    • Dependencies can refer to other initiatives on the list or any other dependency that relates to activities or projects within the organization.
    • Business impacts can be helpful to document as they may require additional planning and communication that could impact initiative timelines.
  • Follow step 3.5.1 to create a visual effort map for your organization.
  • Follow step 3.5.2 and 3.5.3 to refine the effort map’s visual output.
  • Input

    • Gap analysis
    • Initiative list
    • Cost/benefit analysis

    Output

    • Prioritized list of initiatives

    Materials

    • Zero Trust Program Gap Analysis Tool

    Participants

    • Security Team
    • IT Leadership
    • Project Management Office

    Download the Zero Trust Program Gap Analysis Tool

    3.5.1 Create a visual effort map for your organization

    1 hour

    An effort map is a tool used for the visualization of a cost and benefit analysis. It is a quadrant output that visually shows how your gap initiatives were prioritized based on tab 7 in the Zero Trust Program Gap Analysis Tool.

    1. Establish the axes and colors for your effort map:
      1. X-axis represents the Benefit value from column J
      2. Y-axis represents the Cost/Effort value from column H
      3. Sticky note color is determined using the Alignment to Business value from column I
    2. Create sticky notes for each initiative and place them on the effort map or whiteboard based on the axes you have created with the help of your team.
    3. As you place initiatives on the visual effort map, discuss and modify rankings based on team member input.

    this image contains a sample visual effort map which can be found in the Zero Trust Program Gap Analysis Tool.

    Input

    • Outputs from activities 3.4.1 and 3.4.2

    Output

    • High-level prioritization for each of the gap-closing initiatives
    • Visual representation of quantitative values

    Materials

    • Zero Trust Program Gap Analysis Tool (tab 7)
    • Sticky notes
    • Markers
    • Whiteboard

    Participants

    • Security Team
    • IT Leadership
    • Project Management Office

    3.5.2 Refine the effort map’s visual output

    1 hour

    Once the effort map is complete, work to further simplify the visual output by categorizing initiatives based on the quadrant in which they have been placed.

    1. Before moving forward with the initiative wave prioritization (activity 3.7), identify any initiatives listed across all quadrants that are required as a part of compliance and mark with a sticky dot.
    2. Document these initiatives as Execution Wave 1.

    this image contains a screenshot of a refined visual effort map, which can be done by following the instructions in this section.

    Input

    • Outputs from activity 3.5.1

    Output

    • Prioritization for each of the gap-closing initiatives
    • First execution wave of gap-closing initiatives

    Materials

    • Zero Trust Program Gap Analysis Tool (tab 7)
    • Sticky notes
    • Sticky dots
    • Markers
    • Whiteboard

    Participants

    • Security Team
    • IT Leadership
    • Project Management Office

    3.5.3 Refine the effort map’s visual output

    30 minutes

    1. Use a separate area of the whiteboard to draw out four to five Execution Wave columns.
    2. Group initiatives into each Execution Wave column based on their placement within the quadrant from activities 3.5.1 and 3.5.2.
      1. Ensure that all identified mandatory activities as per governing privacy law fall within the first wave.
      2. Leverage the following 0-4 Execution Wave scale:
        1. Underway –Initiatives that are already underway
        2. Must Do – Initiatives that must happen right away
        3. Should Do – Initiatives that should happen but need more time/support
        4. Could Do – Initiatives that are not a priority
        5. Won’t Do – Initiatives that likely won’t be carried out
    3. Indicate the granular level for each execution wave using the a-z scale.
    • Use the lettering to track dependencies between initiatives.
      • If one must take place before another, ensure that its letter comes first alphabetically.
      • If multiple initiatives must take place at the same time, use the same letter to show they will take place in tandem.

    This image depicts the sample output for a refined visual effort map

    Input

    • Outputs from activity 3.5.2

    Output

    • Prioritization for each of the gap-closing initiatives
    • First execution wave of gap-closing initiatives

    Materials

    • Zero Trust Program Gap Analysis Tool (tab 7)
    • Sticky notes
    • Sticky dots
    • Markers
    • Whiteboard

    Participants

    • Security Team
    • IT Leadership
    • Project Management Office

    Wave assignment example

    In the example below, we see “IAM modernization” was assessed as 9 on cost/effort rating and 5 on benefit rating and its Benefits-Cost has a positive value of 1. We can label this as SHOULD DO (wave 2).

    We can also see “Network segmentation” was assessed as 6 on cost/effort rating and 4 on benefit rating and its Benefits-Cost has a positive value of 2. We can label this as MUST DO (wave 1).

    We can also see “Unified Endpoints Management” was assessed as 8 on cost/effort rating and 2 on benefit rating and its Benefits-Cost has a negative value of -4. We can label this as WON’T DO (no wave).

    We can also see “Data Protection” was assessed as 4 on cost/effort rating and 2 on benefit rating and its Benefits-Cost has a zero value. We can label this as COULD DO (wave 3).

    This image depicts a sample wave assignment output, discussed in this section.

    It is recommended to define the threshold of each wave based on the value of Benefits-Cost before assigning waves.

    3.6 Build roadmap

    Estimated time 2-3 hours

    1. As a group, follow step 3.6.1 to create your roadmap by scheduling initiatives into the Gantt chart within the Zero Trust Program Gap Analysis Tool.
    2. Review the roadmap for resourcing conflicts and adjust as required.
    3. Review the final cost and effort estimates for the roadmap.

    Input

    • Gap analysis
    • Cost/benefit analysis
    • Prioritized initiative list

    Output

    • Zero trust roadmap

    Materials

    • Zero Trust Program Gap Analysis Tool

    Participants

    • Security Team
    • IT Leadership
    • Project Management Office

    Download the Zero Trust Program Gap Analysis Tool

    3.6.1 Schedule initiatives using the Gantt chart

    1. On the Gantt Chart tab for each initiative, enter an owner (the role who will be primarily responsible for execution).
    2. Additionally, enter a start month and year for the initiative and the expected duration in months.
    • You can filter the Wave column to only see specific waves at any one time to assist with the scheduling.
    • You do not need to schedule Wave 4 initiatives as the expectation is that these initiatives will not be done.
    • This Image contains a screenshot of the Gantt Chart, with the following column headings highlighted and numbered: 1: Owner; 2: Expected Duration

    3.6.2 Review your roadmap

    1. When you have completed the Gantt chart, as a group review the overall roadmap to ensure that it is reasonable for your organization. Consider the following:
    • Do you have other IT or business projects planned during this time frame that may impact your resourcing or scheduling?
    • Does your organization have regular change freezes throughout the year that will impact the schedule?
    • Do you have over-subscribed resources? You can filter the list on the Owner column to identify potential over-subscription of resources.
    • Have you considered any long vacations, sabbaticals, parental leaves, or other planned longer-term absences?
    • Are your initiatives adequately aligned to your budget cycle? For instance, if you have an initiative that is expected to make recommendations for capital expenditure, it must be completed prior to budget planning.

    This image depicts an example roadmap which can be created following the use of the Gantt Chart

    3.6.3 Review your cost/effort estimates table

    1. Once you have completed your roadmap, review the total cost/effort estimates. This can be found in a table on the Results tab. This table will provide initial and ongoing costs and staffing requirements for each wave. This also includes the total three-year investment. In your review consider:
    • Is this investment realistic? Will completion of your roadmap require adding more staff or funding than you otherwise expected?
    • If the investment seems unrealistic, you may need to revisit some of your assumptions, potentially reducing target levels or increasing the amount of time to complete the strategy.

    This table provides you with the information to have important conversations with management and stakeholders.

    This image contains an example of the Zero Trust Roadmap Cost/Effort Estimates.  The column headings are as follows: Wave; Number of Initiatives; Initial Implementation - Cost; Initial Implementation - Effort; Ongoing Maintenance - Cost; Ongoing Maintenance - Effort.  A separate table is shown with the column heading: Estimated Total Three Year Investment

    Phase 4

    Formulate Policies for Roadmap Initiatives

    Build a Zero Trust Roadmap

    This phase will walk you through the following activities:

    • Formulate zero trust policies for critical DAAS elements.
    • Formulate zero trust policies to secure a path to access critical DAAS elements.

    This phase involves the following participants:

    • CIO
    • CISO
    • Business Executives
    • IT Manager
    • Security Team

    Understand the zero trust policy

    Use the Kipling methodology as a vendor agnostic approach to identify appropriate allow list elements when deploying multiple zero trust solutions.
    The policies help to prevent lateral movement.

    Who Who should access a resource? Here, the user ID that identifies the users through the principle of least privilege is allowed access to a particular resource. The authentication policy will be used to verify identity of a user when access request to a resource is made. Who requires MFA?
    What What application is used to access the resource? Application ID to identify applications that are only allowed on the network. Port control policies can be used for the application service.
    When When do users access the resource? Policy that identifies and enforces time schedule when an application accessed by users is used.
    Where Where is the resource located? The location of the destination resource should be added to the policy and, where possible, restrict the source of the traffic either by zone and/or IP address.
    Why Why is the data accessed? Data classification should be done to know why the data needs protection and the type of protection (data filtering).
    How How should you allow access to the resource? This covers the protection of the application traffic. Principle of least privilege access, log all traffic, configure security profiles, NGFW, decryption and encryption, consistent application of policy and threat prevention across all locations for all local and remote users on managed and unmanaged endpoints are ways to apply content-ID.

    Info-Tech Insight

    The success of a zero trust implementation relies on enforcing policies consistently. Applying the Kipling methodology to the protect surface is the best way to design zero trust policies.

    4.1.1 Formulate policy

    Estimated time 1-2 hours

    1. As a group, review the protect surface(s) identified in phase one, and using the Kipling methodology from the previous slide, formulate a policy. Each policy can be reviewed repeatedly until we are sure it satisfies the goal.
    2. The policy created should be consistent for both cloud and on-prem environments.
    3. As an example, let's use the healthcare scenario found in tab 3 of the Zero Trust Protect Surface Mapping Tool. The protect surface used is "Automated Medication Dispensing." Another example will be "Salesforce" accessed via the cloud.
    Who What When Where Why How
    Method User-ID App-ID Time limit System Object Classification Content-ID
    On-Prem Pyxis_Users Pyxis Any Pyxis_server Severe (high value data) Decrypt, Inspect, log traffic
    Cloud Sales Salesforce Working hours Canada Severe (high value data) Decrypt, Inspect, log traffic

    Input

    • Kipling methodology
    • Protect surface

    Output

    • Zero trust policy

    Materials

    • Whiteboard/Flip Charts
    • Zero Trust Protect Surface Mapping Tool

    Participants

    • CIO
    • CISO
    • Business Executives
    • IT Manager
    • Security Team

    4.1.2 Apply policy

    1-2 hours

    1. Place each protect surface in its own microperimeter. Each microperimeter should be segmented by a next-generation firewall or authentication broker that will serve as a segmentation gateway.
    2. Name the microperimeter and place it on a firewall.

    Input

    • Kipling methodology
    • Protect surface

    Output

    • Zero trust policy

    Materials

    • Whiteboard/Flip Charts
    • Sticky Notes
    • Zero Trust Protect Surface Mapping Tool

    Participants

    • CIO
    • CISO
    • Business Executives
    • IT Manager
    • Security Team

    Microperimeter A
    Protect Surface:
    DAAS Elements:

    Who What When Where Why How
    Method User-ID App-ID Time limit System Object Classification Content-ID

    Microperimeter B
    Protect Surface:
    DAAS Elements:

    Who What When Where Why How
    Method User-ID App-ID Time limit System Object Classification Content-ID

    Microperimeter C
    Protect Surface:
    DAAS Elements:

    Who What When Where Why How
    Method User-ID App-ID Time limit System Object Classification Content-ID

    4.2 Secure a path to access critical DAAS elements

    How should you allow access to the resource?

    This component makes up the final piece of formulating the policies as it applies the protection of the application traffic.

    The principle of least privilege is applied to the security policy to only allow access requests and restrict the access to the purpose it serves. This access request is then logged as well as the traffic (both internal and external). Most firewalls (NGFW) have policy rules that, by default, enable logging.

    Segmentation gateways (NGFW, VM-series firewalls, agent-based and clientless VPN solutions), are used to apply zero trust policy (Kipling methodology) in the network, cloud, and endpoint (managed and unmanaged) for all local and remote users.

    These policies need to be applied to security profiles on all allowed traffic. Some of these profiles include but are not limited to the following: URL filtering profile for web access and protect against phishing attacks, vulnerability protection profile intrusion prevention systems, anti spyware profiles to protect against command-and-control threats, malware and antivirus profile to protect against malware, and a file blocking profile to block and/or alert suspicious file types.

    Good visibility on your network can also be tied to decryption as you can inspect traffic and data to the lowest level possible that is generally accepted by your organization and in compliance with regulation.

    Conceptualized flow

    With users working from anywhere on managed and unmanaged devices, access to the internet, SAAS, public cloud, and the data center will have consistent policies applied regardless of their location.

    The policy is validating that the user is who they say they are based on the role profile, what they are trying to access to make sure their role or attribute profile has the appropriate permission to the application, and within the stipulated time limit. Where the data or application is located is also verified and the why needs to be satisfied before the requested access is granted. Based on the mentioned policies, the how element is then applied throughout the lifecycle of the access.

    Who

    (Internet)

    What

    (SAAS)

    When

    Where

    (Public Cloud)

    Why

    How

    (Data Center)

    Method User-ID App-ID Time limit System Object Classification Content-ID
    On-Prem Pyxis_Users Pyxis Any Pyxis_server Severe (high value data) Decrypt, Inspect, log traffic
    Cloud Sales Salesforce Working hours Canada Severe (high value data) Decrypt, Inspect, log traffic

    Phase 5

    Monitor Zero Trust Roadmap Deployment

    Build a Zero Trust Roadmap

    This phase will walk you through the following activities:

    • Establish metrics for roadmap tasks.
    • Track metrics for roadmap tasks.

    This phase involves the following participants:

    • Security Team
    • Subject Matter Experts From IT, HR, Legal, Facilities, Compliance, Audit, Risk Management
    • Project Management Office

    5.1 Establish metrics for roadmap tasks

    Estimated time 2 hours

    1. On tab “2. Task & Metric Register” of the Zero Trust Progress Monitoring Tool, identify metrics to measure implementation and efficacy of tasks
    2. On tab “2. Task & Metric Register” of the Zero Trust Progress Monitoring Tool, document metric metadata.
    3. On the Prioritization tab, use the drop-down lists to enter the estimated costs and efforts for each initiative, using the criteria defined earlier.
    • If you have actual costs available, you can optionally enter them under the Detailed Cost Estimates columns.
  • Enter the estimated benefits, also using the criteria defined earlier.
  • Input

    • Zero trust roadmap task list

    Output

    • Metrics for measuring zero trust task implementation and efficacy

    Materials

    • Zero Trust Progress Monitoring Tool

    Participants

    • Security Team
    • Subject Matter Experts From IT, HR, Legal, Facilities, Compliance, Audit, Risk Management
    • Project Management Office

    Download the Zero Trust Progress Monitoring Tool

    5.1.1 Identify metrics to measure implementation and efficacy of tasks

    Estimated time 3-4 hours

    1. On tab “2. Task & Metric Register” of the Zero Trust Progress Monitoring Tool, for each section defined in columns C and D, enter zero trust implementation tasks into column E. If you completed the Zero Trust Program Gap Analysis Tool, use the tasks identified there to populate column E.
    2. For each task, identify in column F any metrics that will communicate implementation progress and/or implementation efficacy.
    • If multiple metrics are needed for a single task, we recommend expanding the size of the row and adding additional metrics onto a new line in the same row. A sample is provided in the tool.

    this image contains a screenshot of tab 2 in the Zero Trust Progress Monitoring Tool

    Info-Tech Insight

    To measure the efficacy of a zero trust implementation, ensure you know what a successful zero trust implementation means for your organization, and define metrics that demonstrate whether that success is being realized.

    5.1.2 Document metric metadata

    Estimated time 1-2 hours

    For each metric defined in step 4.1.1:

    1. Identify in column G whether the metric can be measured now (Phase 1), measured in a few months’ time (Phase 2), or measured in a few years’ time (Phase 3).
    2. Identify in columns H through M who is responsible for collecting the metric (Person Source), who/what is consulted to collect the metric (Technology Source), who compiles the collected metric into dashboards and presentations (Compiler), and who is informed of the measurement of the metric (Audience).
    • Add more columns under the Audience category if needed.
    • Use “X” to identify if an audience group will be informed of the measurement of the metric.
  • Identify in columns N through P the target for the metric (Metric Target), the effort it takes to collect the metric (Effort to Collect), the frequency with which the organizations plans to collect the metric (Frequency of Collection), and any comments that people should know when collecting, compiling, or presenting metrics.
  • This image contains a screenshot from the Zero Trust Progress Monitoring Tool, with the following column headings numbered: 1: Priority; 2: Roles and Responsibilities; 3: effort to collect; frequency of collection; Metric Target; Comments

    5.2 Track and report metrics

    Estimated time 2 hours

    1. In the Zero Trust Progress Monitoring Tool, copy and paste metrics you plan to track in the tool from column F on tab 2 to column B on tab 3.
    2. Use tab 3 to identify collection frequency, metric target, and measurements collected for each metric. Add notes or comments to each metric or measurement to track contextual elements that could affect metric measurements.
    3. Leverage the graphs on tab 4 to communicate metrics to the appropriated audience groups, as defined in tab 2.

    Input

    • Metrics for measuring zero trust task implementation and efficacy

    Output

    • Metric data and graphs for presenting zero trust implementation metrics to audience groups

    Materials

    • Zero Trust Progress Monitoring Tool

    Participants

    • Security Team
    • Subject Matter Experts From IT, HR, Legal, Facilities, Compliance, Audit, Risk Management
    • Project Management Office

    Download the Zero Trust Progress Monitoring Tool

    5.2.1 Record baseline measurements for metrics

    Estimated time 1-2 hours

    On tab “3. Track Metrics” of the Zero Trust Progress Monitoring Tool:

    1. Copy and paste the metrics from Column F on tab “2. Task & Metric Register” that you want to track into Column B of this tab.
    2. For each metric, record the frequency of collection (Collection Frequency) and the metric target (Target) by referencing columns O and P on tab “2. Task & Metric Register.”
    3. Begin to record baseline/initial values for each metric in column E. Rename columns to match your highest frequency of collection.
      (e.g. if any metric is being measured monthly, there should be one column per month)
    4. Over time, conduct measurements of your metrics and store them in the table below.
    5. Add notes, as necessary.

    this image contains a screenshot of tab 3 of the Zero Trust Progress Monitoring Tool, with the following column headings numbered: 1: Your Metrics; 2: Collection Frequency; Target; 3: Jan; 4: Metric Measurements; 5: Notes

    5.2.2 Report metric health to audience groups

    Estimated time 1-2 hours

    On tab “4. Graphs” of the Zero Trust Progress Monitoring Tool:

    1. The Overall Metric Health gauge at the top of this tab presents the average percentage away from meeting metric targets for all metrics being tracked. To calculate this value, the differences between the most recent measurements and target values for each metric are averaged.
    2. Below the Overall Metric Health gauge, use the drop-down list in cell D9 to select one of the metrics from tab “3. Track Metrics.”
    3. Six different graphic representations of the tracked data for the selected metric will populate.

    Copy and paste desired graphs into presentations for audience members identified in step 5.1.2.

    This image contains a screenshot from tab “4. Graphs” of the Zero Trust Progress Monitoring Tool:

    5.3 Build a communication deck

    Estimated time 2 hours

    Leverage the Zero Trust Communication Deck to showcase the work that you have done in the tools and activities associated with this research.

    In this communication deck template, you will find the following sections:

    • Introduction
    • Protect Surfaces
    • Zero Trust Gap Analysis
    • Zero Trust Initiatives & Tasks

    Input

    • Protect surfaces mapped to business goals
    • Zero trust program gap analysis
    • Zero trust roadmap initiatives and tasks
    • Zero trust metrics

    Output

    • Communication deck for zero trust strategy

    Materials

    • Zero Trust Communication Deck

    Participants

    • Security Team
    • Subject Matter Experts From IT, HR, Legal, Facilities, Compliance, Audit, Risk Management
    • Project Management Office

    Download the Zero Trust Communication Deck

    Summary of Accomplishment

    Knowledge Gained

    • Knowledge of protect surfaces and the business goals protecting them supports
    • Comprehensive knowledge of zero trust current state and summary initiatives required to achieve zero trust objectives
    • Assessment of which solutions for zero trust tasks and initiatives are the most appropriate for the organization
    • A defined set of security metrics assessing zero trust implementation progress and efficacy

    Deliverables Completed

    If you would like additional support, have our analysts guide you through other phases as part of an Info-Tech workshop

    Contact your account representative for more information

    workshops@infotech.com

    1-888-670-8889

    Additional Support

    If you would like additional support, have our analysts guide you through other phases as part of an Info-Tech Workshop

    To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.

    Info-Tech analysts will join you and your team at your location or welcome you to Info-Tech’s historic Toronto office to participate in an innovative onsite workshop.

    Contact your account representative for more information.

    This is a picture of an Info-Tech Account Representative
    workshops@infotech.com 1-888-670-8889

    The following are sample activities that will be conducted by Info-Tech analysts with your team:

    Zero Trust Program Gap Analysis Tool

    This is a screenshot from the Zero Trust Program Gap Analysis Tool

    Assess current security capabilities and build a roadmap of tasks and initiatives that close maturity gaps.

    Zero Trust Progress Monitoring Tool

    This is a screenshot from the Zero Trust Progress Monitoring Tool

    Identify and track metrics for zero trust tasks and initiatives.

    Research Contributors

    • Aaron Benson, CME Group, Director of IAM Governance
    • Brad Mateski, Zones, Solutions Architect for CyberSecurity
    • Bob Smock, Info-Tech Research Group, Vice President of Consulting
    • Dr. Chase Cunningham, Ericom Software, Chief Strategy Officer
    • John Kindervag, ON2IT Cybersecurity, Senior Vice President, Cybersecurity Strategy and ON2IT Group Fellow
    • John Zhao, Fonterra, Enterprise Security Architect
    • Rongxing Lu, University of New Brunswick, Associate Professor
    • Sumanta Sarkar, University of Warwick, Assistant Professor
    • Tim Malone, J.B. Hunt Transport, Senior Director Information Security
    • Vana Matte, J.B. Hunt Transport, Senior Vice President of Technology Services

    Related Info-Tech Research

    This is a screenshot from Info-Tech's Build an Information Security Strategy

    Build an Information Security Strategy

    Info-Tech has developed a highly effective approach to building an information security strategy – an approach that has been successfully tested and refined for over seven years with hundreds of organizations. This unique approach includes tools for ensuring alignment with business objectives, assessing organizational risk and stakeholder expectations, enabling a comprehensive current-state assessment, prioritizing initiatives, and building out a security roadmap.

    This is a screenshot from Info-Tech's Determine Your Zero Trust Readiness.

    Determine Your Zero Trust Readiness

    IT security was typified by perimeter security. However, the way the world does business has mandated a change to IT security. In response, zero trust is a set of principles that can add flexibility to planning your IT security strategy.

    Use this blueprint to determine your zero trust readiness and understand how zero trust can benefit both security and the business.

    This is a screenshot from Info-Tech's Mature Your Identity and Access Management Program

    Mature Your Identity and Access Management Program

    Many organizations are looking to improve their identity and access management (IAM) practices but struggle with where to start and whether all areas of IAM have been considered. This blueprint will help you improve the organization's identity and access management practices by following our three-phase methodology:

    • Assess identity and access requirements
    • Identify initiatives using the identity lifecycle
    • Prioritize initiatives and build a roadmap

    Bibliography

    • “2021 Data Breach Investigations Report.” Verizon, 2021. Web.
    • “A Zero-Trust Strategy Has 3 Needs - Identify, Authenticate, and Monitor Users and Devices On and Off The Network.” Fortinet, 15 July 2021. Web.
    • “Applying Zero Trust Principles to Enterprise Mobility.” CISA, March 2022. Web.
    • Biden Jr., Joseph R. “Executive Order on Improving the Nation’s Cybersecurity.” The White House, 12 May 2021. Web.
    • “CISA Zero Trust Maturity Model.” CISA - Cybersecurity Division, June 2021. Web.
    • “Continuous Diagnostics and Mitigation Program Overview.” CISA, Jan. 2022. Web.
    • Contributor. “The Five Business Benefits of a Zero Trust Approach to Security.” Security Brief - Australia, 19 Aug. 2020. Web.
    • “Cost of a Data Breach Report 2021.” IBM, July 2021. Web.
    • English, Melanie. “5 Stats That Show The Cost Saving Effect of Zero Trust.” Teramind, 29 Sept. 2021. Web.
    • “Improve Application Access and Security With Fortinet Zero Trust Network Access.” Fortinet, 2 March 2021. Web.
    • “Incorporating Zero-trust Strategies for Secure Network and Application Access.” Fortinet, 21 July 2021. Web.
    • Jakkal, Vasu. “Zero Trust Adoption Report: How Does Your Organization Compare?” Microsoft, 28 July 2021. Web.
    • “Jericho Forum™ Commandments.” The Open Group, Jericho Forum, May 2007. Web.
    • Johnson, Derrick. “Zero Trust vs. SASE - Here's What You Need to Know.” Security Magazine, 23 July 2021. Web.
    • Joint Defense Information Systems Agency (DISA) and National Security Agency (NSA) Zero Trust Engineering Team. “Department of Defense (DOD) Zero Trust Reference Architecture.” DoD CIO, Feb. 2021. Web.
    • Kay, Dennis. “Planning for a Zero Trust Architecture Target State.” NASA, NIST, 13 Nov. 2019. Web.
    • National Security Agency. “Embracing a Zero Trust Security Model.” U.S. Department of Defense, Feb. 2021. Web.
    • NSTAC. “Draft Report to the President - Zero Trust and Trusted Identity Management.” CISA, NSTAC, n.d. Web.
    • Rose, Scott W., et al. “Zero Trust Architecture.” NIST, 10 Aug. 2020. Web.
    • “Securing Digital Innovation Demands Zero-Trust Access.” Fortinet, 15 July 2021. Web.
    • Shackleford, Dave. “How to Create a Comprehensive Zero Trust Strategy.” SANS, Cisco, 2 Sept. 2020. Web.
    • “The CISO’s Guide to Effective Zero-Trust Access.” Fortinet, 28 April 2021. Web.
    • “The State of Zero Trust Security 2021.” Okta, June 2021. Web.
    • Kerman, Alper, et al. “Implementing a Zero Trust Architecture.” NIST - National Cybersecurity Center of Excellence, March 2020. Web.
    • Kindervag, John. “Keynote - John KINDERVAG - 021622.” Vimeo, VIRTUAL Eastern | CyberSecurity Conference, 16 Feb. 2022. Web.
    • Lodewijkx, Koos. “IBM CISO Perspective: Zero Trust Changes Security From Something You Do to Something You Have.” SecurityIntelligence, IBM, 19 Nov. 2020. Web.
    • VB Staff. “Report: Only 21% of Enterprises Use Zero Trust Architecture.” VentureBeat, 15 Feb. 2022. Web.
    • Young, Shalanda D. “Moving the U.S. Government Toward Zero Trust Cybersecurity Principles.” The White House, EXECUTIVE OFFICE OF THE PRESIDENT - OFFICE OF MANAGEMENT AND BUDGET, 26 Jan. 2022. Web.
    • “Zero Trust Access.” Fortinet, n.d. Web.
    • “Zero Trust Architecture Technical Exchange Meeting.” NIST - National Cybersecurity Center of Excellence, 12 Nov. 2019. Web.
    • “Zero Trust Cybersecurity Current Trends.” ACT-IAC, 18 April 2019. Web.
    • “Zero-Trust Access for Comprehensive Visibility and Control.” Fortinet, 24 Sep. 2020. Web.

    Prepare to Successfully Deploy PPM Software

    • Buy Link or Shortcode: {j2store}437|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Portfolio Management
    • Parent Category Link: /portfolio-management
    • PPM suite deployments are complicated and challenging. Vendors and consultants can provide much needed expertise and assistance to organizations deploying new PPM suites.
    • While functional requirements are often defined during the procurement stage (for example, in an RFP), the level of detail during this stage is likely insufficient for actually configuring the solution to your specific PPM needs. Too many organizations fail to further develop these functional requirements between signing their contracts and the official start of their professional implementation engagement.
    • Many organizations fail to organize and record the PPM data they will need to populate the new PPM suite. In almost all cases, customers have the expertise and are in the best position to collect and organize their own data. Leaving this until the vendor or consultant arrives to help with the deployment can result in using your professional services in a suboptimal way.
    • Vendors and consultants want you to prepare for their implementation engagements so that you can make the best use of their expertise and assistance. They want you to deploy a PPM suite that can be sustainably adopted in the long term. All too often, however, they arrive onsite to find customers that are disorganized and underprepared.

    Our Advice

    Critical Insight

    • Preparing for a professional implementation engagement allows you to make the best use of your professional services, as well as helping to ensure that the PPM suite is deployed according to your specific PPM needs.
    • Involving your internal resources in the preparation of data and in fully defining functional requirements for the PPM suite helps to establish stakeholder buy-in early on, helping to build internal ownership of the solution from the beginning. This avoids the solution being perceived as something the vendor/consultant “forced upon us.”
    • Vendors and consultants are happy when organizations are organized and prepared for their professional implementation engagements. Preparation ensures these engagements are positive experiences for everyone involved.

    Impact and Result

    • Ensure that the data necessary to deploy the new PPM suite is recorded and organized.
    • Make your functional requirements detailed enough to ensure that the new PPM suite can be configured/customized during the deployment engagement in a way that best fits the organization’s actual PPM needs.
    • Through carefully preparing data and fully defining functional requirements, you help the solution become sustainably adopted in the long term.

    Prepare to Successfully Deploy PPM Software Research & Tools

    Start here – read the Executive Brief

    Read this Executive Brief to understand why preparing for PPM deployment will ensure that organizations get the most value out of the implementation professional services they purchased and will help drive long-term sustainable adoption of the new PPM suite.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Create a preparation team and plan

    Engage in purposeful and effective PPM deployment planning by clearly defining what to prepare and when exactly it is time to move from planning to execution.

    • Prepare to Successfully Deploy PPM Software – Phase 1: Create a Preparation Team and Plan
    • Prepare to Deploy PPM Suite Project Charter Template
    • PPM Suite Functional Requirements Document Template
    • PPM Suite Deployment Timeline Template (Excel)
    • PPM Suite Deployment Timeline Template (Project)
    • PPM Suite Deployment Communication Plan Template

    2. Prepare project-related requirements and deliverables

    Provide clearer definition to specific project-related functional requirements and collect the appropriate PPM data needed for an effective PPM suite deployment facilitated by vendors/consultants.

    • Prepare to Successfully Deploy PPM Software – Phase 2: Prepare Project-Related Requirements and Deliverables
    • PPM Deployment Data Workbook
    • PPM Deployment Dashboard and Report Requirements Workbook

    3. Prepare PPM resource requirements and deliverables

    Provide clearer definition to specific resource management functional requirements and data and create a communication and training plan.

    • Prepare to Successfully Deploy PPM Software – Phase 3: Prepare PPM Resource Requirements and Deliverables
    • PPM Suite Transition Plan Template
    • PPM Suite Training Plan Template
    • PPM Suite Training Management Tool

    4. Provide preparation materials to the vendor and implementation professionals

    Plan how to engage vendors/consultants by communicating functional requirements to them and evaluating changes to those requirements proposed by them.

    • Prepare to Successfully Deploy PPM Software – Phase 4: Provide Preparation Materials to the Vendor and Implementation Professionals
    [infographic]

    Workshop: Prepare to Successfully Deploy PPM Software

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Plan the Preparation Project

    The Purpose

    Select a preparation team and establish clear assignments and accountabilities.

    Establish clear deliverables, milestones, and metrics to ensure it is clear when the preparation phase is complete.

    Key Benefits Achieved

    Preparation activities will be organized and purposeful, ensuring that you do not threaten deployment success by being underprepared or waste resources by overpreparing.

    Activities

    1.1 Overview: Determine appropriate functional requirements to define and data to record in preparation for the deployment.

    1.2 Create a timeline.

    1.3 Create a charter for the PPM deployment preparation project: record lessons learned, establish metrics, etc.

    Outputs

    PPM Suite Deployment Timeline

    Charter for the PPM Suite Preparation Project Team

    2 Prepare Project-Related Requirements and Deliverables

    The Purpose

    Collect and organize relevant project-related data so that you are ready to populate the new PPM suite when the vendor/consultant begins their professional implementation engagement with you.

    Clearly define project-related functional requirements to aid in the configuration/customization of the tool.

    Key Benefits Achieved

    An up-to-date and complete record of all relevant PPM data.

    Avoidance of scrambling to find data at the last minute, risking importing out-of-date or irrelevant information into the new software.

    Clearly defined functional requirements that will ensure the suite is configured in a way that can be adoption in the long term.

    Activities

    2.1 Define project phases and categories.

    2.2 Create a list of all projects in progress.

    2.3 Record functional requirements for project requests, project charters, and business cases.

    2.4 Create a list of all existing project requests.

    2.5 Record the current project intake processes.

    2.6 Define PPM dashboard and reporting requirements.

    Outputs

    Project List (basic)

    Project Request Form Requirements (basic)

    Scoring/Requirements (basic)

    Business Case Requirements (advanced)

    Project Request List (basic)

    Project Intake Workflows (advanced)

    PPM Reporting Requirements (basic)

    3 Prepare PPM Resource Requirements and Deliverables

    The Purpose

    Collect and organize relevant resource-related data.

    Clearly define resource-related functional requirements.

    Create a purposeful transition, communication, and training plan for the deployment period.

    Key Benefits Achieved

    An up-to-date and complete record of all relevant PPM data that allows your vendor/consultant to get right to work at the start of the implementation engagement.

    Improved buy-in and adoption through transition, training, and communication activities that are tailored to the actual needs of your specific organization and users.

    Activities

    3.1 Create a portfolio-wide roster of project resources (and record their competencies and skills, if appropriate).

    3.2 Record resource management processes and workflows.

    3.3 Create a transition plan from existing PPM tools and processes to the new PPM suite.

    3.4 Identify training needs and resources to be leveraged during the deployment.

    3.5 Define training requirements.

    3.6 Create a PPM deployment training plan.

    Outputs

    Resource Roster and Competency Profile (basic)

    User Roles and Permissions (basic)

    Resource Management Workflows (advanced)

    Transition Approach and Plan (basic)

    Data Archiving Requirements (advanced)

    List of Training Modules and Attendees (basic)

    Internal Training Capabilities (advanced)

    Training Milestones and Deadlines (basic)

    4 Provide Preparation Materials to the Vendor and Implementation Professionals

    The Purpose

    Compile the data collected and the functional requirements defined so that they can be provided to the vendor and/or consultant before the implementation engagement.

    Key Benefits Achieved

    Deliverables that record the outputs of your preparation and can be provided to vendors/consultants before the implementation engagement.

    Ensures that the customer is an active and equal partner during the deployment by having the customer prepare their material and initiate communication.

    Vendors and/or consultants have a clear understanding of the customer’s needs and expectations from the beginning.

    Activities

    4.1 Collect, review, and finalize the functional requirements.

    4.2 Compile a functional requirements and data package to provide to the vendor and/or consultants.

    4.3 Discuss how proposed changes to the functional requirements will be reviewed and decided.

    Outputs

    PPM Suite Functional Requirements Documents

    PPM Deployment Data Workbook

    Design a Tabletop Exercise to Support Your Security Operation

    • Buy Link or Shortcode: {j2store}319|cart{/j2store}
    • member rating overall impact: 10.0/10 Overall Impact
    • member rating average dollars saved: $12,599 Average $ Saved
    • member rating average days saved: 5 Average Days Saved
    • Parent Category Name: Threat Intelligence & Incident Response
    • Parent Category Link: /threat-intelligence-incident-response
    • Threat management has become resource intensive, requiring continuous monitoring, collection, and analysis of massive volumes of security event data.
    • Security incidents are inevitable, but how they are handled is critical.
    • The increasing use of sophisticated malware is making it difficult for organizations to identify the true intent behind the attack campaign.
    • The incident response is often handled in an ad hoc or ineffective manner.

    Our Advice

    Critical Insight

    • Establish communication processes and channels well in advance of a crisis. Don’t wait until a state of panic. Collaborate and share information mutually with other organizations to stay ahead of incoming threats.
    • Security operations is no longer a center, but a process. The need for a physical security hub has evolved into the virtual fusion of prevention, detection, analysis, and response efforts. When all four functions operate as a unified process, your organization will be able to proactively combat changes in the threat landscape.
    • You might experience a negative return on your security control investment. As technology in the industry evolves, threat actors will adopt new tools, tactics, and procedures; a tabletop exercise will help ensure teams are leveraging your security investment properly and providing relevant situational awareness to stay on top of the rapidly evolving threat landscape.

    Impact and Result

    Establish and design a tabletop exercise capability to support and test the efficiency of the core prevention, detection, analysis, and response functions that consist of an organization's threat intelligence, security operations, vulnerability management, and incident response functions.

    Design a Tabletop Exercise to Support Your Security Operation Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should design a tabletop exercise, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Plan

    Evaluate the need for a tabletop exercise.

    • Design a Tabletop Exercise to Support Your Security Operation – Phase 1: Plan

    2. Design

    Determine the topics, scope, objectives, and participant roles and responsibilities.

    • Design a Tabletop Exercise to Support Your Security Operation – Phase 2: Design

    3. Develop

    Create briefings, guides, reports, and exercise injects.

    • Design a Tabletop Exercise to Support Your Security Operation – Phase 3: Develop
    • Design a Tabletop Exercise to Support Your Security Operation – Inject Examples

    4. Conduct

    Host the exercise in a conference or classroom setting.

    • Design a Tabletop Exercise to Support Your Security Operation – Phase 4: Conduct

    5. Evaluate

    Plan to ensure measurement and continued improvement.

    • Design a Tabletop Exercise to Support Your Security Operation – Phase 5: Evaluate
    [infographic]

    Maximize Value From Your Value-Added Reseller (VAR)

    • Buy Link or Shortcode: {j2store}215|cart{/j2store}
    • member rating overall impact: 10.0/10 Overall Impact
    • member rating average dollars saved: After each Info-Tech experience, we ask our members to quantify the real-time savings, monetary impact, and project improvements our research helped them achieve.
    • member rating average days saved: Read what our members are saying
    • Parent Category Name: Vendor Management
    • Parent Category Link: /vendor-management

    Organizations need to understand their value-added reseller (VAR) portfolio and the greater VAR landscape to better:

    • Manage the VAR portfolio.
    • Understand additional value each VAR can provide.
    • Maximize existing VAR commitments.
    • Evaluate the VARs’ performance.

    Our Advice

    Critical Insight

    VARs typically charge more for products because they are in some way adding value. If you’re not leveraging any of the provided value, you’re likely wasting money and should use a basic commodity-type reseller for procurement.

    Impact and Result

    This project will provide several benefits to Vendor Management and Procurement:

    • Defined VAR value and performance tracking.
    • Manageable portfolio of VARs that fully benefit the organization.
    • Added training, licensing advice, faster quoting, and invoicing resolution.
    • Reduced deployment and logistics costs.

    Maximize Value From Your Value-Added Reseller (VAR) Research & Tools

    Start here – read the Executive Brief

    Read our informative Executive Brief to find out why you should maximize value from your value-added reseller, review Info-Tech’s methodology, and understand the three ways to better manage your VARs improve performance and reduce costs.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Organize and prioritize

    Organize all your VARs and create a manageable portfolio detailing their value, specific, product, services, and certifications.

    • Maximize Value From Your Value-Added Reseller – Phase 1: Organize and Prioritize
    • VAR Listing and Prioritization Tool

    2. “EvaluRate” your VARs

    Create an in-depth evaluation of the VARs’ capabilities.

    • Maximize Value From Your Value-Added Reseller – Phase 2: EvaluRate Your VARs
    • VAR Features Checklist Tool
    • VAR Profile and EvaluRation Tool

    3. Consolidate and reduce

    Assess each VAR for low performance and opportunity to increase value or consolidate to another VAR and reduce redundancy.

    • Maximize Value From Your Value-Added Reseller – Phase 3: Consolidate and Reduce

    4. Maximize their value

    Micro-manage your primary VARs to ensure performance to commitments and maximize their value.

    • Maximize Value From Your Value-Added Reseller – Phase 4: Maximize Their Value
    • VAR Information and Scorecard Workbook
    [infographic]

    It wasn't me

    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Security and Risk
    • Parent Category Link: /security-and-risk

    You heard the message before, and yet....  and yet it does not sink in.

    In july 2019 already, according to retruster:

    • The average financial cost of a data breach is $3.86m (IBM)
    • Phishing accounts for 90% of data breaches
    • 15% of people successfully phished will be targeted at least one more time within the year
    • BEC scams accounted for over $12 billion in losses (FBI)
    • Phishing attempts have grown 65% in the last year
    • Around 1.5m new phishing sites are created each month (Webroot)
    • 76% of businesses reported being a victim of a phishing attack in the last year
    • 30% of phishing messages get opened by targeted users (Verizon)

    This is ... this means we, as risk professionals may be delivering our messsage the wrong way. So, I really enjoyed my colleague Nick Felix (who got it from Alison Francis) sending me the URL of this video: Enjoy, but mostly: learn, because we want our children to enjoy the fruits of our work.

    Register to read more …

    Optimize Software Pricing in a Volatile Competitive Market

    • Buy Link or Shortcode: {j2store}566|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Marketing Solutions
    • Parent Category Link: /marketing-solutions

    Your challenge:

    • Rising supplier costs and inflation are eroding margins and impacting customers' budgets.
    • There is pressure from management to make a gut-feeling decision because of time, lack of skills, and process limitations.
    • You must navigate competing pricing-related priorities among product, sales, and finance teams.
    • Product price increases fail because discovery lacks understanding of costs, price/value equation, and competitive price points.
    • Customers can react negatively, and results are seen much later (more than 12 months) after the price decision.

    Our Advice

    Critical Insight

    Product leaders will price products based on a deep understanding of the buyer price/value equation and alignment with financial and competitive pricing strategies, and make ongoing adjustments based on an ability to monitor buyer, competitor, and product cost changes.

    Impact and Result

    • Success for many SaaS product managers requires a reorganization and modernization of pricing tools, techniques, and assumptions. Leaders will develop the science of tailored price changes versus across-the-board price actions and account for inflation exposure and the customers’ willingness to pay.
    • This will build skills on how to price new products or adjust pricing for existing products. The disciplines using our pricing strategy methodology will strengthen efforts to develop repeatable pricing models and processes and build credibility with senior management.

    Optimize Software Pricing in a Volatile Competitive Market Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Optimize Software Pricing in a Volatile Competitive Market Executive Brief - A deck to build your skills on how to price new products or adjust pricing for existing products.

    This Executive Brief will build your skills on how to price new products or adjust pricing for existing products.

    • Optimize Software Pricing in a Volatile Competitive Market Executive Brief

    2. Optimize Software Pricing in a Volatile Competitive Market Storyboard – A deck that provides key steps to complete the project.

    This blueprint will build your skills on how to price new products or adjust pricing for existing products with documented key steps to complete the pricing project and use the Excel workbook and customer presentation.

    • Optimize Software Pricing in a Volatile Competitive Market – Phases 1-3

    3. Optimize Software Pricing in a Volatile Competitive Market Workbook – A tool that enables product managers to simplify the organization and collection of customer and competitor information for pricing decisions.

    These five organizational workbooks for product pricing priorities, interview tracking, sample questions, and critical competitive information will enable the price team to validate price change data through researching the three pricing schemes (competitor, customer, and cost-based).

    • Optimize Software Pricing in a Volatile Competitive Market Workbook

    4. Optimize Software Pricing in a Volatile Competitive Market Presentation Template – A template that serves as a guide to communicating the Optimize Pricing Strategy team's results for a product or product line.

    This template includes the business case to justify product repricing, contract modifications, and packaging rebuild or removal for launch. This template calls for the critical summarized results from the Optimize Software Pricing in a Volatile Competitive Market blueprint and the Optimize Software Pricing in a Volatile Competitive Market Workbook to complete.

    • Optimize Software Pricing in a Volatile Competitive Market Presentation Template

    Infographic

    Further reading

    SoftwareReviews — A Division of INFO~TECH RESEARCH GROUP

    Optimize Software Pricing in a Volatile Competitive Market

    Leading SaaS product managers align pricing strategy to company financial goals and refresh the customer price/value equation to avoid leaving revenues uncaptured.

    Table of Contents

    Section Title Section Title
    1 Executive Brief 2 Key Steps
    3 Concluding Slides

    Optimize Software Pricing in a Volatile Competitive Market

    Leading SaaS product managers align pricing strategy to company financial goals and refresh the customer price/value equation to avoid leaving revenues uncaptured.

    EXECUTIVE BRIEF

    Analyst Perspective

    Optimized Pricing Strategy

    Product managers without well-documented and repeatable pricing management processes often experience pressure from “Agile” management to make gut-feel pricing decisions, resulting in poor product revenue results. When combined with a lack of customer, competitor, and internal cost understanding, these process and timing limitations drive most product managers into suboptimal software pricing decisions. And, adding insult to injury, the poor financial results from bad pricing decisions aren’t fully measured for months, which further compounds the negative effects of poor decision making.

    A successful product pricing strategy aligns finance, marketing, product management, and sales to optimize pricing using a solid understanding of the customer perception of price/value, competitive pricing, and software production costs.

    Success for many SaaS product managers requires a reorganization and modernization of pricing tools, techniques, and data. Leaders will develop the science of tailored price changes versus across-the-board price actions and account for inflation exposure and the customers’ willingness to pay.

    This blueprint will build your skills on how to price new products or adjust pricing for existing products. The discipline you build using our pricing strategy methodology will strengthen your team’s ability to develop repeatable pricing and will build credibility with senior management and colleagues in marketing and sales.

    Photo of Joanne Morin Correia, Principal Research Director, SoftwareReviews.

    Joanne Morin Correia
    Principal Research Director
    SoftwareReviews

    Executive Summary

    Organizations struggle to build repeatable pricing processes:
    • A lack of alignment and collaboration among finance, marketing, product development, and sales.
    • A lack of understanding of customers, competitors, and market pricing.
    • Inability to stay ahead of complex and shifting software pricing models.
    • Time is wasted without a deep understanding of pricing issues and opportunities, and revenue opportunities go unrealized.
    Obstacles add friction to the pricing management process:
    • Pressure from management to make quick decisions results in a gut-driven approach to pricing.
    • A lack of pricing skills and management processes limits sound decision making.
    • Price changes fail because discovery often lacks competitive intelligence and buyer value to price point understanding. Customers’ reactions are often observed much later, after the decision is made.
    • Economic disruptions, supplier price hikes, and higher employee salaries/benefits are driving costs higher.
    Use SoftwareReviews’ approach for more successful pricing:
    • Organize for a more effective pricing project including roles & responsibilities as well as an aligned pricing approach.
    • Work with CFO/finance partner to establish target price based on margins and key factors affecting costs.
    • Perform a competitive price assessment and understand the buyer price/value equation.
    • Arrive at a target price based on the above and seek buy-in and approvals.

    SoftwareReviews Insight

    Product leaders will price products based on a deep understanding of the buyer price/value equation and alignment with financial and competitive pricing strategies, and they will make ongoing adjustments based on an ability to monitor buyers, competitors, and product cost changes.

    What is an optimized price strategy?

    “Customer discovery interviews help reduce the chance of failure by testing your hypotheses. Quality customer interviews go beyond answering product development and pricing questions.” (Pricing Strategies, Growth Ramp, March 2022)

    Most product managers just research their direct competitors when launching a new SaaS product. While this is essential, competitive pricing intel is insufficient to create a long-term optimized pricing strategy. Leaders will also understand buyer TCO.

    Your customers are constantly comparing prices and weighing the total cost of ownership as they consider your competition. Why?

    Implementing a SaaS solution creates a significant time burden as buyers spend days learning new software, making sure tools communicate with each other, configuring settings, contacting support, etc. It is not just the cost of the product or service.

    Optimized Price Strategy Is…
    • An integral part of any product plan and business strategy.
    • Essential to improving and maintaining high levels of margins and customer satisfaction.
    • Focused on delivering the product price to your customer’s business value.
    • Understanding customer price-value for your software segment.
    • Monitoring your product pricing with real-time data to ensure support for competitive strategy.
    Price Strategy Is Not…
    • Increasing or decreasing price on a gut feeling.
    • Changing price for short-term gain.
    • Being wary of asking customers pricing-related questions.
    • Haphazardly focusing entirely on profit.
    • Just covering product costs.
    • Only researching direct competitors.
    • Focusing on yourself or company satisfaction but your target customers.
    • Picking the first strategy you see.

    SoftwareReviews Insight

    An optimized pricing strategy establishes the “best” price for a product or service that maximizes profits and shareholder value while considering customer business value vs. the cost to purchase and implement – the total cost of ownership (TCO).

    Challenging environment

    Product managers are currently experiencing the following:
    • Supplier costs and inflation are rising, eroding product margins and impacting customers’ budgets.
    • Pressure from management to make a gut-feeling decision because of time, lack of skills, and process limitations.
    • Navigating competing pricing-related priorities among product, sales, and finance.
    • Product price increases that fail because discovery lacks understanding of costs, price/value equation, and competitive price points.
    • Slowing customer demand due to poorly priced offerings may not be fully measured for many months following the price decision.
    Doing nothing is NOT an option!
    Offense Double Down

    Benefit: Leverage long-term financial and market assets

    Risk: Market may not value those assets in the future
    Fight Back

    Benefit: Move quickly

    Risk: Hard to execute and easy to get pricing wrong
    Defense Retrench

    Benefit: Reduce threats from new entrants through scale and marketing

    Risk: Causes managed decline and is hard to sell to leadership
    Move Away

    Benefit: Seize opportunities for new revenue sources

    Risk: Diversification is challenging to pull off
    Existing Markets and Customers New Markets and Customers

    Pricing skills are declining

    Among product managers, limited pricing skills are big obstacles that make pricing difficult and under-optimized.

    Visual of a bar chart with descending values, each bar has written on it: 'Limited - Limits in understanding of engineering, marketing, and sales expectations or few processes for pricing and/or cost', 'Inexperienced - Inexperience in pricing project skills and corporate training', 'Lagging - Financial lag indicators (marketing ROI, revenue, profitability, COGs)', 'Lacking - Lack of relevant competitive pricing/packaging information', 'Shifting - Shift to cloud subscription-based revenue models is challenging'.

    The top three weakest product management skills have remained constant over the past five years:
    • Competitive analysis
    • Pricing
    • End of life
    Pricing is the weakest skill and has been declining the most among surveyed product professionals every year. (Adapted from 280 Group, 2022)

    Key considerations for more effective pricing decisions

    Pricing teams can improve software product profitability by:
    • Optimizing software profit with four critical elements: properly pricing your product, giving complete and accurate quotations, choosing the terms of the sale, and selecting the payment method.
    • Implementing tailored price changes (versus across-the-board price actions) to help account for inflation exposure, customer willingness to pay, and product attribute changes.
    • Accelerating ongoing pricing decision-making with a dedicated cross-functional team ready to act quickly.
    • Resetting discounting and promotion, and revisiting service-level agreements.
    Software pricing leaders will regularly assess:

    Has it been over a year since prices were updated?

    Have customers told you to raise your prices?

    Do you have the right mix of customers in each pricing plan?

    Do 40% of your customers say they would be very disappointed if your product disappeared? (Adapted from Growth Ramp, 2021)

    Case Study

    Middleware Vendor

    INDUSTRY
    Technology Middleware
    SOURCE
    SoftwareReviews Custom Pricing Strategy Project
    A large middleware vendor, who is running on Microsoft Azure, known for quality development and website tools, needed to react strategically to the March 2022 Microsoft price increase.

    Key Initiative: Optimize New Pricing Strategy

    The program’s core objective was to determine if the vendor should implement a price increase and how the product should be packaged within the new pricing model.

    For this initiative, the company interviewed buyers using three key questions: What are the core capabilities to focus on building/selling? What are the optimal features and capabilities valued by customers that should be sold together? And should they be charging more for their products?

    Results
    This middleware vendor saw buyer support for a 10% price increase to their product line and restructuring of vertical contract terms. This enabled them to retain customers over multi-year subscription contracts, and the price increase enabled them to protect margins after the Microsoft price increase.

    The Optimize New Pricing Strategy included the following components:

    Components: 'Product Feature Importance & Satisfaction', 'Correlation of Features and Value Drivers', 'Fair Cost to Value Average for Category', 'Average Discounting for Category', 'Customer Value Is an Acceptable Multiple of Price'. First four: 'Component fails into the scope of optimizing price strategy to value'; last one: 'They are optimizing their price strategy decisions'.

    New product price approach

    As a collaborative team across product management, marketing, and finance, we see leaders taking a simple yet well-researched approach when setting product pricing.

    Iterating to a final price point is best done with research into how product pricing:

    • Delivers target margins.
    • Is positioned vs. key competitors.
    • Delivers customer value at a fair price/value ratio.
    To arrive at our new product price, we suggest iterating among 3 different views:

    New Target Price:

    • Buyer Price vs. Value
    • Cost - Plus
    • Vs. Key Competitors
    We analyzed:
    • Customer price/value equation interviews
    • Impacts of Supplier cost increases
    • Competitive pricing research
    • How product pricing delivers target margins

    Who should care about optimized pricing?

    Product managers and marketers who:

    • Support the mandate for optimizing pricing and revenue generation.
    • Need a more scientific way to plan and implement new pricing processes and methods to optimize revenues and profits.
    • Want a way to better apply customer and competitive insights to product pricing.
    • Are evaluating current pricing and cost control to support a refreshed pricing strategy.

    Finance, sales, and marketing professionals who are pricing stakeholders in:

    • Finding alternatives to current pricing and packaging approaches.
    • Looking for ways to optimize price within the shifting market momentum.

    How will they benefit from this research?

    • Refine the ability to effectively target pricing to specific market demands and customer segments.
    • Strengthen product team’s reputation for reliable and repeatable price-management capabilities among senior leadership.
    • Recognize and plan for new revenue opportunities or cost increases.
    • Allow for faster, more accurate intake of customer and competitive data. 
    • Improve pricing skills for professional development and business outcomes.
    • Create new product price, packaging, or market opportunities. 
    • Reduce financial costs and mistakes associated with manual efforts and uneducated guessing.
    • Price software products that better achieve financial goals optimizing revenue, margins, or market share.
    • Enhance the product development and sales processes with real competitive and customer expectations.

    Is Your Pricing Strategy Optimized?

    With the right pricing strategy, you can invest more money into your product, service, or growth. A 1% price increase will improv revenues by:

    Three bars: 'Customer acquisition, 3.32%', 'Customer retention, 6.71%', 'Price monetization, 12.7%'.

    Price monetization will almost double the revenue increases over customer acquisition and retention. (Pricing Strategies, Growth Ramp, March 2022)

    DIAGNOSE PRICE CHALLENGES

    Prices of today's cloud-based services/products are often misaligned against competition and customers' perceived value, leaving more revenues on the table.
    • Do you struggle to price new products with confidence?
    • Do you really know your SaaS product's costs?
    • Have you lost pricing power to stronger competitors?
    • Has cost focus eclipsed customer value focus?
    If so, you are likely skipping steps and missing key outputs in your pricing strategy.

    OPTIMIZE THESE STEPS

    ALIGNMENT
    1. Assign Team Responsibilities
    2. Set Timing for Project Deliverables
    3. Clarify Financial Expectations
    4. Collect Customer Contacts
    5. Determine Competitors
    6. BEFORE RESEARCH, HAVE YOU
      Documented your executive's financial expectations? If "No," return.

    RESEARCH & VALIDATE
    1. Research Competitors
    2. Interview Customers
    3. Test Pricing vs. Financials
    4. Create Pricing Presentation
    5. BEFORE PRESENTING, HAVE YOU:
      Clarified your customer and competitive positioning to validate pricing? If "No," return.

    BUY-IN
    1. Executive Pricing Presentation
    2. Post-Mortem of Presentation
    3. Document New Processes
    4. Monitor the Pricing Changes
    5. BEFORE RESEARCH, HAVE YOU:
      Documented your executive's financial expectations? If "No," return.

    DELIVER KEY OUTPUTS

    Sponsoring executive(s) signs-offs require a well-articulated pricing plan and business case for investment that includes:
    • Competitive features and pricing financial templates
    • Customer validation of price value
    • Optimized price presentation
    • Repeatable pricing processes to monitor changes

    REAP THE REWARDS

    • Product pricing is better aligned to achieve financial goals
    • Improved pricing skills or professional development
    • Stronger team reputation for reliable price management

    Key Insights

    1. Gain a competitive edge by using market and customer information to optimize product financials, refine pricing, and speed up decisions.
    2. Product leaders will best set software product price based on a deep understanding of buyer/price value equation, alignment with financial strategy, and an ongoing ability to monitor buyer, competitor, and product costs.

    SoftwareReviews’ methodology for optimizing your pricing strategy

    Steps

    1.1 Establish the Team and Responsibilities
    1.2 Educate/Align Team on Pricing Strategy
    1.2 Document Portfolio & Target Product(s) for Pricing Updates
    1.3 Clarify Product Target Margins
    1.4 Establish Customer Price/Value
    1.5 Identify Competitive Pricing
    1.6 Establish New Price and Gain Buy-In

    Outcomes

    1. Well-organized project
    2. Clarified product pricing strategy
    3. Customer value vs. price equation
    4. Competitive price points
    5. Approvals

    Insight summary

    Modernize your price planning

    Product leaders will price products based on a deep understanding of the buyer price/value equation and alignment with financial and competitive pricing strategies, and make ongoing adjustments based on an ability to monitor buyer, competitor, and product cost changes.

    Ground pricing against financials

    Meet and align with financial stakeholders.
    • Give finance a heads-up that you want to work with them.
    • Find out the CFO’s expectations for pricing and margins.
    • Ask for a dedicated finance team member.

    Align on pricing strategy

    Lead stakeholders in SaaS product pricing decisions to optimize pricing based on four drivers:
    • Customer’s price/value
    • Competitive strategy
    • Reflective of costs
    • Alignment with financial goals

    Decrease time for approval

    Drive price decisions, with the support of the CFO, to the business value of the suggested change:
    • Reference current product pricing guidelines
    • Compare to the competition and our strategy and weigh results against our customer’s price/value
    • Compare against the equation to business value for the suggested change
    Develop the skill of pricing products

    Increase product revenues and margins by enhancing modern processes and data monetization. Shift from intuitive to information-based pricing decisions.

    Look at other options for revenue

    Adjust product design, features, packaging, and contract terms while maintaining the functionality customers find valuable to their business.

    Blueprint deliverables

    Each step of this blueprint is accompanied by supporting deliverables to help you accomplish your goals:
    Key deliverable:

    New Pricing Strategy Presentation Template

    Capture key findings for your price strategy with the Optimize Your Pricing in a Volatile Competitive Market Strategy Presentation Template

    Sample of the 'Acme Corp New Product Pricing' blueprint.

    Optimize Software Pricing in a Volatile Competitive Market Executive Brief

    This executive brief will build your knowledge on how to price new products or adjust pricing for existing products.

    Sample of the 'Optimize Software Pricing in a Volatile Competitive Market' blueprint.

    Optimize Software Pricing in a Volatile Competitive Market Workbook

    This workbook will help you prioritize which products require repricing, hold customer interviews, and capture competitive insights.

    Sample of the 'Optimize Software Pricing in a Volatile Competitive Market' workbook.

    Guided Implementation

    A Guided Implementation (GI) is a series of calls with a SoftwareReviews analyst to help implement our best practices in your organization.

    A typical GI is 4 to 8 calls over the course of 2 to 4 months.

    What does a typical GI on optimizing software pricing look like?

    Alignment

    Research & Reprice

    Buy-in

    Call #1: Share the pricing team vision and outline activities for the pricing strategy process. Plan next call – 1 week.

    Call #2: Outline products that require a new pricing approach and steps with finance. Plan next call – 1 week.

    Call #3: Discuss the customer interview process. Plan next call – 1 week.

    Call #4 Outline competitive analysis. Plan next call – 1 week.

    Call #5: Review customer and competitive results for initial new pricing business case with finance for alignment. Plan next call – 3 weeks.

    Call #6: Review the initial business case against financial plans across marketing, sales, and product development. Plan next call – 1 week.

    Call #7 Review the draft executive pricing presentation. Plan next call – 1 week.

    Call #8: Discuss gaps in executive presentation. Plan next call – 3 days.

    SoftwareReviews Offers Various Levels of Support to Meet Your Needs

    Included in Advisory Membership Optional add-ons

    DIY Toolkit

    Guided Implementation

    Workshop

    Consulting

    "Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful." "Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track." "We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place." "Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project."

    Desire a Guided Implementation?

    • A GI is where your SoftwareReviews engagement manager and executive advisor/counselor will work with SoftwareReviews research team members to craft with you a Custom Key Initiative Plan (CKIP).
    • A CKIP guides your team through each of the major steps, outlines responsibilities between members of your team and SoftwareReviews, describes expected outcomes, and captures actual value delivered.
    • A CKIP also provides you and your team with analyst/advisor/counselor feedback on project outputs, helps you communicate key principles and concepts to your team, and helps you stay on project timelines.
    • If Guided Implementation assistance is desired, contact your engagement manager.

    Workshop overview

    Contact your account representative for more information.
    workshops@infotech.com1-888-670-8889
    Day 1 Day 2 Day 3 Day 4 Day 5
    Align Team, Identify Customers, and Document Current Knowledge
    Validate Initial Insights and Identify Competitors and Market View
    Schedule and Hold Buyer Interviews
    Summarize Findings and Provide Actionable Guidance to Stakeholders
    Present, Go Forward, and Measure Impact and Results
    Activities

    1.1 Identify Team Members, roles, and responsibilities

    1.2 Establish timelines and project workflow

    1.3 Gather current product and future financial margin expectations

    1.4 Review the Optimize Software Executive Brief and Workbook Templates

    1.4 Build prioritized pricing candidates hypothesis

    2.1 Identify customer interviewee types by segment, region, etc.

    2.2 Hear from industry analysts their perspectives on the competitors, buyer expectations, and price trends

    2.3 Research competitors for pricing, contract type, and product attributes

    3.2 Review pricing and attributes survey and interview questionnaires

    3.2 Hold interviews and use interview guides (over four weeks)

    A gap of up to 4 weeks for scheduling of interviews.

    3.3 Hold review session after initial 3-4 interviews to make adjustments

    4.1 Review all draft price findings against the market view

    4.2 Review Draft Executive Presentation

    5.1 Review finalized pricing strategy plan with analyst for market view

    5.2 Review for comments on the final implementation plan

    Deliverables
    1. Documented steering committee and working team
    2. Current and initial new pricing targets for strategy
    3. Documented team knowledge
    1. Understanding of market and potential target interviewee types
    2. Objective competitive research
    1. Initial review – “Are we going in the right direction with surveys?”
    2. Validate or adjust the pricing surveys to what you hear in the market
    1. Complete findings and compare to the market
    2. Review and finish drafting the Optimize Software Pricing Strategy presentation
    1. Final impute on strategy
    2. Review of suggested next steps and implementation plan

    Our process

    Align team, perform research, and gain executive buy-in on updated price points

    1. Establish the team and responsibilities
    2. Educate/align team on pricing strategy
    3. Document portfolio & target product(s) for pricing updates
    4. Clarify product target margins
    5. Establish customer price/value
    6. Identify competitive pricing
    7. Establish new price and gain buy-in

    Optimize Software Pricing in a Volatile Competitive Market

    Our process will help you deliver the following outcomes:

    • Well-organized project
    • Clarified product pricing strategy
    • Customer value vs. price equation
    • Competitive price points
    • Approvals

    This project involves the following participants:

    • Product management
    • Program leadership
    • Product marketing
    • CFO or finance representative/partner
    • Others
    • Representative(s) from Sales

    1.0 Assign team responsibilities

    Input: Steering committee roles and responsibilities, Steering committee interest and role

    Output: List of new pricing strategy steering committee and workstream members, roles, and timelines, Updated Software Pricing Strategy presentation

    Materials: Optimize Software Pricing in a Volatile Competitive Market Presentation Template

    Participants: CFO, sponsoring executive, Functional leads – development, product marketing, product management, marketing, sales, customer success/support

    1-2 hours
    1. The product manager/member running this pricing/repricing program should review the entire Optimize Software Pricing in a Volatile Competitive Market blueprint and each blueprint attachment.
    2. The product manager should also refer to slide 19 of the Optimize Software Pricing in a Volatile Competitive Market blueprint and decide if help via a Guided Implementation (GI) is of value. If desired, alert your SoftwareReviews engagement manager.
    1-2 hours
    1. The product manager should meet with the chief product officer/CPO and functional leaders, and set the meeting agenda to:
      1. Nominate steering committee members.
      2. Nominate work-stream leads.
      3. Establish key pricing project milestones.
      4. Schedule both the steering committee (suggest monthly) and workstream lead meetings (suggest weekly) through the duration of the project.
      5. Ask the CPO to craft, outside this meeting, his/her version of the "Message from the chief product officer.”
      6. If a Guided Implementation is selected, inform the meeting attendees that a SoftwareReviews analyst will join the next meeting to share his/her Executive Brief on Pricing Strategy.
    2. Record all above findings in the Optimize Software Pricing in a Volatile Competitive Market Presentation Template.

    Download the Optimize Software Pricing in a Volatile Competitive Market Presentation Template

    SoftwareReviews Advisory Insight:

    Pricing steering committees are needed to steer overall product, pricing, and packaging decisions. Some companies include the CEO and CFO on this committee and designate it as a permanent body that meets monthly to give go/no-go decisions to “all things product and pricing related” across all products and business units.

    2.0 Educate the team

    1 hour

    Input: Typically, a joint recognition that pricing strategies need upgrading and have not been fully documented, Steering committee and working team members

    Output: Communication of team members involved and the makeup of the steering committee and working team, Alignment of team members on a shared vision of “why a new price strategy is critical” and what key attributes define both the need and impact on business

    Materials: Optimize Your Software Strategy Executive Brief PowerPoint presentation

    Participants: Initiative manager – individual leading the new pricing strategy, CFO/sponsoring executive, Working team – typically representatives in product marketing, product management, and sales, SoftwareReviews marketing analyst (optional)

    1. Walk the team through the Optimize Software Pricing in a Volatile Competitive Market Executive Brief PowerPoint presentation.
    2. Optional – Have the SoftwareReviews Advisory (SRA) analyst walk the team through the Optimize Software Pricing in a Volatile Competitive Market Executive Brief PowerPoint presentation as part of your session. Contact your engagement manager to schedule.
    3. Walk the team through the current version of the Optimize Software Pricing in a Volatile Competitive Market Presentation Template outlining project goals, steering committee and workstream make-up and responsibilities, project timeline and key milestones, and approach to arriving at new product pricing.
    4. Set expectations among team members of their specific roles and responsibilities for this project, review the frequency of steering committee and workstream meetings to set expectations of key milestones and deliverable due dates.

    Download the Optimize Software Pricing in a Volatile Competitive Market Executive Brief

    3.0 Document portfolio and target products for pricing update

    1-3 Hours

    Input: List of entire product portfolio

    Output: Prioritized list of product candidates that should be repriced

    Materials: Optimize Software Pricing in a Volatile Competitive Market Executive Brief presentation, Optimize Software Pricing in a Volatile Competitive Market Workbook

    Participants: Initiative manager – individual leading the new pricing strategy, CFO/sponsoring executive, Working team – typically representatives in product marketing, product management, and sales

    1. Walk the team through the current version of Optimize Software Pricing in a Volatile Competitive Market workbook, tab 2: “Product Portfolio Organizer.” Modify sample attributes to match your product line where necessary.
    2. As a group, record the product attributes for your entire portfolio.
    3. Prioritize the product price optimization candidates for repricing with the understanding that it might change after meeting with finance.

    Download the Optimize Software Pricing in a Volatile Competitive Market Workbook

    4.0 Clarify product target margins

    2-3 sessions of 1 Hour each

    Input: Finance partner/CFO knowledge of target product current and future margins, Finance partner/CFO who has information on underlying costs with details that illustrate supplier contributions

    Output: Product finance markup target percentage margins and revenues

    Materials: Finance data on the product family, Optimize Software Pricing in a Volatile Competitive Market Workbook, Optimize Software Pricing in a Volatile Competitive Market Presentation Template

    Participants: Initiative manager, Finance partner/CFO

    1. Schedule a meeting with your finance partner/CFO to validate expectations for product margins. The goal is to understand the detail of underlying costs/margins and if the impacts of supplier costs affect the product family. The information will be placed into the Optimize Software Pricing in a Volatile Competitive Market Workbook on tab 2, Product Portfolio Organizer under the “Unit Margins” heading.
    2. Arrive at a final “Cost-Plus New Price” based on underlying costs and target margins for each of the products. Record results in the Optimize Software Pricing in a Volatile Competitive Market Workbook, tab 2, under the “Cost-Plus New Price” heading.
    3. Record product target finance markup price under “Cost-Plus” in Optimize Software Pricing in a Volatile Competitive Market Presentation Template, slide 9, and details in Appendix, “Cost-Plus Analysis,” slide 11.
    4. Repeat this process for any other products to be repriced.

    Download the Optimize Software Pricing in a Volatile Competitive Market Workbook

    Download the Optimize Software Pricing in a Volatile Competitive Market Presentation Template

    5.0 Establish customer price to value

    1-4 weeks

    Input: Identify segments within which you require price-to-value information, Understand your persona insight gaps, Review Sample Interview Guide using the Optimize Software Pricing in a Volatile, Competitive Market Workbook, Tab 4. Interview Guide.

    Output: List of interviewees, Updated Interview Guide

    Materials: Optimize Software Pricing in a Volatile Competitive Market Workbook, Optimize Software Pricing in a Volatile Competitive Market Presentation Template

    Participants: Initiative manager, Customer success to help identify interviewees, Customers, prospects

    1. Identify a list of customers and prospects that best represent your target persona when interviewed. Choose interviewees who will inform key differences among key segments (geographies, company size, a mix of customers and prospects, etc.) and who are decision makers and can best inform insights on price/value and competitors.
    2. Recruit interviewees and schedule 30-minute interviews.
    3. Keep track of interviewees using the Optimize Software Pricing in a Volatile Competitive Market Workbook, tab 3: “Interviewee Tracking.”
    4. Review the Optimize Software Pricing in a Volatile Competitive Market Workbook, tab 4: “Interview Guide,” and modify/update it where appropriate.
    5. Record interviewee perspectives on the “price they are willing to pay for the value received” (price/value equation) using the Optimize Software Pricing in a Volatile Competitive Market Workbook, tab 4: “Interview Guide.”
    6. Summarize findings to result in an average “customer’s value price.” Record product target ”customer’s value price” in Optimize Software Pricing in a Volatile Competitive Market Presentation Template, slide 9 and supporting details in Appendix, “Customer Pricing Analysis,” slide 12.

    Download the Optimize Software Pricing in a Volatile Competitive Market Workbook

    Download the Optimize Software Pricing in a Volatile Competitive Market Presentation Template

    6.0 Identify competitive pricing

    1-2 weeks

    Input: Identify price candidate competitors, Your product pricing, contract type, and product attribute information to compare against, Knowledge of existing competitor information, websites, and technology research sites to guide questions

    Output: Competitive product average pricing

    Materials: Optimize Software Pricing in a Volatile Competitive Market Workbook, Optimize Software Pricing in a Volatile Competitive Market Presentation Template

    Participants: Initiative manager, Customers, prospects

    1. Identify the top 3-5 competitors’ products that you most frequently compete against with your selected product.
    2. Perform competitive intelligence research on deals won or lost that contain competitive pricing insights by speaking with your sales force.
    3. Use the interviews with key customers to also inform competitive pricing insights. Include companies which you may have lost to a competitor in your customer interviewee list.
    4. Modify and add key competitive pricing, contract, or product attributes in the Optimize Software Pricing in a Volatile Competitive Market Workbook, tab 5: “Competitive Information.”
    5. Place your product’s information into the Optimize Software Pricing in a Volatile Competitive Market Workbook, tab 5: “Competitive Information.”
    6. Research your competitors’ summarized pricing and product attribute insights into the workbook.
    7. Record research in the Summarize research on competitors to arrive at an average “Competitors Avg. Price”. Record in ”Customer’s Value Price” in Optimize Software Pricing in a Volatile Competitive Market Presentation Template, slide 9, and details in Appendix, “Competitor Pricing Analysis,” slide 13.

    Download the Optimize Software Pricing in a Volatile Competitive Market Workbook

    Download the Optimize Software Pricing in a Volatile Competitive Market Presentation Template

    7.0 Establish new price and gain buy-in

    2-3 hours

    Input: Findings from competitive, cost-plus, and customer price/value analysis

    Output: Approvals for price change

    Materials: Optimize Software Pricing in a Volatile Competitive Market Presentation Template

    Participants: Initiative manager, Steering committee, Working team – typically representatives in product marketing, product management, sales

    1. Using prior recorded findings of Customer’s Value Price, Competitors’ Avg. Price, and Finance Markup Price, arrive at a recommended “New Price” and record in Optimize Software Pricing in a Volatile Competitive Market Presentation Template, slide 9 and the Appendix for Project Analysis Details.
    2. Present findings to steering committee. Be prepared to show customer interviews and competitive analysis results to support your recommendation.
    3. Plan internal and external communications and discuss the timing of when to “go live” with new pricing. Discuss issues related to migration to a new price, how to handle currently low-priced customers, and how to migrate them over time to the new pricing.
    4. Identify if it makes sense to target a date to launch the new pricing in the future, so customers can be alerted in advance and therefore take advantage of “current pricing” to drive added revenues.
    5. Confer with IT to assess times required to implement within CPQ systems and with product marketing for time to change sales proposals, slide decks, and any other affected assets and systems.

    Download the Optimize Software Pricing in a Volatile Competitive Market Presentation Template

    Summary of Accomplishment

    Problem Solved

    With the help of this blueprint, you have deepened your and your company’s understanding of how to look at new pricing opportunities and what the market and the buyer will pay for your product. You are among the minority of product and marketing leaders that have thoroughly documented their new pricing strategy and processes – congratulations!

    The benefits of having led your team through the process are significant and include the following:

    • Allow for faster, more accurate intake of customer and competitive data 
    • Refine the ability to effectively target pricing to specific market demands and customer segments 
    • Understand the association between the value proposition of products and services
    • Reduce financial costs and mistakes associated with manual efforts & uneducated guessing
    • Recognize and plan for new revenue opportunities or cost increases
    • Create new market or product packaging opportunities
    And finally, by bringing your team along with you in this process, you have also led your team to become more customer-focused while pricing your products – a strategic shift that all organizations should pursue.

    If you would like additional support, contact us and we’ll make sure you get the professional expertise you need.

    Contact your account representative for more information.

    info@softwarereviews.com
    1-888-670-8889

    Bibliography

    “Chapter 4 Reasons for Project Failure.” Kissflow's Guide to Project Management. Kissflow, n.d. Web.

    Edie, Naomi. “Microsoft Is Raising SaaS Prices, and Other Vendors Will, Too.” CIO Dive, 8 December 2021. Web.

    Gruman, Galen, Alan S. Morrison, and Terril A. Retter. “Software Pricing Trends.” PricewaterhouseCoopers, 2018. Web.

    Hargrave, Marshall. “Example of Economic Exposure.” Investopedia, 12 April 2022. Web.

    Heaslip, Emily. “7 Smart Pricing Strategies to Attract Customers.” CO—, 17 November 2021. Web.

    Higgins, Sean. “How to Price a Product That Your Sales Team Can Sell.” HubSpot, 4 April 2022. Web.

    “Pricing Strategies.” Growth Ramp, March 2022. Web.

    “Product Management Skills Benchmark Report 2021.” 280 Group, 9 November 2021. Web.

    Quey, Jason. “Price Increase: How to Do a SaaS Pricing Change in 8 Steps.” Growth Ramp, 22 March 2021. Web.

    Steenburg, Thomas, and Jill Avery. “Marketing Analysis Toolkit: Pricing and Profitability Analysis.” Harvard Business School, 16 July 2010. Web.

    “2021 State of Competitive Intelligence.” Crayon and SCIO, n.d. Web.

    Valchev, Konstantin. “Cost of Goods Sold (COGS) for Software-as-a-Service (SaaS) Business.” OpenView Venture Partners, OV Blog, 20 April 2020. Web.

    “What Is Price Elasticity?” Market Business News, n.d. Web.

    Create a Work-From-Anywhere Strategy

    • Buy Link or Shortcode: {j2store}323|cart{/j2store}
    • member rating overall impact: 9.0/10 Overall Impact
    • member rating average dollars saved: 33 Average Days Saved
    • member rating average days saved: After each Info-Tech experience, we ask our members to quantify the real-time savings, monetary impact, and project improvements our research helped them achieve.
    • Parent Category Name: IT Strategy
    • Parent Category Link: /it-strategy

    Work-from-anywhere isn’t going anywhere. During the initial rush to remote work, tech debt was highlighted and the business lost faith in IT. IT now needs to:

    • Rebuild trust with the CXO.
    • Identify gaps created from the COVID-19 rush to remote work.
    • Identify how IT can better support remote workers.

    IT went through an initial crunch to enable remote work. It’s time to be proactive and learn from our mistakes.

    Our Advice

    Critical Insight

    • It’s not about embracing the new normal; it’s about resiliency and long-term success. Your strategy needs to not only provide short-term operational value but also make the organization more resilient for the unknown risks of tomorrow.
    • The nature of work has fundamentally changed. IT departments must ensure service continuity, not for how the company worked in 2019, but for how the company is working now and will be working tomorrow.
    • Ensure short-term survival. Don’t focus on becoming an innovator until you are no longer stuck in firefighting.
    • Aim for near-term innovation. Once you’re a trusted operator, become a business partner by helping the business better adapt business processes and operations to work-from-anywhere.

    Impact and Result

    Follow these steps to build a work-from-anywhere strategy that resonates with the business:

    • Identify a vision that aligns with business goals.
    • Design the work-from-anywhere value proposition for critical business roles.
    • Benchmark your current maturity.
    • Build a roadmap for bridging the gap.

    Benefit employees’ remote working experience while ensuring that IT heads in a strategic direction.

    Create a Work-From-Anywhere Strategy Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should create a work-from-anywhere strategy, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Define a target state

    Identify a vision that aligns with business goals, not for how the company worked in 2019, but for how the company is working now and will be working tomorrow.

    • Work-From-Anywhere Strategy Template
    • Work-From-Anywhere Value Proposition Template

    2. Analyze current fitness

    Don’t focus on becoming an innovator until you are no longer stuck in firefighting mode.

    3. Build a roadmap for improving enterprise apps

    Use these blueprints to improve your enterprise app capabilities for work-from-anywhere.

    • Microsoft Teams Cookbook – Sections 1-2
    • Rationalize Your Collaboration Tools – Phases 1-3
    • Adapt Your Customer Experience Strategy to Successfully Weather COVID-19 Storyboard
    • The Rapid Application Selection Framework Deck

    4. Build a roadmap for improving strategy, people & leadership

    Use these blueprints to improve IT’s strategy, people & leadership capabilities for work-from-anywhere.

    • Define Your Digital Business Strategy – Phases 1-4
    • Training Deck: Equip Managers to Effectively Manage Virtual Teams
    • Sustain Work-From-Home in the New Normal Storyboard
    • Develop a Targeted Flexible Work Program for IT – Phases 1-3
    • Maintain Employee Engagement During the COVID-19 Pandemic Storyboard
    • Adapt Your Onboarding Process to a Virtual Environment Storyboard
    • Manage Poor Performance While Working From Home Storyboard
    • The Essential COVID-19 Childcare Policy for Every Organization, Yesterday Storyboard

    5. Build a roadmap for improving infrastructure & operations

    Use these blueprints to improve infrastructure & operations capabilities for work-from-anywhere.

    • Stabilize Infrastructure & Operations During Work-From-Anywhere – Phases 1-3
    • Responsibly Resume IT Operations in the Office – Phases 1-5
    • Execute an Emergency Remote Work Plan Storyboard
    • Build a Digital Workspace Strategy – Phases 1-3

    6. Build a roadmap for improving IT security & compliance capabilities

    Use these blueprints to improve IT security & compliance capabilities for work-from-anywhere.

    • Cybersecurity Priorities in Times of Pandemic Storyboard
    • Reinforce End-User Security Awareness During Your COVID-19 Response Storyboard

    Infographic

    Workshop: Create a Work-From-Anywhere Strategy

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Define a Target State

    The Purpose

    Define the direction of your work-from-anywhere strategy and roadmap.

    Key Benefits Achieved

    Base your decisions on senior leadership and user needs.

    Activities

    1.1 Identify drivers, benefits, and challenges.

    1.2 Perform a goals cascade to align benefits to business needs.

    1.3 Define a vision and success metrics.

    1.4 Define the value IT brings to work-from-anywhere.

    Outputs

    Desired benefits for work-from-anywhere

    Vision statement

    Mission statement

    Success metrics

    Value propositions for in-scope user groups

    2 Review In-Scope Capabilities

    The Purpose

    Focus on value. Ensure that major applications and IT capabilities will relieve employees’ pains and provide them with gains.

    Key Benefits Achieved

    Learn from past mistakes and successes.

    Increase adoption of resulting initiatives.

    Activities

    2.1 Review work-from-anywhere framework and identify capability gaps.

    2.2 Review diagnostic results to identify satisfaction gaps.

    2.3 Record improvement opportunities for each capability.

    2.4 Identify deliverables and opportunities to provide value for each.

    2.5 Identify constraints faced by each capability.

    Outputs

    SWOT assessment of work-from-anywhere capabilities

    Projects and initiatives to improve capabilities

    Deliverables and opportunities to provide value for each capability

    Constraints with each capability

    3 Build the Roadmap

    The Purpose

    Build a short-term plan that allows you to iterate on your existing strengths and provide early value to your users.

    Key Benefits Achieved

    Provide early value to address operational pain points.

    Build a plan to provide near-term innovation and business value.

    Activities

    3.1 Organize initiatives into phases.

    3.2 Identify tasks for short-term initiatives.

    3.3 Estimate effort with Scrum Poker.

    3.4 Build a timeline and tie phases to desired business benefits.

    Outputs

    Prioritized list of initiatives and phases

    Profiles for short-term initiatives

    Explore the Secrets of Workday Licensing

    • Buy Link or Shortcode: {j2store}144|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Licensing
    • Parent Category Link: /licensing
    • Organizations examining a move to Workday or renewing a contract struggle to gain information and leverage in the negotiation process on commercial components such as pricing transparency, contractual flexibility, terms, and license use rights.
    • Implementations and customization can become difficult if adequate planning steps and communication are not taken beforehand.
    • The FSE Worker Calculation formula is used in the pricing process and can be negotiable.
    • Information and training documentation must be searched in online handbooks, making it difficult to find and time consuming
    • Workday’s partner ecosystem, while closely managed, isn’t flowing with resources. Finding the right partner, at the right cost to support an implementation can be challenging.

    Our Advice

    Critical Insight

    1. Know which defined areas of the agreement can be negotiated and which can't.
    2. Workday closely manages the Partner ecosystem and requests feedback on how to better support and implement its technologies. However, resource availability and talent management can be difficult as not many have the necessary skills.
    3. Recognize and accept that you’ve chosen the premium priced product in the market, so be prepared to pay up for best-in-class capabilities on a cloud-native ERP platform.

    Impact and Result

    • Focus on needs first. Conduct a thorough needs assessment and document the results. Well-documented worker counts by category and licenses required will be your best asset in navigating Workday licensing and negotiating your agreement.
    • Ensure the chosen implementation partner isn’t simply an integrator but provides consultative help and service.
    • Leverage executive relationships, downstream increased spending opportunities, and effective communication to drive and manage the relationship and attain necessary information to make effective decisions.

    Explore the Secrets of Workday Licensing Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should explore the secrets of Workday licensing, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Understand Workday

    Understand Workday’s business model, competitive options, and what to know when conducting due diligence and requirements gathering.

    • Explore the Secrets of Workday Licensing – Phase 1: Understand Workday

    2. Understand licensing, negotiate commercial terms, and purchase

    Review product options and licensing rules. Determine negotiation points. Evaluate and finalize the contract.

    • Explore the Secrets of Workday Licensing – Phase 2: Understand Licensing, Negotiate Commercial Terms, and Purchase
    • Workday Terms and Conditions Evaluation Tool
    [infographic]

    Architect Your Big Data Environment

    • Buy Link or Shortcode: {j2store}202|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Big Data
    • Parent Category Link: /big-data
    • Organizations may understand the transformative potential of a big data initiative, but they struggle to make the transition from the awareness of its importance to identifying a concrete use case for a pilot project.
    • The big data ecosystem is crowded and confusing, and a lack of understanding of it may cause paralysis for organizations.

    Our Advice

    Critical Insight

    • Don’t panic, and make use of the resources you already have. The skills, tools, and infrastructure for big data can break any budget quickly, but before making rash decisions, start with the resources you have in-house.
    • Big data as a service (BDaaS) is making big waves. BDaaS removes many of the hurdles associated with implementing a big data strategy and vastly lowers the barrier of entry.

    Impact and Result

    • Follow Info-Tech’s methodology for understanding the types of modern approaches to big data tools, and then determining which approach style makes the most sense for your organization.
    • Based on your big data use case, create a plan for getting started with big data tools that takes into account the backing of the use case, the organization’s priorities, and resourcing available.
    • Put a repeatable framework in place for creating a comprehensive big data tool environment that will help you decide on the necessary tools to help you realize the value from your big data use case and scale for the future.

    Architect Your Big Data Environment Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should find your optimal approach to big data tools, review Info-Tech’s methodology, and understand the ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Plant the foundations of your big data tool architecture

    Identify your big data use case and your current data-related capabilities.

    • Architect Your Big Data Environment – Phase 1: Plant the Foundations of Your Big Data Tool Architecture
    • Big Data Execution Plan Presentation
    • Big Data Architecture Planning Tool

    2. Weigh your big data architecture decision criteria

    Determine your capacity for big data tools, as well as the level of customizability and security needed for your solution to help justify your implementation style decision.

    • Architect Your Big Data Environment – Phase 2: Weigh Your Big Data Architecture Decision Criteria

    3. Determine your approach to implementing big data tools

    Analyze the three big data implementation styles, select your approach, and complete the execution plan for your big data initiative.

    • Architect Your Big Data Environment – Phase 3: Determine Your Approach To Implementing Big Data Tools
    [infographic]

    Availability and Capacity Management

    • Buy Link or Shortcode: {j2store}10|cart{/j2store}
    • Related Products: {j2store}10|crosssells{/j2store}
    • Up-Sell: {j2store}10|upsells{/j2store}
    • member rating overall impact: 8.0/10.0
    • member rating average dollars saved: $2,950
    • member rating average days saved: 10
    • Parent Category Name: Resilient IT Operations
    • Parent Category Link: /resilience/resilient-operations-and-it
    Develop your availability and capacity management plant and align it with exactly what the business expects.

    Make the Case for Enterprise Business Analysis

    • Buy Link or Shortcode: {j2store}509|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Requirements & Design
    • Parent Category Link: /requirements-and-design
    • It can be difficult to secure alignment between the many lines of business, IT included, in your organization.
    • Historically, we have drawn a dividing line between IT and "the business.”
    • The reality of organizational politics and stakeholder bias means that, with selection and prioritization, sometimes the highest value option is dismissed to make way for the loudest voice’s option.

    Our Advice

    Critical Insight

    • Enterprise business analysis can help you stop the debate between IT and “the business,” as it sees everyone as part of the business. It can effectively break down silos, support the development of holistic strategies to address internal and external risks, and remove the bias and politics in decision making all too common in organizations.
    • The business analyst is the only role that can connect the strategic with the tactical, the systems, and the operations and do so objectively. It is the one source to show how people, process, and technology connect and relate, and the most skilled can remove bias and politics from their lens of view.
    • Maturity can’t be rushed. Build your enterprise business analysis program on a solid foundation of leading and consistent business analysis practices to secure buy-in and have a program that is sustainable in the long term.

    Impact and Result

    Let’s make the case for enterprise business analysis!

    • Organizations that have higher business analysis maturity and deploy enterprise analysis deliver better quality outcomes, with higher value, lower cost, and higher user satisfaction.
    • Business analysts should be contributing at the strategic level, as they need to understand multiple horizons simultaneously and be able to zoom in and out as the context calls for it. Business analysts aren’t only for projects.

    Make the Case for Enterprise Business Analysis Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Make the Case for Enterprise Business Analysis Storyboard – Take your business analysis from tactics to strategy.

    • Make the Case for Enterprise Business Analysis Storyboard

    2. Communicate the Case for Enterprise Business Analysis Template – Make the case for enterprise business analysis.

    • Communicate the Case for Enterprise Business Analysis
    [infographic]

    Further reading

    Make the Case for Enterprise Business Analysis

    Putting the strategic and tactical puzzle together.

    Analyst Perspective

    We commonly recognize the value of effective business analysis at a project or tactical level. A good business analysis professional can support the business by identifying its needs and recommending solutions to address them.
    Now, wouldn't it be great if we could do the same thing at a higher level?
    Enterprise (or strategic) business analysis is all about seeing that bigger picture, an approach that makes any business analysis professional a highly valuable contributor to their organization. It focuses on the enterprise, not a specific project or line of business.
    Leading the business analysis effort at an enterprise level ensures that your business is not only doing things right, but also doing the right things; aligned with the strategic vision of your organization to improve the way decisions are made, options are analyzed, and successful results are realized.

    Vincent Mirabelli

    Vincent Mirabelli
    Principal Research Director, Applications Delivery and Management
    Info-Tech Research Group

    Executive Summary

    Your Challenge

    • Difficulty properly aligning between the many lines of business in your organization.
    • Historically, we have drawn a dividing line between IT and the business.
    • The reality of organizational politics and stakeholder bias means that, with selection and prioritization, sometimes the highest value option is dismissed in favor of the loudest voice.

    Common Obstacles

    • Difficulty aligning an ever-changing backlog of projects, products, and services while simultaneously managing risks, external threats, and stakeholder expectations.
    • Many organizations have never heard of enterprise business analysis and only see the importance of business analysts at the project and delivery level.
    • Business analysis professionals rarely do enough to advocate for a seat at the strategic tables in their organizations.

    Info-Tech's Approach

    Let's make the case for enterprise business analysis!

    • Organizations that have higher business analysis maturity and deploy enterprise business analysis deliver better quality outcomes with higher value, lower cost, and higher user satisfaction.
    • Business analysts aren't only for projects. They should contribute at the strategic level, since they need to understand multiple horizons simultaneously and be able to zoom in and out as the context requires.

    Info-Tech Insight

    Enterprise business analysis can help you reframe the debate between IT and the business, since it sees everyone as part of the business. It can effectively break down silos, support the development of holistic strategies to address internal and external risks, and remove bias and politics from decision making.

    Phase 1

    Build the case for enterprise business analysis

    Phase 1

    Phase 2

    1.1 Define enterprise business analysis

    1.2 Identify your pains and opportunities

    2.1 Set your vision

    2.2 Define your roadmap and next steps

    2.3 Complete your executive communications deck

    This phase will walk you through the following activities:

    • 1.1.1 Discuss how business analysis is used in our organization
    • 1.1.2 Discuss your disconnects between strategy and tactics
    • 1.2.1 Identify your pains and opportunities

    This phase involves the following participants:

    • Business analyst(s)
    • Organizational business leaders
    • Any other relevant stakeholders

    How business analysis supports our success today

    Delivering value at the tactical level

    Effective business analysis helps guide an organization through improvements to processes, products, and services. Business analysts "straddle the line between IT and the business to help bridge the gap and improve efficiency" in an organization (CIO, 2019).
    They are most heavily involved in:

    • Defining needs
    • Modeling concepts, processes, and solutions
    • Conducting analysis
    • Maintaining and managing requirements
    • Managing stakeholders
    • Monitoring progress
    • Doing business analysis planning
    • Conducting elicitation

    In a survey, business analysts indicated that of their total working time, they spend 31% performing business analysis planning and 41% performing elicitation and analysis (PMI, 2017).

    By including a business analyst in a project, organizations benefit by:
    (IAG, 2009)

    87%

    Reduced time overspending

    75%

    Prevented budget overspending

    78%

    Reduction in missed functionality

    1.1.1 Discuss how business analysis is used in your organization

    15-30 minutes

    1. Gather the appropriate stakeholders to discuss their knowledge, experience, and perspectives on business analysis. This should relate to their experience and not a future or aspirational usage.
    2. Have a team member facilitate the session.
    3. Brainstorm and document all shared thoughts and perspectives.
    4. Synthesize those thoughts and perspectives and record the results for the group to review and discuss.
    5. Transfer the results to the Communicate the Case for Enterprise Business Analysis template

    Input

    • Stakeholder knowledge and experience

    Output

    • A shared understanding of how your organization leverages its business analysis function

    Materials

    • Whiteboard/Flip charts
    • Collaborative whiteboard
    • Communicate the Case for Enterprise Business Analysis template

    Participants

    • Business analyst(s)
    • Organizational business leaders
    • Any other relevant stakeholders

    Download the Communicate the Case for Enterprise Business Analysis template

    Executives and leadership are satisfied with IT when there is alignment between tactics and goals

    Info-Tech's CIO Business Vision Survey data highlights the importance of IT projects in supporting the business to achieve its strategic goals.

    However, Info-Tech's CEO-CIO Alignment Survey (N=124) data indicates that CEOs perceive IT as poorly aligned with the business' strategic goals.

    Info-Tech's CIO-CEO Alignment Diagnostics

    43%

    of CEOs believe that business goals are going unsupported by IT.

    60%

    of CEOs believe that IT must improve understanding of business goals.

    80%

    of CIOs/CEOs are misaligned on the target role of IT.

    30%

    of business stakeholders support their IT departments.

    Addressing problems solely with tactics does not always have the desired effect

    94%

    Source: "Out of the Crisis", Deming (via Harvard Business Review)

    According to famed management and quality thought leader and pioneer W. Edwards Deming, 94% of issues in the workplace are systemic cause significant organizational pain.

    Yet we continue to address them on the surface, rather than acknowledge how ingrained they are in our culture, systems, and processes.

    For example, we:

    • Create workarounds to address process and solution constraints
    • Expect that poor (or lack of ) leadership can be addressed in a course or seminar
    • Expect that "going Agile" will resolve our problems, and that decision making, governance, and organizational alignment will happen organically.

    Band-aid solutions rarely have the desired effect, particularly in the long-term.

    Our solutions should likewise focus on the systemic/macro environment. We can do this via projects, products and services, but those don't always address the larger issues.

    If we take the work our business analysis currently does in defining needs and solutions, and elevate this to the strategic level, the results can be impactful.

    Many organizations would benefit from enhancing their business analysis maturity

    The often-overlooked strategic value of the role comes with maturing your practices.

    Only 18% of organizations have mature (optimized or established) business analysis practices.

    With that higher level of maturity comes increased levels of capability, efficiency, and effectiveness in delivering value to people, processes, and technology. Through such efforts, they're better equipped and able to connect the strategy of their organization to the projects, processes, and products they deliver.

    They shift focus from "figuring business analysis out" to truly unleashing its potential, with business analysts contributing in strategic and tactical ways.

    an image showing the following data: Optimized- 5; Established- 13; Improving- 37; Starting- 25; Ad hoc- 21

    (Adapted from PMI, 2017)

    Info-Tech Insight

    Business analysts are best suited to connect the strategic with the tactical, the systems, and the operations. They maintain the most objective lens regarding how people, process, and technology connect and relate, and the most skilled of them can remove bias and politics from their perspective.

    1.1.2 Discuss your disconnects between strategy and tactics

    30-60 minutes

      1. Gather the appropriate stakeholders to discuss their knowledge, experience, and perspectives regarding failures that resulted from disconnects between strategy and tactics.
      2. Have a team member facilitate the session.
      3. Brainstorm and document all shared thoughts and perspectives.
      4. Synthesize those thoughts and perspectives and record the results.
      5. Transfer the results to the Communicate the Case for Enterprise Business Analysis template.

    Input

    • Stakeholder knowledge and experience

    Output

    • A shared understanding and list of failures due to disconnects between strategy and tactics

    Materials

    • Whiteboard/Flip charts
    • Collaborative whiteboard
    • Communicate the Case for Enterprise Business Analysis template

    Participants

    • Business analyst(s)
    • Organizational business leaders
    • Any other relevant stakeholders

    Download the Communicate the Case for Enterprise Business Analysis template

    Defining enterprise business analysis

    Terms may change, but the function remains the same.

    Enterprise business analysis (sometimes referred to as strategy analysis) "…focuses on defining the future and transition states needed to address the business need, and the work required is defined both by that need and the scope of the solution space. It covers strategic thinking in business analysis, as well as the discovery or imagining of possible solutions that will enable the enterprise to create greater value for stakeholders and/or capture more value for itself."
    (Source: "Business Analysis Body of Knowledge," v3)

    Define the function of enterprise business analysis

    This is a competitive advantage for mature organizations.

    Organizations with high-performing business analysis programs experience an enhanced alignment between strategy and operations. This contributes to improved organizational performance. We see this in financial (69% vs. 45%) and strategic performance (66% vs. 21%), also organizational agility (40% vs. 14%) and management of operational projects (62% vs. 29%). (PMI, 2017)

    When comparing enterprise with traditional business analysis, we see stark differences in the size and scope of their view, where they operate, and the role they play in organizational decision making.

    Enterprise Traditional
    Decision making Guides and influences Executes
    Time horizon 2-10 years 0-2 years
    Focus Strategy, connecting the strategic to the operational Operational, optimizing how business is done, and keeping the lights on
    Domain

    Whole organization

    Broader marketplace

    Only stakeholder lines of business relevant to the current project, product or service
    Organizational Level Executive/Leadership Project

    (Adapted from Schulich School of Business)

    Info-Tech Insight

    Maturity can't be rushed. Build your enterprise business analysis program on a solid foundation of leading and consistent business analysis practices to secure buy-in and have a program that is sustainable in the long term.

    An image showing the percentages of high- and low- maturity organizations, for the following categories: Financial performance; Strategy implementation; Organizational agility; Management of projects.

    (Adapted from PMI, 2017)

    How enterprise business analysis is used to improve organizations

    The biggest sources of project failure include:

    • Wrong (or poor) requirements
    • Unrealistic (or incomplete) business case
    • Lack of appropriate governance and oversight
    • Poor implementation
    • Poor benefits management
    • Environmental changes

    Source: MindTools.com, 2023.

    Enterprise business analysis addresses these sources and more.

    It brings a holistic view of the organization, improving collaboration and decision making across the many lines of business, effectively breaking down silos.

    In addition to ensuring we're doing the right things, not just doing things right in the form of improved requirements and more accurate business cases, or ensuring return on investment (ROI) and monitoring the broader landscape, enterprise business analysis also supports:

    • Reduced rework and waste
    • Understanding and improving operations
    • Making well-informed decisions through improved objectivity/reduced bias
    • Identifying new opportunities for growth and expansion
    • Identifying and mitigating risk
    • Eliminating projects and initiatives that do not support organizational goals or objectives
    • A career-pathing option for business analysts

    Identify your pains and opportunities

    There are many considerations in enterprise business analysis.

    Pains, gains, threats, and opportunities can come at your organization from anywhere. Be it a new product launch, an international expansion, or a new competitor, it can be challenging to keep up.

    This is where an enterprise business analyst can be the most helpful.

    By keeping a pulse on the external and internal environments, they can support growth, manage risks, and view your organization through multiple lenses and perspectives to get a single, complete picture.

    External

    Internal

    Identifying competitive forces

    In the global environment

    Organizational strengths and weaknesses

    • Monitoring and maintaining your competitive advantage.
    • Understanding trends, risks and threats in your business domain, and how they affect your organization.
    • Benchmarking performance against like and unlike organizations, to realize where you stand and set a baseline for continuous improvement and business development.
    • Leveraging tools and techniques to scan the broader landscape on an ongoing basis. Using PESTLE analysis, they can monitor the political, economic, social, technological, legal, and environmental factors that impact when, where, how, and with who you conduct your business and IT operations.
    • Supporting alignment between a portfolio or program of projects and initiatives.
    • Improving alignment between the various lines of business, who often lack full visibility outside of their silo, and can find themselves clashing over time, resources, and attention from leaders.
    • Improving solutions and outcomes through objective option selection.

    1.2.1 Identify your pains and opportunities

    30-60 minutes

    1. As a group, generate a list of the current pains and opportunities facing your organization. You can focus on a particular type (competitive, market, or internal) or leave it open. You can also focus on pains or opportunities separately, or simultaneously.
    2. Have a team member facilitate the session.
    3. Record the results for the group to review, discuss, and prioritize.
      1. Discuss the impact and likelihood of each item. This can be formally ranked and quantified if there is data to support the item or leveraging the wisdom of the group.
      2. Prioritize the top three to five items of each type, as agreed by the group, and document the results.
    4. Transfer the results to the Communicate the Case for Enterprise Business Analysis template.

    Download the Communicate the Case for Enterprise Business Analysis template

    Input

    • Attendee knowledge
    • Supporting data, if available

    Output

    • A list of identified organizational pains and opportunities that has been prioritized by the group

    Materials

    • Whiteboard/Flip charts
    • Collaborative whiteboard
    • Communicate the Case for Enterprise Business Analysis template

    Participants

    • Business analyst(s)
    • Organizational business leaders
    • Any other relevant stakeholders

    Phase 2

    Prepare the foundations for your enterprise business analysis program

    Phase 1

    Phase 2

    1.1 Define enterprise business analysis

    1.2 Identify your pains and opportunities

    2.1 Set your vision

    2.2 Define your roadmap and next steps

    2.3 Complete your executive communications deck

    This phase will walk you through the following activities:

    • 2.1.1 Define your vision and goals
    • 2.1.2 Identify your enterprise business analysis inventory
    • 2.2.1 Now, Next, Later

    This phase involves the following participants:

    • Business analyst(s)
    • Organizational business leaders
    • Any other relevant stakeholders

    Set your vision

    Your vision becomes your "north star," guiding your journey and decisions.

    When thinking about a vision statement for enterprise business analysis, think about:

    • Who are we doing this for? Who will benefit?
    • What do our business partners need? What do our customers need?
    • What value do we provide them? How can we best support them?
    • Why is this special/different from how we usually do business?

    Always remember: Your goal is not your vision!

    Not knowing the difference will prevent you from both dreaming big and achieving your dream.

    Your vision represents where you want to go. It's what you want to do.

    Your goals represent how you want to achieve your vision.

    • They are a key element of operationalizing your vision.
    • Your strategy, initiatives, and features will align with one or more goals.

    Info-Tech Best Practice

    Your vision shouldn't be so far out that it doesn't feel real, nor so short term that it gets bogged down in details. Finding balance will take some trial and error and will be different depending on your organization.

    2.1.1 Define your vision and goals

    1-2 hours

    1. Gather the appropriate stakeholders to discuss their vision for enterprise business analysis. It should address the questions used in framing your vision statement.
    2. Have a team member facilitate the session.
    3. Review your current organizational vision and goals.
    4. Discuss and document all shared thoughts and perspectives on how enterprise business analysis can align with the organizational vision.
    5. Synthesize those thoughts and perspectives to create a vision statement.
    6. Transfer the results to the Communicate the Case for Enterprise Business Analysis template.

    Download the Communicate the Case for Enterprise Business Analysis template

    Input

    • Stakeholder vision, knowledge, and experience
    • Current organizational vision and goals

    Output

    • A documented vision and goals for your enterprise business analysis program

    Materials

    • Whiteboard/Flip charts
    • Collaborative whiteboard
    • Communicate the Case for Enterprise Business Analysis template

    Participants

    • Business analyst(s)
    • Organizational business leaders
    • Any other relevant stakeholders

    Components of successful enterprise business analysis programs

    Ensure you're off to the best start by examining where you are and where you want to go.

    Training

    • Do the current team members have the right level of training?
    • Can we easily obtain training to close any gaps?

    Competencies and capabilities

    • Do our business analysts have the right skills, attributes, and behaviors to be successful?

    Structure and alignment

    • Would the organizational culture support enterprise business analysis (EBA)?
    • How might we structure the EBA unit to maximize effectiveness?
    • How can we best support the organization's goals and objectives?

    Methods and processes

    • How do we plan on managing the work to be done?
    • Can we define our processes and workflows?

    Tools, techniques, and templates

    • Do we have the most effective tools, techniques, and templates?

    Governance

    • How will we make decisions?
    • How will the program be managed?

    2.1.2 Identify your enterprise business analysis inventory

    30-60 minutes

    1. Gather the appropriate stakeholders to discuss the current business analysis assets, which could be leveraged for enterprise business analysis. This includes people, processes, and technologies which cover skills, knowledge, resources, experience, knowledge, and competencies. Focus on what the organization currently has, and not what it needs.
    2. Have a team member facilitate the session.
    3. Record the results for the group to review and discuss.
    4. Transfer the results to the Communicate the Case for Enterprise Business Analysis template.

    Download the Communicate the Case for Enterprise Business Analysis template

    Input

    • Your current business analysis assets and resources Stakeholder knowledge and experience

    Output

    • A list of assets and resources to enable enterprise business analysis

    Materials

    • Whiteboard/Flip charts
    • Collaborative whiteboard
    • Communicate the Case for Enterprise Business Analysis template

    Participants

    • Business analyst(s)
    • Organizational business leaders
    • Any other relevant stakeholders

    Define your roadmap and next steps

    What do we have? What do we need?

    From completing the enterprise business analysis inventory, you will have a comprehensive list of all available assets.

    The next question is, how can this be leveraged to start building for the future?

    To operationalize enterprise business analysis, consider:

    • What do we still need to do?
    • How important are the identified gaps? Can we still operate?
    • What decisions do we need to make?
    • What stakeholders do we need to involve? Have we engaged them all?

    Lay out your roadmap

    Taking steps to mature your enterprise business analysis practice.

    The Now, Next, Later technique is a method for prioritizing and planning improvements or tasks. This involves breaking down a list of tasks or improvements into three categories:

    • Now tasks are those that must be completed immediately. These tasks are usually urgent or critical, and they must be completed to keep the project or organization running smoothly.
    • Next tasks are those that should be completed soon. These tasks are not as critical as Now tasks, but they are still important and should be tackled relatively soon.
    • Later tasks are those that can be completed later. These tasks are less critical and can be deferred without causing major problems.

    By using this technique, you can prioritize and plan the most important tasks, while allowing the flexibility to adjust as necessary.

    This technique also helps clarify what must be done first vs. what can wait. This prioritizes the most important things while keeping track of what must be done next, maintaining a smooth development/improvement process.

    An image of the now - next - later roadmap technique.

    2.2.1 Now, Next, Later

    1-2 hours

    1. Use the list of items created in 2.1.2 (Identify your enterprise business analysis inventory). Add any you feel are missing during this exercise.
    2. Have a team member facilitate the session.
    3. In the Communicate the Case for Enterprise Business Analysis template, categorize these items according to Now, Next and Later, where:
      1. Now = Critically important items that may require little effort to complete. These must be done within the next six months.
      2. Next = Important items that may require more effort or depend on other factors. These must be done in six to twelve months.
      3. Later = Less important items that may require significant effort to complete. These must be done at some point within twelve months.

    Ultimately, the choice of priority and timing is yours. Recognize that items may change categories as new information arises.

    Download the Communicate the Case for Enterprise Business Analysis template

    Input

    • Your enterprise business analysis inventory and gaps
    • Stakeholder knowledge and experience

    Output

    • A prioritized list of items to enable enterprise business analysis

    Materials

    • Whiteboard/Flip charts
    • Collaborative whiteboard
    • Communicate the Case for Enterprise Business Analysis template

    Participants

    • Business analyst(s)
    • Organizational business leaders
    • Any other relevant stakeholders

    2.3 Complete your executive communication deck

    Use the results of your completed exercises to build your executive communication slide deck, to make the case for enterprise business analysis

    Slide Header Associated Exercise Rationale
    Pains and opportunities

    1.1.2 Discuss your disconnects between strategy and tactics

    1.2.1 Identify your pains and opportunities

    This helps build the case for enterprise business analysis (EBA), leveraging the existing pains felt in the organization. This will draw the connection for your stakeholders.
    Our vision and goals 2.1.1 Define your vision and goals Defines where you want to go and what effort will be required.
    What is enterprise business analysis

    1.1.1 How is BA being used in our organization today?
    Pre-populated supporting content

    Defines the discipline of EBA and how it can support and mature your organization.
    Expected benefits Pre-populated supporting content What's in it for us? This section helps answer that question. What benefits can we expect, and is this worth the investment of time and effort?
    Making this a reality 2.1.2 Identify your EBA inventory Identifies what the organization presently has that makes the effort easier. It doesn't feel as daunting if there are existing people, processes, and technologies in place and in use today.
    Next steps 2.2.1 Now, Next, Later A prioritized list of action items. This will demonstrate the work involved, but broken down over time, into smaller, more manageable pieces.

    Track metrics

    Track metrics throughout the project to keep stakeholders informed.

    As the project nears completion:

    1. You will have better-aligned and more satisfied stakeholders.
    2. You will see fewer projects and initiatives that don't align with the organizational goals and objectives.
    3. There will be a reduction in costs attributed to misaligned projects and initiatives (as mentioned in #2) and the opportunity to allocate valuable time and resources to other, higher-value work.
    Metric Description Target Improvement/Reduction
    Improved stakeholder satisfaction Lines of business and previously siloed departments/divisions will be more satisfied with time spent on solution involvement and outcomes. 10% year 1, 20% year 2
    Reduction in misaligned/non-priority project work Reduction in projects, products, and services with no clear alignment to organizational goals. With that, resource costs can be allocated to other, higher-value solutions. 10% year 1, 25% year 2
    Improved delivery agility/lead time With improved alignment comes reduced conflict and political infighting. As a result, the velocity of solution delivery will increase. 10%

    Bibliography

    Bossert, Oliver and Björn Münstermann. "Business's 'It's not my problem' IT problem." McKinsey Digital. 30 March, 2023.
    Brule, Glenn R. "The Lay of the Land: Enterprise Analysis." Modern Analyst.
    "Business Analysis: Leading Organizations to Better Outcomes." Project Management Institute (PMI), 2017
    Corporate Finance Institute. "Strategic Analysis." Updated 14 March 2023
    IAG Consulting. Business Analysis Benchmark Report, 2009.
    International Institute of Business Analysis. "A Guide to the Business Analysis Body of Knowledge" (BABOK Guide) version 3.
    Mirabelli, Vincent. "Business Analysis Foundations: Enterprise" LinkedIn Learning, February 2022.
    - - "Essential Techniques in Enterprise Analysis" LinkedIn Learning, September 2022.
    - - "The Essentials of Enterprise Analysis" Love the Process Academy. May 2020.
    - - "The Value of Enterprise Analysis." VincentMirabelli.com
    Praslova, Ludmila N. "Today's Most Critical Workplace Challenges Are About Systems." Harvard Business Review. 10 January 2023.
    Pratt, Mary K. and Sarah K. White. "What is a business analyst? A key role for business-IT efficiency." CIO. 17 April, 2019.
    Project Management Institute. "Business Analysis: Leading Organizations to Better Outcomes." October 2017.
    Sali, Sema. "The Importance of Strategic Business Analysis in Successful Project Outcomes." International Institute of Business Analysis. 26 May 2022.
    - - "What Does Enterprise Analysis Look Like? Objectives and Key Results." International Institute of Business Analysis. 02 June 2022.
    Shaker, Kareem. "Why do projects really fail?" Project Management Institute, PM Network. July 2010.
    "Strategic Analysis: Definition, Types and Benefits" Voxco. 25 February 2022.
    "The Difference Between Enterprise Analysis and Business Analysis." Schulich School of Business, Executive Education Center. 24 September 2018 (Updated June 2022)
    "Why Do Projects Fail: Learning How to Avoid Project Failure." MindTools.com. Accessed 24 April 2023.

    Identify and Manage Financial Risk Impacts on Your Organization

    • Buy Link or Shortcode: {j2store}218|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Vendor Management
    • Parent Category Link: /vendor-management
    • As vendors become more prevalent in organizations, organizations increasingly need to understand and manage the potential financial impacts of vendors’ actions.
    • It is only a matter of time until a vendor mistake impacts your organization. Make sure you are prepared to manage the adverse financial consequences.

    Our Advice

    Critical Insight

    • Identifying and managing a vendor’s potential financial impact requires multiple people in the organization across several functions – and those people all need educating on the potential risks.
    • Organizational leadership is often unaware of decisions on organizational risk appetite and tolerance, and they assume there are more protections in place against risk impact than there truly are.

    Impact and Result

    • Vendor management practices educate organizations on the different potential financial impacts that vendors may incur and suggest systems to help manage them.
    • Prioritize and classify your vendors with quantifiable, standardized rankings.
    • Prioritize focus on your high-risk vendors.
    • Standardize your processes for identifying and monitoring vendor risks to manage financial impacts with our Financial Risk Impact Tool.

    Identify and Manage Financial Risk Impacts on Your Organization Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Identify and Manage Financial Risk Impact on Your Organization Deck – Use the research to better understand the negative financial impacts of vendor actions.

    Use this research to identify and quantify the potential financial impacts of vendors’ poor performance. Use Info-Tech’s approach to look at the financial impact from various perspectives to better prepare for issues that may arise.

    • Identify and Manage Financial Risk Impacts on Your Organization Storyboard

    2. “What If” Financial Risk Impact Tool – Use this tool to help identify and quantify the financial impacts of negative vendor actions.

    By playing the “what if” game and asking probing questions to draw out – or eliminate – possible negative outcomes, everyone involved adds their insight into parts of the organization to gather a comprehensive picture of potential impacts.

    • Financial Risk Impact Tool
    [infographic]

    Further reading

    Identify and Manage Financial Risk Impacts on Your Organization

    Good vendor management practices help organizations understand the costs of negative vendor actions.

    Analyst Perspective

    Vendor actions can have significant financial consequences for your organization.

    Photo of Frank Sewell, Research Director, Vendor Management, Info-Tech Research Group.

    Vendors are becoming more influential and essential to the operation of organizations. Often the sole risk consideration of a business is whether the vendor meets a security standard, but vendors can negatively impact organizations’ budgets in various ways. Fortunately, though inherent risk is always present, organizations can offset the financial impacts of high-risk vendors by employing due diligence in their vendor management practices to help manage the overall risks.

    Frank Sewell
    Research Director, Vendor Management
    Info-Tech Research Group

    Executive Summary

    Your Challenge

    As vendors become more prevalent in organizations, organizations increasingly need to understand and manage the potential financial impacts of vendors’ actions.

    It is only a matter of time until a vendor mistake impacts your organization. Make sure you are prepared to manage the adverse financial consequences.

    Common Obstacles

    Identifying and managing a vendor’s potential financial impact requires multiple people in the organization across several functions – and those people all need educating on the potential risks.

    Organizational leadership is often unaware of decisions on organizational risk appetite and tolerance, and they assume there are more protections in place against risk impact than there truly are.

    Info-Tech’s Approach

    Vendor management practices educate organizations on the different potential financial impacts that vendors may incur and suggest systems to help manage them.

    Prioritize and classify your vendors with quantifiable, standardized rankings.

    Prioritize focus on your high-risk vendors.

    Standardize your processes for identifying and monitoring vendor risks to manage financial impacts with our Financial Risk Impact Tool.

    Info-Tech Insight

    Companies without good vendor management risk initiatives will take on more risk than they should. Solid vendor management practices are imperative –organizations must evolve to ensure that vendors deliver services according to performance objectives and that risks are managed accordingly.

    Info-Tech’s multi-blueprint series on vendor risk assessment

    There are many individual components of vendor risk beyond cybersecurity.

    Cube with each multiple colors on each face, similar to a Rubix cube, and individual components of vendor risk branching off of it: 'Financial', 'Reputational', 'Operational', 'Strategic', 'Security', and 'Regulatory & Compliance'.

    This series will focus on the individual components of vendor risk and how vendor management practices can facilitate organizations’ understanding of those risks.

    Out of scope:
    This series will not tackle risk governance, determining overall risk tolerance and appetite, or quantifying inherent risk.

    Financial risk impact

    Potential losses to the organization due to financial risks

    In this blueprint, we’ll explore financial risks and their impacts.

    Identifying negative actions is paramount to assessing the overall financial impact on your organization, starting in the due diligence phase of the vendor assessment and continuing throughout the vendor lifecycle.

    Cube with each multiple colors on each face, similar to a Rubix cube, and the vendor risk component 'Financial' highlighted.

    Unbudgeted financial risk impact

    The costs of adverse vendor actions, such as a breach or an outage, are increasing. By knowing these potential costs, leaders can calculate how to avoid them throughout the lifecycle of the relationship.

    Loss of business represents the largest share of the breach

    38%

    Avg. $1.59M
    Global average cost of a vendor breach

    $4.2M

    Percentage of breaches in 2020 caused by business associates

    40.2%

    23.2% YoY
    (year over year)
    (Source: “Cost of a Data Breach Report 2021,” IBM, 2021) (Source: “Vendor Risk Management – A Growing Concern,” Stern Security, 2021)

    Example: Hospital IT System Outage

    Hospitals often rely on vendors to manage their data center environments but rarely understand the downstream financial impacts if that vendor fails to perform.

    For example, a vendor implements a patch out of cycle with no notice to the IT group. Suddenly all IT systems are down. It takes 12 hours for the IT teams to return systems to normal. The downstream impacts are substantial.

    • There is no revenue capture during outage (patient registration, payments).
      • The financial loss is significant, impacting cash on hand and jeopardizing future projects.
    • Clinicians cannot access the electronic health record (EHR) system and shift to downtime paper processes.
      • This can cause potential risks to patient health, such as unknown drug interactions.
      • This could also incur lawsuits, fines, and penalties.
    • Staff must manually add the paper records into the EHR after the incident is corrected.
      • Staff time is lost on creating paper records and overtime is required to reintroduce those records into EMR.
    • Staff time and overtime pay on troubleshooting and solving issues take away from normal operations and could cause delays, having downstream effects on the timing of other projects.

    Insight Summary

    Assessing financial impacts is an ongoing, educative, and collaborative multidisciplinary process that vendor management initiatives are uniquely designed to coordinate and manage for organizations.

    Insight 1 Vendors are becoming more and more crucial to organizations’ overall operations, and most organizations have a poor understanding of the potential impacts they represent.

    Is your vendor solvent? Do they have enough staff to accommodate your needs? Has their long-term planning been affected by changes in the market? Are they unique in their space?

    Insight 2 Financial impacts from other risk types deserve just as much focus as security alone, if not more.

    Examples include penalties and fines, loss of revenue due to operational impacts, vendor replacement costs, hidden costs in poorly understood contracts, and lack of contractual protections.

    Insight 3 There is always an inherent risk in working with a vendor, but organizations should financially quantify how much each risk may impact their budget.

    A significant concern for organizations is quantifying different types of risks. When a risk occurs, the financial losses are often poorly understood, with unbudgeted financial impacts.

    Three stages of vendor financial risk assessment

    Assess risk throughout the complete vendor lifecycle

    1. Pre-Relationship Due Diligence: The initial pre-relationship due diligence stage is a crucial point to establish risk management practices. Vendor management practices ensure that a potential vendor’s risk is categorized correctly by facilitating the process of risk assessment.
    2. Monitor & Manage: Once the relationship is in place, organizations should enact ongoing management efforts to ensure they are both getting their value from the vendor and appropriately addressing any newly identified risks.
    3. Termination: When the termination of the relationship arrives, the organization should validate that adequate protections that were established while forming a contract in the pre-relationship stage remain in place.

    Inherent risks from negative actions are pervasive throughout the entire vendor lifecycle. Collaboratively understanding those risks and working together to put proper management in place enables organizations to get the most value out of the relationship with the least amount of risk.

    Flowchart for 'Assessing Financial Risk Impacts', beginning with 'New Vendor' to 'Sourcing' to the six components of 'Vendor Management'. After a gamut of assessments such as ''What If' Game' one can either 'Accept' to move on to 'Pre-Relationship', 'Monitor & Manage', and eventually to 'Termination', or not accept and circle back to 'Sourcing'.

    Stage 1: Pre-relationship assessment

    Do these as part of your due diligence

    • Review and negotiate contract terms and conditions.
      • Ensure that you have the protections to make you whole in the event of an incident, in the event that another entity purchases the vendor, and throughout the entire lifecycle of your relationship with the vendor.
      • Make sure to negotiate your post-termination protections in the initial agreement.
    • Perform a due-diligence financial assessment.
      • Make sure the vendor is positioned in the market to be able to service your organization.
    • Perform an initial risk assessment.
      • Identify and understand all potential factors that may cause financial impacts to your organization.
      • Include total cost of ownership (TCO) and return of investment (ROI) as potential impact offsets.
    • Review case studies – talk to other customers.
      • Research who else has worked with the vendor to get “the good, the bad, and the ugly” stories to form a clear picture of a potential relationship with the vendor.
    • Use proofs of concept.
      • It is essential to know how the vendor and their solutions will work in the environment before committing resources and to incorporate them into organizational strategic plans.
    • Limit vendors’ ability to increase costs over the years. It is not uncommon for a long-term relationship to become more expensive than a new one over time when the increases are unmanaged.
    • Vendor audits can be costly and a significant distraction to your staff. Make sure to contractually limit them.
    • Many vendors enjoy significant revenue from unclear deliverables and vague expectations that lead to change requests at unknown rates – clarifying expectations and deliverables and demanding negotiated rate sheets before engagement will save budget and strengthen the relationship.

    Visit Info-Tech’s VMO ROI Calculator and Tracker

    The “what if” game

    1-3 hours

    Input: List of identified potential risk scenarios scored by likelihood and financial impact, List of potential management of the scenarios to reduce the risk

    Output: Comprehensive financial risk profile on the specific vendor solution

    Materials: Whiteboard/flip charts, Financial Risk Impact Tool to help drive discussion

    Participants: Vendor Management – Coordinator, IT Operations, Legal/Compliance/Risk Manager, Finance/Procurement

    Vendor management professionals are in an excellent position to collaboratively pull together resources across the organization to determine potential risks. By playing the “what if” game and asking probing questions to draw out – or eliminate – possible negative outcomes, everyone involved adds their insight into parts of the organization to gather a comprehensive picture of potential impacts.

    1. Break into smaller groups (or if too small, continue as a single group).
    2. Use the Financial Risk Impact Tool to prompt discussion on potential risks. Keep this discussion flowing organically to explore all potential risks but manage the overall process to keep the discussion on track.
    3. Collect the outputs and ask the subject matter experts for management options for each one in order to present a comprehensive risk strategy. You will use this to educate senior leadership so that they can make an informed decision to accept or reject the solution.

    Download the Financial Risk Impact Tool

    Stage 2.1: Monitor the financial risk

    Ongoing monitoring activities

    Never underestimate the value of keeping the relationship moving forward.

    Examples of items and activities to monitor include;

    Stock photo of a worker being trained on a computer.
    • Fines
    • Data leaks
    • Performance
    • Credit monitoring
    • Viability/solvency
    • Resource capacity
    • Operational impacts
    • Regulatory penalties
    • Increases in premiums
    • Security breaches (infrastructure)

    Info-Tech Insight

    Many organizations do not have the resources to dedicate to annual risk assessments of all vendors.

    Consider timing ongoing risk assessments to align with contract renewal, when you have the most leverage with the vendor.

    Visit Info-Tech’s Risk Register Tool

    Stage 2.2: Manage the financial risk

    During the lifecycle of the vendor relationship

    • Renew risk assessments annually.
    • Focus your efforts on highly ranked risks.
    • Is there a new opportunity to negotiate?
    • Identify and classify individual vendor risk.
    • Are there better existing contracts in place?
    • Review financial health checks at the same time.
    • Monitor and schedule contract renewals and new service/module negotiations.
    • Perform business alignment meetings to reassess the relationship.
    • Ongoing operational meetings should be supplemental, dealing with day-to-day issues.
    • Develop performance metrics and hold vendors accountable to established service levels.
    Stock image of a professional walking an uneven line over the words 'Risk Management'.

    Stage 3: Termination

    An essential and often overlooked part of the vendor lifecycle is the relationship after termination

    • The risk of a vendor keeping your data for “as long as they want” is high.
      • Data retention becomes a “forever risk” in today’s world of cyber issues if you do not appropriately plan.
    • Ensure that you always know where data resides and where people are allowed to access that data.
      • If there is a regulatory need to house data only in specific locations, ensure that it is explicit in agreements.
    • Protect your data through language in initial agreements that covers what needs to happen when the relationship with the vendor terminates.
      • Typically, all the data that the vendor has retained is returned and/or destroyed at your sole discretion.
    Stock image of a sign reading 'Closure'.

    Related Info-Tech Research

    Stock photo of two co-workers laughing. Design and Build an Effective Contract Lifecycle Management Process
    • Achieve measurable savings in contract time processing, financial risk avoidance, and dollar savings
    • Understand how to identify and mitigate risk to save the organization time and money.
    Stock image of reports and file folders. Identify and Reduce Agile Contract Risk
    • Manage Agile contract risk by selecting the appropriate level of protections for an Agile project.
    • Focus on the correct contract clauses to manage Agile risk.
    Stock photo of three co-workers gathered around a computer screen. Jump Start Your Vendor Management Initiative
    • Vendor management must be an IT strategy. Solid vendor management is an imperative – IT organizations must develop capabilities to ensure that services are delivered by vendors according to service level objectives and that risks are mitigated according to the organization's risk tolerance.
    • Gain visibility into your IT vendor community. Understand how much you spend with each vendor and rank their criticality and risk to focus on the vendors you should be concentrating on for innovative solutions.

    Build a Better Manager

    • Buy Link or Shortcode: {j2store}603|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Train & Develop
    • Parent Category Link: /train-and-develop
    • Management skills training is needed, but organizations are struggling to provide training that makes a long-term difference in the skills managers actually use in their day to day.
    • Many training programs are ineffective because they offer the wrong content, deliver it in a way that is not memorable, and are not aligned with the IT department’s business objectives.

    Our Advice

    Critical Insight

    • More of the typical manager training is not enough to solve the problem of underprepared first-time IT managers.
    • You must overcome the key pitfalls of ineffective training to deliver training that is better than the norm.
    • Offer tailored training that focuses on skill building and is aligned with measurable business goals to make your manager training a tangible success.

    Impact and Result

    Use Info-Tech’s tactical, practical training materials to deliver training that is:

    • Specifically tailored to first-time IT managers.
    • Designed around practical application of new skills.
    • Aligned with your department’s business goals.

    Build a Better Manager Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Build a Better Manager Capstone Deck – This deck will guide you through identifying the critical skills your managers need to succeed and planning out a training program tailored to your team and organization.

    This deck presents a behind-the-scenes explanation for the training materials, enabling a facilitator to deliver the training.

    • Build a Better Manager – Phases 1-3

    2. Facilitation Guides – These ready-to-deliver presentation decks span 8 modules. Each module covers a key management skill. The modules can be delivered independently or as a series.

    The modules are complete with presentation slides, speaker’s notes, and accompanying participant workbooks and provide everything you need to deliver the training to your team.

    • Accountability Facilitation Guide
    • Coaching and Feedback Facilitation Guide
    • Communicate Effectively Facilitation Guide
    • Manage Conflict Constructively Facilitation Guide
    • Your Role in Decision Making Facilitation Guide
    • Master Time Facilitation Guide
    • Performance Management Facilitation Guide
    • Your Role in the Organization Facilitation Guide

    3. Participant Workbooks and Supporting Materials – Each training module comes with a corresponding participant workbook to help trainees record insights and formulate individual skill development plans.

    Each workbook is tailored to the presentation slides in its corresponding facilitation guide. Some workbooks have additional materials, such as role play scenarios, to aid in practice. Every workbook comes with example entries to help participants make the most of their training.

    • Communicate Effectively Participant Workbook
    • Performance Management Participant Workbook
    • Coaching and Feedback Participant Workbook
    • Effective Feedback Training Role Play Scenarios
    • Your Role in the Organization Participant Workbook
    • Your Role in Decision Making Participant Workbook
    • Decision Making Case Study
    • Manage Conflict Constructively Participant Workbook
    • Conflict Resolution Role Play Scenarios
    • Master Time Participant Workbook
    • Accountability Participant Workbook
    [infographic]

    Workshop: Build a Better Manager

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Build a Better Manager

    The Purpose

    Attend training on the specific topics necessary for each individual management team.

    Each workshop consists of four days, one 3-hour training session per day. One module is delivered per day, selecting from the following pool of topics:

    Master Time

    Accountability

    Your Role in the Organization

    Your Role in Decision Making

    Manage Conflict Constructively

    Effective Communication

    Performance Management

    Coaching & Feedback

    Key Benefits Achieved

    Managers learn about best practices, practice their application, and formulate individual skill development plans.

    Activities

    1.1 Training on one topic per day, for four days (selected from a pool of eight possible topics)

    Outputs

    Completed workbook and action plan

    Further reading

    Build a Better Manager

    Support IT success with a solid management foundation.

    Analyst Perspective

    Training that delivers results.

    Jane Koupstova.

    Ninety-eight percent of managers say they need more training, but 93% of managers already receive some level of manager training. Unfortunately, the training typically provided, although copious, is not working. More of the same will never get you better outcomes.

    How many times have you sat through training that was so long, you had no hope of implementing half of it?

    How many times have you been taught best practices, with zero guidance on how to apply them?

    To truly support our managers, we need to rethink manager training. Move from fulfilling an HR mandate to providing truly trainee-centric instruction. Teach only the right skills – no fluff – and encourage and enable their application in the day to day.

    Jane Kouptsova
    Research Director, People & Leadership
    Info-Tech Research Group

    Executive Summary

    Your Challenge

    Common Obstacles

    Info-Tech’s Approach

    IT departments often promote staff based on technical skill, resulting in new managers feeling unprepared for their new responsibilities in leading people.

    The success of your organization hinges on managers’ ability to lead their staff; by failing to equip new managers adequately, you are risking the productivity of your entire department.

    Despite the fact that $14 billion is spent annually on leadership training in the US alone (Freedman, 2016), only one in ten CIOs believe their department is very effective at leadership, culture, and values (Info-Tech, 2019).

    Training programs do not deliver results due to trainee overwhelm, ineffective skill development, and a lack of business alignment.

    Use Info-Tech’s tactical, practical approach to management training to deliver training that:

    • Is specifically tailored to first-time IT managers.
    • Is designed around practical application of new skills.
    • Is aligned with your department’s business goals.
    • Equips your new managers with essential skills and foundational competencies

    Info-Tech Insight

    When it comes to manager training, more is not more. Attending training is not equal to being trained. Even good information is useless when it doesn’t get applied. If your role hasn’t required you to use your training within 48 hours, you were not trained on the most relevant skills.

    Effective managers drive effective departments by engaging their teams

    The image contains a screenshot to demonstrate effective managers.

    Engaged teams are:

    • 52% more willing to innovate*
    • 70% more likely to be at the organization a year from now**
    • 57% more likely to exceed their role’s expectations**

    Engaged teams are driven by managers:

    • 70% of team-level engagement is accounted for by managers***
    *McLean & Company; N=3,395; **McLean & Company; N=5,902; ***Gallup, 2018

    Despite the criticality of their role, IT organizations are failing at supporting new managers

    87% of middle managers wish they had more training when they were first promoted

    98% of managers say they need more training

    Source: Grovo, 2016

    IT must take notice:

    IT as an industry tends to promote staff on the basis of technical skill. As a result, new managers find themselves suddenly out of their comfort zone, tasked with leading teams using management skills they have not been trained in and, more often than not, having to learn on the job. This is further complicated because many new IT managers must go from a position of team member to leader, which can be a very complex transition.

    The truth is, many organizations do try and provide some degree of manager training, it just is not effective

    99% of companies offer management training*

    93% of managers attend it*

    $14 billion spent annually in the US on leadership training**

    Fewer than one in ten CIOs believe their IT department is highly effective at leadership, culture, and values.

    The image contains a screenshot of a pie chart that demonstrates the effectiveness of the IT department at leadership, culture, and values.

    *Grovo, 2016; **Chief Executive, 2016
    Info-Tech’s Management & Governance Diagnostic, N=337 CIOs

    There are three key reasons why manager training fails

    1. Information Overload

    Seventy-five percent of managers report that their training was too long to remember or to apply in their day to day (Grovo, 2016). Trying to cover too much useful information results in overwhelm and does not deliver on key training objectives.

    2. Limited Implementation

    Thirty-three percent of managers find that their training had insufficient follow-up to help them apply it on the job (Grovo, 2016). Learning is only the beginning. The real results are obtained when learning is followed by practice, which turns new knowledge into reliable habits.

    3. Lack of departmental alignment

    Implementing training without a clear link to departmental and organizational objectives leaves you unable to clearly communicate its value, undermines your ability to secure buy-in from attendees and executives, and leaves you unable to verify that the training is actually improving departmental effectiveness.

    Overcome those common training pitfalls with tactical solutions

    MOVE FROM

    TO

    1. Information Overload

    Timely, tailored topics

    The more training managers attend, the less likely they are to apply any particular element of it. Combat trainee overwhelm by offering highly tactical, practical training that presents only the essential skills needed at the managers’ current stage of development.

    2. Limited Implementation

    Skills-focused framework

    Many training programs end when the last manager walks out of the last training session. Ensure managers apply their new knowledge in the months and years after the training by relying on a research-based framework that supports long-term skill building.

    3. Lack of Departmental Alignment

    Outcome-based measurement

    Setting organizational goals and accompanying metrics ahead of time enables you to communicate the value of the training to attendees and stakeholders, track whether the training is delivering a return on your investment, and course correct if necessary.

    This research combats common training challenges by focusing on building habits, not just learning ideas

    Manager training is only useful if the skills it builds are implemented in the day-to-day.

    Research supports three drivers of successful skill building from training:

    Habits

    Organizational Support

    The training modules include committing to implementing new skills on the job and scheduling opportunities for feedback.

    Learning Structure

    Training activities are customizable, flexible, and accompanied by continuous learning self-evaluation.

    Personal Commitment

    Info-Tech’s methodology builds in activities that foster accountability and an attitude of continuous improvement.

    Learning

    Info-Tech Insight

    When it comes to manager training, stop thinking about learning, and start thinking about practice. In difficult situations, we fall back on habits, not theoretical knowledge. If a manager is only as good as their habits, we need to support them in translating knowledge into practice.

    This research focuses on building good management habits to drive enterprise success

    Set up your first-time managers for success by leveraging Info-Tech’s training to focus on three key areas of management:

    • Managing people as a team
    • Managing people as individuals
    • Managing yourself as a developing leader

    Each of these areas:

    • Is immediately important for a first-time manager
    • Includes practical, tactical skills that can be implemented quickly
    • Translates to departmental and organizational benefits

    Info-Tech Insight

    There is no such thing as “effective management training.” Various topics will be effective at different times for different roles. Delivering only the highest-impact learning at strategic points in your leadership development program will ensure the learning is retained and translates to results.

    This blueprint covers foundational training in three key domains of effective management

    Effective Managers

    • Self
      • Conflict & Difficult Conversations
      • Your Role in the Organization
      • Your Role in Decisions
    • Team
      • Communication
      • Feedback & Coaching
      • Performance Management
    • People
      • Master Time
      • Delegate
      • Accountability

    Each topic corresponds to a module, which can be used individually or as a series in any order.

    Choose topics that resonate with your managers and relate directly to their day-to-day tasks. Training on topics that may be useful in the future, while interesting, is less likely to generate lasting skill development.

    Info-Tech Best Practice

    This blueprint is not a replacement for formal leadership or management certification. It is designed as a practical, tactical, and foundational introduction to key management capabilities.

    Info-Tech’s training tools guide participants through successful skill building

    Practical facilitation guides equip you with the information, activities, and speaker’s notes necessary to deliver focused, tactical training to your management team.

    The participant’s workbook guides trainees through applying the three drivers of skill building to solidify their training into habits.

    Measure the effectiveness of your manager training with outcomes-focused metrics

    Linking manager training with measurable outcomes allows you to verify that the program is achieving the intended benefits, course correct as needed, and secure buy-in from stakeholders and participants by articulating and documenting value.

    Use the metrics suggested below to monitor your training program’s effectiveness at three key stages:

    Program Metric

    Calculation

    Program enrolment and attendance

    Attendance at each session / Total number enrolled in session

    First-time manager (FTM) turnover rate

    Turnover rate: Number of FTM departures / Total number of FTMs

    FTM turnover cost

    Number of departing FTMs this year * Cost of replacing an employee

    Manager Effectiveness Metric

    Calculation

    Engagement scores of FTM's direct reports

    Use Info-Tech's Employee Engagement surveys to monitor scores

    Departures as a result of poor management

    Number of times "manager relationships" is selected as a reason for leaving on an exit survey / Total number of departures

    Cost of departures due to poor management

    Number of times "manager relationships" is selected as a reason for leaving on an exit survey * Cost associated with replacing an employee

    Organizational Outcome Metric

    Calculation

    On-target delivery

    % projects completed on-target = (Projects successfully completed on time and on budget / Total number of projects started) * 100

    Business stakeholder satisfaction with IT

    Use Info-Tech’s business satisfaction surveys to monitor scores

    High-performer turnover rate

    Number of permanent, high-performing employee departures / Average number of permanent, high-performing employees

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    Guided Implementation

    Workshop

    Consulting

    “Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful.” “Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track.” “We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place.” “Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project.”

    Diagnostics and consistent frameworks used throughout all four options

    Guided Implementation

    What does a typical GI on this topic look like?

    Phase 1 Phase 2 Phase 3

    Call #1: Scope requirements, objectives, and your specific challenges.

    Call #2: Review selected modules and discuss training delivery.

    Call #3: Review training delivery, discuss lessons learned. Review long-term skill development plan.

    A Guided Implementation (GI) is a series

    of calls with an Info-Tech analyst to help implement our best practices in your organization.

    A typical GI is 1 to 3 calls over the course of several months, depending on training schedule.

    Workshop Overview

    Contact your account representative for more information.
    workshops@infotech.com 1-888-670-8889

    Day 1 Day 2 Day 3 Day 4

    3-Hour Training Session

    3-Hour Training Session

    3-Hour Training Session

    3-Hour Training Session

    Activities

    Training on topic 1 (selected from a pool of 8 possible topics)

    Training on topic 2 (selected from a pool of 8 possible topics)

    Training on topic 3 (selected from a pool of 8 possible topics)

    Training on topic 4 (selected from a pool of 8 possible topics)

    Deliverables

    Completed workbook and action plan

    Completed workbook and action plan

    Completed workbook and action plan

    Completed workbook and action plan

    Pool of topics:

    • Master Time
    • Accountability
    • Your Role in the Organization
    • Your Role in Decision Making
    • Manage Conflict Constructively
    • Effective Communication
    • Performance Management
    • Coaching & Feedback

    Phase 1

    Prepare to facilitate training

    Phase 1 Phase 2 Phase 3
    • Select training topics
    • Customize the training facilitation guide for your organization
    • Deliver training modules
    • Confirm skill development action plan with trainees
    • Secure organizational support from trainees' supervisors

    Outcomes of this phase:

    • Training facilitation deck customized to organizational norms
    • Training workbook distributed to participants
    • Training dates and facilitator finalized

    1.1 Select training modules

    1-3 hours

    1. Review the module descriptions on the following slides.
    2. Identify modules that will address managers’ most pressing development needs.
      To help make this decision, consult the following:
      • Trainees’ development plans
      • Trainees’ supervisors
    Input Output
    • Module descriptions
    • Trainees’ development goals and needs
    • Prioritized list of training modules
    Materials Participants
    • Prioritized list of training modules
    • Training sponsor
    • Trainees’ supervisors

    Effective Communication

    Effective communication is the cornerstone of good management

    Effective communication can make or break your IT team’s effectiveness and engagement and a manager’s reputation in the organization. Effective stakeholder management and communication has a myriad of benefits – yet this is a key area where IT leaders continue to struggle.


    There are multiple ways in which you communicate with your staff. The tactics you will learn in this section will help you to:

    1. Understand communication styles. Every staff member has a predisposition in terms of how they give, receive, and digest information. To drive effective communication new managers need to understand the profiles of each of their team members and adjust their communicate style to suit.
    2. Understand what your team members want communicated to them and how. Communication is highly personal, and a good manager needs to clearly understand what their team wants to be informed about, their desired interactions, and when they need to be involved in decision making. They also must determine the appropriate channels for communication exchanges.
    3. Make meetings matter. Many new managers never receive training on what differentiates a good and bad meeting. Effective meetings have a myriad of benefits, but more often than not meetings are ineffective, wasting both the participants’ and organizer’s time. This training will help you to ensure that every team meeting drives a solid outcome and gets results.

    Benefits:

    • Better buy-in, understanding, and communication.
    • Improved IT reputation with the organization.
    • Improved team engagement.
    • Improved stakeholder satisfaction.
    • Better-quality decision making.
    • Improved transparency, trust, and credibility.
    • Less waste and rework.
    • Greater ability to secure support and execute the agenda.
    • More effective cooperation on activities, better quality information, and greater value from stakeholder input.
    • Better understanding of IT performance and contribution.

    Effective Communication

    Effective manager communication has a direct impact on employee engagement

    35% Of organizations say they have lost an employee due to poor internal communication (project.co, 2021).

    59% Of business leaders lose work time to mistakes caused by poor communication (Grammarly, 2022).

    $1.2 trillion Lost to US organizations as a result of poor communication (Grammarly, 2022).

    Effective Communication

    Effective communication is crucial to all parts of the business

    Operations

    Human Resources

    Finance

    Marketing

    Increases production by boosting revenue.

    Reduces the cost of litigation and increases revenue through productivity improvements.

    Reduces the cost of failing to comply with regulations.

    Increases attraction and retention of key talent.

    Effective Communication

    The Communicate Effectively Facilitation Guide covers the following topics:

    • Understand Communication Styles
    • Tailor Communication Methods to Activities
    • Make Meetings Matter

    Learning outcomes:

    Main goal: Become a better communicator across a variety of personal styles and work contexts.

    Key objectives:

    • Reaffirm why effective communication matters.
    • Work with people with different communication styles.
    • Communicate clearly and effectively within a team.
    • Make meetings more effective.

    Info-Tech Insight

    First-time IT managers face specific communication challenges that come with managing people for the first time: learning to communicate a greater variety of information to different kinds of people, in a variety of venues. Tailored training in these areas helps managers focus and fast-track critical skill development.

    Performance Management

    Meaningful performance measures drive employee engagement, which in turn drives business success

    Meaningful performance measures help employees understand the rationale behind business decisions, help managers guide their staff, and clarify expectations for employees. These factors are all strong predictors of team engagement:

    The image contains a screenshot to demonstrate the relationship and success between performance measures and employee engagement.

    Performance Management

    Clear performance measures benefit employees and the organization

    Talent Management Outcomes

    Organizational Outcomes

    Performance measure are key throughout the talent management process.

    Candidates:

    • Want to know how they will be assessed
    • Rely on measures to become productive as soon as possible

    Employees:

    • Benefit from training centered on measures that are aligned with business outcomes
    • Are rewarded, recognized, and compensated based on measurable guidelines

    Promotions and Evaluations:

    • Are more effective when informed by meaningful performance measures that align with what leadership believes is important

    Performance measures benefit the organization by:

    • Helping employees know the steps to take to improve their performance
    • Ensuring alignment between team objectives and organizational goals
    • Providing a standardized way to support decision making related to compensation, promotions, and succession planning
    • Reducing “gaming” of metrics, when properly structured, thereby reducing risk to the organization
    • Affording legal defensibility by providing an objective basis for decision making

    Performance Management

    The Performance Management Facilitation Guide covers the following topics:

    • Develop Meaningful Goals
    • Set Meaningful Metrics

    Learning outcomes:

    Main goal: Become proficient in setting, tracking, and communicating around performance management goals.

    Key objectives:

    • Understand the role of managers and employees in the performance management process.
    • Learn to set SMART, business-aligned goals for your team.
    • Learn to help employees set useful individual goals.
    • Learn to set meaningful, holistic metrics to track goal progression.
    • Understand the relationship between goals, metrics, and feedback.

    Info-Tech Insight

    Goal and metric development holds special significance for first-time IT managers because it now impacts not only their personal performance, but that of their employees and their team collectively. Training on these topics with a practical team- and employee-development approach is a focused way to build these skills.

    Coaching & Feedback

    Coaching and feedback are effective methods to influence employees and drive business outcomes

    COACHING is a conversation in which a manager asks an employee questions to guide them to solve problems themselves, instead of just telling them the answer.

    Coaching increases employee happiness, and decreases turnover.1

    Coaching promotes innovation.2

    Coaching increases employee engagement, effort and performance.3

    FEEDBACK is information about the past, given in the present, with the goal of influencing behavior or performance for the future. It includes information given for reinforcement and redirection.

    Honest feedback enhances team psychological safety.4

    Feedback increases employee engagement.5

    Feedback boosts feelings of autonomy and drives innovation.6

    1. Administrative Sciences, 2022
    2. International Review of Management and Marketing, 2020
    3. Current Psychology, 2021
    4. Quantum Workplace, 2021
    5. Issues and Perspectives in Business and Social Sciences, 2022
    6. Sustainability, 2021

    Coaching & Feedback

    The Coaching & Feedback Facilitation Guide covers the following topics:

    • The 4 A’s of Coaching
    • Effective Feedback

    Learning outcomes:

    Main goal: Get prepared to coach and offer feedback to your staff as appropriate.

    Key objectives:

    • Understand the difference between coaching and feedback and when to apply each one.
    • Learn the importance of a coaching mindset.
    • Learn effective coaching via the 4 A’s framework.
    • Understand the actions that make up feedback and the factors that make it successful.
    • Learn to deal with resistance to feedback.

    Info-Tech Insight

    First-time managers often shy away from giving coaching and feedback, stalling their team’s performance. A focused and practical approach to building these skills equips new managers with the tools and confidence to tackle these challenges as soon as they arise.

    Your Role in the Organization

    IT managers who understand the business context provide more value to the organization

    Managers who don’t understand the business cannot effect positive change. The greater understanding that IT managers have of business context, the more value they provide to the organization as seen by the positive relationship between IT’s understanding of business needs and the business’ perception of IT value.

    The image contains a screenshot of a scatter plot grid demonstrating business satisfaction with IT Understanding of Needs across Overall IT Value.

    Source: Info-Tech Research Group

    Your Role in the Organization

    Knowing your stakeholders is key to understanding your role in the business and providing value to the organization

    To understand your role in the business, you need to know who your stakeholders are and what value you and your team provide to the organization. Knowing how you help each stakeholder meet their wants needs and goals means that you have the know-how to balance experience and outcome-based behaviors. This is the key to being an attentive leader.


    The tactics you will learn in this section will help you to:

    1. Know your stakeholders. There are five key stakeholders the majority of IT managers have: management, peers, direct reports, internal users, and external users or customers. Managers need to understand the goals, needs, and wants of each of these groups to successfully provide value to the organization.
    2. Understand the value you provide to each stakeholder. Stakeholder relationship management requires IT managers to exhibit drive and support behaviors based on the situation. By knowing how you drive and support each stakeholder, you understand how you provide value to the organization and support its mission, vision, and values.
    3. Communicate the value your team provides to the organization to your team. Employees need to understand the impact of their work. As an IT manager, you are responsible for communicating how your team provides value to the organization. Mission statements on how you provide value to each stakeholder is an easy way to clearly communicate purpose to your team.

    Benefits:

    • Faster and higher growth.
    • Improved team engagement.
    • Improved stakeholder satisfaction.
    • Better quality decision making.
    • More innovation and motivation to complete goals and tasks.
    • Greater ability to secure support and execute on goals and tasks.
    • More effective cooperation on activities, better quality information, and greater value from stakeholder input.
    • Better understanding of IT performance and contribution.

    Your Role in the Organization

    The Your Role in the Organization Facilitation Guide covers the following topics:

    • Know Your Stakeholders
    • Understand the Value You Provide to the Organization
    • Develop Learnings Into Habits

    Learning outcomes:

    Main goal: Understand how your role and the role of your team serves the business.

    Key objectives:

    • Learn who your stakeholders are.
    • Understand how you drive and support different stakeholder relationships.
    • Relate your team’s tasks back to the mission, vision, and values of the organization.
    • Create a mission statement for each stakeholder to bring back to your team.

    Info-Tech Insight

    Before training first-time IT managers, take some time as the facilitator to review how you will serve the wants and needs of those you are training and your stakeholders in the organization.

    Decision Making

    Bad decisions have tangible costs, so managers must be trained in how to make effective decisions

    To understand your role in the decision-making process, you need to know what is expected of you and you must understand what goes into making a good decision. The majority of managers report they have no trouble making decisions and that they are good decision makers, but the statistics say otherwise. This ease at decision making is due to being overly confident in their expertise and an inability to recognize their own ignorance.1


    The tactics you will learn in this section will help you to:

    1. Effectively communicate decisions. Often, first-time managers are either sharing their decision recommendations with their manager or they are communicating a decision down to their team. Managers need to understand how to have these conversations so their recommendations provide value to management and top-down decisions are successfully implemented.
    2. Provide valuable feedback on decisions. Evaluating decisions is just as critical as making decisions. If decisions aren’t reviewed, there is no data or feedback to discover why a decision was a success or failure. Having a plan in place before the decision is made facilitates the decision review process and makes it easier to provide valuable feedback.
    3. Avoid common decision-making mistakes. Heuristics and bias are common decision pitfalls even senior leaders are susceptible to. By learning what the common decision-making mistakes are and being able to recognize them when they appear in their decision-making process, first-time managers can improve their decision-making ability.

    20% Of respondents say their organizations excel at decision making (McKinsey, 2018).

    87% “Diverse teams are 87% better at making decisions” (Upskillist, 2022).

    86% of employees in leadership positions blame the lack of collaboration as the top reason for workplace failures (Upskillist, 2022).

    Decision Making

    A decision-making process is imperative, even though most managers don’t have a formal one

    1. Identify the Problem and Define Objectives
    2. Establish Decision Criteria
    3. Generate and Evaluate Alternatives
    4. Select an Alternative and Implement
    5. Evaluate the Decision

    Managers tend to rely on their own intuition which is often colored by heuristics and biases. By using a formal decision-making process, these pitfalls of intuition can be mitigated or avoided. This leads to better decisions.

    First-time managers are able to apply this framework when making decision recommendations to management to increase their likelihood of success, and having a process will improve their decisions throughout their career and the financial returns correlated with them.

    Decision Making

    Recognizing personal heuristics and bias in the decision-making process improves more than just decision results

    Employees are able to recognize bias in the workplace, even when management can’t. This affects everything from how involved they are in the decision-making process to their level of effort and productivity in implementing decisions. Without employee support, even good decisions are less likely to have positive results. Employees who perceive bias:

    Innovation

    • Hold back ideas and solutions
    • Intentionally fail to follow through on important projects and tasks

    Brand Reputation

    • Speak negatively about the company on social media
    • Do not refer open positions to qualified persons in their network

    Engagement

    • Feel alienated
    • Actively seek new employment
    • Say they are not proud to work for the company

    Decision Making

    The Decision Making Facilitation Guide covers the following topics:

    • Effectively Communicate Decisions
    • Provide Valuable Feedback on Decisions
    • Avoid Common Decision-Making Mistakes

    Learning outcomes:

    Main goal: Understand how to successfully perform your role in the decision process.

    Key objectives:

    • Understand the decision-making process and how to assess decisions.
    • Learn how to communicate with your manager regarding your decision recommendations.
    • Learn how to effectively communicate decisions to your team.
    • Understand how to avoid common decision-making errors.

    Info-Tech Insight

    Before training a decision-making framework, ensure it is in alignment with how decisions are made in your organization. Alternatively, make sure leadership is on board with making a change.

    Manage Conflict Constructively

    Enable leaders to resolve conflicts while minimizing costs

    If you are successful in your talent acquisition, you likely have a variety of personalities and diverse individuals within your IT organization and in the business, which means that conflict is inevitable. However, conflict does not have to be negative – it can take on many forms. The presence of conflict in an organization can actually be a very positive thing: the ability to freely express opinions and openly debate can lead to better, more strategic decisions being made.

    The effect that the conflict is having on individuals and the work environment will determine whether the conflict is positive or counterproductive.

    As a new manager you need to know how to manage potential negative outcomes of conflict by managing difficult conversations and understanding how to respond to conflict in the workplace.


    The tactics you will learn in this section will help you to:

    1. Apply strategies to prepare for and navigate through difficult conversations.
    2. Expand your comfort level when handling conflict, and engage in constructive conflict resolution approaches.

    Benefits:

    • Relieve stress for yourself and your co-workers.
    • Save yourself time and energy.
    • Positively impact relationships with your employees.
    • Improve your team dynamic.
    • Remove roadblocks to your work and get things done.
    • Save the organization money.
    • Improve performance.
    • Prevent negative issues from reoccurring.

    Manage Conflict Constructively

    Addressing difficult conversations is beneficial to you, your people, and the organization

    When you face a difficult conversation you…

    • Relieve stress on you and your co-workers.
    • Save yourself time and energy.
    • Positively impact relationships with your employees.
    • Improve your team dynamic.
    • Remove roadblocks to your work
    • Save the organization money.
    • Improve performance.
    • Prevent negative issues from reoccurring.

    40% Of employees who experience conflict report being less motivated as a result (Acas, 2021).

    30.6% Of employees report coming off as aggressive when trying to resolve a conflict
    (Niagara Institute, 2022).

    Manage Conflict Constructively

    The Manage Conflict Constructively Facilitation Guide covers the following topics:

    • Know Your Ideal Time Mix
    • Calendar Diligence
    • Effective Delegation
    • Limit Interruptions

    Learning outcomes:

    Main goal: Effectively manage your time and know which tasks are your priority and which tasks to delegate.

    Key objectives:

    • Understand common reasons for difficult conversations.
    • Learn Info-Tech’s six-step process to best to prepare for difficult conversations.
    • Follow best practices to approach difficult conversations.
    • Learn the five approaches to conflict management.
    • Practice conflict management skills.

    Info-Tech Insight

    Conflict does not have to be negative. The presence of conflict in an organization can actually be a very positive thing: the ability to freely express opinions and openly debate can lead to better, more strategic decisions being made.

    Master Time

    Effective leaders spend their time in specific ways

    How effective leaders average their time spent across the six key roles:

    Leaders with effective time management skills spend their time across six key manager roles: strategy, projects, management, operations, innovation, and personal. While there is no magic formula, providing more value to the business starts with little practices like:

    • Spending time with the right stakeholders and focusing on the right priorities.
    • Evaluating which meetings are important and productive.
    • Benchmarking yourself against your peers in the industry so you constantly learn from them and improve yourself.


    The keys to providing this value is time management and delegation. The tactics in this section will help first-time managers to:

    1. Discover your ideal time. By analyzing how you currently spend your time, you can see which roles you are under/over using and, using your job description and performance metrics, discover your ideal time mix.
    2. Practice calendar diligence. Time blocking is an effective way to use your time, see your week, and quickly understand what roles you are spending your time in. Scheduling priority tasks first gives insight into which tasks should be delegated.
    3. Effectively delegation. Clear expectations and knowing the strengths of your team are the cornerstone to effective delegation. By understanding the information you need to communicate and identifying the best person on your team to delegate to, tasks and goals will be successfully completed.
    4. Limit interruptions. By learning how to limit interruptions from your team and your manager, you are better able to control your time and make sure your tasks and goals get completed.

    Strategy

    23%

    Projects

    23%

    Management

    19%

    Operations

    19%

    Innovation

    13%

    Personal

    4%

    Source: Info-Tech, N=85

    Master Time

    Signs you struggle with time management

    Too many interruptions in a day to stay focused.

    Too busy to focus on strategic initiatives.

    Spending time on the wrong things.

    The image contains a screenshot of a bar graph that demonstrates struggle with time management.

    Master Time

    The Master Time Facilitation Guide covers the following topics:

    • Understand Communication Styles
    • Tailor Communication Methods to Activities
    • Make Meetings Matter

    Learning outcomes:

    Main goal: Become a better communicator across a variety of personal styles and work contexts.

    Key objectives:

    • Understand how you spend your time.
    • Learn how to use your calendar effectively.
    • Understand the actions to take to successfully delegate.
    • Learn how to successfully limit interruptions.

    Info-Tech Insight

    There is a right and wrong way to manage your calendar as a first-time manager and it has nothing to do with your personal preference.

    Accountability

    Accountability creates organizational and team benefits

    Improves culture and innovation

    Improves individual performance

    Increases employee engagement

    Increases profitability

    Increases trust and productivity

    Enables employees to see how they contribute

    Increases ownership employees feel over their work and outcomes

    Enables employees to focus on activities that drive the business forward

    Source: Forbes, 2019

    Accountability

    Accountability increases employee empowerment

    Employee empowerment is the number one driver of employee engagement. The extent to which you can hold employees accountable for their own actions and decisions is closely related to how empowered they are and how empowered they feel; accountability and empowerment go hand in hand. To feel empowered, employees must understand what is expected of them, have input into decisions that affect their work, and have the tools they need to demonstrate their talents.

    The image contains a screenshot to demonstrate how accountability increases employee empowerment.

    Source: McLean & Company Engagement Database, 2018; N=71,794

    Accountability

    The Accountability Facilitation Guide covers the following topics:

    • Create Clarity and Transparency
    • Articulate Expectations and Evaluation
    • Help Your Team Remove Roadblocks
    • Clearly Introduce Accountability to Your Team

    Learning outcomes:

    Main goal: Create a personal accountability plan and learn how to hold yourself and your team accountable.

    Key objectives:

    • Understand why accountability matters.
    • Learn how to create clarity and transparency.
    • Understand how to successfully hold people accountable through clearly articulating expectations and evaluation.
    • Know how to remove roadblocks to accountability for your team.

    Info-Tech Insight

    Accountability is about focusing on the results of a task, rather than just completing the task. Create team accountability by keeping the team focused on the result and not “doing their jobs.” First-time managers need to clearly communicate expectations and evaluation to successfully develop team accountability.

    Use the Build a Better Manager Participant Workbooks to help participants set accountabilities and track their progress

    A key feature of this blueprint is built-in guidance on transferring your managers’ new knowledge into practical skills and habits they can fall back on when their job requires it.

    The Participant Workbooks, one for each module, are structured around the three key principles of learning transfer to help participants optimally structure their own learning:

    • Track your learning. This section guides participants through conducting self-assessments, setting learning goals, recording key insights, and brainstorming relapse-prevention strategies
    • Establish your personal commitment. This section helps participants record the actions they personally commit to taking to continually practice their new skills
    • Secure organizational support. This section guides participants in recording the steps they will take to seek out support from their supervisor and peers.

    The image contains a screenshot of the Build a Better Manager Participant Workbooks.

    Info-Tech Insight

    Participants should use this workbook throughout their training and continue to review it for at least three months after. Practical skills take an extended amount of time to solidify, and using the workbook for several months will ensure that participants stay on track with regular practice and check-ins.

    Set your trainees up for success by reviewing these training best practices

    Cultural alignment

    It is critical that the department leadership team understand and agree with the best practices being presented. Senior team leads should be comfortable coaching first-time managers in implementing the skills developed through the training. If there is any question about alignment with departmental culture or if senior team leads would benefit from a refresher course, conduct a training session for them as well.

    Structured training

    Ensure the facilitator takes a structured approach to the training. It is important to complete all the activities and record the outputs in the workbook where appropriate. The activities are structured to ensure participants successfully use the knowledge gained during the workshop to build practical skills.

    Attendees

    Who should attend the training? Although this training is designed for first-time IT managers, you may find it helpful to run the training for the entire management team as a refresher and to get everyone on the same page about best practices. It is also helpful for senior leadership to be aware of the training because the attendees may come to their supervisors with requests to discuss the material or coaching around it.

    Info-Tech Insight

    Participants should use this workbook throughout their training and continue to review it for at least three months after. Practical skills take an extended amount of time to solidify, and using the workbook for several months will ensure that participants stay on track with regular practice and check-ins.

    1.2 Customize the facilitation guides

    1-3 hours

    Prior to facilitating your first session, ensure you complete the following steps:

    1. Read through all the module content, including the speaker’s notes, to familiarize yourself with the material and ensure the tactics presented align with your department’s culture and established best practices.
    2. Customize the slides with a pencil icon with information relevant to your organization.
    3. Ensure you are comfortable with all material to be presented and are prepared to answer questions. If you require clarification on any of the material, book a call with your Info-Tech analyst for guidance.
    4. Ensure you do not delete or heavily customize the self-assessment activities and the activities in the Review and Action Plan section of the module. These activities are structured around a skill building framework and designed to aid your trainees in applying their new knowledge in their day to day. If you have any concerns about activities in these sections, book a call with your Info-Tech analyst for guidance.
    Input Output
    • List of selected modules
    • Customized facilitation guides
    Materials Participants
    • Facilitation guides from selected modules
    • Training facilitator

    1.3 Prepare to deliver training

    1-3 hours

    Complete these steps in preparation for delivering the training to your first-time managers:

    1. Select a facilitator.
      • The right person to facilitate the meeting depends on the dynamics within your department. Having a senior IT leader can lend additional weight to the training best practices but may not be feasible in a large department. In these cases, an HR partner or external third party can be asked to facilitate.
    2. Distribute the workbooks to attendees before the first training session.
      • Change the header on the workbook templates to your own organization’s, if desired.
      • Email the workbooks to attendees prior to the first session. There is no pre-work to be completed.
    Input Output
    • List of selected modules
    • Facilitator selected
    • Workbook distributed
    Materials Participants
    • Workbooks from selected modules
    • Training sponsor
    • Training facilitator

    Phase 2

    Deliver training

    Phase 1 Phase 2 Phase 3
    • Select training topics
    • Customize the training facilitation guide for your organization
    • Deliver training modules
    • Confirm skill development action plan with trainees
    • Secure organizational support from trainees' supervisors

    Outcomes of this phase:

    • Training delivered
    • Development goals set by attendees
    • Action plan created by attendees

    2.1 Deliver training

    3 hours

    When you are ready, deliver the training. Ensure you complete all activities and that participants record the outcomes in their workbooks.

    Tips for activity facilitation:

    • Encourage and support participation from everyone. And be sure no one on the team dismisses anyone’s thoughts or opinions – they present the opportunity for further discussion and deeper insight.
    • Debrief after each activity, outlining any lessons learned, action items, and next steps.
    • Encourage participants to record all outcomes, key insights, and action plans in their workbooks.
    Input Output
    • Facilitation guides and workbooks for selected modules
    • Training delivered
    • Workbooks completed
    Materials Participants
    • Facilitation guides and workbooks for selected modules
    • Training facilitator
    • Trainees

    Phase 3

    Enable long-term skill development

    Phase 1Phase 2Phase 3
    • Select training topics
    • Customize the training facilitation guide for your organization
    • Deliver training modules
    • Confirm skill development action plan with trainees
    • Secure organizational support from trainees' supervisors

    Outcomes of this phase:

    • Attendees reminded of action plan and personal commitment
    • Supervisors reminded of the need to support trainees' development

    3.1 Email trainees with action steps

    0.5 hours

    After the training, send an email to attendees thanking them for participating and summarizing key next steps for the group. Use the template below, or write your own:

    “Hi team,

    I want to thank you personally for attending the Communicate Effectively training module. Our group led some great discussion.

    A reminder that the next time you will reconvene as a group will be on [Date] to discuss your progress and challenges to date.

    Additionally, your manager is aware and supportive of the training program, so be sure to follow through on the commitments you’ve made to secure the support you need from them to build your new skills.

    I am always open for questions if you run into any challenges.

    Regards,

    [Your name]”

    InputOutput
    • The date of participants’ next discussion meeting
    • Attendees reminded of next meeting date and encouraged to follow through on action plan
    MaterialsParticipants
    • Training facilitator

    3.2 Secure support from trainees’ supervisors

    0.5 hours

    An important part of the training is securing organizational support, which includes support from your trainees’ supervisors. After the trainees have committed to some action items to seek support from their supervisors, it is important to express your support for this and remind the supervisors of their role in guiding your first-time managers. Use the template below, or write your own, to remind your trainees’ supervisors of this at the end of training (if you are going through all three modules in a short period of time, you may want to wait until the end of the entire training to send this email):

    “Hi team,

    We have just completed Info-Tech’s first-time manager training with our new manager team. The trainees will be seeking your support in developing their new skills. This could be in the form of coaching, feedback on their progress, reviewing their development plan, etc.

    Supervisor support is a crucial component of skill building, so I hope I can count on all of you to support our new managers in their learning. If you are not sure how to handle these requests, or would like a refresher of the material our trainees covered, please let me know.

    I am always open for questions if you run into any challenges.

    Regards,

    [Your name]”

    InputOutput
    • List of trainees’ direct supervisors
    • Supervisors reminded to support trainees’ skill practice
    MaterialsParticipants
    • Training facilitator

    Contributors

    Brad Armstrong

    Brad Armstrong, Senior Engineering Manager, Code42 Software

    I am a pragmatic engineering leader with a deep technical background, now focused on building great teams. I'm energized by difficult, high-impact problems at scale and with the cloud technologies and emerging architectures that we can use to solve them. But it's the power of people and organizations that ultimately lead to our success, and the complex challenge of bringing all that together is the work I find most rewarding.

    We thank the expert contributors who chose to keep their contributions anonymous.

    Bibliography

    360Solutions, LLC. “The High Cost of Poor Communication: How to Improve Productivity and Empower Employees Through Effective Communication.” 360Solutions, 2009. Web.

    Ali, M., B. Raza, W. Ali, and N. Imtaiz. Linking Managerial Coaching with Employees’ Innovative Work Behaviors through Affective Supervisory Commitment: Evidence from Pakistan. International Review of Management and Marketing, vol. 10, no. 4, 2020, pp. 11-16.

    Allen, Frederick E. “The Terrible Management Technique That Cost Microsoft Its Creativity.” Forbes.com, 3 July 2012. Web.

    Allen, Renee. “Generational Differences Chart.” West Midland Family Center, n.d. Web.

    American Management Association. “Leading the Four Generations at Work.” American Management Association, Sept. 2014. Web.

    Aminov, Iskandar, Aaron De Smet, Gregor Jost, and David Mendelsohn. “Decision making in the age of urgency.” McKinsey & Company, 30 April 2019. Web.

    AON Hewitt. “Aon Hewitt Study Reveals Strong Link Between Employee Engagement and Employee Perceptions of Total Rewards. Honest Leader Communication Also Influences Engagement.” PR Newswire, 8 April 2015. Web.

    Armstrong, Brad. “How to Fail as a New Engineering Manager.” Noteworthy - The Journal Blog, 19 Feb. 2018. Web.

    Asmus, Mary Jo. “Coaching vs. Feedback.” Aspire-CS, 9 Dec. 2009. Web.

    Baldwin, Timothy T., et al. “The State of Transfer of Training Research: Moving Toward More Consumer-Centric Inquiry.” Human Resource Development Quarterly, vol. 28, no. 1, March 2017, pp. 17-28. Crossref, doi:10.1002/hrdq.21278.

    Batista, Ed. “Building a Feedback-Rich Culture from the Middle.” Ed Batista, April 2015. Web.

    Bilalic, Merim, Peter McLeod, and Fernand Gobet. Specialization Effect and Its Influence on Memory and Problem Solving in Expert Chess Players. Wiley Online Journal, 23 July 2009, doi: https://doi.org/10.1111/j.1551-6709.2009.01030.x

    Blume, Brian D., et al. “Transfer of Training: A Meta-Analytic Review.” Journal of Management, vol. 36, no. 4, July 2010, pp. 1065-105. Crossref, doi:10.1177/0149206309352880.

    BOH Training Guide. Wild Wing, Jan. 2017. Web.

    Bosler, Shana. “9 Strategies to Create Psychological Safety at Work.” Quantum Workplace, 3 June 2021. Web.

    Building Communication Skills. ACQUIRE Project/EngenderHealth, n.d. Web.

    Bucaro, Frank C. “The real issue in conflict is never about things…” Frank Bucaro blog, 7 March 2014. Web.

    Burke, Lisa A., and Holly M. Hutchins. “Training Transfer: An Integrative Literature Review.” Human Resource Development Review, vol. 6, no. 3, Sept. 2007, pp. 263-96. Crossref, doi:10.1177/1534484307303035.

    Caprino, Kathy. “Separating Performance Management from Compensation: New Trend for Thriving Organizations.” Forbes, 13 Dec. 2016. Web.

    Caprino, Kathy. “Why the Annual Review Process Damages Employee Engagement.” Forbes, 1 March 2016. Web.

    Carpineanu, Silvana. “7 Mistakes You Might Be Making When Writing A Meeting Agenda.” Time Doctor, 12 January 2021. Web.

    Cecchi-Dimeglio, Paola. “How Gender Bias Corrupts Performance Reviews, and What to Do About It.” Harvard Business Review, 12 April 2017. Web.

    Chartered Institute of Personnel and Development (CIPD). “PESTLE Analysis.” Chartered Institute of Personnel and Development, 2010. Web.

    Chiaburu, Dan S., et al. “Social Support in the Workplace and Training Transfer: A Longitudinal Analysis: Social Support and Training Transfer.” International Journal of Selection and Assessment, vol. 18, no. 2, June 2010, pp. 187-200. Crossref, doi:10.1111/j.1468-2389.2010.00500.x.

    Christensen, Ulrik Juul. “How to Teach Employees Skills They Don’t Know They Lack.” Harvard Business Review, 29 Sept. 2017. Web.

    CIPD. “Rapid evidence assessment of the research literature on the effect of goal setting on workplace performance.” Charted Institute of Personnel and Development, Dec. 2016. Web.

    CIPD. Annual Survey Report: Learning & Development 2015. Charted Institute of Personnel and Development, 2015. Web.

    Communication and Organizational Skills: NPHW Training Manual. Population Health Research Institute (PHRI), 17 Sept. 2015. Web.

    Cookson, Phil. “It’s time to see performance management as a benefit, not a burden.” CIPD. 17 March 2017. Web.

    Communication Statistics 2021. Project.co, 2021. Web.

    Connors, Roger. “Why Accountability?” The Oz Principle, Partners In Leadership, 2014.

    Coutifaris, Constantinos G. V., and Adam M. Grant “Taking Your Team Behind the Curtain: The Effects of Leader Feedback-Sharing and Feedback-Seeking on Team Psychological Safety.” Organization Science, vol. 33,
    no. 4, 2021, pp. 1574-1598. https://doi.org/10.1287/orsc.2021.1498

    Coy, Charles. “Peer Feedback: 6 Tips for Successful Crowdsourcing.” Rework, 25 June 2014. Web.

    “CQ Learn What Really Matters.” CQ Evidence-Based Management Learning Platform, n.d. Web.

    Darwant, Sarah. Coaching Training Course Book. Elite Training, 2012. Web.

    De Smet, Aaron, et al. How Companies Manage the Front Line Today: McKinsey Survey Results. McKinsey, Feb. 2010. Web.

    DeNault, Charles. “Employee Coaching Survey Results: Important and Engaging.” Saba, 22 April 2015. Web.

    Dermol, Valerij, and Tomaž Čater. “The Influence of Training and Training Transfer Factors on Organisational Learning and Performance.” Personnel Review, vol. 42, no. 3, April 2013, pp. 324–48. Crossref, doi:10.1108/00483481311320435.

    dgdotto. “Fail to Plan, Plan to Fail.” visual.ly, 30 April 2013. Web.

    Duggan, Kris. “Why the Annual Performance Review is Going Extinct.” Fast Company, 20 Oct. 2015. Web.

    Duhigg, Charles. “What Google Learned From Its Quest to Build the Perfect Team.” The New York Times, 25 Feb. 2016. Web.

    Earley, P. Christopher, and Randall S. Peterson. “The Elusive Cultural Chameleon: Cultural Intelligence as a New Approach to Intercultural Training for the Global Manager.” Academy of Management Learning & Education, vol. 3, no. 1, March 2004, pp. 100-15. Crossref, doi:10.5465/amle.2004.12436826.

    Edmondson, Amy. “Psychological Safety and Learning Behavior in Work Teams.” Administrative Science Quarterly, vol. 44, no. 2, June 1999, pp. 350-383. Web.

    “Effective Employee Communications Fosters Corporate Reputation.” The Harris Poll, 10 June 2015. Web.

    Eichenwald, Kurt. “How Microsoft Lost its Mojo: Steve Ballmer and Corporate American’s Most Spectacular Decline.” Vanity Fair, 24 July 2012. Web.

    Essential Supervisory Skills. University of Washington, 2016. Web.

    “Estimating the Costs of Workplace Conflict.” Acas, 11 May 2021. Web.

    Falcone, Paul. “Viewpoint: How to Redesign Your Performance Appraisal Template.” Society for Human Resource Management, 7 June 2017. Web.

    Fermin, Jeff. “Statistics On The Importance Of Employee Feedback.” Officevibe, 7 Oct. 2014. Web.

    Filipkowski, Jenna, et al. Building a Coaching Culture with Millennial Leaders. Human Capital Institute, 18 Sept. 2017. Web.

    First Time Manager Training to Help New Managers Develop Essential Skills. The Ken Blanchard Companies, n.d. Web.

    Fisher, Dan. Feedback vs. Coaching, What’s the Difference? Menemsha Group, 28 June 2018. Web.

    Freedman, Erica. “How to Build an Internal Leadership Development Program.” Chief Executive, 2016. Web.

    "Futureproof Your Organization with These 8 Manager Effectiveness Metrics.” Visier Inc., 8 Aug. 2017. Web.

    Gallo, Amy. “How to Manage Your Former Peers.” Harvard Business Review, Dec. 2012. Web.

    Gandhi, Vipula. “Want to Improve Productivity? Hire Better Managers.” Gallup, 3 Aug. 2018. Web.

    Gallup. State of the Global Workplace. 1st edition, Gallup Press, 2017. Web.

    Global Workplace Analytics. “Latest Telecommuting Statistics.” Global Workplace Analytics. Sept. 2013. Web.

    Goldsmith, Marshall. “Try Feedforward Instead of Feedback.” Leader to Leader Institute, 5 April 2011. Web.

    Goldsmith, Marshall. "11 Guidelines for Influencing Top Decision Makers." Marshall Goldsmith, n.d. Web.

    Goldsmith, Marshall. "I Know Less Than You Do – and It’s Okay!" Marshall Goldsmith, n.d. Web.

    Goldsmith, Marshall. "Is It Worth It to Add Value? Not Always." Marshall Goldsmith, n.d. Web.

    Goler, L., J. Gale, and A. Grant. “Let’s Not Kill Performance Evaluations Yet.” Harvard Business Review, Nov. 2016. Web.

    Good Manager, Bad Manager. Grovo, 2016. Web.

    Google People Operations. “Guide: Understand Team Effectiveness.” Google, n.d. Web.

    Google’s New Manager Student Workbook. re:Work with Google, n.d. Web.

    Google’s New Manager Training Facilitator Guide. re:Work with Google, n.d. Web.

    Gossen, Paul. A Coaching Culture Transformation ~ Case Study. Athena Training and Consulting, 1 April 2011. Web.

    Goudreau, Jenna. “How to Communicate in the New Multi-Generational Office.” Forbes Magazine, Feb. 2013. Web.

    Govaerts, Natalie, and Filip Dochy. “Disentangling the Role of the Supervisor in Transfer of Training.” Educational Research Review, vol. 12, June 2014, pp. 77-93. Crossref, doi:10.1016/j.edurev.2014.05.002.

    Grenchus, Gabrielle. “Keep employees engaged with clear priorities and crowdsourced recognition.” IBM thinkLeaders. 8 June 2015. Web.

    Grossman, Rebecca, and Eduardo Salas. “The Transfer of Training: What Really Matters: The Transfer of Training.” International Journal of Training and Development, vol. 15, no. 2, June 2011, pp. 103-20. Crossref, doi:10.1111/j.1468-2419.2011.00373.x.

    Grote, Dick. “3 Popular Goal-Setting Techniques Managers Should Avoid.” Harvard Business Review. 2 Jan. 2017. Web.

    Hall, John. “Why Accountability Is Vital To Your Company.” Forbes, 6 Oct. 2019. Web.

    Hancock, Bryan, et al. “The Fairness Factor in Performance Management.” McKinsey, 5 April 2018. Web.

    Harkins, Phil. “10 Leadership Techniques for Building High-Performing Teams.” Linkage Inc., 2014. Web.

    HCI. Building a Coaching Culture with Managers and Leaders. Human Capital Institute, 2016. Web.

    Heathfield, Susan M. “Tips to Create Successful Performance Appraisal Goals.” The Balance, Aug. 2016. Web.

    Hills, Jan. Brain-Savvy Business: 8 Principles From Neuroscience and How to Apply Them. Head Heart + Brain, 2016. Print.

    Hoffman, Mitchell, and Steven Tadelis. People Management Skills, Employee Attrition, and Manager Rewards: An Empirical Analysis. p. 96.

    “How to Create an Effective Feedback Culture.” eXplorance Inc. Feb. 2013. Web.

    “Importance of Performance Management Process & Best Practices To Optimize Monitoring Performance Work Reviews/Feedback and Goal Management.” SAP Success Factors, n.d. Web.

    Jacobson, Darcy. “How Bad Performance Management Killed Microsoft’s Edge.” Globoforce Blog, 5 July 2012. Web.

    Jaidev, Uma Pricilda, and Susan Chirayath. Pre-Training, During-Training and Post-Training Activities as Predictors of Transfer of Training. no. 4, 2012, p. 18.

    Jensen, Michael C. “Paying People to Lie: The Truth about the Budgeting Process.” European Financial Management, vol. 9, no. 3, 2003, pp. 379-406. Print.

    Kahneman, Daniel, and Ram Charan. HBR's 10 Must Reads on Making Smart Decisions. Harvard Business Review, 26 March 2013. Ebook.

    Kirkpatrick, J., and W. Kirkpatrick. “The Kirkpatrick Four Levels: A Fresh Look After 50 Years 1959-2009.” Kirkpatrickpartners.com, 2009. Web.

    Kirwan, Cyril. Improving Learning Transfer. Routledge, 2016.

    Kline, Theresa J.B., and Lorne M. Sulsky. “Measurement and Assessment Issues in Performance Appraisal.” Canadian Psychology, vol. 50, no. 3, 2009, pp. 161-171. Proquest. Web.

    Kowalski, Kyle. “Create a Daily Routine with Calendar Time Blocking (+ 7 Pro Tips).” Sloww, 29 May 2018. Web.

    Krentz, Susanna E., et al. ”Staying on Course with Strategic Metrics.” Healthcare Financial Management, vol. 60, no. 5, 2006, pp. 86-94. Proquest. Web.

    Kuligowski, Kiely. Tips for First-Time Managers. 15 Feb. 2019. Web.

    Laker, Dennis R., and Jimmy L. Powell. “The Differences between Hard and Soft Skills and Their Relative Impact on Training Transfer.” Human Resource Development Quarterly, vol. 22, no. 1, March 2011, pp. 111-22. Crossref, doi:10.1002/hrdq.20063.

    Lawrence, Paul. “Managerial coaching – A literature review.” International Journal of Evidence Based Coaching and Mentoring, vol. 15, no. 2, 2017, pp. 43-66. Web.

    Ledford, Gerald E. Jr., George Benson, and Edward E. Lawler III. “Cutting-Edge Performance Management.” WorldatWork Research, Aug. 2016. Web.

    Lee, W.R.; Choi, S.B.; Kang, S.-W. How Leaders’ Positive Feedback Influences Employees’ Innovative Behavior: The Mediating Role of Voice Behavior and Job Autonomy. Sustainability, vol. 13, no. 4, 2021, pp. 1901. https://doi.org/10.3390/su13041901

    Leopold, Till Alexander, Vesselina Ratcheva, and Saadia Zahidi. The Future of Jobs. World Economic Forum, 2016. Web.

    Levy, Dan. “How to Build a Culture That Embraces Feedback.” Inc. Magazine, March 2014. Web.

    Lighthouse Research & Advisory. “Insights from the CHRO Panel at Workhuman 2017.” Lighthouse Research & Advisory, June 2017. Web.

    Lipman, Victor. “For New Managers, Boundaries Matter (A Lot).” Forbes, 19 March 2018. Web.

    Lipman, Victor. “The Hardest Thing For New Managers.” Forbes, 1 June 2016. Web.

    Lipman, Victor. “The Move To New Manager May Be The Hardest Transition In Business.” Forbes, 2 Jan. 2018. Web.

    Lyons, Rich. “Feedback: You Need To Lead It.” Forbes, 10 July 2017. Web.

    “Managing Email Effectively.” MindTools, n.d. Web.

    Managing Performance Workbook. Trainer Bubble, 16 Feb. 2013. Web.

    Mayfield, Clifton, et al. “Psychological Collectivism and Team Effectiveness: Moderating Effects of Trust and Psychological Safety.” Journal of Organizational Culture, Communications and Conflict, vol. 20, no. 1, Jan. 2016, pp. 78-94. Web.

    McAlpin, Kevin and Hans Vaagenes. “Critical Decision Making.” Performance Coaching International. 17 Nov. 2017. Web.

    McCoy, Jim. “How to Align Employee Performance with Business Strategy.” Workforce Management, vol. 86, no. 12, 2007, pp. S5. Proquest. Web.

    “Measuring Time-To-Full Productivity.” FeverBee, n.d. Web.

    Meister, Jeanne. The 2020 Workplace: How Innovative Companies Attract, Develop, and Keep Tomorrow's Employees Today. HarperBusiness, 2010. Print.

    Meyer, Erin. “The Four Keys To Success With Virtual Teams.” Forbes Magazine, 19 Aug. 2010. Web.

    Morris, Donna. “Death to the Performance Review: How Adobe Reinvented Performance Management and Transformed Its Business.” WorldatWork, 2016, p. 10. Web.

    Myers-Briggs Company. “New Research: Time Spent on Workplace Conflict Has Doubled Since 2008.” Yahoo! Finance, 18 Oct. 2022. Web.

    Murdoch, Elisabeth. “Elisabeth Murdoch's MacTaggart lecture: full text.” The Guardian, 23 Aug. 2012. Web.

    NASA Governance and Strategic Management Handbook (NPD 1000.0B). NASA, June 2014. Web.

    NASA Space Flight Program and Project Management Handbook (NASA/SP-2014-3705). NASA, Sept. 2014. Web.

    New Manager Training: Management & Leadership Skills. Schulich School of Business, n.d. Web.

    O’Hanlon, Margaret. “It’s a Scandal! Manager Training Exposed! [Implementation Part 4].” Compensation Cafe, 16 Feb. 2012. Web.

    Ordonez, Lisa D., et al. “Goals Gone Wild: The Systematic Side Effects of Over-Prescribing Goal Setting.” Social Science Research Network. Harvard Business School, 11 Feb. 2009. Web.

    Paczka, Nina. “Meeting in the Workplace | 2023 Statistics.” LiveCareer, 25 July 2022. Web.

    Pavlou, Christina. “How to Calculate Employee Turnover Rate | Workable.” Recruiting Resources: How to Recruit and Hire Better, 13 July 2016. Web.

    Performance Management 101 Workbook. Halogen Software, 2015. Web.

    Personal Development and Review. Oxford Learning Institute, n.d. Web.

    Personal Development Plan. MindTools, 2014. Web.

    Porath, Christine, et al. “The Effects of Civility on Advice, Leadership, and Performance.” Journal of Applied Psychology, vol. 44, no. 5, Sept. 2015, pp. 1527-1541. Web.

    Project Management Institute. “PMI’s Pulse of The Profession: In-Depth Report.” PMI, May 2013. Web. June 2015.

    Quay, C. C., and A. Yusof. “The influence of employee participation, rewards and recognition, job security, and performance feedback on employee engagement.” Issues and Perspectives in Business and Social Sciences, vol. 2, no. 1, 2022, pp. 20. https://doi.org/10.33093/ipbss.2022.2.1.3

    Quinn, R. E., and J. Rohrbaugh. “A spatial model of effectiveness criteria: Towards a competing values approach to organizational analysis.” Management Science, vol. 29, 1983, pp. 363–377.

    Re:Work Guide: Develop and Support Managers. re:Work with Google, n.d. Web.

    Reardon, Kathleen Kelley. “7 Things to Say When a Conversation Turns Negative.” Harvard Business Review, 11 May 2016. Web.

    Reh, F. John. “Here Is a List of Mistakes New Managers Make and How to Avoid Them.” The Balance Careers, 30 Dec. 2018. Web.

    Richards, Leigh. “Why Is Employee Empowerment a Common Cornerstone of Organizational Development & Change Programs?” Houston Chronicle, Hearts Newspapers, LLC. 5 July 2013. Web.

    Robson, Fiona. Southwood School – A Case Study: Performance Management Systems. Society for Human Resource Management, 2009. Crossref, doi:10.4135/9781473959552.

    Rock, David, and Beth Jones. “Why More and More Companies are Ditching Performance Ratings.” Harvard Business Review, 8 Sept. 2015. Web.

    Rock, David. “SCARF: A Brain-Based Model for Collaborating With and Influencing Others.” NeuroLeadership Journal, 2008. Web..

    Romão, Soraia, Neuza Ribeiro, Daniel Roque Gomes, and Sharda Singh. “The Impact of Leaders’ Coaching Skills on Employees’ Happiness and Turnover Intention.” Administrative Sciences, vol. 12, no. 84, 2022. https://doi.org/10.3390/ admsci12030084

    Romero, Joseluis. “Yes - you can build a feedback culture.” Skills 2 Lead, Aug. 2014. Web.

    Runde, Craig E., and Tim A. Flanagan. “Conflict Competent Leadership.” Leader to Leader, Executive Forum, Winter 2008. PDF.

    Saks, Alan M., and Lisa A. Burke-Smalley. “Is Transfer of Training Related to Firm Performance?: Transfer and Firm Performance.” International Journal of Training and Development, vol. 18, no. 2, June 2014, pp. 104–15. Crossref, doi:10.1111/ijtd.12029.

    Saks, Alan M., et al. “The Transfer of Training: The Transfer of Training.” International Journal of Training and Development, vol. 18, no. 2, June 2014, pp. 81–83. Crossref, doi:10.1111/ijtd.12032.

    Salomonsen, Summer. Grovo’s First-Time Manager Microlearning® Program Will Help Your New Managers Thrive in 2018. Grovo, 2018. Web.

    Schwartz, Dan. “3 Topics Every New Manager Training Should Include.” Training Industry, 12 April 2017. Web.

    Scott, Dow, Tom McMullen, and Mark Royal. “Retention of Key Talent and the Role of Rewards.” WorldatWork, June 2012. Web.

    “Seeking Agility in Performance Management.” Human Resource Executive, 2016. Web.

    “Should You Always Involve Your Team in Decision Making?” Upskillist, 25 April 2022. Web.

    “SHRM Workplace Forecast.” The Top Workplace Trends According to HR Professionals, May 2013. Web.

    Singhal, Nikhyl. “Eight Tips for First Time Managers.” Medium, 20 Aug. 2017. Web.

    Singhania, Prakriti, et al. “2020 Global Marketing Trends.” Deloitte, 2019. Web.

    SMART Goals: A How to Guide. University of California, n.d. Web.

    Smith, Benson, and Tony Rutigliano. “Scrap Your Performance Appraisal System.” Gallup, 2002. Article.

    “State of the Modern Meeting 2015.” BlueJeans, Aug. 2015. Web.

    Sternberg, Larry, and Kim Turnage. “Why Make Managers A Strategic Priority?” Great Leadership, 12 Oct. 2017. Web.

    Sullivan, Dr. John. “Facebook’s Difference: A Unique Approach For Managing Employees.”TLNT, Sept. 2013. Web.

    Tal, David. “A 'Culture of Coaching' Is Your Company's Most Important Ingredient for Success.” Entrepreneur, 27 Sept. 2017. Web.

    Tenut, Jeff. “How Management Development Training Reduces Turnover.” DiscoverLink, 3 July 2018. Web.

    “The 5 Biggest Biases That Affect Decision-Making.” NeuroLeadership Institute, 2 August 2022. Web.

    “The Different Impact of Good and Bad Leadership.” Barna Group, 2015. Web.

    “The Engaged Workplace.” Gallup, 2017. Web.

    “The Individual Development Plan Guide.” Wildland Fire Leadership Development Program, April 2010, p. 15.

    The State of Business Communication. Grammarly, 2022. Web.

    Thomas, Kenneth. “Conflict and Conflict Management.” The Handbook of Industrial and Organizational Psychology, Rand McNally, 1976. In “The Five Conflict-Handling Modes.” The Myers Briggs Company, n.d. PDF.

    Thompson, Rachel. “What Is Stakeholder Management?” MindTools, n.d. Web.

    Tollet, Francoise. “Distracted? Learn how to (re)focus.” Business Digest, 12 July 2021. Podcast.

    Tonhauser, Cornelia, and Laura Buker. Determinants of Transfer of Training: A Comprehensive Literature Review, p. 40.

    Towers Watson. “Clear Direction in a Complex World: How Top Companies Create Clarity, Confidence and Community to Build Sustainable Performance.” Change and Communication ROI Study Report, 2011-2012. Web.

    Trudel, Natalie. “Improve Your Coaching Skills by Understanding the Psychology of Feedback.” TLNT, 12 July 2017. Web.

    “Understanding When to Give Feedback.” Harvard Business Review, Dec. 2014. Web.

    Vacassin, Daniel. “There are no 'good' performance management systems – there are just good line managers.” LinkedIn, 4 Oct. 2016. Web.

    van der Locht, Martijn, et al. “Getting the Most of Management Training: The Role of Identical Elements for Training Transfer.” Personnel Review, vol. 42, no. 4, May 2013, pp. 422–39. Crossref, doi:10.1108/PR-05-2011-0072.

    Vaughan, Liam. “Banks Find New Ways to Measure Staff.” Financial News, 10 Jan. 2011. Web.

    Watkins, Michael, et al. “Hit the Ground Running:Transitioning to New Leadership Roles.” IMD Business School, May 2014. Web.

    Whitney, Kelley. “Kimberly-Clark Corp.: Redesigning Performance Management.” Talent Management Magazine, vol. 2, no. 1, 2006. Web.

    “Whole Foods 2015 Report.” The Predictive Index, n.d. Web.

    “Whole Foods Market Reports Fourth Quarter and Fiscal Year 2016 Results.” Whole Foods, 2 Feb. 2016. Web.

    Wisniewski, Dan. “Here's why everybody hates meetings.” HR Morning, 14 Dec. 2012. Web.

    Woolum, Janet, and Brent Stockwell. Aligning Performance Measurement to Mission, Goals, and Strategy Workbook. Arizona State University, Jan. 2016. Web.

    Worall, Les, et al. The Quality of Working Life. Chartered Management Institute, 2016. Web.

    “Workplace Conflict Statistics: How We Approach Conflict at Work.” Niagara Institute, 11 Aug. 2022. Web.

    “You Waste a Lot of Time at Work Infographic.” Atlassian, 23 August 2012. Web.

    Zenger, Jack, and Joe Folkman. “Feedback: The Leadership Conundrum.” Talent Quarterly: The Feedback Issue, 2015. Web.

    Zuberbühler, P., et al. “Development and validation of the coaching-based leadership scale and its relationship with psychological capital, work engagement, and performance.” Current Psychology, vol. 42, no. 10, 2021, pp. 1-22.

    GDPR, Implemented!

    GDPR, Are You really ready?

    It is now 2020 and the GDPR has been in effect for almost 2 years. Many companies thought: been there, done that. And for a while the regulators let some time go by.

    The first warnings appeared quickly enough. Eg; in September 2018, the French regulator warned a company that they needed to get consent of their customers for getting geolocation based data.

    That same month, an airline was hacked and, on top of the reputational damage and costs to fix the IT systems, it faced the threat of a stiff fine.

    Even though we not have really noticed, fines started being imposed as early as January 2019.

    But these fines, that is when you have material breaches...

    Wrong! The fines are levied in a number of cases. And to make it difficult to estimate, there are guidelines that will shape the decision making process, but no hard and fast rules!

    The GDPR is very complex and consists of both articles and associated recitals that you need to be in compliance with. it is amuch about the letter as it is about the spirit.

    We have a clear view on what most of those cases are.
    And more importantly, when you follow our guidelines, you will be well placed to answer any questions by your clients and cooperate with the regulator in a proactive way.

    They will never come after me. I'm too small.

    And besides, I have my privacy policy and cookie notice in place

    Company size has nothing to do with it.

    While in the beginning, it seemed mostly a game for the big players (for names, you have to contact us) that is just perception.

    As early as March 2018 a €10M revenue company was fined around €120,000. 2 days later another company with operating revenues of  around €6.2M was fined close to €200.000 for failing to abide by the DSRR stipulatons.

    Don't know what these are?
    Fill out the form below and we'll let you in on the good stuff.

     

    Continue reading

    Maximize Business Value From IT Through Benefits Realization

    • Buy Link or Shortcode: {j2store}337|cart{/j2store}
    • member rating overall impact: 6.0/10 Overall Impact
    • member rating average dollars saved: 4 Average Days Saved
    • member rating average days saved: After each Info-Tech experience, we ask our members to quantify the real-time savings, monetary impact, and project improvements our research helped them achieve.
    • Parent Category Name: IT Governance, Risk & Compliance
    • Parent Category Link: /it-governance-risk-and-compliance
    • IT and the business are often misaligned because business value is not well defined or communicated.
    • Decisions are made without a shared perspective of value. This results in cost misallocation and unexploited opportunities to improve efficiency and drive innovation.

    Our Advice

    Critical Insight

    • IT exists to provide business value and is part of the business value chain. Most IT organizations lack a way to define value, which complicates the process of making value-based strategic business decisions.
    • IT must link its spend to business value to justify its investments. IT doesn’t have an established process to govern benefits realization and struggles to demonstrate how it provides value from its investments.
    • Pursue value, not technology. The inability to articulate value leads to IT being perceived as a cost center.

    Impact and Result

    • Ensure there is a common understanding within the organization of what is valuable to drive growth and consistent strategic decision making.
    • Equip IT to evaluate, direct, and monitor investments to support the achievement of organizational values and business benefits.
    • Align IT spend with business value through an enhanced governance structure to achieve cost optimization. Ensure IT visibly contributes to the creation and maintenance of value.

    Maximize Business Value From IT Through Benefits Realization Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should establish a benefits realization process, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Understand business value

    Ensure that all key strategic stakeholders hold a current understanding of what is valuable to the organization and a sense of what will be valuable based on future needs.

    • Maximize Business Value from IT Through Benefits Realization – Phase 1: Understand Business Value
    • Business Value Statement Template
    • Business Value Statement Example
    • Value Statement Email Communication Template
    • Feedback Consolidation Tool

    2. Incorporate benefits realization into governance

    Establish the process to evaluate spend on IT initiatives based on expected benefits, and implement the methods to monitor how well the initiatives achieve these benefits.

    • Maximize Business Value from IT Through Benefits Realization – Phase 2: Incorporate Benefits Realization into Governance
    • Business Value Executive Presentation Template

    3. Ensure an accurate reference of value

    Re-evaluate, on a consistent basis, the accuracy of the value drivers stated in the value statement with respect to the organization’s current internal and external environments.

    • Maximize Business Value from IT Through Benefits Realization – Phase 3: Ensure an Accurate Reference of Value
    [infographic]

    Workshop: Maximize Business Value From IT Through Benefits Realization

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Understand Business Value

    The Purpose

    Establish the business value statement.

    Understand the importance of implementing a benefits realization process.

    Key Benefits Achieved

    Unified stakeholder perspectives of business value drivers

    Establish supporters of the initiative

    Activities

    1.1 Understand what governance is and how a benefits realization process in governance will benefit the company.

    1.2 Discuss the mission and vision of the company, and why it is important to establish the target state prior to defining value.

    1.3 Brainstorm and narrow down organization value drivers.

    Outputs

    Stakeholder buy-in on benefits realization process

    Understanding of interrelations of mission, vision, and business value drivers

    Final three prioritized value drivers

    Completed business value statement

    2 Incorporate Benefits Realization Into Governance

    The Purpose

    Establish the intake, assessment and prioritization, and output and monitoring processes that are involved with implementing benefits realization.

    Assign cut-over dates and accountabilities.

    Establish monitoring and tracking processes.

    Key Benefits Achieved

    A thorough implementation plan that can be incorporated into existing governance documents

    Stakeholder understanding of implemented process, process ownership

    Activities

    2.1 Devise the benefits realization process.

    2.2 Establish launch dates, accountabilities, and exception handling on processes.

    2.3 Devise compliance monitoring and exception tracking methods on the benefits realization process.

    Outputs

    Benefits realization process incorporated into governance documentation

    Actionable plan to implement benefits realization process

    Reporting processes to ensure the successful delivery of the improved governance process

    3 Ensure an Accurate Reference of Value

    The Purpose

    Implement a process to ensure that business value drivers remain current to the organization.

    Key Benefits Achieved

    Align IT with the business and business to its environment

    Activities

    3.1 Determine regular review cycle to reassess business value drivers.

    3.2 Determine the trigger events that may cause off-cycle revisits to value.

    3.3 Devise compliance monitoring on value definition.

    Outputs

    Agenda and tools to assess the business context to verify the accuracy of value

    List of possible trigger events specific to your organization

    Reporting processes to ensure the continuous adherence to the business value definition

    Jump Start Your Vendor Management Initiative

    • Buy Link or Shortcode: {j2store}211|cart{/j2store}
    • member rating overall impact: 9.4/10 Overall Impact
    • member rating average dollars saved: $137,332 Average $ Saved
    • member rating average days saved: 31 Average Days Saved
    • Parent Category Name: Vendor Management
    • Parent Category Link: /vendor-management
    • Each year, IT organizations spend more money “outsourcing” tasks, activities, applications, functions, and other items.
    • The increased spend and associated outsourcing leads to less control, and more risk for IT organizations. Managing this becomes a higher priority for IT, but many IT organizations are ill-equipped to do this proactively.

    Our Advice

    Critical Insight

    • Vendor management is not “plug and play” – each organization’s vendor management initiative (VMI) needs to fit its culture, environment, and goals. There are commonalites among vendor management initiatives, but the key is to adapt vendor management principles to fit your needs, not the other way around.
    • All vendors are not of equal importance to an organization. Internal resources are a scarce commodity and should be deployed so that they provide the best return on the organization’s investment. Classifying or segmenting your vendors allows you to focus your efforts on the most important vendors first, allowing your VMI to have the greatest impact possible.
    • Having a solid foundation is critical to the VMI’s ongoing success. Whether you will be creating a formal vendor management office or using vendor management techniques, tools, and templates “informally,” starting with the basics is essential. Make sure you understand why the VMI exists and what it hopes to achieve, what is in and out of scope for the VMI, what strengths the VMI can leverage and the obstacles it will have to address, and how it will work with other areas within your organization.

    Impact and Result

    • Build and implement a vendor management initiative tailored to your environment.
    • Create a solid foundation to sustain your vendor management initiative as it evolves and matures.
    • Leverage vendor management-specific tools and templates to manage vendors more proactively and improve communication.
    • Concentrate your vendor management resources on the right vendors.
    • Build a roadmap and project plan for your vendor management journey to ensure you reach your destination.
    • Build collaborative relationships with critical vendors.

    Jump Start Your Vendor Management Initiative Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should jump start a vendor management initiative, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Plan

    Organize your VMI and document internal processes, relationships, roles, and responsibilities. The main outcomes from this phase are organizational documents, a baseline VMI maturity level, and a desired future state for the VMI.

    • Jump Start Your Vendor Management Initiative – Phase 1: Plan
    • Jump – Phase 1 Tools and Templates Compendium

    2. Build

    Configure and create the tools and templates that will help you run the VMI. The main outcomes from this phase are a clear understanding of which vendors are important to you, the tools to manage the vendor relationships, and an implementation plan.

    • Jump Start Your Vendor Management Initiative – Phase 2: Build
    • Jump – Phase 2 Tools and Templates Compendium
    • Jump – Phase 2 Vendor Classification Tool
    • Jump – Phase 2 Vendor Risk Assessment Tool

    3. Run

    Begin operating the VMI. The main outcomes from this phase are guidance and the steps required to implement your VMI.

    • Jump Start Your Vendor Management Initiative – Phase 3: Run

    4. Review

    Identify what the VMI should stop doing, start doing, and continue doing as it improves and matures. The main outcomes from this phase are ways to advance the VMI and maintain internal alignment.

    • Jump Start Your Vendor Management Initiative – Phase 4: Review

    Infographic

    Workshop: Jump Start Your Vendor Management Initiative

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Plan

    The Purpose

    Getting Organized

    Key Benefits Achieved

    Defined Roles and Goals for the VMI

    Activities

    1.1 Mission Statement and Goals

    1.2 Scope

    1.3 Strengths and Obstacles

    1.4 Roles and Responsibilities – OIC Chart

    1.5 Process Mapping

    1.6 Vendor Inventory Tool (Overview)

    Outputs

    Completed Mission Statement and Goals

    List of Items In Scope and Out of Scope for the VMI

    List of Strengths and Obstacles for the VMI

    Completed OIC Chart

    Sample Process Map for One Process

    Begun Using Vendor Inventory Tool

    2 Plan/Build/Run

    The Purpose

    Build VMI Tools and Templates

    Key Benefits Achieved

    Configured Tools and Templates for the VMI Based on Its Roles and Goals

    Activities

    2.1 Maturity Assessment

    2.2 Structure and Job Descriptions

    2.3 Attributes of a Valuable Vendor

    2.4 Classification Model

    2.5 Risk Assessment Tool

    2.6 Scorecards and Feedback

    2.7 Business Alignment Meeting Agenda

    Outputs

    Completed Maturity Assessment.

    Sample Job Descriptions and Phrases.

    List of Attributes of a Valuable Vendor.

    Configured Classification Model.

    Configured Risk Assessment Tool.

    Configured Scorecard and Feedback Questions.

    Configured Business Alignment Meeting Agenda.

    3 Build/Run

    The Purpose

    Continue Building VMI Tools and Templates

    Key Benefits Achieved

    Configured Tools and Templates for the VMI Based on Its Roles and Goals

    Activities

    3.1 Relationship Alignment Document

    3.2 Vendor Orientation

    3.3 Policies and Procedures

    3.4 3-Year Roadmap

    3.5 90-Day Plan

    3.6 Quick Wins

    3.7 Reports

    3.8 Kickoff Meeting

    Outputs

    Relationship Alignment Document Sample and Checklist

    Vendor Orientation Checklist

    Policies and Procedures Checklist

    Completed 3-Year Roadmap

    Completed 90-Day Plan

    List of Quick Wins

    List of Reports

    4 Review

    The Purpose

    Review the Past 12 Months of VMI Operations and Improve

    Key Benefits Achieved

    Keeping the VMI Aligned With the Organization’s Goals and Ensuring the VMI Is Leveraging Leading Practices

    Activities

    4.1 Develop/Improve Vendor Relationships.

    4.2 Assess Compliance.

    4.3 Incorporate Leading Practices.

    4.4 Leverage Lessons Learned.

    4.5 Maintain Internal Alignment.

    4.6 Update Governances.

    Outputs

    Further reading

    Jump Start Your Vendor Management Initiative

    Create and implement a vendor management framework to begin obtaining measurable results in 90 days.

    EXECUTIVE BRIEF

    Analyst Perspective

    What is vendor management?

    When you read the phrase “vendor management,” what comes to mind? This isn’t a rhetorical question. Take your time … I’ll wait.

    Unfortunately, those words conjure up a lot of different meanings, and much of that depends on whom you ask. Those who work in the vendor management field will provide a variety of answers. To complicate matters, those who are vendor management “outsiders” will have a totally different view of what vendor management is. Why is this important? Because we need a common definition to communicate more effectively, even if the definition is broad.

    Let’s start creating a working definition that is not circular. Vendor management is not simply managing vendors. That expression basically reorders the words and does nothing to advance our cause; it only adds to the existing confusion surrounding the concept.

    Vendor management is best thought of as a spectrum or continuum with many points rather than a specific discipline like accounting or finance. There are many functions and activities that fall under the umbrella term of vendor management: some of them will be part of your vendor management initiative (VMI), some will not, and some will exist in your organization but be outside the VMI. This is the unique part of vendor management – the part that makes it fun, but also the part that leads to the confusion. For example, accounts payable sits within the accounting department almost exclusively, but contract management can sit within or outside the VMI. The beauty of vendor management is its flexibility; your VMI can be created to meet your specific needs and goals while leveraging common vendor management principles.

    Every conversation around vendor management needs to begin with “What do you mean by that?” Only then can we home in on the scope and nature of what people are discussing. “Managing vendors” is too narrow because it often ignores many of the reasons organizations create VMIs in the first place: to reduce costs, to improve performance, to improve processes, to improve relationships, to improve communication, and to manage risk better.

    Vendor management is a strategic initiative that takes the big picture into account … navigating the cradle to grave lifecycle to get the most out of your interactions and relationships with your vendors. It is flexible and customizable; it is not plug and play or overly prescriptive. Tools, principles, templates, and concepts are adapted rather than adopted as is. Ultimately, you define what vendor management is for your organization.

    We look forward to helping you on your vendor management journey no matter what it looks like. But first, let’s have a conversation about how you want to define vendor management in your environment.

    This is a picture of Phil Bode, Principal  Research Director, Vendor Management at Info-Tech Research Group.

    Phil Bode
    Principal Research Director, Vendor Management
    Info-Tech Research Group

    Executive Summary

    Your Challenge

    Each year, IT organizations “outsource” tasks, activities, functions, and other items. During 2021:

    • Spend on as-a-service providers increased 38% over 2020.*
    • Spend on managed service providers increased 16% over 2020.*
    • IT service providers increased their merger and acquisition numbers by 47% over 2020.*

    *Source: Information Services Group, Inc., 2022.

    This leads to more spend, less control, and more risk for IT organizations. Managing this becomes a higher priority for IT, but many IT organizations are ill-equipped to do this proactively.

    Common Obstacles

    As new contracts are negotiated and existing contracts are renegotiated or renewed, there is a perception that the contracts will yield certain results, output, performance, solutions, or outcomes. The hope is that these will provide a measurable expected value to IT and the organization. Oftentimes, much of the expected value is never realized. Many organizations don’t have a VMI to help:

    • Ensure at least the expected value is achieved.
    • Improve on the expected value through performance management.
    • Significantly increase the expected value through a proactive VMI.

    Info-Tech’s Approach

    Vendor management is a proactive, cross-functional lifecycle. It can be broken down into four phases:

    • Plan
    • Build
    • Run
    • Review

    The Info-Tech process addresses all four phases and provides a step-by-step approach to configure and operate your VMI. The content in this blueprint helps you quickly establish your VMI and set a solid foundation for its growth and maturity.

    Info-Tech Insight

    Vendor management is not a one-size-fits-all initiative. It must be configured:

    • For your environment, culture, and goals.
    • To leverage the strengths of your organization and personnel.
    • To focus your energy and resources on your critical vendors.

    Executive Summary

    Your Challenge

    Spend on managed service providers and as-a-service providers continues to increase. In addition, IT services vendors continue to be active in the mergers and acquisitions arena. This increases the need for a VMI to help with the changing IT vendor landscape. In 2021, there was increases of:

    38%

    Spend on As-a-Service Providers

    16%

    Spend on Managed Services Providers

    47%

    IT Services Merger & Acquisition Growth (Transactions)

    Source: Information Services Group, Inc., 2022.

    Executive Summary

    Common Obstacles

    When organizations execute, renew, or renegotiate a contract, there is an “expected value” associated with that contract. Without a robust VMI, most of the expected value will never be realized. With a robust VMI, the realized value significantly exceeds the expected value during the contract term.

    A contract’s realized value with and without a vendor management initiative

    Two bars are depicted, showing that vendor collaboration and vendor performance management exceed expected value with a VMI, but without VMI, 75% of a contract's expected value can disappear within 18 months.

    Source: Based on findings from Geller & Company, 2003.

    Executive Summary

    Info-Tech’s Approach

    A sound, cyclical approach to vendor management will help you create a VMI that meets your needs and stays in alignment with your organization as they both change (i.e. mature and grow).

    This is an image of Info-Tech's approach to VMI.  It includes the following four steps: 01 - Plan; 02 - Build; 03 - Run; 04 - Review

    Info-Tech’s Methodology for Creating and Operating Your VMI

    Phase 1: Plan Phase 2: Build Phase 3: Run Phase 4: Review

    Phase Steps

    1.1 Mission Statement and Goals
    1.2 Scope
    1.3 Strengths and Obstacles
    1.4 Roles and Responsibilities
    1.5 Process Mapping
    1.6 Charter
    1.7 Vendor Inventory
    1.8 Maturity Assessment
    1.9 Structure

    2.1 Classification Model
    2.2 Risk Assessment Tool
    2.3 Scorecards and Feedback
    2.4 Business Alignment Meeting Agenda
    2.5 Relationship Alignment Document
    2.6 Vendor Orientation
    2.7 Job Descriptions
    2.8 Policies and Procedures
    2.9 3-Year Roadmap
    2.10 90-Day Plan
    2.11 Quick Wins
    2.12 Reports

    3.1 Classify Vendors
    3.2 Conduct Internal “Kickoff” Meeting
    3.3 Conduct Vendor Orientation
    3.4 Compile Scorecards
    3.5 Conduct Business Alignment Meetings
    3.6 Work the 90-Day Plan
    3.7 Manage the 3-Year Roadmap
    3.8 Measure and Monitor Risk
    3.9 Issue Reports
    3.10 Develop/Improve Vendor Relationships
    3.11 Contribute to Other Processes

    4.1 Assess Compliance
    4.2 Incorporate Leading Practices
    4.3 Leverage Lessons Learned
    4.4 Maintain Internal Alignment
    4.5 Update Governances

    Phase Outcomes

    This phase helps you organize your VMI and document internal processes, relationships, roles, and responsibilities. The main outcomes from this phase are organizational documents, a baseline VMI maturity level, and a desired future state for the VMI. This phase helps you configure and create the tools and templates that will help you run the VMI. The main outcomes from this phase are a clear understanding of which vendors are important to you, the tools to manage the vendor relationships, and an implementation plan. This phase helps you begin operating the VMI. The main outcomes from this phase are guidance and the steps required to implement your VMI. This phase helps the VMI identify what it should stop doing, start doing, and continue doing as it improves and matures. The main outcomes from this phase are ways to advance the VMI and maintain internal alignment.

    Insight Summary

    Insight 1

    Vendor management is not “plug and play” – each organization’s vendor management initiative (VMI) needs to fit its culture, environment, and goals. While there are commonalities and leading practices associated with vendor management, your initiative won’t look exactly like another organization’s. The key is to adapt vendor management principles to fit your needs.

    Insight 2

    All vendors are not of equal importance to your organization. Internal resources are a scarce commodity and should be deployed so that they provide the best return on the organization’s investment. Classifying or segmenting your vendors allows you to focus your efforts on the most important vendors first, allowing your VMI to have the greatest impact possible.

    Insight 3

    Having a solid foundation is critical to the VMI’s ongoing success. Whether you will be creating a formal vendor management office or using vendor management techniques, tools, and templates “informally,” starting with the basics is essential. Make sure you understand why the VMI exists and what it hopes to achieve, what is in and out of scope for the VMI, what strengths the VMI can leverage and the obstacles it will have to address, and how it will work with other areas within your organization.

    Blueprint Deliverables

    The four phases of creating and running a vendor management initiative are supported with configurable tools, templates, and checklists to help you stay aligned internally and achieve your goals.

    VMI Tools and Templates

    This image contains two screenshots of Info-Tech's VMI Tools and Templates

    Build a solid foundation for your VMI and configure tools and templates to help you manage your vendor relationships.

    Key Deliverables:

    1. Jump – Phase 1 Tools and Templates Compendium
    2. Jump – Phase 2 Tools and Templates Compendium
    3. Jump – Phase 2 Vendor Classification Tool
    4. Jump – Phase 2 Vendor Risk Assessment Tool

    A suite of tools and templates to help you create and implement your vendor management initiative.

    Blueprint benefits

    IT Benefits

    • Identify and manage risk proactively.
    • Reduce costs and maximize value.
    • Increase visibility with your critical vendors.
    • Improve vendor performance.
    • Create a collaborative environment with key vendors.
    • Segment vendors to allocate resources more effectively and more efficiently.

    Business Benefits

    • Improve vendor accountability.
    • Increase collaboration between departments.
    • Improve working relationships with your vendors.
    • Create a feedback loop to address vendor or customer issues before they get out of hand or are more costly to resolve.
    • Increase access to meaningful data and information regarding important vendors.

    Establish Baseline Metrics

    Baseline metrics will be improved through:

    Using the Maturity Assessment and 90-Day Plan tools, track how well you are able to achieve your goals and objectives:

    • Did you meet the targeted maturity level for each maturity category as determined by the point system?
    • Did you finish each activity in the 90-Day Plan completely and on time?
    1-Year Maturity Roadmap(by Category) Target Maturity (Total Points) Actual Maturity (Total Points)
    Contracts 12 12
    Risk 8 7
    Vendor Selection 9 9
    Vendor Relationships 21 21
    VMI Operations 24 16
    90-Day Plan (by Activity) Activity Completed
    Finalize mission and goals; gain executive approval Yes
    Finalize OIC chart; gain buy-in from other departments Yes
    Classify top 40 vendors by spend Yes
    Create initial scorecard Yes
    Develop the business alignment meeting agenda Yes
    Conduct two business alignment meetings No
    Update job descriptions Yes
    Map two VMI processes No

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    “Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful.”

    Guided Implementation

    “Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track.”

    Workshop

    “We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place.”

    Consulting

    “Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project.”

    Diagnostics and consistent frameworks used throughout all four options

    Guided Implementation

    What does a typical GI on this topic look like?

    Phase 1 Phases 2 & 3 Phase 4

    Call #1: Mission statement and goals, scope, and strengths and obstacles.

    Call #5: Classification model.

    Call #9: Policies and procedures and reports.

    Call #12: Assess compliance, incorporate leading practices, leverage lessons learned, maintain internal alignment, and update governances.

    Call #2: Roles and responsibilities and process mapping.

    Call #6: Risk assessment.

    Call #10: 3-year roadmap.

    Call #3: Charter and vendor inventory.

    Call #7: Scorecards and feedback and business alignment meetings.

    Call #11: 90-day plan and quick wins.

    Call #4: Maturity assessment and VMI structure.

    Call #8: Relationship alignment document, vendor orientation, and job descriptions.

    Workshop Overview

    Contact your account representative for more information.
    workshops@infotech.com 1-888-670-8889

    Day 1 Day 2 Day 3 Day 4
    Plan Plan/Build/Run Build/Run Review

    Activities

    1.1 Mission Statement and Goals
    1.2 Scope
    1.3 Strengths and Obstacles
    1.4 Roles and Responsibilities
    1.5 Process Mapping
    1.6 Charter
    1.7 Vendor Inventory
    1.8 Maturity Assessment
    1.9 Structure

    2.1 Classification Model
    2.2 Risk Assessment Tool
    2.3 Scorecards and Feedback
    2.4 Business Alignment Meeting Agenda
    2.5 Relationship Alignment Document
    2.6 Vendor Orientation
    2.7 Job Descriptions
    2.8 Policies and Procedures
    2.9 3-Year Roadmap
    2.10 90-Day Plan
    2.11 Quick Wins
    2.12 Reports

    3.1 Classify Vendors
    3.2 Conduct Internal “Kickoff” Meeting
    3.3 Conduct Vendor Orientation
    3.4 Compile Scorecards
    3.5 Conduct Business Alignment Meetings
    3.6 Work the 90-Day Plan
    3.7 Manage the 3-Year Roadmap
    3.8 Measure and Monitor Risk
    3.9 Issue Reports
    3.10 Develop/Improve Vendor Relationships
    3.11 Contribute to Other Processes

    4.1 Assess Compliance
    4.2 Incorporate Leading Practices
    4.3 Leverage Lessons Learned
    4.4 Maintain Internal Alignment
    4.5 Update Governances

    Deliverables

    1. Completed Mission Statement and Goals
    2. List of Items In Scope and Out of Scope for the VMI
    3. List of Strengths and Obstacles for the VMI
    4. Completed OIC Chart
    5. Sample Process Map for One Process
    6. Vendor Inventory tab
    1. Completed Maturity Assessment
    2. Sample Job Descriptions and Phrases
    3. List of Attributes of a Valuable Vendor
    4. Configured Classification Model
    5. Configured Risk Assessment Tool
    6. Configured Scorecard and Feedback Questions
    7. Configured Business Alignment Meeting Agenda
    1. Relationship Alignment Document Sample and Checklist
    2. Vendor Orientation Checklist
    3. Policies and Procedures Checklist
    4. Completed 3-Year Roadmap
    5. Completed 90-Day Plan
    6. List of Quick Wins
    7. List of Reports

    Phase 1: Plan

    Get Organized

    1.1 Mission Statement and Goals
    1.2 Scope
    1.3 Strengths and Obstacles
    1.4 Roles and Responsibilities
    1.5 Process Mapping
    1.6 Charter
    1.7 Vendor Inventory
    1.8 Maturity Assessment
    1.9 Structure

    Phase 1 Phase 2 Phase 3 Phase 4
    1.1 Mission Statement and Goals
    1.2 Scope
    1.3 Strengths and Obstacles
    1.4 Roles and Responsibilities
    1.5 Process Mapping
    1.6 Charter
    1.7 Vendor Inventory
    1.8 Maturity Assessment
    1.9 Structure

    2.1 Classification Model
    2.2 Risk Assessment Tool
    2.3 Scorecards and Feedback
    2.4 Business Alignment Meeting Agenda
    2.5 Relationship Alignment Document
    2.6 Vendor Orientation
    2.7 Job Descriptions
    2.8 Policies and Procedures
    2.9 3-Year Roadmap
    2.10 90-Day Plan
    2.11 Quick Wins
    2.12 Reports

    3.1 Classify Vendors
    3.2 Conduct Internal “Kickoff” Meeting
    3.3 Conduct Vendor Orientation
    3.4 Compile Scorecards
    3.5 Conduct Business Alignment Meetings
    3.6 Work the 90-Day Plan
    3.7 Manage the 3-Year Roadmap
    3.8 Measure and Monitor Risk
    3.9 Issue Reports
    3.10 Develop/Improve Vendor Relationships
    3.11 Contribute to Other Processes

    4.1 Assess Compliance
    4.2 Incorporate Leading Practices
    4.3 Leverage Lessons Learned
    4.4 Maintain Internal Alignment
    4.5 Update Governances

    This phase will walk you through the following activities:

    Organize your VMI and document internal processes, relationships, roles, and responsibilities. The main outcomes from this phase are organizational documents, a baseline VMI maturity level, and a desired future state for the VMI.

    This phase involves the following participants:

    • VMI team
    • Applicable stakeholders and executives
    • Procurement/Sourcing
    • IT
    • Others as needed

    Jump Start Your Vendor Management Initiative

    Phase 1: Plan

    Get organized.

    Phase 1: Plan focuses on getting organized. Foundational elements (mission statement, goals, scope, strengths and obstacles, roles and responsibilities, and process mapping) will help you define your VMI. These and the other elements of this Phase will follow you throughout the process of standing up your VMI and running it.

    Spending time up front to ensure that everyone is on the same page will help avoid headaches down the road. The tendency is to skimp (or even skip) on these steps to get to “the good stuff.” To a certain extent, the process provided here is like building a house. You wouldn’t start building your dream home without having a solid blueprint. The same is true with vendor management. Leveraging vendor management tools and techniques without the proper foundation may provide some benefit in the short term, but in the long term it will ultimately be a house of cards waiting to collapse.

    Step 1.1: Mission statement and goals

    Identify why the VMI exists and what it will achieve.

    Whether you are starting your vendor management journey or are already down the path, it is important to know why the vendor management initiative exists and what it hopes to achieve. The easiest way to document this is with a written declaration in the form of a mission statement and goals. Although this is the easiest way to proceed, it is far from easy.

    The mission statement should identify at a high level the nature of the services provided by the VMI, who it will serve, and some of the expected outcomes or achievements. The mission statement should be no longer than one or two sentences.

    The complement to the mission statement is the list of goals for the VMI. Your goals should not be a reassertion of your mission statement in bullet format. At this stage it may not be possible to make them SMART (Specific, Measurable, Achievable/Attainable, Relevant, Time-Bound/Time-Based), but consider making them as SMART as possible. Without some of the SMART parameters attached, your goals are more like dreams and wishes. At a minimum, you should be able to determine the level of success achieved for each of the VMI goals.

    Although the VMI’s mission statement will stay static over time (other than for significant changes to the VMI or organization as a whole), the goals should be re-evaluated periodically using a SMART filter and adjusted as needed.

    1.1.1: Mission statement and goals

    20-40 minutes

    1. Meet with the participants and use a brainstorming activity to list on a whiteboard or flip chart the reasons why the VMI will exist.
    2. Review external mission statements for inspiration.
    3. Review internal mission statements from other areas to ensure consistency.
    4. Draft and document your mission statement in the Phase 1 Tools and Templates Compendium, Tab 1.1 Mission Statement and Goals.
    5. Continue brainstorming and identify the high-level goals for the VMI.
    6. Review the list of goals and make them as SMART (Specific, Measurable, Achievable/Attainable, Relevant, Time-Bound/Time-Based) as possible.
    7. Document your goals in the Phase 1 Tools and Templates Compendium, Tab 1.1 Mission Statement and Goals.
    8. Obtain sign-off on the mission statement and goals from stakeholders and executives as required.

    Input

    • Brainstorming results
    • Mission statements from other internal and external sources

    Output

    • Completed mission statement and goals

    Materials

    • Whiteboard/Flip Charts
    • Jump – Phase 1 Tools and Templates Compendium, Tab 1.1 Mission Statement and Goals

    Participants

    • VMI team
    • Applicable stakeholders and executives (as needed)

    Step 1.2: Scope

    Determine what is in scope and out of scope for the VMI

    Regardless of where your VMI resides or how it operates, it will be working with other areas within your organization. Some of the activities performed by the VMI will be new and not currently handled by other groups or individuals internally; at the same time, some of the activities performed by the VMI may be currently handled by other groups or individuals internally. In addition, executives, stakeholders, and other internal personnel may have expectations or make assumptions about the VMI. As a result, there can be a lot of confusion about what the VMI does and doesn’t do, and the answers cannot always be found in the VMI’s mission statement and goals.

    One component of helping others understand the VMI landscape is formalizing the VMI scope. The scope will define boundaries for the VMI. The intent is not to fence itself off and keep others out but provide guidance on where the VMI’s territory begins and ends. Ultimately, this will help clarify the VMI’s roles and responsibilities, improve workflow, and reduce errant assumptions.

    When drafting your VMI scoping document, make sure you look at both sides of the equation (similar to what you would do when following best practices for a statement of work): Identify what is in scope and what is out of scope. Be specific when describing the individual components of the VMI scope, and make sure executives and stakeholders are on board with the final version.

    1.2.1: Scope

    20-40 minutes

    1. Meet with the participants and use a brainstorming activity to list on a whiteboard or flip chart the activities and functions in scope and out of scope for the VMI.
      1. Be specific to avoid ambiguity and improve clarity.
      2. Go back and forth between in scope and out of scope as needed; it is not necessary to list all of the in-scope items and then turn your attention to the out-of-scope items.
    2. Review the lists to make sure there is enough specificity. An item may be in scope or out of scope but not both.
    3. Use the Phase 1 Tools and Templates Compendium, Tab 1.2 Scope, to document the results.
    4. Obtain sign-off on the scope from stakeholders and executives as required.

    Input

    • Brainstorming
    • Mission statement and goals

    Output

    • Completed list of items in and out of scope for the VMI

    Materials

    • Whiteboard/Flip Charts
    • Jump – Phase 1 Tools and Templates Compendium, Tab 1.2 Scope

    Participants

    • VMI team
    • Applicable stakeholders and executives (as needed)

    Step 1.3: Strengths and obstacles

    Pinpoint the VMI’s strengths and obstacles.

    A SWOT analysis (strengths, weaknesses, opportunities, and threats) is a valuable tool, but it is overkill for your VMI at this point. However, using a modified and simplified form of this tool (strengths and obstacles) will yield significant results and benefit the VMI as it grows and matures.

    Your output will be two lists: the strengths associated with the VMI and the obstacles facing the VMI. For example, strengths could include items such as smart people working within the VMI and executive support. Obstacles could include items such as limited headcount and training required for VMI staff.

    The goals are 1) to harness the strengths to help the VMI be successful and 2) to understand the impact of the obstacles and plan accordingly. The output can also be used to enlighten executives and stakeholders about the challenges associated with their directives or requests (e.g. human bandwidth may not be sufficient to accomplish some of the vendor management activities and there is a moratorium on hiring until the next budget year).

    For each strength identified, determine how you will or can leverage it when things are going well or when the VMI is in a bind. For each obstacle, list the potential impact on the VMI (e.g. scope, growth rate, and number of vendors that can actively be part of the VMI).

    As you do your brainstorming, be as specific as possible and validate your lists with stakeholders and executives as needed.

    1.3.1: Strengths and obstacles

    20-40 minutes

    1. Meet with the participants and use a brainstorming activity to list on a whiteboard or flip chart the VMI’s strengths and obstacles.
      1. Be specific to avoid ambiguity and improve clarity.
      2. Go back and forth between strengths and obstacles as needed; it is not necessary to list all of the strengths and then turn your attention to the obstacles.
      3. It is possible for an item to be a strength and an obstacle; when this happens, add details to distinguish the situations.
    2. Review the lists to make sure there is enough specificity.
    3. Determine how you will leverage each strength and how you will manage each obstacle.
    4. Use the Phase 1 Tools and Templates Compendium, Tab 1.3 Strengths and Obstacles, to document the results.
    5. Obtain sign-off on the strengths and obstacles from stakeholders and executives as required.

    Download the Info-Tech Jump – Phase 1 Tools and Templates Compendium

    Input

    • Brainstorming
    • Mission statement and goals
    • Scope

    Output

    • Completed list of items impacting the VMI’s ability to be successful: strengths the VMI can leverage and obstacles the VMI must manage

    Materials

    • Whiteboard/Flip Charts
    • Jump – Phase 1 Tools and Templates Compendium, Tab 1.3 Strengths and Obstacles

    Participants

    • VMI team
    • Applicable stakeholders and executives (as needed)

    Step 1.4: Roles and responsibilities

    Obtain consensus on who is responsible for what.

    One crucial success factor for VMIs is gaining and maintaining internal alignment. There are many moving parts to an organization, and a VMI must be clear on the various roles and responsibilities related to the relevant processes. Some of this information can be found in the VMI’s scope, referenced in Step 1.2, but additional information is required to avoid stepping on each other’s toes since many of the processes require internal departments to work together. (For example, obtaining requirements for a request for proposal takes more than one person or one department to complete this process.) While it is not necessary to get too granular, it is imperative that you have a clear understanding of how the VMI activities will fit within the larger vendor management lifecycle (which is comprised of many sub processes) and who will be doing what.

    As we have learned through our workshops and guided implementations, a traditional RACI* or RASCI* chart does not work well for this purpose. These charts are not intuitive, and they lack the specificity required to be effective. For vendor management purposes, a higher-level view and a slightly different approach provide much better results.

    This step will lead your through the creation of an OIC* chart to determine vendor management lifecycle roles and responsibilities. Afterward, you’ll be able to say, “Oh, I see clearly who is involved in each part of the process and what their role is.”

    *RACI – Responsible, Accountable, Consulted, Informed
    *RASCI – Responsible, Accountable, Support, Consulted, Informed
    *OIC – Owner, Informed, Contributor

    This is an image of a table which shows an example of which role would be responsible for which step

    Step 1.4: Roles and responsibilities (cont.)

    Obtain consensus on who is responsible for what.

    To start, define the vendor management lifecycle steps or process applicable to your VMI. Next, determine who participates in the vendor management lifecycle. There is no need to get too granular – think along the lines of departments, subdepartments, divisions, agencies, or however you categorize internal operational units. Avoid naming individuals other than by title; this typically happens when a person oversees a large group (e.g. the CIO [chief information officer] or the CPO [chief procurement officer]). Be thorough, but the chart can get out of hand quickly. For each role and step of the lifecycle, ask whether the entry is necessary – does it add value to the clarity of understanding the responsibilities associated with the vendor management lifecycle? Consider two examples, one for roles and one for lifecycle steps: 1) Is IT sufficient or do you need IT Operations and IT Development? 2) Is “negotiate contract documents” sufficient or do you need “negotiate the contract” and “negotiate the renewal”? The answer will always depend on your culture and environment, but be wary of creating a spreadsheet that requires an 85-inch monitor to view it in its entirety.

    After defining the roles (departments, divisions, agencies) and the vendor management lifecycle steps or process, assign one of three letters to each box in your chart:

    • O – Owner – who owns the process; they may also contribute to it.
    • I – Informed – who is informed about the progress or results of the process.
    • C – Contributor – who contributes or works on the process; it can be tangible or intangible contributions.

    This activity can be started by the VMI or done as a group with representatives from each of the named roles. If the VMI starts the activity, the resulting chart should be validated by the each of the named roles.

    1.4.1: Roles and responsibilities

    1-6 hours

    1. Meet with the participants and configure the OIC Chart in the Jump – Phase 1 Tools and Templates Compendium, Tab 1.4 OIC Chart.
      1. Review the steps or activities across the top of the chart and modify as needed.
      2. Review the roles listed along the left side of the chart and modify as needed.
    2. For each activity or step across the top of the chart, assign each role a letter – O for owner of that activity or step; I for informed; or C for contributor. Use only one letter per cell.
    3. Work your way across the chart. Every cell should have an entry or be left blank if it is not applicable.
    4. Review the results and validate that every activity or step has an O assigned to it; there must be an owner for every activity or step.
    5. Obtain sign-off on the OIC chart from stakeholders and executives as required.

    Download the Info-Tech Jump – Phase 1 Tools and Templates Compendium

    Input

    • A list of activities or steps to complete a project, starting with requirements gathering and ending with ongoing risk management
    • A list of internal areas (departments, divisions, agencies, etc.) and stakeholders that contribute to completing a project

    Output

    • Completed OCI chart indicating roles and responsibilities for the VMI and other internal areas

    Materials

    • Jump – Phase 1 Tools and Templates Compendium, Tab 1.4 OIC Chart

    Participants

    • VMI team
    • Procurement/Sourcing
    • IT
    • Representatives from other areas as needed
    • Applicable stakeholders and executives as needed

    Step 1.5: Process mapping

    Diagram the workflow.

    Although policies and procedures are important, their nature can make it difficult to grasp how things work at a high level (or even at the detail level). To help bridge the gap, map the applicable processes (determined by how deep and wide you want to go) involving the VMI. To start, look at the OIC chart from Step 1.4. You can expand the breadth and depth of your mapping to include the VMI scope, the 3-year roadmap (see Step 2.9), and the processes driven by the day-to-day work within the VMI.

    Various mapping tools can be used. Three common approaches that can be mixed and matched are:

    • Traditional flowcharts.
    • Swimlane diagrams.
    • Work breakdown structures.
    This is an example of a Workflow Process Map

    Step 1.5: Process mapping (cont.)

    Diagram the workflow.

    Your goal is not to create an in-depth diagram for every step of the vendor management lifecycle. However, for steps owned by the VMI, the process map should include sufficient details for the owner and the contributors (see Step 1.4) to understand what is required of them to support that step in the lifecycle.

    For VMI processes that don’t interact with other departments, follow the same pattern as outlined above for steps owned by the VMI.

    Whatever methodology you use to create your process map, make sure it includes enough details so that readers and users can identify the following elements:

    • Input:
      • What are the inputs?
      • Where do the inputs originate or come from?
    • Process:
      • Who is involved/required for this step?
      • What happens to the inputs in this step?
      • What additional materials, tools, or resources are used or required during this step?
    • Output:
      • What are the outputs?
      • Where do the outputs go next?

    1.5.1: Process Mapping

    1-8 hours (or more)

    1. Meet with the participants and determine which processes you want to map.
      1. For processes owned by the VMI, map the entire process.
      2. For processes contributed to by the VMI, map the entire process at a high level and map the VMI portion of the process in greater detail.
    2. Select the right charts/diagrams for your output.
      1. Flowchart
      2. Swimlane diagram
      3. Modified SIPOC (Supplier, Input, Process, Output, Customer)
      4. WBS (work breakdown structure)
    3. Begin mapping the processes either in a tool or using sticky notes. You want to be able to move the steps and associated information easily; most people don’t map the entire process accurately or with sufficient detail the first time through. An iterative approach works best.
    4. Obtain signoff on the process maps from stakeholders and executives as required. A copy of the final output can be kept in the Jump – Phase 1 Tools and Templates Compendium, Tab 1.5 Process Mapping, if desired.

    Download the Info-Tech Jump – Phase 1 Tools and Templates Compendium

    Input

    • Existing processes (formal, informal, documented, and undocumented)
    • OIC chart

    Output

    • Process maps for processes contributed to or owned by the VMI

    Materials

    • Sticky Notes
    • Flowchart/process mapping software or something similar
    • (Optional) Jump – Phase 1 Tools and Templates Compendium, Tab 1.5 Process Mapping

    Participants

    • VMI team
    • Procurement/Sourcing
    • IT
    • Representatives from other areas as needed
    • Applicable stakeholders and executives (as needed)

    Step 1.6: Charter

    Document how the VMI will operate.

    As you continue getting organized by working through steps 1.1-1.5, you may want to document your progress in a charter and add some elements. Basically, a charter is a written document laying out how the VMI will operate within the organization. It clearly states the VMI’s mission, goals, scope, roles and responsibilities, and vendor governance model. In addition, it can include a list of team members and sponsors.

    Whether you create a VMI charter will largely depend on:

    • Your organization’s culture.
    • Your organization’s formality.
    • The perceived value of creating a charter.

    If you decide to create a VMI charter, this is a good place in the process to create an initial draft. As you continue working through the blueprint and your VMI matures, update the VMI charter as needed.

    VMI Charter:

    • Purpose
    • Sponsors
    • Roles
    • Responsibilities
    • Governance

    1.6.1: Charter

    1-4 hours

    1. Meet with the participants and review the template in Jump – Phase 1 Tools and Templates Compendium, Tab 1.6 Charter.
    2. Determine whether the participants will use this template or add materials to your standard charter template.
    3. Complete as much of the charter as possible, knowing that some information may not be available until later.
    4. Return to the charter as needed until it is completed.
    5. Obtain sign-off on the charter from stakeholders and executives as required.

    Download the Info-Tech Jump – Phase 1 Tools and Templates Compendium

    Input

    • Mission statement and goals
    • Scope
    • Strengths and obstacles
    • OIC chart
    • List of stakeholders and executives and their VMI roles and responsibilities

    Output

    • Completed VMI charter

    Materials

    • Jump – Phase 1 Tools and Templates Compendium, Tab 1.6 Charter
    • Your organization’s standard charter document

    Participants

    • VMI team
    • Applicable stakeholders and executives (as needed)

    Step 1.7: Vendor inventory

    Compile a list of vendors and relevant vendor information.

    As you prepare your VMI for being operational, it’s critical to identify all of your current vendors providing IT products or services to the organization. This can be tricky and may depend on how you view things internally. For example, you may have traditional IT vendors that are managed by IT, and you may have IT vendors that are managed by other internal departments (shadow IT or out-in-the-open IT). If it wasn’t determined with the help of stakeholders and executives before now, make sure you establish the purview of the VMI at this point. What types of vendors are included and excluded from the VMI?

    You may find that a vendor can be included and excluded based on the product or service they provide. A vendor may provide a service that is managed by IT and a service that is managed/controlled by another department. In this instance, a good working relationship and clearly defined roles and responsibilities between the VMI and the other department will be required. But, it all starts with compiling a list of vendors and validating the VMI’s purview (and any limitations) for the vendors with stakeholders and executives.

    Step 1.7: Vendor inventory (cont.)

    Compile a list of vendors and relevant vendor information.

    At a minimum, the VMI should be able to quickly retrieve key information about each of “its” vendors:

    • Vendor Name
    • Classification (see Steps 2.1 and 3.1)
    • Categories of Service
    • Names of Products and Services Provided
    • Brief Descriptions of Products and Services Provided
    • Annualized Vendor Spend
    • Vendor Contacts
    • Internal Vendor Relationship Owner

    Not all of this information will be available at this point, but you can begin designing or configuring your tool to meet your needs. As your VMI enters Phase 3: Run and continues to mature, you will return to this tool and update the information. For example, the vendor classification category won’t be known until Phase 3, and it can change over time.

    1.7.1: Vendor inventory

    1-10 hours

    Meet with the participants and review the Jump – Phase 1 Tools and Templates Compendium, Tab 1.7 Vendor Inventory. Determine whether the VMI wants to collect and/or monitor additional information and make any necessary modifications to the tool.

    Enter the “Annual IT Vendor Spend” amount in the appropriate cell toward the top of the spreadsheet. This is for IT spend for vendor-related activities within the VMI’s scope; include shadow IT spend and “non-shadow” IT spend if those vendors will be included in the VMI’s scope.

    Populate the data fields for your top 50 vendors by annual spend; you may need multiple entries for the same vendor depending on the nature of the products and services they provide.

    Ignore the “Classification” column for now; you will return to this later when classification information is available.

    Ignore the “Percentage of IT Budget” column as well; it uses a formula to calculate this information.

    Input

    • Data from various internal and external sources such as accounts payable, contracts, and vendor websites

    Output

    • List of vendors with critical information required to manage relationships with key vendors

    Materials

    • Jump – Phase 1 Tools and Templates Compendium, Tab 1.7 Vendor Inventory

    Participants

    • VMI team (directly)
    • Other internal and external personnel (indirectly)

    Download the Info-Tech Jump – Phase 1 Tools and Templates Compendium

    Step 1.8: Maturity assessment

    Establish a VMI maturity baseline and set an ideal future state.

    Knowing where you are and where you want to go are essential elements for any journey in the physical world, and the same holds true for your VMI journey. Start by assessing your current-state VMI maturity. This will provide you with a baseline to measure progress against. Next, using the same criteria, determine the level of VMI maturity you would like to achieve one year in the future. This will be your future-state VMI maturity. Lastly, identify the gaps and plot your course.

    The maturity assessment provides three main benefits:

    1. Focus – you’ll know what is important to you moving forward.
    2. 3-Year Roadmap (discussed more fully in Step 2.9) – you’ll have additional input for your short-term and long-term roadmap (1, 2, and 3 years out).
    3. Quantifiable Improvement – you’ll be able to measure your progress and make midcourse corrections when necessary.

    Step 1.8: Maturity assessment (cont.)

    Establish a VMI maturity baseline and set an ideal future state.

    The Info-Tech VMI Maturity Assessment tool evaluates your maturity across several criteria across multiple categories. Once completed, the assessment will specify:

    • A current-state score by category and overall.
    • A target-state score by category and overall.
    • A quantifiable gap for each criterion.
    • A priority assignment for each criterion.
    • A level of effort required by criterion to get from the current state to the target state.
    • A target due date by criterion for achieving the target state.
    • A rank order for each criterion (note: limit your ranking to your top 7 or 9).

    Many organizations will be tempted to mature too quickly. Resource constraints and other items from Step 1.3 (Strengths and Obstacles) will impact how quickly you can mature. Being aggressive is fine, but it must be tempered with a dose of reality. Otherwise, morale, perception, and results can suffer.

    1.8.1: Maturity assessment

    45-90 minutes

    1. Meet with the participants and use Jump – Phase 1 Tools and Templates Compendium, Tab 1.8 Maturity Assessment Input, to complete the first part of this activity. Provide the required information indicated below.
      1. Review each statement in column B and enter a value in the “Current” column using the drop-down menus based on how much you disagree or agree (0-4) with the statement. This establishes a baseline maturity.
      2. Repeat this process for the “Future” column using a target date of one year from now to achieve this level. This is your desired maturity.
      3. Enter information regarding priority, level of effort, and target due date in the applicable columns using the drop-down menus. (Priority levels are critical, high, medium, low, and maintain; Levels of Effort are high, medium, and low; Target Due Dates are broken into timelines: 1-3 months, 4-6 months, 7-9 months, and 10-12 months.)
    2. Review the information on Jump – Phase 1 Tools and Templates Compendium, Tab 1.8 Maturity Assessment Output; use the Distribution Tables to help you rank your top priorities. Enter a unique number into the Priority (Rank) column. Limit your ranking to the top 7 to 9 activities to provide focus.

    Input

    • Knowledge of current VMI practices and desired future states

    Output

    • VMI maturity baseline
    • Desired VMI target maturity state (in one year)
    • Prioritized areas to improve and due dates
    • Graphs and tables to identify maturity deltas and track progress

    Materials

    • Jump – Phase 1 Tools and Templates Compendium, Tab 1.8 Maturity Assessment Input
    • Jump – Phase 1 Tools and Templates Compendium, Tab 1.8 Maturity Assessment Output

    Participants

    • VMI team
    • Applicable stakeholders and executives (as needed)

    Step 1.9: Structure

    Determine the VMI’s organizational and reporting structure.

    There are two parts to the VMI structure:

    1. Organization Structure. Who owns the VMI – where does it fit on the organization chart?
    2. Reporting Structure. What is the reporting structure within the VMI – what are the job functions, titles, and solid and dotted lines of accountability?

    VMI Organization Structure

    The decision regarding who owns the VMI can follow one of two paths:

    1. The decision has already been made by the board of directors, executives, senior leadership, or stakeholders; OR
    2. The decision has not been made, and options will be reviewed and evaluated before it is implemented.

    Many organizations overlook the importance of this decision. The VMI’s position on the organization chart can aid or hinder its success. Whether the decision has already been made or not, this is the perfect time to evaluate the decision or options based on the following question: Why is the VMI being created and how will it operate? Review the documents you created during Steps 1.1-1.8 and other factors to answer this question.

    Step 1.9: Structure (cont.)

    Determine the VMI’s organizational and reporting structure.

    Based on your work product from Steps 1.1-1.8 and other factors, select where the VMI will be best located from the following areas/offices or their equivalent:

    • Chief Compliance Officer (CCO)
    • Chief Information Officer (CIO)
    • Chief Financial Officer (CFO)
    • Chief Procurement Officer (CPO)
    • Chief Operating Officer (COO)
    • Other area

    Without the proper support and placement in the organization chart, the VMI can fail. It is important for the VMI to find a suitable home with a direct connection to one of the sponsors identified above and for the VMI lead to have significant stature (aka title) within the organization. For example, if the VMI lead is a “manager” level who is four reporting layers away from the chief officer/sponsor, the VMI will have an image issue within and outside of the sponsor’s organization (as well as within the vendor community). While this is not to say that the VMI lead should be a vice president* or senior director, our experience and research indicate that the VMI and the VMI lead will be taken more seriously when the VMI lead is at least a director level reporting directly to a CXO.

    *For purposes of the example above, the reporting structure hierarchy used is manager, senior manager, director, senior director, vice president, CXO.

    Step 1.9: Structure (cont.)

    Determine the VMI’s organizational and reporting structure.

    VMI Reporting Structure

    As previously mentioned, the VMI reporting structure describes and identifies the job functions, titles, and lines of accountability. Whether you have a formal vendor management office or you are leveraging the principles of vendor management informally, your VMI reporting structure design will involve some solid lines and some dotted lines. In this instance, the dotted lines represent part-time participation or people/areas that will assist the VMI in some capacity. For example, if the VMI sits within IT, a dotted line to Procurement will show that a good working relationship is required for both parties to succeed; or a dotted line to Christina in Legal will indicate that Christina will be helping the VMI with legal issues.

    There is no one-size-fits-all reporting structure for VMIs, and your approach must leverage the materials from Steps 1.1-1.8, your culture, and your needs. By way of example, your VMI may include some or all of the following functions:

    • Contract Management
    • Relationship Management
    • Financial Management
    • Asset Management
    • Performance Management
    • Sourcing/Procurement
    • Risk Management

    Step 1.9: Structure (cont.)

    Determine the VMI’s organizational and reporting structure.

    Once you’ve identified the functional groups, you can assign titles, responsibilities, and reporting relationships. A good diagram goes a long way to helping others understand your organization. Traditional organization charts work well with VMIs, but a target diagram allows for rapid absorption of the dotted-line relationships. Review the two examples below and determine an approach that works best for you.

    An organizational Chart is depicted.  At the top of the chart is: Office of the CIO.  Below that is: VMI: Legal; Accounting & Finance; Corporate Procurement; below that are the following: Vendor Risk Management; Vendor Reporting and Analysis; Asset Management; Performance Management; Contract Management; IT Procurement Three concentric circles are depicted.  In the inner circle is the term: VMI.  In the middle circle are the terms: Reporting & Analysis; Asset Mgmt; Contract Mgmt; Performance Mgmt; It Proc; Vendor Risk.  In the outer circle are the following terms: Compliance; Finance; HR; Accounting; Procurement; Business Units; Legal; IT

    1.9.1: Structure

    15-60 minutes

    1. Meet with the participants and review decisions that have been made or options that are available regarding the VMI’s placement in the organization chart.
      1. Common options include the Chief Information Officer (CIO), Chief Financial Officer (CFO), or Chief Procurement Officer (CPO).
      2. Less common but viable options include the Chief Compliance Officer (CCO), Chief Operating Officer (COO), or another area.
    2. Brainstorm and determine the job functions and titles
    3. Define the reporting structure within the VMI.
    4. Identify the “dotted line” relationships between the VMI and other internal areas.
    5. Using flowchart, org. chart, or other similar software, reduce your results to a graphic representation that indicates where the VMI resides, its reporting structure, and its dotted-line relationships.
    6. Obtain sign-off on the structure from stakeholders and executives as required. A copy of the final output can be kept in the Jump – Phase 1 Tools and Templates Compendium, Tab 1.9 Structure, if desired.

    Input

    • Mission statement and goals
    • Scope
    • Maturity assessment results (current and target state)
    • Existing org. charts
    • Brainstorming

    Output

    • Completed org. chart with job titles and reporting structure

    Materials

    • Whiteboard/flip chart
    • Sticky notes
    • Flowchart/org. chart software or something similar
    • (Optional) Jump – Phase 1 Tools and Templates Compendium, Tab 1.9 Structure

    Participants

    • VMI team
    • VMI sponsor
    • Stakeholders and executives

    Phase 2: Build

    Create and Configure Tools, Templates, and Processes

    Phase 1Phase 2Phase 3Phase 4
    1.1 Mission Statement and Goals


    1.2 Scope

    1.3 Strengths and Obstacles

    1.4 Roles and Responsibilities

    1.5 Process Mapping

    1.6 Charter

    1.7 Vendor Inventory

    1.8 Maturity Assessment

    1.9 Structure

    2.1 Classification Model
    2.2 Risk Assessment Tool
    2.3 Scorecards and Feedback
    2.4 Business Alignment Meeting Agenda
    2.5 Relationship Alignment Document
    2.6 Vendor Orientation
    2.7 Job Descriptions
    2.8 Policies and Procedures
    2.9 3-Year Roadmap
    2.10 90-Day Plan
    2.11 Quick Wins
    2.12 Reports

    3.1 Classify Vendors
    3.2 Conduct Internal “Kickoff” Meeting
    3.3 Conduct Vendor Orientation
    3.4 Compile Scorecards
    3.5 Conduct Business Alignment Meetings
    3.6 Work the 90-Day Plan
    3.7 Manage the 3-Year Roadmap
    3.8 Measure and Monitor Risk
    3.9 Issue Reports
    3.10 Develop/Improve Vendor Relationships
    3.11 Contribute to Other Processes

    4.1 Assess Compliance
    4.2 Incorporate Leading Practices
    4.3 Leverage Lessons Learned
    4.4 Maintain Internal Alignment
    4.5 Update Governances

    This phase will walk you through the following activities:

    Configure and create the tools and templates that will help you run the VMI. The main outcomes from this phase are a clear understanding of which vendors are important to you, the tools to manage the vendor relationships, and an implementation plan.

    This phase involves the following participants:

    • VMI team
    • Applicable stakeholders and executives
    • Human Resources
    • Legal
    • Others as needed

    Jump Start Your Vendor Management Initiative

    Phase 2: Build

    Create and configure tools, templates, and processes.

    Phase 2: Build focuses on creating and configuring the tools and templates that will help you run your VMI. Vendor management is not a plug-and-play environment, and unless noted otherwise, the tools and templates included with this blueprint require your input and thought. The tools and templates must work in concert with your culture, values, and goals. That will require teamwork, insights, contemplation, and deliberation.

    During this Phase, you’ll leverage the various templates and tools included with this blueprint and adapt them for your specific needs and use. In some instances, you’ll be starting with mostly a blank slate; while in others, only a small modification may be required to make it fit your circumstances. However, it is possible that a document or spreadsheet may need heavy customization to fit your situation. As you create your VMI, use the included materials for inspiration and guidance purposes rather than as absolute dictates.

    Step 2.1: Classification model

    Configure the COST Vendor Classification Tool.

    One of the functions of a VMI is to allocate the appropriate level of vendor management resources to each vendor since not all vendors are of equal importance to your organization. While some people may be able intuitively to sort their vendors into vendor management categories, a more objective, consistent, and reliable model works best. Info-Tech’s COST model helps you assign your vendors to the appropriate vendor management category so that you can focus your vendor management resources where they will do the most good.

    COST is an acronym for Commodity, Operational, Strategic, and Tactical. Your vendors will occupy one of these vendor management categories, and each category helps you determine the nature of the resources allocated to that vendor, the characteristics of the relationship desired by the VMI, and the governance level used.

    The easiest way to think of the COST model is as a 2x2 matrix or graph. The model should be configured for your environment so that the criteria used for determining a vendor’s classification align with what is important to you and your organization. However, at this point in your VMI’s maturation, a simple approach works best. The Classification Model included with this blueprint requires minimal configuration to get you started and that is discussed on the activity slide associated with this Step 2.1.


    Speed
    Operational Strategic
    Commodity Tactical
    →→→
    Criticality and Risk to the Organization

    Step 2.1: Classification model (cont.)

    Configure the COST Vendor Classification Tool.

    Common Characteristics by Vendor Management Category

    Operational Strategic
    • Low to moderate risk and criticality; moderate to high spend and switching costs
    • Product or service used by more than one area
    • Price is a key negotiation point
    • Product or service is valued by the organization
    • Quality or the perception of quality is a differentiator (i.e. brand awareness)
    • Moderate to high risk and criticality; moderate to high spend and switching costs
    • Few competitors and differentiated products and services
    • Product or service significantly advances the organization’s vision, mission, and success
    • Well-established in their core industry
    Commodity Tactical
    • Low risk and criticality; low spend and switching costs
    • Product or service is readily available from many sources
    • Market has many competitors and options
    • Relationship is transactional
    • Price is the main differentiator
    • Moderate to high risk and criticality; low to moderate spend and switching costs
    • Vendor offerings align with or support one or more strategic objectives
    • Often IT vendors “outside” of IT (i.e. controlled and paid for by other areas)
    • Often niche or new vendors

    Source: Compiled in part from Stephen Guth, “Vendor Relationship Management Getting What You Paid for (And More)”

    2.1.1: Classification Model

    15-30 minutes

    1. Meet with the participants to configure the spend ranges in Jump – Phase 2 Vendor Classification Tool, Tab 1. Configuration, for your environment.
    2. Sort the data from Jump – Phase 1 Tools and Templates Compendium, Tab 1.7 Vendor Inventory, by spend; if you used multiple line items for a vendor in the Vendor Inventory tab, you will have to aggregate the spend data for this activity.
    3. Update cells F14-J14 in the Classification Model based on your actual data.
      1. Cell F14 – set the boundary at a point between the spend for your 10th and 11th ranked vendors. For example, if the 10th vendor by spend is $1,009,850 and the 11th vendor by spend is $980,763, the range for F14 would be $1,000,00+.
      2. Cell G14 – set the bottom of the range at a point between the spend for your 30th and 31st ranked vendors; the top of the range will be $1 less than the bottom of the range specified in F14.
      3. Cell H14 – set the bottom of the range slightly below the spend for your 50th ranked vendor; the top of the range will be $1 less than the bottom of the range specified in G14.
      4. Cells I14 and J14 – divide the remaining range in half and split it between the two cells; for J14 the range will be $0 to $1 less than the bottom range in I14.
    4. Ignore the other variables at this time.

    Download the Info-Tech Jump – Phase 2 Vendor Risk Assessment Tool

    Input

    • Jump – Phase 1 Tools and Templates Compendium, Tab 1.7 Vendor Inventory

    Output

    • Configured Vendor Classification Tool

    Materials

    • Jump – Phase 2 Vendor Classification Tool, Tab 1. Configuration

    Participants

    • VMI team

    Step 2.2: Risk assessment tool

    Identify risks to measure, monitor, and report on.

    One of the typical drivers of a VMI is risk management. Organizations want to get a better handle on the various risks their vendors pose. Vendor risks originate from many areas: financial, performance, security, legal, and many others. However, security risk is the high-profile risk and the one organizations often focus on almost exclusively, which leaves the organization vulnerable in other areas.

    Risk management is a program, not a project – there is no completion date. A proactive approach works best and requires continual monitoring, identification, and assessment. Reacting to risks after they occur can be costly and can have other detrimental effects on the organization. Any risk that adversely affects IT will adversely affect the entire organization.

    While the VMI won’t necessarily be quantifying or calculating the risk directly, it generally is the aggregator of risk information across the risk categories, which it then includes in its reporting function. (See Steps 2.12 and 3.8.)

    At a minimum, your risk management strategy should involve:

    • Identifying the risks you want to measure and monitor.
    • Identifying your risk appetite (the amount of risk you are willing to live with).
    • Measuring, monitoring, and reporting on the applicable risks.
    • Developing and deploying a risk management plan to minimize potential risk impact.

    Vendor risk is a fact of life, but you do have options for how you handle it. Be proactive and thoughtful in your approach, and focus your resources on what is important.

    2.2.1: Risk assessment tool

    30-90 minutes

    1. Meet with the participants to configure the risk indicators in Jump – Phase 2 Vendor Risk Assessment Tool, Tab 1. Set Parameters, for your environment.
    2. Review the risk categories and determine which ones you will be measuring and monitoring.
    3. Review the risk indicators under each risk category and determine whether the indicator is acceptable as written, is acceptable with modifications, should be replaced, or should be deleted.
    4. Make the necessary changes to the risk indicators; these changes will cascade to each of the vendor tabs. Limit the number of risk indicators to no more than seven per risk category.
    5. Gain input and approval as needed from sponsors, stakeholders, and executives as required.

    Download the Info-Tech Jump – Phase 2 Vendor Risk Assessment Tool

    Input

    • Scope
    • OIC Chart
    • Process Maps
    • Brainstorming

    Output

    • Configured Vendor Classification Tool

    Materials

    • Jump – Phase 2 Vendor Classification Tool, Tab 1. Configuration

    Participants

    • VMI team

    Step 2.3: Scorecards and feedback

    Design a two-way feedback loop with your vendors.

    A vendor management scorecard is a great tool for measuring, monitoring, and improving relationship alignment. In addition, it is perfect for improving communication between you and the vendor.

    Conceptually, a scorecard is similar to a report card you received when you were in school. At the end of a learning cycle, you received feedback on how well you did in each of your classes. For vendor management, the scorecard is also used to provide periodic feedback, but there are some different nuances and some additional benefits and objectives when compared to a report card.

    Although scorecards can be used in a variety of ways, the main focus here will be on vendor management scorecards – contract management, project management, and other types of scorecards will not be included in the materials covered in this Step 2.3 or in Step 3.4.

    Category 1 Score
    Vendor Objective A 4
    Objective B 3
    Objective C 5
    Objective D 4 !

    Step 2.3: Scorecards and feedback (cont.)

    Design a two-way feedback loop with your vendors.

    Anatomy

    The Info-Tech Scorecard includes five areas:

    • Measurement Categories. Measurement categories help organize the scorecard. Limit the number of measurement categories to three to five; this allows the parties to stay focused on what’s important. Too many measurement categories make it difficult for the vendor to understand the expectations.
    • Criteria. The criteria describe what is being measured. Create criteria with sufficient detail to allow the reviewers to fully understand what is being measured and to evaluate it. Criteria can be objective or subjective. Use three to five criteria per measurement category.
    • Measurement Category Weights. Not all of your measurement categories may be of equal importance to you; this area allows you to give greater weight to a measurement category when compiling the overall score.
    • Rating. Reviewers will be asked to assign a score to each criteria using a 1 to 5 scale.
    • Comments. A good scorecard will include a place for reviewers to provide additional information regarding the rating or other items that are relevant to the scorecard.

    An overall score is calculated based on the rating for each criteria and the measurement category weights.

    Step 2.3: Scorecards and feedback (cont.)

    Design a two-way feedback loop with your vendors.

    Goals and Objectives

    Scorecards can be used for a variety of reasons. Some of the common ones are listed below:

    • Improve vendor performance.
    • Convey expectations to the vendor.
    • Identify and recognize top vendors.
    • Increase alignment between the parties.
    • Improve communication with the vendor.
    • Compare vendors across the same criteria.
    • Measure items not included in contract metrics.
    • Identify vendors for “strategic alliance” consideration.
    • Help the organization achieve specific goals and objectives.
    • Identify and resolve issues before they impact performance or the relationship.

    Identifying your scorecard drivers first will help you craft a suitable scorecard.

    Step 2.3: Scorecards and feedback (cont.)

    Design a two-way feedback loop with your vendors.

    Info-Tech recommends starting with simple scorecards to allow you and the vendors to acclimate to the new process and information. As you build your scorecards, keep in mind that internal personnel will be scoring the vendors and the vendors will be reviewing the scorecard. Make your scorecard easy for your personnel to fill out and composed of meaningful content to drive the vendor in the right direction. You can always make the scorecard more complex in the future.

    Our recommendation of five categories is provided below. Choose three to five categories to help you accomplish your scorecard goals and objectives:

    1. Timeliness – responses, resolutions, fixes, submissions, completions, milestones, deliverables, invoices, etc.
    2. Cost – total cost of ownership, value, price stability, price increases/decreases, pricing models, etc.
    3. Quality – accuracy, completeness, mean time to failure, bugs, number of failures, etc.
    4. Personnel – skilled, experienced, knowledgeable, certified, friendly, trustworthy, flexible, accommodating, etc.
    5. Risk – adequate contractual protections, security breaches, lawsuits, finances, audit findings, etc.

    Some criteria may be applicable in more than one category. The categories above should cover at least 80% of the items that are important to your organization. The general criteria listed for each category is not an exhaustive list, but most things break down into time, money, quality, people, and risk issues.

    Step 2.3: Scorecards and feedback (cont.)

    Design a two-way feedback loop with your vendors.

    Additional Considerations

    • Even a good rating system can be confusing. Make sure you provide some examples or a way for reviewers to discern the differences between 1, 2, 3, 4, and 5. Don’t assume your “Rating Key” will be intuitive.
    • When assigning weights, don’t go lower than 10% for any measurement category. If the weight is too low, it won’t be relevant enough to have an impact on the total score. If it doesn’t “move the needle,” don’t include it.
    • Final sign-off on the scorecard template should occur outside of the VMI. The heavy lifting can be done by the VMI to create it, but the scorecard is for the benefit of the organization overall and those impacted by the vendors specifically. You may end up playing arbiter or referee, but the scorecard is not the exclusive property of the VMI. Try to reach consensus on your final template whenever possible.
    • You should notice improved ratings and total scores over time for your vendors. One explanation for this is the Pygmalion Effect: “The Pygmalion [E]ffect describes situations where someone’s high expectations improves our behavior and therefore our performance in a given area. It suggests that we do better when more is expected of us.”* Convey your expectations and let the vendors’ competitive juices take over.
    • While you’re creating your scorecard and materials to explain the process to internal personnel, identify those pieces that will help you explain it to your vendors as part of your vendor orientation (see steps 2.6 and 3.4). Leveraging pre-existing materials is a great shortcut.

    *Source: The Decision Lab, 2020

    Step 2.3: Scorecards and feedback (cont.)

    Design a two-way feedback loop with your vendors.

    Vendor Feedback

    After you’ve built your scorecard, turn your attention to the second half of the equation – feedback from the vendor. A communication loop cannot be successful without the dialogue flowing both ways. While this can happen with just a scorecard, a mechanism specifically geared toward the vendor providing you with feedback improves communication, alignment, and satisfaction.

    You may be tempted to create a formal scorecard for the vendor to use. Our recommendation is to avoid that temptation until later in your maturity or development of the VMI. You’ll be implementing a lot of new processes, deploying new tools and templates, and getting people to work together in new ways. Work on those things first.

    For now, implement an informal process for obtaining information from the vendor. Start by identifying information that you will find useful, information that will allow you to improve overall, to reduce waste or time, to improve processes, to identify gaps in skills. Incorporate these items into your business alignment meetings (see Steps 2.4 and 3.5). Create three to five good questions to ask the vendor and include these in the business alignment meeting agenda. The goal is to get meaningful feedback, and that starts with asking good questions.

    Keep it simple at first. When the time is right, you can build a more formal feedback form or scorecard. Don’t be in a rush though. So long as the informal method works, keep using it.

    2.3.1: Scorecards and feedback

    30-60 minutes

    1. Meet with the participants and brainstorm ideas for your scorecard measurement categories:
      1. What makes a vendor valuable to your organization?
      2. What differentiates a “good” vendor from a “bad” vendor?
      3. What items would you like to measure and provide feedback to the vendor to improve performance, the relationship, risk, and other areas?
    2. Select three, but no more than five, of the following measure categories: timeliness, cost, quality, personnel, and risk.
    3. Within each measurement category, list two or three criteria that you want to measure and track for your vendors; choose items that are as universal as possible rather than being applicable to one vendor or one vendor type.
    4. Assign a weight to each measurement category, ensuring that the total weight is 100% for all measurement categories.
    5. Document your results as you go in Jump – Phase 2 Tools and Templates Compendium, Tab 2.3 Scorecard.

    Download the Info-Tech Jump – Phase 2 Tools and Templates Compendium

    Input

    • Brainstorming

    Output

    • Configured scorecard template

    Materials

    • Jump – Phase 2 Tools and Templates Compendium, Tab 2.3 Scorecard

    Participants

    • VMI team
    • Applicable stakeholders and executives (as needed)

    2.3.2: Scorecards and feedback

    15-30 minutes

    1. Meet with the participants and brainstorm ideas for feedback to seek from your vendors during your business alignment meetings. During the brainstorming, identify questions to ask the vendor about your organization that will:
      1. Help you improve the relationship.
      2. Help you improve your processes or performance.
      3. Help you improve ongoing communication.
      4. Help you evaluate your personnel.
    2. Identify the top five questions you want to include in your business alignment meeting agenda. (Note: you may need to refine the actual questions from the brainstorming activity before they are ready to include in your business alignment meeting agenda.)
    3. Document both your brainstorming activity and your final results in Jump – Phase 2 Tools and Templates Compendium, Tab 2.3 Feedback. The brainstorming questions can be used in the future as your VMI matures and your feedback transforms from informal to formal. The final results will be used in Steps 2.4 and 3.5.

    Download the Info-Tech Jump – Phase 2 Tools and Templates Compendium

    Input

    • Brainstorming

    Output

    • Feedback questions to include with the business alignment meeting agenda

    Materials

    • Jump – Phase 2 Tools and Templates Compendium, Tab 2.3 Feedback

    Participants

    • VMI team
    • Applicable stakeholders and executives (as needed)

    Step 2.4: Business alignment meeting agenda

    Craft an agenda that meets the needs of the VMI.

    A business alignment meeting (BAM) is a great, multi-faceted tool to ensure the customer and the vendor stay focused on what is important to the customer at a high level. BAMs are not traditional “operational” meetings where the parties get into the details of the contracts, deal with installation problems, address project management issues, or discuss specific cost overruns. The main focus of the BAM is the scorecard (see Step 2.3), but other topics are discussed and other purposes are served. For example, you can use the BAM to develop the relationship with the vendor’s leadership team so that if escalation is ever needed, your organization is more than just a name on a spreadsheet or customer list; you can learn about innovations the vendor is working on (without the meeting turning into a sales call); you can address high-level performance trends and request corrective action as needed; you can clarify your expectations; you can educate the vendor about your industry, culture, and organization; and you can learn more about the vendor.

    As you build your BAM agenda, someone in your organization may say, “Oh, that’s just a quarterly business review (QBR) or top-to-top meeting.” However, in most instances, an existing QBR or top-to-top meeting is not the same as a BAM. Using the term QBR or top-to-top meeting instead of BAM can lead to confusion internally. The VMI may say to the business unit, Procurement, or another department, “We’re going to start running some QBRs for our strategic vendors.” The typical response is, “There’s no need to do that. We already run QBRs/top-to-top meetings with our important vendors.” This may be accompanied by an invitation to join their meeting, where you may be an afterthought, have no influence, and get five minutes at the end to talk about your agenda items. Keep your BAM separate so that it meets your needs.

    Step 2.4: Business alignment meeting agenda (cont.)

    Craft an agenda that meets the needs of the VMI.

    As previously noted, using the term BAM more accurately depicts the nature of the VMI meeting and prevents confusion internally with other meetings already occurring. In addition, hosting the BAM yourself rather than piggybacking onto another meeting ensures that the VMI’s needs are met. The VMI will set and control the BAM agenda and determine the invite list for internal personnel and vendor personnel. As you may have figured out by now, having the right customer and vendor personnel attend will be essential.

    BAMs are conducted at the vendor level … not the contract level. As a result, the frequency of the BAMs will depend on the vendor’s classification category (see Steps 2.1 and 3.1). General frequency guidelines are provided below, but they can be modified to meet your goals:

    • Commodity Vendors – Not applicable
    • Operational Vendors – Biannually or annually
    • Strategic Vendors – Quarterly
    • Tactical Vendors – Quarterly or biannually

    BAMs can help you achieve some additional benefits not previously mentioned:

    • Foster a collaborative relationship with the vendor.
    • Avoid erroneous assumptions by the parties.
    • Capture and provide a record of the relationship (and other items) over time.

    Step 2.4: Business alignment meeting agenda (cont.)

    Craft an agenda that meets the needs of the VMI.

    As with any meeting, building the proper agenda will be one of the keys to an effective and efficient meeting. A high-level BAM agenda with sample topics is set out below:

    BAM Agenda

    • Opening Remarks
      • Welcome and introductions
      • Review of previous minutes
    • Active Discussion
      • Review of open issues
      • Scorecard and feedback
      • Current status of projects to ensure situational awareness by the vendor
      • Roadmap/strategy/future projects
      • Accomplishments
    • Closing Remarks
      • Reinforce positives (good behavior, results, and performance, value added, and expectations exceeded)
      • Recap
    • Adjourn

    2.4.1: Business alignment meeting agenda

    20-45 minutes

    1. Meet with the participants and review the sample agenda in Jump – Phase 2 Tools and Templates Compendium, Tab 2.4 BAM Agenda.
    2. Using the sample agenda as inspiration and brainstorming activities as needed, create a BAM agenda tailored to your needs.
      1. Select the items from the sample agenda applicable to your situation.
      2. Add any items required based on your brainstorming.
      3. Add the feedback questions identified during Activity 2.3.2 and documented in Jump – Phase 2 Tools and Templates Compendium, Tab 2.3 Feedback.
    3. Gain input and approval from sponsors, stakeholders, and executives as required or appropriate.
    4. Document the final BAM agenda in Jump – Phase 2 Tools and Templates Compendium, Tab 2.4 BAM Agenda.

    Download the Info-Tech Jump – Phase 2 Tools and Templates Compendium

    Input

    • Brainstorming
    • Jump – Phase 2 Tools and Templates Compendium, Tab 2.3 Feedback

    Output

    • Configured BAM agenda

    Materials

    • Jump – Phase 2 Tools and Templates Compendium, Tab 2.4 BAM Agenda

    Participants

    • VMI team
    • Applicable stakeholders and executives (as needed)

    Step 2.5: Relationship alignment document

    Draft a document to convey important VMI information to your vendors.

    Throughout this blueprint, alignment is mentioned directly (e.g. business alignment meetings [Steps 2.4 and 3.5]) or indirectly implied. Ensuring you and your vendors are on the same page, have clear and transparent communication, and understand each other’s expectations is critical to fostering strong relationships. One component of gaining and maintaining alignment with your vendors is the relationship alignment document (RAD). Depending upon the scope of your VMI and what your organization already has in place, your RAD will fill in the gaps on various topics.

    Early in the VMI’s maturation, the easiest approach is to develop a short document (i.e. 1 page) or a pamphlet (i.e. the classic trifold) describing the rules of engagement when doing business with your organization. The RAD can convey expectations, policies, guidelines, and other items. The scope of the document will depend on 1) what you believe is important for the vendors to understand, and 2) any other similar information already provided to the vendors.

    The first step to drafting a RAD is to identify what information vendors need to know to stay on your good side. For example, you may want vendors to know about your gift policy (e.g. employees may not accept gifts from vendors above a nominal value such as a pen or mousepad). Next, compare your list of what vendors need to know and determine if the content is covered in other vendor-facing documents such as a vendor code of conduct or your website’s vendor portal. Lastly, create your RAD to bridge the gap between what you want and what is already in place. In some instances, you may want to include items from other documents to reemphasize them with the vendor community.

    Info-Tech Insight

    The RAD can be used with all vendors regardless of classification category. It can be sent directly to the vendors or given to them during vendor orientation (see Step 3.3)

    2.5.1: Relationship alignment document

    1-4 hours

    1. Meet with the participants and review the RAD sample and checklist in Jump – Phase 2 Tools and Templates Compendium, Tab 2.5 Relationship Alignment Doc.
    2. Determine:
      1. Whether you will create one RAD for all vendors or one RAD for strategic vendors and another RAD for tactical and operational vendors; whether you will create a RAD for commodity vendors.
      2. The concepts you want to include in your RAD(s).
      3. The format for your RAD(s) – traditional, pamphlet, or other.
      4. Whether signoff or acknowledgement will be required by the vendors.
    3. Draft your RAD(s) and work with other internal areas such as Marketing to create a consistent brand for the RADS and Legal to ensure consistent use and preservation of trademarks or other intellectual property rights and other legal issues.
    4. Review other vendor-facing documents (e.g. supplier code of conduct, onsite safety and security protocols) for consistencies between them and the RAD(s).
    5. Obtain signoff on the RAD(s) from stakeholders, sponsors, executives, Legal, Marketing, and others as needed.

    Download the Info-Tech Jump – Phase 2 Tools and Templates Compendium

    Input

    • Brainstorming
    • Vendor-facing documents, policies, and procedures

    Output

    • Completed relationship alignment document(s)

    Materials

    • Jump – Phase 2 Tools and Templates Compendium, Tab 2.5 Relationship Alignment Doc

    Participants

    • VMI team
    • Marketing, as needed
    • Legal, as needed

    Step 2.6: Vendor orientation

    Create a VMI awareness process to build bridges with your vendors.

    Vendor Orientation: 01 - Orientation; 02 - Reorientation; 03 - Debrief

    Your organization is unique. It may have many similarities with other organizations, but your culture, risk tolerance, mission, vision, and goals, finances, employees, and “customers” (those that depend on you) make it different. The same is true of your VMI. It may have similar principles, objectives, and processes to other organizations’ VMIs, but yours is still unique. As a result, your vendors may not fully understand your organization and what vendor management means to you.

    Vendor orientation is another means to helping you gain and maintain alignment with your important vendors, educate them on what is important to you, and provide closure when/if the relationship with the vendor ends. Vendor orientation is comprised of three components, each with a different function:

    • Orientation
    • Reorientation
    • Debrief

    Vendor orientation focuses on the vendor management pieces of the puzzle (e.g. the scorecard process) rather than the operational pieces (e.g. setting up a new vendor in the system to ensure invoices are processed smoothly).

    Step 2.6: Vendor orientation (cont.)

    Create a VMI awareness process to build bridges with your vendors.

    Vendor Orientation: 01 - Orientation

    Orientation

    Orientation is conceptually similar to new hire orientation for employees at your organization. Generally conducted as a meeting, orientation provides your vendors with the information they need to be successful when working with your organization. Sadly, this is often overlooked by customers; it can take months or years for vendors to figure it out by themselves. By controlling the narrative and condensing the timeline, vendor relationships and performance improve more rapidly.

    A partial list of topics for orientation is set out below:

    • Your organization’s structure
    • Your organization’s culture
    • Your relationship expectations
    • Your governances (VMI and other)
    • Their vendor classification designation (commodity, operational, strategic, or tactical)
    • The scorecard process
    • Business alignment meetings
    • Relationship alignment documents

    In short, this is the first step toward building (or continuing to build) a robust, collaborative, mutually beneficial relationship with your important vendors.

    Step 2.6: Vendor orientation (cont.)

    Create a VMI awareness process to build bridges with your vendors.

    Vendor Orientation: 02 - Reorientation

    Reorientation

    Reorientation is either identical or similar to orientation, depending upon the circumstances. Reorientation occurs for a number of reasons, and each reason will impact the nature and detail of the reorientation content. Reorientation occurs whenever:

    • There is a significant change in the vendor’s products or services.
    • The vendor has been through a merger, acquisition, or divestiture.
    • A significant contract renewal/renegotiation has recently occurred.
    • Sufficient time has passed from orientation; commonly 2 to 3 years.
    • The vendor has been placed in a “performance improvement plan” or “relationship improvement plan” protocol.
    • Significant turnover has occurred within your organization (executives, key stakeholders, and/or VMI personnel).
    • Substantial turnover has occurred at the vendor at the executive or account management level.
    • The vendor has changed vendor classification categories after the most current classification.

    As the name implies, the goal is to refamiliarize the vendor with your current VMI situation, governances, protocols, and expectations. The drivers for reorientation will help you determine its scope, scale, and frequency.

    Step 2.6: Vendor orientation (cont.)

    Create a VMI awareness process to build bridges with your vendors.

    Vendor Orientation: 03 - Debrief

    Debrief

    To continue the analogy from orientation, debrief is similar to an exit interview for an employee when their employment is terminated. In this case, debrief occurs when the vendor is no longer an active vendor with your organization – all contracts have terminated or expired, and no new business with the vendor is anticipated within the next three months.

    Similar to orientation and reorientation, debrief activities will be based on the vendor’s classification category within the COST model. Strategic vendors don’t go away very often; usually, they transition to operational or tactical vendors first. However, if a strategic vendor is no longer providing products or services to you, dig a little deeper into their experiences and allocate extra time for the debrief meeting.

    The debrief should provide you with feedback on the vendor’s experience with your organization and their participation in your VMI. In addition, it can provide closure for both parties since the relationship is ending. Be careful that the debrief does not turn into a finger-pointing meeting or therapy session for the vendor. It should be professional and productive; if it is going off the rails, terminate the meeting before more damage can occur.

    End the debrief on a high note if possible. Thank the vendor, highlight its key contributions, and single out any personnel who went above and beyond. You never know when you will be doing business with this vendor again – don’t burn bridges!

    Step 2.6: Vendor orientation (cont.)

    Create a VMI awareness process to build bridges with your vendors.

    • As you create your vendor orientation materials, focus on the message you want to convey.
    • For orientation and reorientation:
      • What is important to you that vendors need to know?
      • What will help the vendors understand more about your organization … your VMI?
      • What and how are you different from other organizations overall … in your “industry”?
      • What will help them understand your expectations?
      • What will help them be more successful?
      • What will help you build the relationship?
    • For debrief:
      • What information or feedback do you want to obtain?
      • What information or feedback to you want to give?
    • The level of detail you provide strategic vendors during orientation and reorientation may be different from the information you provide tactical and operational vendors. Commodity vendors are not typically involved in the vendor orientation process. The orientation meetings can be conducted on a one-to-one basis for strategic vendors and a one-to-many basis for operational and tactical vendors; reorientation and debrief are best conducted on a one-to-one basis. Lastly, face-to-face or video meetings work best for vendor orientation; voice-only meetings, recorded videos, or distributing only written materials seldom hit their mark or achieve the desired results.

    2.6.1: Vendor orientation

    1 to several hours

    1. Meet with the participants and review the Phase Tools and Templates Compendium, Tab 2.6 Vendor Orientation.
      1. Use the orientation checklist to identify the materials you want to create for your orientation meetings.
      2. Use the reorientation checklist to identify the materials you want to create for your reorientation meetings.
    2. The selections can be made by classification category (i.e. different items can apply to strategic, operational, and tactical vendors).
    3. Create the materials and seek input and/or approval from sponsors, stakeholders, and executives as needed.
    4. Use the debrief section of the tool to create an agenda, list the questions you want to ask vendors, and list information you want to provide to vendors. The agenda, questions, and information can be segregated by classification category.

    Download the Info-Tech Jump – Phase 2 Tools and Templates Compendium

    Input

    • Brainstorming

    Output

    • Agendas and materials for orientation, reorientation, and debrief

    Materials

    • Phase Tools and Templates Compendium, Tab 2.6 Vendor Orientation

    Participants

    • VMI team

    Step 2.7: Job descriptions

    Ensure new and existing job descriptions are up to date.

    Based on your work product from Steps 1.1-1.9, it’s time to start drafting new or modifying existing job descriptions applicable to the VMI team members. Some of the VMI personnel may be dedicated full-time to the VMI, while others may be supporting the VMI on a part-time basis. At a minimum, create or modify your job descriptions based on the categories set out below. Remember to get the internal experts involved so that you stay true to your environment and culture.

    01 Title

    This should align overall with what the person will be doing and what the person will be responsible for. Your hands may be tied with respect to titles, but try to make them intuitively descriptive if possible.

    02 Duties

    This is the main portion of the job description. List the duties, responsibilities, tasks, activities, and results expected. Again, there may be some limitations imposed by your organization, but be as thorough as possible.

    03 Qualifications

    This tends to be a gray area for many organizations, with the qualifications, certifications, and experience desired expressed in “ranges” so that good candidates are not eliminated from consideration unnecessarily.

    2.7.1: Job descriptions

    1 to several hours

    1. Meet with the participants and review the VMI structure from Step 1.9.
      1. List the positions that require new job descriptions.
      2. List the positions that require updated job descriptions.
    2. Review the other Phase 1 work product and list the responsibilities, tasks, and functions that need to be incorporated into the new and updated job descriptions.
    3. Review the sample VMI job descriptions and sample VMI job description language in Jump – Phase 2 Tools and Templates Compendium, Tab 2.7 Job Descriptions, and identify language and concepts you want to include in the new and revised job descriptions.
    4. Using your template, draft the new job descriptions and modify the existing job descriptions to synchronize with the VMI structure. Work with other internal areas such as Human Resources to ensure cultural fit and compliance.
    5. Obtain input and signoff on the job descriptions from stakeholders, sponsors, executives, Human Resources, and others as needed.
    6. Document your final job descriptions in Jump – Phase 2 Tools and Templates Compendium, Tab 2.7 Job Descriptions.

    Download the Info-Tech Jump – Phase 2 Tools and Templates Compendium

    Input

    • Brainstorming
    • Existing job descriptions
    • Work product from Phase 1

    Output

    • Job descriptions for new positions
    • Updated job descriptions for existing positions

    Materials

    • Jump – Phase 2 Tools and Templates Compendium, Tab 2.7 Job Descriptions

    Participants

    • VMI team
    • Human Resources (as needed)
    • Applicable stakeholders and executives (as needed)

    Step 2.8: Policies and procedures

    Prepare policies and procedures for VMI functions.

    Policies and procedures are often thought of as boring documents that are 1) tedious to create, 2) seldom read after creation, and 3) only used to punish people when they do something “wrong.” However, when done well, these documents:

    • Communicate expectations.
    • Capture institutional knowledge.
    • Provide guidance for decision making.
    • Help workers avoid errors and minimize risk.
    • Ensure regulatory and organizational compliance.
    • List the steps required to achieve consistent results.

    Definitions of Policies and Procedures

    Policies and procedures are essential, but they are often confused with each other. A policy is a rule, guideline, or framework for making decisions. For example, in the vendor management space, you may want a policy indicating your organization’s view on gifts from vendors. A procedure is a set of instructions for completing a task or activity. For example, staying in the vendor management space, you may want a procedure to outline the process for classifying vendors.

    Step 2.8: Policies and procedures (cont.)

    Prepare policies and procedures for VMI functions.

    Start With Your Policy/Procedure Template or Create One for Consistency

    When creating policies and procedures, follow your template. If you don’t have one (or want to see if anything is missing from your template) the following list of potential components for your governance documents is provided.* Not every concept is required. Use your judgment and err on the side of caution when drafting; balance readability and helpfulness against over documenting and over complicating.

    • Descriptive Title
    • Policy Number
    • Brief Overview
    • Purpose
    • Scope
    • The Policy or Procedure
    • Definitions
    • Revision Date
    • History
    • Related Documents
    • Keywords

    Step 2.8: Policies and procedures (cont.)

    Prepare policies and procedures for VMI functions.

    Although they are not ever going to be compared to page-turning novels, policies and procedures can be improved by following a few basic principles. By following the guidelines set out below, your VMI policies and procedures will contribute to the effectiveness of your initiative.*

    • Use short sentences.
    • Organize topics logically.
    • Use white space liberally.
    • Use mandatory language.
    • Use gender-neutral terms.
    • Write with an active voice.
    • Avoid jargon when possible.
    • Use a consistent “voice” and tone.
    • Use pictures or diagrams when they will help.
    • Write in the same tense throughout the document.
    • Use icons and colors to designate specific elements.
    • Make sure links to other policies and procedures work.
    • Define all acronyms and jargon (when it must be used).
    • Avoid a numbering scheme with more than three levels.

    *Adapted in part from smartsheet.com

    Info-Tech Insight

    Drafting policies and procedures is an iterative process that requires feedback from the organization’s leadership team.

    2.8.1: Policies and procedures

    Several hours

    1. Meet with the participants and review the sample policies and procedures topics in Jump – Phase 2 Tools and Templates Compendium, Tab 2.8 Policies and Procedures.
    2. Determine:
      1. The concepts you want to include in your policies and procedures; brainstorm for any additional concepts you want to include.
      2. The format/template for your policies and procedures.
    3. Draft your policies and procedures based on the sample topics and your brainstorming activity. Work with other internal areas such as Legal and Human Resources to ensure cultural and environmental fit within your organization.
    4. Obtain input and signoff on the policies and procedures from stakeholders, sponsors, executives, Legal, Human Resources, and others as needed.
    5. Document your final policies and procedures in Jump – Phase 2 Tools and Templates Compendium, Tab 2.8 Policies and Procedures.
    6. Publish your policies and procedures and conduct training sessions or awareness sessions as needed.

    Download the Info-Tech Jump – Phase 2 Tools and Templates Compendium

    Input

    • Existing policies and procedures (if any)
    • Existing policies and procedures template (if any)
    • Scope
    • OIC chart
    • Process maps
    • Brainstorming

    Output

    • VMI policies and procedures

    Materials

    • Jump – Phase 2 Tools and Templates Compendium, Tab 2.8 Policies and Procedures

    Participants

    • VMI team
    • Legal and Human Resources (as needed)
    • Applicable stakeholders and executives (as needed)

    Step 2.9: 3-year roadmap

    Plot your path at a high level.

    The VMI exists in many planes concurrently: 1) it operates both tactically and strategically, and 2) it focuses on different timelines or horizons (e.g. the past, the present, and the future). Creating a 3-year roadmap facilitates the VMI’s ability to function effectively across these multiple landscapes.

    The VMI roadmap will be influenced by many factors. The work product from Phase 1: Plan, input from executives, stakeholders, and internal clients, and the direction of the organization as a whole are great sources of information as you begin to build your roadmap.

    To start, identify what you would like to accomplish in Year 1. This is arguably the easiest year to complete: budgets are set (or you have a good idea what the budget will look like), personnel decisions have been made, resources have been allocated, and other issues impacting the VMI are known with a higher degree of certainty than any other year. This does not mean things won’t change during the first year of the VMI, but expectations are usually lower and the short event horizon makes things more predictable during the Year-1 ramp-up period.

    Years 2 and 3 are more tenuous, but the process is the same: identify what you would like to accomplish or roll out in each year. Typically, the VMI maintains the Year 1 plan into subsequent years and adds to the scope or maturity. For example, you may start Year 1 with BAMs and scorecards for three of your strategic vendors; during Year 2, you may increase that to five vendors; and during Year 3, you may increase that to nine vendors. Or, you may not conduct any market research during Year 1, waiting to add it to your roadmap in Year 2 or 3 as you mature.

    Breaking things down by year helps you identify what is important and the timing associated with your priorities. A conservative approach is recommended. It is easy to overcommit, but the results can be disastrous and painful.

    2.9.1: 3-year roadmap

    45-90 minutes

    1. Meet with the participants and decide how to coordinate Year 1 of your 3-year roadmap with your existing fiscal year or reporting year. Year 1 may be shorter or longer than a calendar year.
    2. Review the VMI activities listed in Jump – Phase 2 Tools and Templates Compendium, Tab 2.9 3-Year Roadmap. Use brainstorming and your prior work product from Phase 1 and Phase 2 to identify additional items for the roadmap and add them at the bottom of the spreadsheet.
    3. Starting with the first activity, determine when that activity will begin and put an X in the corresponding column; if the activity is not applicable, leave it blank or insert N/A.
    4. Go back to the top of the list and add information as needed.
      1. For any Year-1 or Year-2 activities, add an X in the corresponding columns if the activity will be expanded/continued in subsequent periods (e.g. if a Year 2 activity will continue in Year 3, put an X in Year 3 as well).
      2. Use the comments column to provide clarifying remarks or additional insights related to your plans or “X’s.” For example, “Scorecards begin in Year 1 with three vendors and will roll out to five vendors in Year 2 and nine vendors in Year 3.”
    5. Obtain signoff from stakeholders, sponsors, and executives as needed.

    Download the Info-Tech Jump – Phase 2 Tools and Templates Compendium

    Input

    • Phase 1 work product
    • Steps 2.1-2.8 work product
    • Brainstorming

    Output

    • High level 3-year roadmap for the VMI

    Materials

    • Jump – Phase 2 Tools and Templates Compendium, Tab 2.9 3-Year Roadmap

    Participants

    • VMI team
    • Applicable stakeholders and executives (as needed)

    Step 2.10: 90-day plan

    Pave your short-term path with a series of detailed quarterly plans.

    Now that you have prepared a 3-year roadmap, it’s time to take the most significant elements from the first year and create action plans for each three-month period. Your first 90-day plan may be longer or shorter if you want to sync to your fiscal or calendar quarters. Aligning with your fiscal year can make it easier for tracking and reporting purposes; however, the more critical item is to make sure you have a rolling series of four 90-day plans to keep you focused on the important activities and tasks throughout the year.

    The 90-day plan is a simple project plan that will help you measure, monitor, and report your progress. Use the Info-Tech tool to help you track:

    • Activities
    • Tasks comprising each activity
    • Who will be performing the tasks
    • An estimate of the time required per person per task
    • An estimate of the total time to achieve the activity
    • A due date for the activity
    • A priority of the activity

    The first 90-day plan will have the greatest level of detail and should be as thorough as possible; the remaining three 90-day plans will each have less detail for now. As you approach the middle of the first 90-day plan, start adding details to the next 90-day plan; toward the end of the first quarter add a high-level 90-day plan to the end of the chain. Continue repeating this cycle each quarter and consult the 3-year roadmap and the leadership team as necessary.

    90 Days

    2.10.1: 90-day plan

    45-90 minutes

    1. Meet with the participants and decide how to coordinate the first 90-day plan with your existing fiscal year or reporting cycles. Your first plan may be shorter or longer than 90 days.
    2. Looking at the Year 1 section of the 3-year roadmap, identify the activities that will be started during the next 90 days.
    3. Using the Jump – Phase 2 Tools and Templates Compendium, Tab 2.10 90-Day Plan, enter the following information into the spreadsheet for each activity to be accomplished during the next 90 days:
      1. Activity description
      2. Tasks required to complete the activity (be specific and descriptive)
      3. The people who will be performing each task
      4. The estimated number of hours required to complete each task
      5. The start date and due date for each task or the activity
    4. Validate the tasks are a complete list for each activity and the people performing the tasks have adequate time to complete the tasks by the due date(s).
    5. Assign a priority to each activity.

    Download the Info-Tech Jump – Phase 2 Tools and Templates Compendium

    Input

    • 3-year roadmap
    • Phase 1 work product
    • Steps 2.1-2.9 work product
    • Brainstorming

    Output

    • Detailed plan for the VMI for the next quarter or 90 days

    Materials

    • Jump – Phase 2 Tools and Templates Compendium, Tab 2.10 90-Day Plan

    Participants

    • VMI team
    • Applicable stakeholders and executives (as needed)

    Step 2.11: Quick wins

    Identify potential short-term successes to gain momentum and show value immediately.

    As the final step in the timeline trilogy, you are ready to identify some quick wins for the VMI. Using the first 90-day plan and a brainstorming activity, create a list of things you can do in 15 to 30 days that add value to your initiative and build momentum.

    As you evaluate your list of potential candidates, look for things that:

    • Are achievable within the stated timeline.
    • Don’t require a lot of effort.
    • Involve stopping a certain process, activity, or task; this is sometimes known as a “stop doing stupid stuff” approach.
    • Will reduce or eliminate inefficiencies; this is sometimes known as the war on waste.
    • Have a moderate to high impact or bolster the VMI’s reputation.

    As you look for quick wins, you may find that everything you identify does not meet the criteria. That’s ok … don’t force the issue. Return your focus to the 90-day plan and 3-year roadmap, and update those documents if the brainstorming activity associated with this Step 2.11 identified anything new.

    2.11.1: Quick wins

    15-30 minutes

    1. Meet with the participants and review the 3-year roadmap and 90-day plan. Determine if any item on either document can be completed:
      1. Quickly (30 days or less)
      2. With minimal effort
      3. To provide or show moderate to high levels of value or provide the VMI with momentum
    2. Brainstorm to identify any other items that meet the criteria in step 1 above.
    3. Compile a comprehensive list of these items and select up to five to pursue.
    4. Document the list in the Jump – Phase 2 Tools and Templates Compendium, Tab 2.11 Quick Wins.
    5. Manage the quick wins list and share the results with the VMI team and applicable stakeholders and executives.

    Download the Info-Tech Jump – Phase 2 Tools and Templates Compendium

    Input

    • 3-year roadmap
    • 90-day plan
    • Brainstorming

    Output

    • A list of activities that require low levels of effort to achieve moderate to high levels of value in a short period

    Materials

    • Jump – Phase 2 Tools and Templates Compendium, Tab 2.11 Quick Wins

    Participants

    • VMI team

    Step 2.12: Reports

    Construct your reports to resonate with your audience.

    Issuing reports is a critical piece of the VMI since the VMI is a conduit of information for the organization. It may be aggregating risk data from internal areas, conducting vendor research, compiling performance data, reviewing market intelligence, or obtaining relevant statistics, feedback, comments, facts, and figures from other sources. Holding onto this information minimizes the impact a VMI can have on the organization; however, the VMI’s internal clients, stakeholders, and executives can drown in raw data and ignore it completely if it is not transformed into meaningful, easily-digested information.

    Before building a report, think about your intended audience:

    • What information are they looking for … what will help them understand the big picture?
    • What level of detail is appropriate, keeping in mind the audience may not be like-minded?
    • What items are universal to all of the readers and what items are of interest to one or two readers?
    • How easy or hard will it be to collect the data … who will be providing it, how time consuming will it be?
    • How accurate, valid, and timely will the data be?
    • How frequently will each report need to be issued?

    Step 2.12: Reports (cont.)

    Construct your reports to resonate with your audience.

    Use the following guidelines to create reports that will resonate with your audience:

    • Value information over data, but sometimes data does have a place in your report.
    • Use pictures, graphics, and other representations more than words, but words are often necessary in small, concise doses.
    • Segregate your report by user; for example, general information up top, CIO information below that on the right, CFO information to the left of CIO information, etc.
    • Send a draft report to the internal audience and seek feedback, keeping in mind you won’t be able to cater to or please everyone.

    Step 2.12: Reports (cont.)

    Construct your reports to resonate with your audience.

    The report’s formatting and content display can make or break your reports.*

    • Make the report look inviting and easy to read. Use:
      • Short paragraphs and bullet points.
      • A simple layout and uncluttered, wide margins.
      • Minimal boldface, underline, or italics to attract the readers’ attention.
      • High contrast between text and background.
    • Charts, graphs, and infographics should be intuitive and tell the story on their own.
    • Make it easy to peruse the report for topics of interest.
      • Maintain consistent design features.
      • Use impactful, meaningful headings and subheadings.
      • Include callouts to draw attention to important high-level information.
    • Demonstrate the impact of the accomplishments or success stories when appropriate.
    • Finish with a simple concise summary when appropriate. Consider adding:
      • Key points for the reader to takeaway.
      • Action items or requests.
      • Plans for next reporting period.

    *Sources: Adapted and compiled in part from: designeclectic.com, ahrq.gov, and 60secondmarketer.com.

    2.12.1: Reports

    15-45 minutes

    1. Meet with the participants and review the applicable work product from Phases 1 and 2; identify qualitative and quantitative items the VMI measures, monitors, tracks, or aggregates.
    2. Determine which items will be reported and to whom (by category):
      1. Internally to personnel within the VMI
      2. Internally to personnel outside the VMI
      3. Externally to vendors
    3. Within each category above, determine your intended audiences/recipients. For example, you may have a different list of recipients for a risk report than you do a scorecard summary report. This will help you identify the number of reports required.
    4. Create a draft structure for each report based on the audience and the information being conveyed. Determine the frequency of each report and person responsible for creating for each report.
    5. Document your final choices in Jump – Phase 2 Tools and Templates Compendium, Tab 2.12 Reports.

    Download the Info-Tech Jump – Phase 2 Tools and Templates Compendium

    Input

    • Brainstorming
    • Phase 1 work product
    • Steps 2.1-2.11 work product

    Output

    • A list of reports used by the VMI
    • For each report:
    • The conceptual content
    • A list of who will receive or have access
    • A creation/distribution frequency

    Materials

    • Jump – Phase 2 Tools and Templates Compendium, Tab 2.12 Reports

    Participants

    • VMI team
    • Applicable stakeholders and executives (as needed)

    Phase 3: Run

    Implement Your Processes and Leverage Your Tools and Templates

    Phase 1 Phase 2 Phase 3 Phase 4
    1.1 Mission Statement and Goals
    1.2 Scope
    1.3 Strengths and Obstacles
    1.4 Roles and Responsibilities
    1.5 Process Mapping
    1.6 Charter
    1.7 Vendor Inventory
    1.8 Maturity Assessment
    1.9 Structure

    2.1 Classification Model
    2.2 Risk Assessment Tool
    2.3 Scorecards and Feedback
    2.4 Business Alignment Meeting Agenda
    2.5 Relationship Alignment Document
    2.6 Vendor Orientation
    2.7 Job Descriptions
    2.8 Policies and Procedures
    2.9 3-Year Roadmap
    2.10 90-Day Plan
    2.11 Quick Wins
    2.12 Reports

    3.1 Classify Vendors
    3.2 Conduct Internal “Kickoff” Meeting
    3.3 Conduct Vendor Orientation
    3.4 Compile Scorecards
    3.5 Conduct Business Alignment Meetings
    3.6 Work the 90-Day Plan
    3.7 Manage the 3-Year Roadmap
    3.8 Measure and Monitor Risk
    3.9 Issue Reports
    3.10 Develop/Improve Vendor Relationships
    3.11 Contribute to Other Processes

    4.1 Assess Compliance
    4.2 Incorporate Leading Practices
    4.3 Leverage Lessons Learned
    4.4 Maintain Internal Alignment
    4.5 Update Governances

    This phase will walk you through the following activities:

    Begin operating the VMI. The main outcomes from this phase are guidance and the steps required to implement your VMI.

    This phase involves the following participants:

    • VMI team
    • Applicable stakeholders and executives
    • Others as needed

    Jump Start Your Vendor Management Initiative

    Phase 3: Run

    Implement your processes and leverage your tools and templates.

    All of the hard work invested in Phase 1: Plan and Phase 2: Build begins to pay off in Phase 3: Run. It’s time to stand up your VMI and ensure that the proper level of resources is devoted to your vendors and the VMI itself. There’s more hard work ahead, but the foundational elements are in place. This doesn’t mean there won’t be adjustments and modifications along the way, but you are ready to use the tools and templates in the real world; you are ready to begin reaping the fruits of your labor.

    Phase 3: Run guides you through the process of collecting data, monitoring trends, issuing reports, and conducting effective meetings to:

    • Manage risk better.
    • Improve vendor performance.
    • Improve vendor relationships.
    • Identify areas where the parties can improve.
    • Improve communication between the parties.
    • Increase the value proposition with your vendors.

    Step 3.1: Classify vendors

    Begin classifying your top 25 vendors by spend.

    Step 3.1 sets the table for many of the subsequent steps in Phase 3: Run. The results of your classification process will determine: which vendors go through the scorecarding process (Step 3.4); which vendors participate in BAMs (Step 3.5); the nature and content of the vendor orientation activities (Step 3.3); which vendors will be part of the risk measurement and monitoring process (Step 3.8); which vendors will be included in the reports issued by the VMI (Step 3.9); and which vendors you will devote relationship-building resources to (Step 3.10).

    As you begin classifying your vendors, Info-Tech recommends using an iterative approach initially to validate the results from the classification model you configured in Step 2.1.

    1. Using the information from the Vendor Inventory tab (Step 1.7), identify your top 25 vendors by spend.
    2. Run your top 10 vendors by spend through the classification model and review the results.
      1. If the results are what you expected and do not contain any significant surprises, go to next page.
      2. If the results are not what you expected or contain significant surprises, look at the configuration page of the tool (Tab 1) and adjust the weights or the spend categories slightly. Be cautious in your evaluation of the results before modifying the configuration page – some legitimate results are unexpected or surprising based on bias. If you modify the weighting, review the new results and repeat your evaluation. If you modify the spend categories, review the answers on the vendor tabs to ensure that the answers are still accurate; review the new results and repeat your evaluation.

    Step 3.1: Classify vendors (cont.)

    Review your results and adjust the classification tool as needed.

    1. Run your top 11 through 25 vendors by spend through the classification model and review the results. Identify any unexpected results or surprises. Determine if further configuration makes sense and repeat the process outlined in 2.b, previous page, as necessary. If no further modifications are required, continue to 4, below.
    2. Share the preliminary results with the leadership team, executives, and stakeholders to obtain their approval or adjustments to the results.
      1. They may have questions and want to understand the process before approving the results.
      2. They may request that you move a vendor from one quadrant to another based on your organization’s roadmap, the vendor’s roadmap, or other information not available to you.
    3. Identify the vendors that will be part of the VMI at this stage – how many and which ones. Based on this number and the VMI’s scope (Step 1.2), make sure you have the resources necessary to accommodate the number of vendors participating in the VMI. Proceed cautiously and gradually increase the number of vendors participating in the VMI.

    Step 3.1: Classify vendors (cont.)

    Finalize the results and update VMI tools and templates.

    1. Update the Vendor Inventory tab (Step 1.7) to indicate the current classification status for the top 25 vendors by spend. Once your vendors have been classified, you can sort the Vendor Inventory tab by classification status to see all the vendors in that category at once.
    2. Review your 3-year roadmap (Step 2.9) and 90-day plans (Step 2.10) to determine if any modifications are needed to the activities and timelines.

    Additional classification considerations:

    • You should only have a few vendors that fit in the strategic category. As a rough guideline, no more than 5% to 10% of your IT vendors should end up in the strategic category. If you have a large number of vendors, even 5% may be too many. The classification model is an objective start to the classification process, but common sense must prevail over the “math” at the end of the day.
    • At this point, there is no need to go beyond the top 25 by spend. Most VMIs starting out can’t handle more than three to five strategic vendors initially. Allow the VMI to run a pilot program with a small sample size, work out any bugs, make adjustments, and then ramp up the VMI’s rollout in waves. Vendors can be added quarterly, biannually, or annually, depending upon the desired goals and available resources.

    Step 3.1: Classify vendors (cont.)

    Align your vendor strategy to your classification results.

    As your VMI matures, additional vendors will be part of the VMI. Review the table below and incorporate the applicable strategies into your deployment of vendor management principles over time. Stay true to your mission, goals, and scope, and remember that not all of your vendors are of equal importance.

    Operational Strategic
    • Focus on spend containment
    • Concentrate on lowering total cost of ownership
    • Invest moderately in cultivating the relationship
    • Conduct BAMs biannually or annually
    • Compile scorecards quarterly or biannually
    • Identify areas for performance and cost improvement
    • Focus on value, collaboration, and alignment
    • Review market intelligence for the vendor’s industry
    • Invest significantly in cultivating the relationship
    • Initiate executive-to-executive relationships
    • Conduct BAMs quarterly
    • Compile scorecards quarterly
    • Understand how the vendors view your organization

    Commodity

    Tactical

    • Investigate vendor rationalization and consolidation
    • Negotiate for the best-possible price
    • Leverage competition during negotiations
    • Streamline the purchasing and payment process
    • Allocate minimal VMI resources
    • Assign the lowest priority for vendor management metrics
    • Conduct risk assessments biannually or annually
    • Cultivate a collaborative relationship based on future growth plans or potential with the vendor
    • Conduct BAMs quarterly or biannually
    • Compile scorecards quarterly
    • Identify areas of performance improvement
    • Leverage innovation and creative problem solving

    Step 3.1: Classify vendors (cont.)

    Be careful when using the word “partner” with your strategic and other vendors.

    For decades, vendors have used the term “partner” to refer to the relationship they have with their clients and customers. In many regards, this is often an emotional ploy used by the vendors to get the upper hand. To fully understand the terms “partner” and “partnership” let’s evaluate them through two more-objective, less-cynical lenses.

    If you were to talk to your in-house or outside legal counsel, you may be told that partners share in profits and losses, and they have a fiduciary obligation to each other. Unless there is a joint venture between the parties, you are unlikely to have a partnership with a vendor from this perspective.

    What about a “business” partnership … one that doesn’t involve sharing profits and losses? What would that look like? Here are some indicators of a business partnership (or preferably a strategic alliance):

    • Trust and transparent communication exist.
    • You have input into the vendor’s roadmap for products and services.
    • The vendor is aligned with your desired outcomes and helps you achieve success.
    • You and the vendor are accountable for actions and inactions, with both parties being at risk.
    • There is parity in the peer-to-peer relationships between the organizations (e.g. C-Level to C-Level).
    • The vendor provides transparency in pricing models and proactively suggests ways for you to reduce costs.
    • You and the vendor work together to make each party better, providing constructive feedback on a regular basis.
    • The vendor provides innovative suggestions for you to improve your processes, performance, the bottom line, etc.
    • Negotiations are not one-sided; they are meaningful and productive, resulting in an equitable distribution of money and risk.

    Step 3.1: Classify vendors (cont.)

    Understand the implications and how to leverage the words “partner” and “partnership.”

    By now you might be thinking, “What’s all the fuss? Why does it matter?” At Info-Tech, we’ve seen firsthand how referring to the vendor as a partner can have the following impact:

    • Confidences are disclosed unnecessarily.
    • Negotiation opportunities and leverage are lost.
    • Vendors no longer have to earn the customer’s business.
    • Vendor accountability is missing due to shared responsibilities.
    • Competent skilled vendor resources are assigned to other accounts.
    • Value erodes over time since contracts are renewed without being competitively sourced.
    • One-sided relationships are established, and false assurances are provided at the highest levels within the customer organization.

    Proceed with caution when using partner or partnership with your vendors. Understand how your organization benefits from using these terms and mitigate the negatives outlined above by raising awareness internally to ensure people understand the psychology behind the terms. Finally, use the term to your advantage when warranted by referring to the vendor as a partner when you want or need something that the vendor is reluctant to provide. Bottom line: Be strategic in how you refer to vendors and know the risks.

    Step 3.2: Conduct internal “kickoff” meeting

    Raise awareness about the VMI and its mission, vision, and goals.

    To be effective, your VMI needs executive support, a clear vision, appropriate governances and tools, personnel with the right skills, and other items discussed in this blueprint. However, the VMI doesn’t exist in a vacuum … it can’t sit back and be reactive. As part of being proactive, the VMI must be aware of its brand and “market” its services. An effective way to market the VMI is to conduct an internal kickoff meeting. There are at least a couple of ways to do this:

    • Host a meeting for stakeholders, executives, and others who will be contributing to the VMI processes (but are not part of the VMI). The meeting can be part of a townhall or standalone meeting; it can be done live or via a recorded video.
    • Attend appropriate staff meetings and make your presentation.

    With either approach above or one of your choosing, keep in mind the following objectives for your kickoff meeting:

    • Make sure you provide a way for those in attendance to ask questions at that time and later. You want to create and foster a communication loop with the people who will be impacted by the VMI or participating with it.
    • Raise awareness of your existence and personnel. Tell the VMI’s story by sharing your mission statement, goals, and scope; this will help dispel (or confirm) rumors about the VMI that often lead to confusion and faulty assumptions.
    • As you share the VMI’s vision, connect the story to how the VMI will impact the organization and individuals and to how they can help. The VMI tends to be the least autonomous area within an organization; it needs the assistance of others to be successful. Convey an atmosphere of collaboration and appreciation for their help.

    Host a kickoff meeting annually to kickoff the new year. Remind people of your story, announce successes from the past year, and indicate what the future year holds. Keep it brief, make it personal for the audience, and help them connect the names of VMI personnel to faces.

    Step 3.3: Conduct vendor orientation

    Introduce your VMI to your top vendors.

    Based on the results from your vendor classification (Step 3.1) and your VMI deployment timeline, identify the vendors who will participate in the initial orientation meetings. Treat the orientation as a formal, required meeting for the vendors to attend. Determine the attendee list for your organization and the vendors, and send out invites. Ideally, you will want the account manager, a sales director or vice president, the “delivery” director or vice president, and an executive from the vendor in the meeting. From the customer side, you may need more than one or two people from the VMI to entice the vendor’s leadership team to attend; you may need attendance from your own leadership team to add weight or credibility to the meeting (unfortunately).

    Before going into the meeting, make sure everyone on your side knows their roles and responsibilities, and review the agenda. Control the agenda or the meeting is likely to get out of hand and turn into a sales call.

    Conduct orientation meetings even if the participating vendors have been doing business with you for several years. Don’t assume they know all about your organization and your VMI (even if their other clients have a VMI).

    Run two or three orientation meetings and then review the “results.” What needs to be modified? What lessons have you learned? Make any necessary adjustments and continue rolling out the orientation meetings.

    Early in the VMI’s deployment, reorientation and debrief may not be in play. As time passes, it is important to remember them! Use them when warranted to help with vendor alignment.

    Step 3.4: Compile scorecards

    Begin scoring your top vendors.

    The scorecard process typically is owned and operated by the VMI, but the actual rating of the criteria within the measurement categories is conducted by those with day-to-day interactions with the vendors, those using or impacted by the services and products provided by the vendors, and those with the skills to research other information on the scorecard (e.g. risk). Chances are one person will not be able to complete an entire scorecard by themselves. As a result, the scorecard process is a team sport comprising sub-teams where necessary.

    The VMI will compile the scores, calculate the final results, and aggregate all of the comments into one scorecard. There are two common ways to approach this task:

    1. Send out the scorecard template to those who will be scoring the vendor and ask them to return it when completed, providing them with a due date a few days before you actually need it; you’ll need time to compile, calculate, and aggregate.
    2. Invite those who will be scoring the vendor to a meeting and let the contributors use that time to score the vendors; make VMI team members available to answer questions and facilitate the process.

    Step 3.4: Compile scorecards (cont.)

    Gather input from stakeholders and others impacted by the vendors.

    Since multiple people will be involved in the scorecarding process or have information to contribute, the VMI will have to work with the reviewers to ensure that the right mix of data is provided. For example:

    • If you are tracking lawsuits filed by or against the vendor, one person from Legal may be able to provide that, but they may not be able to evaluate any other criteria on the scorecard.
    • If you are tracking salesperson competencies, multiple people from multiple areas may have valuable insights.
    • If you are tracking deliverable timeliness, several project managers may want to contribute across several projects.

    Where one person is contributing exclusively to limited criteria, make it easy for the person to identify the criteria they are to evaluate. When multiple people from the same functional area will provide insights, they can contribute individually (and the VMI will average their responses) or they can respond collectively after reaching consensus among themselves.

    After the VMI has compiled, calculated, and aggregated, share the results with executives, impacted stakeholders, and others who will be attending the BAM for that vendor. Depending upon the comments provided by internal personnel, you may need to create a sanitized version of the scorecard for the vendor.

    Make sure your process timeline has a buffer built in. You’ll be sending the final scorecard to the vendor three to five days before the BAM, and you’ll need some time to assemble the results. The scorecarding process can be perceived as a low-priority activity for people outside of the VMI, and other “priorities” will arise for them. Without a timeline buffer, the VMI may find itself behind schedule and unprepared due to things beyond its control.

    Step 3.5: Conduct business alignment meetings

    Determine which vendors will participate and how long the meetings will last.

    At their core, BAMs aren’t that different from any other meeting. The basics of running a meeting still apply, but there are a few nuances that apply to BAMs Set out below are leading practices for conducing your BAMs; adapt them to meet your needs and suit your environment.

    Who

    Initially, BAMs are conducted with the strategic vendors in your pilot program. Over time, you’ll add vendors until all of your strategic vendors are meeting with you quarterly. After that, roll out the BAMs to those tactical and operational vendors located close to the strategic quadrant in the classification model (Steps 2.1 and 3.1) and as VMI resources allow. It may take several years before you are holding regular BAMs with all of your strategic, tactical, and operational vendors.

    Duration

    Keep the length of your meetings reasonable. The first few with a vendor may need to be 60 to 90 minutes long. After that, you should be able to trim them to 45 to 60 minutes. The BAM does not have to fill the entire time. When you are done, you are done.

    Step 3.5: Conduct business alignment meetings (cont.)

    Identify who will be invited and send out invitations.

    Invitations

    Set up a recurring meeting whenever possible. Changes will be inevitable, but keeping the timeline regular works to your advantage. Also, the vendors included in your initial BAMs won’t change for twelve months. For the first BAM with a vendor, provide adequate notice; four weeks is sufficient in most instances, but calendars will fill up quickly for the main attendees from the vendor. Treat the meeting as significant and make sure your invitation reflects this. A simple meeting request will often be rejected, treated as optional, or ignored completely by the vendor’s leadership team (and maybe yours as well!).

    Invitees

    Internal invitees should include those with a vested interest in the vendor’s performance and the relationship. In addition, other functional areas may be invited based on need or interest. Be careful the attendee list doesn’t get too big. Based on this, internal BAM attendees often include representatives from IT, Sourcing/Procurement, and the applicable business units. At times, Finance and Legal are included.

    From the vendor’s side, strive to have decision makers and key leaders attend. The salesperson/account manager is often included for continuity, but a director or vice president of sales will have more insights and influence. The project manager is not needed at this meeting due to the nature of the meeting and its agenda; however, a director or vice president from the “product or service delivery” area is a good choice. Bottom line: get as high into the vendor’s organization as possible whenever possible; look at the types of contracts you have with that vendor to provide guidance on the type of people to invite.

    Step 3.5: Conduct business alignment meetings (cont.)

    Prepare for the meetings and maintain control.

    Preparation

    Send the scorecard and agenda to the vendor five days prior to the BAM. The vendor should provide you with any information you require for the meeting five days prior as well.

    Decide who will run the meeting. Some customers like to lead and others let the vendor present. How you craft the agenda and your preferences will dictate who runs the show.

    Make sure the vendor knows what materials it should bring to the meeting or have access to. This will relate to the agenda and any specific requests listed under the discussion points. You don’t want the vendor to be caught off guard and unable to discuss a matter of importance to you.

    Running the BAM

    Regardless of which party leads, make sure you manage the agenda to stay on topic. This is your meeting – not the vendor’s, not IT’s, not Procurement’s or Sourcing’s. Don’t let anyone hijack it.

    Make sure someone is taking notes. If you are running this virtually, consider recording the meeting. Check with your legal department first for any concerns, notices, or prohibitions that may impact your recording the session.

    As a reminder, this is not a sales call, and this is not a social activity. Innovation discussions are allowed and encouraged, but that can quickly devolve into a sales presentation. People can be friendly toward one another, but the relationship building should not overwhelm the other purposes.

    Step 3.5: Conduct business alignment meetings (cont.)

    Follow these additional guidelines to maximize your meetings.

    More Leading Practices

    • Remind everyone that the conversation may include items covered by various confidentiality provisions or agreements.
    • Publish the meeting minutes on a timely basis (within 48 hours).
    • Focus on the bigger picture by looking at trends over time; get into the details only when warranted.
    • Meet internally immediately beforehand to prepare – don’t go in cold; review the agenda and the roles and responsibilities for the attendees.
    • Physical meetings are better than virtual meetings, but travel constraints, budgets, and pandemics may not allow for physical meetings.

    Final Thoughts

    • When performance or the relationship is suffering, be constructive in your feedback and conversations rather than trying to assign blame; lead with the carrot rather than the stick.
    • Look for collaborative solutions whenever possible and avoid referencing the contract if possible. Communicate your willingness to help resolve outstanding issues.
    • Use inclusive language and avoid language that puts the vendor on the defensive.
    • Make sure that your meetings are not focused exclusively on the negative, but don’t paint a rosy picture where one doesn’t exist.
    • A vendor that is doing well should be commended. This is an important part of relationship building.

    Step 3.6: Work the 90-day plan

    Monitor your progress and share your results.

    Having a 90-day plan is a good start, but assuming the tasks on the plan will be accomplished magically or without any oversight can lead to failure. While it won’t take a lot of time to work the plan, following a few basic guidelines will help ensure the 90-day plan gets results and wasn’t created in vain.

    90-Day Plan: Activity 1; Activity 2; Activity 3; Activity 4; Activity 5
    1. Measure and track your progress against the initial/current 90-day plan at least weekly; with a short timeline, any delay can have a huge impact.
    2. If adjustments are needed to any elements of the plan, understand the cause and the impact of those adjustments before making them.
    3. Make adjustments ONLY when warranted. The temptation will be to push activities and tasks further out on the timeline (or to the next 90-day plan!) when there is any sort of “hiccup” along the way, especially when personnel outside the VMI are involved. Hold true to the timeline whenever possible; once you start slipping, it often becomes a habit.
    4. Report on progress every week and hold people accountable for their assignments and contributions.
    5. Take the 90-day plan seriously and treat it as you would any significant project – this is part of the VMI’s branding and image.

    Step 3.7: Manage the 3-year roadmap

    Keep an eye on the future since it will feed the present.

    The 3-year roadmap is a great planning tool, but it is not 100% reliable. There are inherent flaws and challenges. Essentially, the roadmap is a set of three “crystal balls” attempting to tell you what the future holds. The vision for Year 1 may be fairly clear, but for each subsequent year, the crystal ball becomes foggier. In addition, the timeline is constantly changing; before you know it, tomorrow becomes today and Year 2 becomes Year 1.

    To help navigate through the roadmap and maximize its potential, follow these principles:

    • Manage each year of the roadmap differently.
      • Review the Year 1 map each quarter to update your 90-day plans (See steps 2.10 and 3.6).
      • Review the Year 2 map every six months to determine if any changes are necessary. As you cycle through this, your vantage point of Year 2 will be 6 months or 12 months away from the beginning of Year 2, and time moves quickly.
      • Review the Year 3 map annually, and determine what needs to be added, changed, or deleted. Each time you review Year 3, it will be a “new” Year 3 that needs to be built.
    • Analyze the impact on the proposed modifications from two perspectives: 1) What is the impact if a requested modification is made? 2) What is the impact if a requested modification is not made?
    • Validate all modifications with leadership and stakeholders before updating the 3-year roadmap to ensure internal alignment.

    Step 3.8: Measure and monitor risk

    Understand and manage risk levels.

    Using the configured Vendor Risk Assessment Tool (Step 2.2), confirm which risks you will be measuring and monitoring and identify the vendors that will be part of the initial risk management process. Generally, organizations start measuring and monitoring risk in two to five risk categories for two or three strategic vendors. Over time, additional risk categories and/or vendors can be added in waves. Resist the temptation to add risk categories or vendors into the mix too quickly. Expanding requires resources inside and outside of the VMI.

    The VMI will rely heavily on other areas to provide input or the risk data, and the VMI needs to establish good working relationships with those areas. For example, if legal risk is something being measured and monitored, the VMI will need data from Legal on the number and nature of any lawsuits filed by or against the applicable vendors; the VMI will need data from Legal, Contract Management, or Procurement/Sourcing on the number and nature of any agreed upon deviations from your organization’s preferred contract terms that increase legal risk.

    With respect to risk, the VMI’s main role is threefold: 1) take the data obtained from others (or in some instances the VMI may have the data) and turn it into useful information, 2) monitor the risk categories over time and periodically issue reports, and 3) work with other areas to manage the risk.

    Step 3.9: Issue reports

    Inform internal personnel and vendors about trends, issues, progress, and results.

    Issuing the reports created in Step 2.12 is one of the main ways the VMI 1) will communicate with internal and external personnel and 2) track trends and information over time. Even with input from the potential reviewers of the reports, you’ll still want to seek their feedback and input periodically. It may take a few iterations until the reports are hitting their mark. You may find that a metric is no longer required, that a metric is missing completely or it is missing a component, or a formatting change would improve the report’s readability. Once a report has been “finalized,” try not to change it until you are engaged in Phase 4: Review activities. It can be unsettling for the reviewers when reports change constantly.

    Whenever possible, find ways to automate the reports. While issuing reports is critical, the function should not consume more time than necessary. Automation can remove some of the manual and repetitive tasks.

    Internal reports may need to be kept confidential. An automated dashboard or reporting tool can help lock down who has access to the information. At a minimum, the internal reports should contain a “Confidential” stamp, header, watermark, or other indicator that the materials are sensitive and should not be disclosed outside of your organization without approval.

    Reports for vendors may not need to be sent as often as reports are generated or prepared for internal personnel. Establish a cadence by classification model category and stick to it. Letting each vendor choose the frequency will make it more difficult for you to manage. The vendors can choose to ignore the report if they so choose.

    This is an image of an example of a bar graph showing ROI and Benchmark for Categories 1-6

    Step 3.10: Develop/improve vendor relationships

    Drive better performance through better relationships.

    One of the key components of a VMI is relationship management. Good relationships with your vendors provide many benefits for both parties, but they don’t happen by accident. Do not assume the relationship will be good or is good merely because your organization is buying products and services from a vendor.

    In many respects, the VMI should mirror a vendor’s sales organization by establishing relationships at multiple levels within the vendor organizations – not just with the salesperson or account manager. Building and maintaining relationships is hard work, but the return on investment makes it worthwhile.

    Business relationships are comprised of many components, not all of which have to be present to have a great relationship. However, there are some essential components. Whether you are trying to develop, improve, or maintain a relationship with a vendor, make sure you are conscious of the following:*

    • Focus your energies on strategic vendors first and then tactical and operational vendors.
    • Be transparent and honest in your communications.
    • Continue building trust by being responsive and honoring commitments (timely).
    • Create a collaborative environment and build upon common ground.
    • Thank the vendor when appropriate.
    • Resolve disputes early, avoid the “blame game,” and be objective when there are disagreements.

    Step 3.11: Contribute to other processes

    Continue assisting others and managing roles and responsibilities outside of the VMI.

    The VMI has processes that it owns and processes that it contributes to. Based on the VMI scope (Step 1.2), the OIC chart (Step 1.4), and the process mapping activities (Step 1.5), ensure that the VMI is honoring its contribution commitments. This is often easier said than done though. A number of factors can make it difficult to achieve the balance required to handle VMI processes and contribute to other processes associated with the VMI’s mission and vision. Understanding the issues is half the battle. If you see signs of these common “vampires,” take action quickly to address the situation.

    • The VMI’s first focus is often internal, and the tendency is to operate in a bubble. Classifying vendors, running BAMs, coordinating the risk process, and other inward-facing processes can consume all of the VMI’s energy. As a result, there is little time, effort, or let’s be honest, desire to participate in other processes outside of the VMI.
    • It is easy for VMI personnel to get dragged into processes and situations that are outside of its scope. This often happens when personnel join the VMI from other internal areas or departments and have good relationships with their former teammates. The relationships make it hard to say “No” when out-of-scope assistance is being requested.
    • The VMI may have “part-time” personnel who have responsibilities across internal departments, divisions, agencies, or teams. When the going gets tough and time is at a premium, people gravitate toward the easiest or most comfortable work. That work may not be VMI work.

    Phase 4: Review

    Keep Your VMI Up to Date and Running Smoothly

    Phase 1Phase 2Phase 3Phase 4
    1.1 Mission Statement and Goals


    1.2 Scope

    1.3 Strengths and Obstacles

    1.4 Roles and Responsibilities

    1.5 Process Mapping

    1.6 Charter

    1.7 Vendor Inventory

    1.8 Maturity Assessment

    1.9 Structure

    2.1 Classification Model
    2.2 Risk Assessment Tool
    2.3 Scorecards and Feedback
    2.4 Business Alignment Meeting Agenda
    2.5 Relationship Alignment Document
    2.6 Vendor Orientation
    2.7 Job Descriptions
    2.8 Policies and Procedures
    2.9 3-Year Roadmap
    2.10 90-Day Plan
    2.11 Quick Wins
    2.12 Reports

    3.1 Classify Vendors
    3.2 Conduct Internal “Kickoff” Meeting
    3.3 Conduct Vendor Orientation
    3.4 Compile Scorecards
    3.5 Conduct Business Alignment Meetings
    3.6 Work the 90-Day Plan
    3.7 Manage the 3-Year Roadmap
    3.8 Measure and Monitor Risk
    3.9 Issue Reports
    3.10 Develop/Improve Vendor Relationships
    3.11 Contribute to Other Processes

    4.1 Assess Compliance
    4.2 Incorporate Leading Practices
    4.3 Leverage Lessons Learned
    4.4 Maintain Internal Alignment
    4.5 Update Governances

    This phase will walk you through the following activities:

    Identify what the VMI should stop doing, start doing, and continue doing as it improves and matures. The main outcomes from this phase are ways to advance the VMI and maintain internal alignment.

    This phase involves the following participants:

    • VMI team
    • Applicable stakeholders and executives
    • Others as needed

    Jump Start Your Vendor Management Initiative

    Phase 4: Review

    Keep your VMI up to date and running smoothly.

    As the old adage says, “The only thing constant in life is change.” This is particularly true for your VMI. It will continue to mature; people inside and outside of the VMI will change; resources will expand or contract from year to year; your vendor base will change. As a result, your VMI needs the equivalent of a physical every year. In place of bloodwork, x-rays, and the other paces your physician may put you through, you’ll assess compliance with your policies and procedures, incorporate leading practices, leverage lessons learned, maintain internal alignment, and update governances.

    Be thorough in your actions during this Phase to get the most out of it. It requires more than the equivalent of gauging a person’s health by taking their temperature, measuring their blood pressure, and determining their body mass index. Keeping your VMI up to date and running smoothly takes hard work.

    Some of the items presented in this Phase require an annual review; others may require quarterly review or timely review (i.e. when things are top of mind and current). For example, collecting lessons learned should happen on a timely basis rather than annually, and classifying your vendors should occur annually rather than every time a new vendor enters the fold.

    Ultimately, the goal is to improve over time and stay aligned with other areas internally. This won’t happen by accident. Being proactive in the review of your VMI further reinforces the nature of the VMI itself – proactive vendor management, NOT reactive!

    Step 4.1: Assess compliance

    Determine what is functionally going well and not going well.

    Whether you have a robust set of vendor management-related policies and procedures or they are the bare minimum, gathering data each quarter and conducting an assessment each year will provide valuable feedback. The scope of your assessment should focus on two concepts: 1) are the policies and procedures being followed and 2) are the policies and procedures accurate and relevant. This approach requires parallel thinking, but it will help you understand the complete picture and minimize the amount of time required.

    Use the steps listed below (or modify them for your culture) to conduct your assessment:

    • Determine the type of assessment – formal or informal.
    • Determine the scale of the assessment – which policies and procedures will be reviewed and how many people will be interviewed.
    • Determine the compliance levels, and seek feedback on the policies and procedures – what is going well and what can be improved?
    • Review the compliance deviations.
    • Conduct a root cause analysis for the deviations.
    • Create a list of improvements and gain approval.
    • Create a plan for minimizing noncompliance in the future.
      • Improve/increase education and awareness.
      • Clarify/modify policies and procedures.
      • Add resources, tools, and people (as necessary and as allowed).

    Step 4.2: Incorporate leading practices

    Identify and evaluate what external VMIs are doing.

    The VMI’s world is constantly shifting and evolving. Some changes will take place slowly, while others will occur quickly. Think about how quickly the cloud environment has changed over the past five years versus the 15 years before that; or think about issues that have popped up and instantly altered the landscape (we’re looking at you COVID-19 and ransomware). As a result, the VMI needs to keep pace, and one of the best ways to do that is to incorporate leading practices.

    At a high level, a leading practice is a way of doing something that is better at producing a particular outcome or result or performing a task or activity than other ways of proceeding. The leading practice can be based on methodologies, tools, processes, procedures, and other items. Leading practices change periodically due to innovation, new ways of thinking, research, and other factors. Consequently, a leading practice is to identify and evaluate leading practices each year.

    Step 4.2: Incorporate leading practices (cont.)

    Update your VMI based on your research.

    • A simple approach for incorporating leading practices into your regular review process is set out below:
    • Research:
      • What other VMIs in your industry are doing.
      • What other VMIs outside your industry are doing.
      • Vendor management in general.
    • Based on your results, list specific leading practices others are doing that would improve your VMI (be specific – e.g. other VMIs are incorporating risk into their classification process).
    • Evaluate your list to determine which of these potential changes fit or could be modified to fit your culture and environment.
    • Recommend the proposed changes to leadership (with a short business case or explanation/justification, as needed) and gain approval.

    Remember: Leading practices or best practices may not be what is best for you. In some instances, you will have to modify them to fit your culture and environment; in other instances, you will elect not to implement them at all (in any form).

    Step 4.3: Leverage lessons learned

    Tap into the collective wisdom and experience of your team members.

    There are many ways to keep your VMI running smoothly, and creating a lessons learned library is a great complement to the other ways covered in this Phase 4: Review. By tapping into the collective wisdom of the team and creating a safe feedback loop, the VMI gains the following benefits:

    • Documented institutional wisdom and knowledge normally found only in the team members’ brains.
    • The ability for one team member to gain insights and avoid mistakes without having to duplicate the events leading to the insights or mistakes.
    • Improved methodologies, tools, processes, procedures, skills, and relationships.

    Many of the processes raised in this Phase can be performed annually, but a lessons learned library works best when the information is “deposited” in a timely manner. How you choose to set up your lessons learned process will depend on the tools you select and your culture. You may want to have regular “input” meetings to share the lessons as they are being deposited, or you may require team members to deposit lessons learned on a regular basis (within a week after they happen, monthly, or quarterly). Waiting too long can lead to vague or lost memories and specifics – timeliness of the deposits is a crucial element.

    Step 4.3: Leverage lessons learned (cont.)

    Create a library to share valuable information across the team.

    Lessons learned are not confined to identifying mistakes or dissecting bad outcomes. You want to reinforce good outcomes as well. When an opportunity for a lessons-learned deposit arises, identify the following basic elements:

    • A brief description of the situation and outcome.
    • What went well (if anything) and why did it go well?
    • What didn't go well (if anything) and why didn't it go well?
    • What would/could you do differently next time?
    • A synopsis of the lesson(s) learned.

    Info-Tech Insights

    The lessons learned library needs to be maintained. Irrelevant material needs to be culled periodically, and older or duplicate material may need to be archived.

    The lessons learned process should be blameless. The goal is to share insightful information … not to reward or punish people based on outcomes or results.

    Step 4.4: Maintain internal alignment

    Review the plans of other internal areas to stay in sync.

    Maintaining internal alignment is essential for the ongoing success of the VMI. Over time, it is easy to lose sight of the fact that the VMI does not operate in a vacuum; it is an integral component of a larger organization whose parts must work well together to function optimally. Focusing annually on the VMI’s alignment within the enterprise helps reduce any breakdowns that could derail the organization.

    To ensure internal alignment:

    • Review the key components of the applicable materials from Phase 1: Plan and Phase 2: Build with the appropriate members of the leadership team (e.g. executives, sponsors, and stakeholders). Not every item from those Phases and Steps needs to be reviewed, but err on the side of caution for the first set of alignment discussions, and be prepared to review each item. You can gauge the audience’s interest on each topic and move quickly when necessary or dive deeper when needed. Identify potential changes required to maintain alignment.
    • Review the strategic plans (e.g. 1-, 3-, and 5- year plans) for various portions of the organization if you have access to them or gather insights if you don’t have access.
      • If the VMI is under the IT umbrella, review the strategic plans for IT and its departments.
      • Review the strategic plans for the areas the VMI works with (e.g. Procurement, Business Units).
      • The organization itself.
    • Create and vet a list of modifications to the VMI and obtain approval.
    • Develop a plan for making the necessary changes.

    Step 4.5: Update governances

    Revise your protocols and return to the beginning of cyclical processes.

    You’re at the final Step and ready to update governances. This is comprised of two sequential paths.

    • First, use the information from Steps 4.1-4.4 to make any required modifications to the items in Phase 1: Plan, Phase 2: Build, and Phase 3: Run. For example, you may need to update your policies and procedures (Step 2.8) based on your findings in Step 4.1; or you may need to update the VMI’s scope (Step 1.2) to ensure internal alignment issues identified in Step 4.4. are accounted for.
    • Second, return to Phase 3: Run to perform the activities below; they tend to be performed annually, but use your discretion and perform them on an as-needed basis:
      • Reclassify vendors.
      • Complete a new maturity assessment.
      • Run reorientation sessions for vendors.
      • Conduct a kickoff meeting to update internal personnel.

    Other activities and tasks (e.g. scorecards and BAMs) may be impacted by the modifications made above, but the nature of their performance follows a shorter cadence. As a result, they are not specifically called out here in this Step 4.5 since they are performed on an ongoing basis. However, don’t overlook them as part of your update.

    Summary of Accomplishment

    Problem Solved

    Vendor management is a broad, often overwhelming, comprehensive spectrum that encompasses many disciplines. By now, you should have a great idea of what vendor management can or will look like in your organization. Focus on the basics first: Why does the VMI exist and what does it hope to achieve? What is its scope? What are the strengths you can leverage, and what obstacles must you manage? How will the VMI work with others? From there, the spectrum of vendor management will begin to clarify and narrow.

    Leverage the tools and templates from this blueprint and adapt them to your needs. They will help you concentrate your energies in the right areas and on the right vendors to maximize the return on your organization’s investment in the VMI of time, money, personnel, and other resources. You may have to lead by example internally and with your vendors at first, but they will eventually join you on your path if you stay true to your course.

    At the heart of a good VMI is the relationship component. Don’t overlook its value in helping you achieve your vendor management goals. The VMI does not operate in a vacuum, and relationships (internal and external) will be critical.

    Lastly, seek continual improvement from the VMI and from your vendors. Both parties should be held accountable, and both parties should work together to get better. Be proactive in your efforts, and you, the VMI, and the organization will be rewarded.

    If you would like additional support, have our analysts guide you through other phases as part of an Info-Tech workshop

    Contact your account representative for more information

    workshops@infotech.com

    1-888-670-8889

    Related Info-Tech Research

    Prepare for Negotiations More Effectively

    Don't leave negotiation preparations and outcomes to chance. Learn how to prepare for negotiations more effectively and improve your results.

    Understand Common IT Contract Provisions to Negotiate More Effectively

    Info-Tech’s guidance and insights will help you navigate the complex process of contract review and identify the key details necessary to maximize the protections for your organization.

    Capture and Market the ROI of Your VMO

    Calculating the impact or value of a vendor management office (VMO) can be difficult without the right framework and tools. Let Info-Tech’s tools and templates help you account for the contributions made by your VMO.

    Bibliography

    “Best Practices for Writing Corporate Policies and Procedures.” PowerDMS, 29 Dec. 2020. Accessed 11 January 2022.

    Duncan. “Top 10 Tips for Creating Compelling Reports.” Design Eclectic, 11 October 2019. Accessed 29 March 2022.

    Eby, Kate. “Master Writing Policies, Procedures, Processes, and Work Instructions.” 1 June 2018, updated 19 July 2021. Accessed 11 January 2022.

    “Enterprise Risk Management.” Protiviti, n.d. Accessed 16 Feb. 2017.

    Geller & Company. “World-Class Procurement — Increasing Profitability and Quality.” Spend Matters, 2003. Accessed 4 March 2019.

    Guth, Stephen. “Vendor Relationship Management Getting What You Paid for (And More).” Citizens, 26 Feb. 2015. Web.

    Guth, Stephen. The Vendor Management Office: Unleashing the Power of Strategic Sourcing. Lulu.com, 2007. Print.

    “ISG Index 4Q 2021.” Information Services Group, Inc., 2022. Web.

    “Six Tips for Making a Quality Report Appealing and Easy To Skim.” AHRQ, Oct. 2019. Accessed 29 March 2022.

    Tucker, Davis. “Marketing Reporting: Tips to Create Compelling Reports.” 60 Second Marketer, 28 March 2020. Accessed 29 March 2022.

    “Why Do We Perform Better When Someone Has High Expectations of Us?” The Decision Lab, 9 Sept. 2020. Accessed 31 January 2022.

    Fix Your IT Culture

    • Buy Link or Shortcode: {j2store}518|cart{/j2store}
    • member rating overall impact: 10.0/10 Overall Impact
    • member rating average dollars saved: $32,499 Average $ Saved
    • member rating average days saved: 20 Average Days Saved
    • Parent Category Name: Lead
    • Parent Category Link: /lead
    • Go beyond value statements to create a culture that enables the departmental strategy.
    • There is confusion about how to translate culture from an abstract concept to something that is measurable, actionable, and process driven.
    • Organizations lack clarity about who is accountable and responsible for culture, with groups often pointing fingers at each other.

    Our Advice

    Critical Insight

    • When it comes to culture, the lived experience can be different from stated values. Culture is the pattern of behaviors and the way work is done rather than simply perks, working environment, and policy.
    • Executives’ active participation in culture change is paramount. If executives aren’t willing to change the way they behave, attempts to shift the culture will fail.
    • Elevate culture to a business imperative. Foster a culture that is linked to strategy rather than trying to replicate the hot culture of the moment.
    • Target values that will have the greatest impact. Select a few focus values as a guide and align all behaviors and work practices to those values.

    Impact and Result

    • Executives need to clarify how the culture they want will help achieve their strategy and choose the focus values that will have the maximum impact.
    • Measure the current state of culture and facilitate the process of leveraging existing elements while shifting undesirable ones.

    Fix Your IT Culture Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should improve your culture to enable your strategy, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Assessment: Determine current culture and identify focus values

    Complete a cultural assessment and select focus values to form core culture efforts.

    • Culture Documentation Template
    • IT Departmental Values Survey
    • IT Culture Diagnostic
    • Cultural Assessment Report Template

    2. Tools: Give IT executives the tools to drive change

    Enable executives to gather feedback on behavioral perceptions and support behavioral change.

    • Executive Reflection Template

    3. Behavioral Alignment: Align IT behaviors to the desired culture

    Review all areas of the department to understand where the links to culture exist and create a communication plan.

    • Standard Internal Communications Plan
    • IT Competency Library
    • Leadership Competency Library

    4. Sustainment: Disseminate and manage culture within the department

    Customize a process to infuse behaviors aligned with focus values in work practices and complete the first wave of meetings.

    • Culture Facilitation Guide for Leaders
    [infographic]

    Implement the Next-Generation IT Operating Model

    • Buy Link or Shortcode: {j2store}85|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: IT Strategy
    • Parent Category Link: /it-strategy

    IT is being challenged to change how it operates to better support evolving organizations by:

    • Considering the needs of customers, end users, and organizational stakeholders simultaneously.
    • Leveraging resources strategically to support the various IT and digital services being offered.
    • Creating a digital services enablement office that can design, monitor, and continuously enhance services.

    Our Advice

    Critical Insight

    • The role of IT is changing, and with that, how IT needs to operate to deliver value is also changing. Don’t get left behind with an irrelevant IT operating model.
    • Elevate your reputation as a leader beyond the CIO role. Mature your organization’s digital services by considering the customer experience first.
    • As recessions, disasters, and pandemics hit, don’t adopt old ways of operating with 2008 centralized models. Embrace a hybrid IT where value sets your organization apart.

    Impact and Result

    • Embrace the Exponential IT Operating Model so you can:
      • Say “yes” to stakeholders trying to provide a better experience for customers and consumers.
      • Leverage data more effectively across your organization.
      • Consider how to integrate and deliver services using resources effectively and strategically.

    Implement the Next-Generation IT Operating Model Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Implement the Next-Generation IT Operating Model Deck – The next generation operating model for organizations embracing exponential IT.

    This research piece is for any IT leaders looking to support the organization in its post-transformation state by focusing on the customer experience when operating. CIOs struggling with outdated IT operating models can demonstrate true partnership with this digital services next-generation IT operating model.

    • Implement the Next-Generation IT Operating Model Storyboard

    2. Exponential IT Operating Model Readiness Assessment – A tool to assess your organization’s readiness to adopt this next generation of IT operating models.

    Use this tool to determine whether your organization has the fundamental components necessary to support the adoption of an Exponential IT operating model.

    • Exponential IT Operating Model Readiness Assessment

    3. Career Vision Roadmap Tool – A template to create a simple visual roadmap of your desired career progression from CIO to chief digital services officer (CDSO).

    Use this template to create a roadmap on how to transform your career from CIO to CDSO leveraging key strengths and relationships. Focus on opportunities to demonstrate IT’s maturity and the customer experience at the forefront of your decisions.

    • Career Vision Roadmap
    [infographic]

    Further reading

    Implement the Next-Generation IT Operating Model

    The operating model for organizations embracing Exponential IT and transforming into technology-first enterprises.

    Analyst Perspective

    Be the organization that can thrive in an exponential IT world.

    A picture of Carlene McCubbin A picture of Brittany Lutes

    Carlene McCubbin
    Research Practice Lead
    CIO Organizational
    Transformation Practice
    Info-Tech Research Group

    Brittany Lutes
    Research Director,
    CIO Organization Transformation Practice
    Info-Tech Research Group

    IT leaders are increasingly expected to be responsible for understanding and delivering high-value customer experiences. This evolution depends on the distribution and oversight of IT capabilities that are embedded throughout the organizational structure.

    Defining digital strategic objectives, establishing governance frameworks for an autonomous culture, and enabling the organization to act on insightful data are all impossible without a new way of operating that involves the oversight and accountability of advancing IT roles. Through exponential change, functional groups can lose clarity regarding their responsibilities, creating a sense of ambiguity and disorder.

    But adopting a new way of working that supports an exponential IT organization does not have to be difficult. Leveraging Info-Tech Research Group's next-generation operating model, you can clearly demonstrate how the organization will collaborate to deliver on the various digital and IT services. This is no longer just an IT operating model, but a technology-first enterprise model.

    Included in this blueprint:

    Exponential IT Model

    Defines how the Exponential IT model operates and delivers value to the organization.
    This is done by exploring:

    • Exponential IT cultural norms and behaviors
    • Opportunities and risks of the Exponential IT model
    • A breakdown of the embedded, integrated, and centralized aspects of the model
    • Operating model value stream stages
    • An assessment on whether the Exponential IT operating model is right for your organization

    Changing Role of IT Leader

    Defines how chief information officers (CIOs) can operate or elevate their role in this changing operating model.

    • Identifies why the C-suite is changing – again
    • How IT leaders should consider where they will add value in the new operating model
    • Outlines examples of future organization-wide structures and where IT roles are positioned
    • Supports IT leaders in developing themselves to operate in this structure

    Executive Summary

    Your Challenge

    IT is challenged to change how it operates to better support evolving organizations. IT must:

    • Consider the needs of customers, end users, and organization stakeholders simultaneously.
    • Leverage resources strategically to support the various IT and digital services being offered.
    • Create a digital services enablement office to design, monitor, and enhance services continuously.

    While many organizations have projects that support a digital strategy, few have an operating model that supports this digital services strategy.

    Common Obstacles

    Organizations struggle to support the definition and ongoing maintenance of services because:

    • The organization's Digital and IT services offerings are not clear.
    • The functional team accountable to deliver on each IT or Digital service is ambiguous.
    • There are insufficient resources to support all the IT and Digital services being offered.
    • C-suite leaders required to support the services are missing or in the wrong role to effectively lead.
    • Technology has not been standardized to ensure consistency and effectiveness.

    Info-Tech's Approach

    Embrace the IT operating model that focuses on the enablement and delivery of Digital and IT services by:

    • Having technology stakeholders actively collaborate to decide on priorities and deliver on objectives.
    • Leveraging data more effectively across the organization to understand and meet user needs.
    • Ensuring technology architecture and security standards are well-established and followed by all throughout the organization.
    • Allocating dedicated and skilled resources to ensure services can be continuously delivered.

    Info-Tech Insight

    The first IT operating model where customer engagement with IT and Digital Services is at the forefront.

    What is an operating model?

    An IT operating model is a visual representation of the way your IT organization will function using a clear and coherent blueprint. This visualization demonstrates how capabilities are organized and aligned to deliver on the business mission and strategic and technological objectives.

    The should visualize the optimization and alignment of the IT organization to deliver the capabilities required to achieve business goals. Additionally, it should demonstrate the workflow so key stakeholders can understand where inputs flow in and outputs flow out of the IT organization. Investing time in the front-end to get the operating model right is critical. This will give you a framework to rationalize future organizational changes, allowing you to be more iterative and your model to change as the business changes.

    An image of a sample Operating Model


    From computerization to digitization to the new frontier in autonomization, IT has progressively matured, enabling it to actively lead this next stage of business transformation.

    EXPONENTIAL RISK
    Autonomous processes will integrate with human-led processes, creating risks to business continuity, information security, and quality of delivery. Supplier power will exacerbate business risks.

    EXPONENTIAL REWARD
    The efficiency gains and new value chains created through artificial intelligence (AI), robotics, and additive manufacturing will be very significant. Most of this value will be realized through the augmentation of human labor.

    EXPONENTIAL DEMAND
    Autonomous solutions for productivity and back-office applications will eventually become commoditized and provided by a handful of large vendors. There will, however, be a proliferation of in-house algorithms and workflows to autonomize the middle and front office, offered by a busy landscape of industry-centric capability vendors.

    EXPONENTIAL IT

    Exponential IT involves IT leading the cognitive re-engineering of the organization with evolved practices for:

    • IT governance
    • Asset management
    • Vendor management
    • Data management
    • Business continuity management
    • Information security management

    To learn more about IT's journey into autonomization, check out Info-Tech Research Group's Adopt an Exponential IT Mindset blueprint.

    The IT operating model must evolve to respond to exponential change

    • Ensuring customers are not an afterthought to IT leaders. Customers inform how and where IT leaders invest resources to realize organizational objectives.
    • Adopting a formalized approach to service definition and delivery to eliminate silos.
    • Leveraging data throughout the organization to better inform and enable the various digital services in meeting customer demands.
    • Responding to employee demands for development and training opportunities by applying skills in new settings.
    • Having cross-collaboration mechanisms built into the ways of operating to reduce silos across the organization.
    • Enabling services through a strong set of governance and risk mandates and practices.
    • Eliminating the need for IT capabilities to only be within an IT department.

    IT can no longer be just a service provider:

    78% of IT leaders with established digital strategies and 45% of IT leaders with emerging digital strategies are driven by customer experiences.
    Source: Foundry "Digital Business Study,"2023

    40% - The number of CIOs that are responsible for creating new products or services to support revenue generation.
    Source: Foundry, "The State of the CIO," 2023

    This change requires a breakdown of traditional IT-business divisions

    CIOs must recognize that separating IT from the business is restrictive

    • Many organizations have recently completed or are in the process of completing a digital transformation focused on enhanced employee and customer experiences.
    • Post-transformation organizations must change how they operate to continue to deliver on those enhanced experiences, especially for the customer.
    • There must no longer be a wall between IT and the business, but a unified organization offering digital services that include IT components. Already, 81% of work is being performed across the functional boundaries created in an organization (Deloitte, 2023).
    • Effectively designing, delivering, and maintaining these services depends on a Digital Services functional layer, expanding IT's involvement into how the business delivers worthwhile experiences to customers.
    • This Digital Services functional layer will consider whether the new services are better owned by the IT group or another area of the organization.
    • CIOs need to be prepared to adopt a new way of operating or be left to manage a smaller subset of IT functions.

    "I think we've done the IT industry a disservice by constantly referring to IT and the business, artificially creating this wedge."
    – David Vidoni, VP of IT at Pegasystems
    Source: Dan Roberts, CIO, 2023

    Four trends driving an Exponential IT organization include:

    Emerging Technologies

    • 67% of respondents to KPMG's 2022 Global Tech Survey indicated they intend to embrace emerging platforms by the end of 2024.(1)
    • The technology landscape is constantly shifting with artificial intelligence (AI), quantum computing, 5G cellular networks, and next-generation robotics. Each of these technologies requires new capabilities and a new way in which those capabilities are organized.

    Enhanced Customer Experiences

    • 24% of CIOs have been tasked by their CEO to increase the customer experience.(3)
    • Organizations realize that to gain and retain customers, it has become necessary to consistently evaluate service offerings and identify opportunities for enhancement or new services.

    Digital Trust

    • 1/3 of CISOs plan to increase their GRC focus during the next year and 36% have already begun to implement Zero Trust components.(2)
    • Risk and security capabilities mature focusing on defined enterprise accountability, consideration of ethics and inclusivity and proactive security controls.

    Embedded Technology & Skills

    • Spending on embedded software is expected to increase to $21.5 billion by 2027.(4)
    • The technology strategy no longer resides solely within IT. The organization must take ownership of this strategy while they define their digital strategies. Technology services are also embedded.

    (1) "Global Tech Survey," KPMG, 2022
    (2) "Global Digital Trust Insights Report," PwC, 2023
    (3) "State of IT Report," Foundry, 2023
    (4) "Global surge in embedded software demand; here is why," DAC Digital, 2023

    Application of the Four Key Trends on your Exponential IT operating model:

    Respond to Emerging Technology In response to changing customer demands, organizations need to actively seek, assess, and integrate emerging technology offerings easily and effectively. By governing data at an enterprise level and implementing the necessary guardrails in the form of architecture and security standards at the technology layer, it becomes easier to adopt new technologies such as artificial intelligence (AI). This should be tied to any mandated objectives.
    Build Digital Trust Capabilities Finding and hiring the right security professionals has long been a challenge for organizations. In the Exponential IT model, focus on security oversight increases and fewer operational resources are required. The model sees governing IT security processes and vendor delivery as priorities to enable the right technology without exposing the organization to undue risk. There should be more security-related capabilities in your Exponential IT model.
    Elevate the Customer Experience Evolving the organization's digital offering requires understanding of and active response to the changing demands of customers. This is accomplished by leveraging information from organization-wide data sources and the modular components of the organization's current digital offerings. The components can be reconfigured (or new ones added) to create digital services for the customer.
    Formalize Embedded Business Technology & Roles Technology is actively included in the organization's business (digital) strategy. This ensures that technology remains an embedded component of how the organization competes in the market, supplies invaluable services, and delivers on strategic objectives. The separation of IT from the organization becomes redundant.
    Visualize your IT Operating Model.

    Adopting an Exponential IT operating model is typically influenced by resonating with the following drivers:

    Culture

    IT Strategy & Objectives

    Organization Operating Model

    Organization Size & Structure

    Perception of IT

    Risk Appetite

    A cooperative and innovative culture where the organization does not feel constrained by current processes. Establishing a growth mindset across all the organization's groups is reflected by the trust service owners receive.

    Focused on delivering the best customer experience. The roadmap would include ample opportunities to better support the customer in obtaining or exceeding the degree of value they receive from the organization.

    Empowering service owners across the organization to be accountable for the delivery and value of their services. Lots of collaboration among stakeholders who know what services are offered and how those services leverage technology.

    More appropriate for larger organizations due to the resources required to design and enable successful services. IT resources would also be pooled by skills.

    IT is not a service provider but an equal that enables the organization's success. Without IT involvement, digital services may be omitted and opportunities to enhance the customer experience would be missed.

    While innovation and new service offerings are critical to success, there are functional groups that remain focused on defining the level of risk tolerance that supports the appropriate risk appetite to consider new service offerings.

    Section 1: The Next-Generation Operating Model

    The Technology Value Trinity

    Delivery of Business Value & Strategic Needs

    I&T OPERATING MODEL

    DIGITAL & TECHNOLOGY STRATEGY

    I&T GOVERNANCE

    The model for how IT is organized to deliver on business needs and strategies.

    The identification of objectives and initiatives necessary to achieve business goals.

    Ensures the organization and its customers extract maximum value from the use of information and technology.

    All three elements of the Technology Value Trinity work together to deliver business value and achieve strategic needs. As one changes, the others must change as well.
    How do these three elements relate?

    • I&T Operating Model aligns resources, processes, measures, stakeholders, value streams, and decision rights to enable the delivery of your strategy and priorities. This is done by strategically structuring IT capabilities in a way that enables the organization's vision and considers the context in which the model will operate.
    • Digital and IT Strategy tells you what you must achieve to be successful. For an Exponential IT organization, customer demands and digital service offerings would drive strategic decisions.
    • I&T Governance is the confirmation of IT's goals and strategy, which ensures the alignment of IT and business strategy. This is the mechanism by which you continuously prioritize work so that what is delivered aligns with the strategy.

    Strategy, operating models, and governance are too often considered separate practices – strategies are defined without clarity on how to support. A significant change to your strategy necessitates a change to your operating model, which in turn necessitates a change to your governance and organizational structure.

    The Exponential IT operating model delivers value across seven components

    Exponential IT

    Capabilities

    Products, Services and Technology

    Performance Measures

    Stakeholder Engagement & Collaboration

    Decision Rights & Authority

    Value Streams

    Sourcing

    IT capabilities in the Exponential IT model are spread across the organization. The result removes the separation between IT and the organization. Instead, the organization takes accountability for ensuring technology capabilities are delivered.

    Digital service offerings dominate this model, focusing on providing better experiences for customers. Some technology platforms are specific to a service such as access management, while others span service offerings such as architecture or security.

    This model's success is measured by the overall ability to satisfy the customer experience through designing and delivering the right digital service offerings. Service owners are responsible for continuously monitoring and advancing the delivery of the service.

    The end-customer is the main stakeholder for this operating model, where understanding their needs and demands informs the design, maintenance, and improvement of all services. There is no longer IT vs. the business but an organizational perspective of services.

    This model's decision-making spans the organization. The service owners of digital offerings have authority and autonomy deciding which services to design, how they should be integrated with other services, and how those services will continually deliver value to customers.

    Exponential IT's five core value streams are:

    1. Identifying and prioritizing customer needs
    2. Designing IT and Digital Services
    3. Enabling IT & Digital Service success
    4. Assigning skilled employees to deliver services
    5. Owning & managing services

    Internal resource pools might need to be supplemented with contract resources when demand exceeds capacity, requiring a strong partnership with the Vendor Management Team. Service owners will also need to engage and manage the performance of their vendor solution partners.

    Organizations adopting the Exponential IT Model will experience new norms and behaviors

    Customer-Centric
    Dedicated to the customer experience and making sure that the end customer is considered first and foremost.

    "Yes" Approach
    The organization can say yes to emerging technology and customer desires because it has organized itself to be agile in its digital service offerings.

    Digital Service Ownership
    Digital service offerings are owned and managed across the organization ensuring the continuous delivery of value to customers.

    Employee Development
    Resources are organized into pods based on specific skills or functions increasing the likelihood of adopting new skills.

    Autonomization
    Centralized and accessible data provides service owners autonomy when making informed decisions that support enhanced customer experiences.

    Exponential IT is an embedded model approach

    Info-Tech has identified seven common IT operating model archetypes. Each model represents a different approach to who delivers technology services and how. Each model is designed to drive different outcomes, as the way your organization is structured will dictate the way it behaves. The Exponential IT model is an emerging archetype which capitalizes on embedded delivery.

    An image of the exponential IT embedded model approach.

    Centralized

    Shifted

    Embedded

    Owned and operated by leadership within IT. IT takes full responsibility of the functional areas and maintains control over the outcomes.

    Can be owned/operated by a variety of leadership roles throughout the organization. This can shift from IT ownership to other organizational leadership. Decisions about ownership are often made to enable quick response or mitigate risks.

    Owned/operated by leadership outside of traditional IT. Another area of the organization has taken authoritative power over the outcome of this functional area for a quicker response.

    Even as an embedded IT operating model, shifted and centralized IT functions as support

    1. Embedded functions required for scaled autonomation
      Definition and oversight of the organization's strategic direction demonstrated through a customer-first culture, data insights, and a well-defined risk appetite.
    2. Integrated design and optimization of the digital service offering
      Actively considers the customer experience and designs the appropriate services to be delivered. Considers all aspects in the design and delivery of services by exploring opportunities to integrate components to enhance customer experiences or architecting new service offerings to eliminate gaps.
    3. Centralized standards for IT technology, security & resources
      Technology functions continue to deliver exceptional services to the enterprise including clear standards for technology and solution architecture, application of security requirements, and resources to enable various service offerings.

    Opportunities and risks of the Exponential IT model

    Opportunities

    Risks
    • Focused on the end-customer experience and how to ensure that customer remains satisfied and loyal to the organization.
    • The capability center allows resources to be used strategically according to where they would most improve the customer experience.
    • Services are owned by the most appropriate areas within the organization—sometimes IT and other times not. In either case, services should always possess technological knowledge.
    • The organization's transformation strategy is not just driving IT's strategy but how IT should be organized and operating. This eliminates disconnect from larger strategic objectives.
    • Data intelligence and customer insights enable the shifted and centralized areas of the operating model to deliver effective and valuable experiences for all stakeholders.
    • Requires a high degree of maturity to support a variety of individuals in owning IT and digital capabilities.
    • Organizational buy-in to this operating model archetype is a must. IT cannot select this operating model without that support.
    • Processes around how all IT and Digital Services consider security and technology standards need to be well-documented and enforceable.
    • Depending on which leaders oversee the three areas of the model (embedded, shifted, or centralized), power struggles could occur which negatively impact services.
    • This model will demand governance, risk, and culture to be at the forefront of how it operates. If an accountability framework does not exist, expect this model to fail.

    The Exponential IT operating model blends embedded, shifted and centralized delivery to balance agility & risk

    An image of the Exponential IT Operating Model.

    The Exponential IT model commands a new placement and significance of IT capabilities

    Using capabilities for the operating model

    • Capabilities are focused on the entire system that would be in place to satisfy a particular need. This not only includes the people who are able to complete a specific task, but the technology, processes, and resources required to deliver.
    • Focusing on capabilities rather than the individuals in organizational redesign enables a more objective and holistic view of what your organization is striving toward.
    • Capabilities deliver on specific need(s) and how they are organized changes the way those needs are delivered.
    The Exponential IT principles as an image: Strategy and Governance, Financial Management, Service Planning and Architecture, People and Resources, Security and Risk, Applications, Data and Analytics, Infrastructure and Operations, and PPM and Projects.

    1. Embedded functions required for autonomization

    Overview of the function:

    • Focuses on a single strategy and roadmap for the organization that actively includes technology.
    • Governance, risk, compliance, and general oversight are defined and embedded throughout the organization.
    • Ensures that quality data is being generated to help inform the defined digital service offering.
    • Readies the organization to adopt emerging technology quickly and with minimal disruption to other digital service offerings.
    • A team of technical experts that decides what information should exist for operational efficiency or service innovation.

    Embedded functions required for autonomization

    2. Integrated design and optimization of the digital service offering

    Overview of the function:

    • Analyzes and responds to insights about the customer experience.
    • Maintains the portfolio of the organization's digital service offerings.
    • Considers what is necessary to operate efficiently as an organization while simultaneously exploring emerging technology to optimize new or existing digital services.
    • Requires the expertise and involvement of both business-minded and technology-skilled resources.
    • The differentiating factor from other IT operating models is how it holistically considers all the components throughout the organization and how they are connected.

    Integrated design and optimization of the digital service offering

    3. Centralized standards for IT technology, security & resources

    Overview of the function:

    • Compared with other IT operating model archetypes, the Exponential IT model has fewer capabilities that are centralized within the technology function of an organization.
    • Architecture and standards are the foundation of successful embedded delivery, ensuring reuse, improved integration, and a unified experience. This includes technology, risk, data, AI and security architecture, models, and standards.
    • Employee resources are also organized in pods to be leveraged based on greatest need and skills availability.
    • This lets the organization be more agile when innovating and implementing new digital service offerings.

    Centralized standards for IT technology, security & resources

    Exponential IT explores new value stream stages

    Customer Perspective

    The organization is continually anticipating their wants and needs and establishing mechanisms to vocalize those needs.

    Customer receives the right IT and digital services to respond to their needs.

    The service is easy to use and continuously responds to wants and needs.

    The service is meeting expectations or exceeding them.

    There is a dedicated service owner who can hear demands and feedback, then action desirable outcomes.

    Value Stream Stages

    An image of the Value Stream

    Organizational Perspective

    Expected Outcome

    Customers' wants and needs are understood and at times anticipated before the customer requests them.

    Assess needs to determine if service is already offered or needs to be created. Design services that will enhance the customer experience.

    Look for opportunities to integrate processes and resources to increase the performance of IT and Digital Services.

    Ensure that the right employees with the right skills are working to develop or enhance service offering.

    The service owner manages the ongoing lifecycle of the service and establishes a roadmap on how value will continue to be delivered.

    Critical Processes

    • Customer experience
    • Research and innovation
    • Stakeholder management
    • Research and innovation
    • Service design & portfolio management
    • Performance management
    • Continuous improvement
    • Integration planning
    • Service management
    • Resource planning and allocation
    • Service strategy & roadmap
    • Service governance
    • Service performance management

    Metrics

    • Customer satisfaction score
    • Service-to-need alignment
    • Gaps in service portfolio
    • Speed to design services
    • Service performance
    • Service adoption
    • Time to resolve customer demand
    • Frequency by which service requires enhancements
    • Service satisfaction
    • Alignment of service strategy to organization strategy

    1.1 Assess if the Exponential IT operating model is right for your organization

    1 hour

    1. Begin by downloading the Exponential IT Operating Model Assessment.
    2. Review the questions within each of the operating model components. For each question, use the drop-down menu to determine your level of agreement.
    3. The more your organization agrees with the statements, the more likely your organization is prepared to implement an Exponential IT operating model.
    4. The less your organization agrees with the statements, the more likely you should adopt a different IT operating model.
    5. For support implementing the Exponential IT or another IT operating model, explore the Visualize Your IT Operating Model blueprint (coming soon).

    Input

    • Desire to change the organization's IT & Digital operating model

    Output

    • Desire to implement the IT & Digital Service Enablement operating model

    Materials

    • Exponential IT Operating Model Assessment

    Participants

    • Executive IT leadership
    • Business leadership

    Explore other Info-Tech research to support your organization transformation initiatives

    Visualize the IT Operating Model blueprint (coming soon)

    Visualize the IT Operating Model blueprint (coming soon)

    Redesign Your IT Organizational Structure

    Redesign Your IT Organizational Structure

    Section 2: Elevating the CIO Role

    The next generation of IT C-suite roles are here

    As the operating model changes and becomes increasingly embedded into the organization's delivery of IT and Digital Services, new C-suite roles are being defined

    • One of the most critical roles being defined in this change is the Chief Digital Services Officer (CDSO) who focuses on all components of the digital experience from the lens of the customer.
    • There are two directions from which the CDSO role is typically approached as it gains popularity:
      • CIOs evolve beyond just information and technology—focusing on how IT & Digital Services enhance the customer experience
      • Business leaders who have technical know-how increase their involvement and responsibility over IT related functions
    • IT leaders need to consider where they would rather sit: focused only on technology and remaining a service provider to the organization, or embedding technology into the services, products, and organization in general?

    60%

    The number of APAC CIOs who can anticipate their job to be challenged by their peers within the organization.

    Source: Singh, Yashvendra, CIO, 2023.

    Info-Tech Insight

    This is not about making the CIO report to someone else but allowing the CIO to elevate their role into that of a CDSO.

    Increasing IT leadership's span of control throughout the organization

    As maturity increases so does span of control, ownership & executive influence

    Organizations hoping to fully adopt the Exponential IT operating model require a shift in leadership expectations. Notably, these leaders will have oversight and accountability for functions beyond the traditional IT group.

    As the organization matures its governance, security, and data management practices, increasing how it delivers high-impact experiences to customers, it would have one leader who owns all the components to ensure clear alignment with goals and business strategy.

    An image of a graph where the X axis is labeled Span of Control & Influence, and the Y axis is Organization Maturity.

    Emerging Exponential IT organizations will have distributed authority

    • Organizations beginning their transition toward an exponential model often continue to have distributed leaders providing oversight of distinct functional areas.
    • Their spans of control are smaller, but very clearly defined, eliminating confusion through a transparent accountability framework.
    • Each leader strives toward optimization and efficiency regarding IT capabilities, for which they are responsible.
    1. Distributed Leadership
      Embedded functions required for scaled autonomation
      Distributed leaders identify the ways technology will enable them to advance enterprise objectives while maintaining autonomy over their own functions. They may oversee technology.
    2. Experience Officer
      Integrated design and optimization of the digital service offering
      An Experience Officer will help consider the insights gained from enterprise data and make informed decisions around enterprise service offerings. They actively explore new ways to deliver high-value experiences.
    3. Chief Technology Officer (CTO)
      Centralized standards for IT technology, security & resources
      A CTO will continue to oversee the core technology, including infrastructure and service management functions.

    Established organizations will be driven by a digital transformation journey

    • Organizations that have begun to deliver on their transformation journey will typically see two distinct C-suite leaders emerge—the CIO and the CDO.
    • The Chief Digital Officer (CDO) often explores ways to optimize the integration and management of data to enable insightful decision making from the organization.
    • The Chief Information Officer (CIO), however, considers mechanisms to standardize how new technologies can be integrated with the architecture.
    • While both leaders have distinct responsibilities, their roles intersect at the customer experience.

    An image of the digital transformation journey

    Advanced organizations will be managed by a single emerging role

    • A single leader will oversee all the functional areas where value is delivered and enabled by IT capabilities.
    • Through a large span of control, this leader can holistically consider opportunities to optimize the customer experience and ensure recommendations are actioned to deliver on that enhanced experience.
    • This leader's span of control will require a strong understanding of both strategic and operational functions to authoritatively oversee all aspects for which they are responsible.

    CDSO – Chief Digital Service Officer

    1. Embedded functions required for scaled autonomation
      The CDSO will set, oversee, and manage the delivery of an enterprise's digital strategy, ensuring accountability through good governance and data practices.
    2. Integrated design and optimization of the digital service offering
      They ensure that the enterprise holistically considers the various services that could be offered to exceed customer expectations through high-impact experiences.
    3. Centralized standards for IT technology, security & resources
      They also ensure stable and secure architecture standards to enable consistency across the organization and a seamless ability to integrate new technology to support service offerings.

    Evolution of the IT C-suite now includes the CDSO

    Chief Digital Service Officer

    Chief Information Officer

    Chief Digital Officer

    Chief Technology Officer

    Chief Experience Officer

    Main Stakeholder(s):

    • Board
    • CEO/Executive Leadership
    • Organization Leadership
    • Service Owners
    • Customers & End Users

    Main Responsibilities:

    • Oversight of the entire portfolio of IT and Digital Services
    • Use of information & technology to meet organizational objectives

    *Some leaders in this role are being called Chief Digital Information Officer.

    Main Stakeholder(s):

    • Board
    • CEO/Executive Leadership
    • Organization Leadership
    • End Users

    Main Responsibilities:

    • Oversight of the information and technology required to support and enable the organization

    Main Stakeholder(s):

    • Board
    • CEO/Executive Leadership
    • Customers & End Users

    Main Responsibilities:

    • Oversight on transforming how the organization uses technology, often considering customer perspectives

    Main Stakeholder(s):

    • Organization Leadership
    • Customers & End Users

    Main Responsibilities:

    • Collaborating with the CIO, the CTO leads the organization's ability to integrate and adopt necessary technology products and services

    Main Stakeholder(s):

    • Customers & End Users

    Main Responsibilities:

    • Establish the customer experience strategy
    • Create policies to support that strategy
    • Collaborate with other organizational leaders to integrate any activities around the customer experience

    Examples of what the emerging organizational structure can look like

    An image of three hierarchies, showing what the emerging organizational structure can look like.

    This is more than a new title for IT leaders

    It's about establishing a business first perspective

    • IT leaders exploring this new way of operating are not just adopting the new title of CDSO or CDIO.
    • These leaders must change how information, technology, and digital experiences are consumed across the various stakeholders – especially the end customer.
    • IT leaders who pursue this new IT operating model choose to be more than order takers for an organization.
    • They are:
      • Partners in defining the organization's digital service offerings
      • Recognizing the benefits of distributing decision-making authority for IT-related aspects to others throughout the organization
      • Prioritizing capabilities like portfolio management, architecture, vendor management, relationship management, cloud and user experience

    "'For me, the IT portfolio for the next few years and the IT architecture have taken the place that IT strategy used to have,' he adds. This view doesn't position IT outside of the organization, but rather gives it central importance in the company."
    – Bernd Rattey, Group CIO and CDO of Deutsche Bahn (DB), qtd. by Jens Dose, CIO, 2023

    1.2 Plan your career move to CDSO

    1-3 hours

    • Create a roadmap on how to move from your current role to CDSO by identifying current strengths and opportunities to improve.
    • Download the Career Vision Roadmap Tool from the website. An example of this is on the next slide.
    • Document the tagline. This is your overarching career focus and goal – what is your passion? Think beyond titles to what you want to be doing, the atmosphere you want to be in, and what you want to add value to.
    • Document the current role: what are the strengths, achievements and opportunities?
    • Consider the CDSO role: how will you build stronger relationships and competencies to elevate your profile within the organization? What is an example of what someone would display in this role?
    • Define specific roles or stakeholders that you should develop a stronger relationship with.

    Download the Career Vision Roadmap Tool

    Input

    • Desire to implement the IT & Digital Service Enablement Operating Model

    Output

    • Roadmap to elevate from a CIO to a CDSO

    Materials

    • Career Vision Roadmap
    • IT & Digital Services Enablement operating model archetype
    • CDSO job profile

    Participants

    • CIO (or any other role aspiring to eventually become a CDSO)
    • Individual activity

    Career Vision Roadmap:
    Executive Leader
    Akbar K.

    Sample

    To provide customers with an exceptional experience by ensuring all IT and Digital Services consider and anticipate their needs or wants. Enable IT and Digital Services to be successful through clear leadership, strong collaboration, and continuous improvement or innovation.

    CIO

    1. Establish technology standards that enable the organization to consistently and securely integrate platforms or solutions.
    2. Lead the project team that defined and standardized the organization's reference architecture.
    3. Need to work on listening to a variety of stakeholder demands rather than only specific roles/titles.

    Transition

    • Strengths: Technology acumen, budget planning, allocating resources
    • Enhance: Stakeholder relationship management.
    • Work with current CDO to define and implement more digital transformation initiatives.

    CDSO

    • Being responsive to customer expectations and communicating clear and realistic timelines.
    • Establish trust among the organization that services will deliver expected value.
    • Empowering service owners to manage and oversee the delivery of their services.

    Network Opportunities

    • Connect with board members and understand each of their key areas of priority.
    • Begin to interact with end customers and define ways that will enhance their customer experience.
    • Chief Digital Officer

    Actions now in line with aspiration

    Appendix: Capabilities & Capability Model

    IT and digital capabilities

    Using capabilities for the operating model:

    • Capabilities are focused on the entire system that would be in place to satisfy a particular need. This not only includes people who have skills to complete a specific task, but also the technology, processes, and resources required to deliver.
    • Focusing on capabilities rather than the individuals in organizational redesign enables a more objective and holistic view of what your organization is striving toward.
    • Capabilities deliver on specific need(s) and how they are organized changes the way those need(s) are delivered.

    An image of the IT Management and Governance Framework.

    Strategic Direction

    • IT Governance
    • Strategic Planning
    • Digital Strategy
    • Performance Measurement
    • IT Management & Policies
    • Organizational Quality Management
    • R&D and Innovation
    • Stakeholder Management

    People & Resources

    • Strategic Communications
    • People Resource Management
    • Workforce Strategy & Planning
    • Organizational Change Enablement
    • Adoption & Training
    • Financial/Budget Management
    • Vendor Portfolio Management
    • Vendor Selection & Contract Management
    • Vendor Performance Management

    Architecture & Integration

    • Enterprise Architecture Delivery
    • Business Architecture Delivery
    • Solution Architecture Delivery
    • Technology Architecture
    • Data Architecture
    • Security Architecture
    • Process Integration
    • Integration Planning

    Service Planning

    • Service Governance
    • Service Strategy & Roadmap
    • Service Management
    • Service Governance
    • Service Performance Measurement
    • Service Design & Planning
    • Service Orchestration

    Security & Risk

    • Security Strategic Planning
    • Risk Management
    • External Compliance Management
    • Security Response & Recovery Management
    • Security Management
    • Controls & Internal Audit Planning
    • Security Defense Operations
    • Security Administration
    • Cybersecurity Threat Intelligence
    • Integrated Physical/IT Security
    • OT/IoT Security
    • Data Protection & Privacy

    Application Delivery

    • Application Lifecycle Management
    • Systems Integration Management
    • Application Development
    • User Experience
    • Quality Assurance & UAT
    • Application Maintenance
    • Low Code Development

    Project Portfolio Management

    • Demand Management
    • Requirement Analysis Management
    • Portfolio Management
    • Project Management

    Data & Business Intelligence (BI)

    • Reporting & Analytics
    • Data Management
    • Data Quality
    • Data Integration
    • Enterprise Content Management
    • Data Governance
    • Data Strategy
    • AI/ML Management

    Service Delivery

    • Operations Management
    • Service Desk Management
    • Incident Management
    • Problem Management
    • Service Enhancements
    • Operational Change Enablement
    • Release Management
    • Automation Management

    Infrastructure & Operations

    • Asset Management
    • Infrastructure Portfolio Strategic Planning
    • Availability & Capacity Management
    • Network & Infrastructure Management
    • Configuration Management
    • Cloud Orchestration
    An image of the summary slide for this blueprint, with the headings: Centralized; Shifted; and Embedded.

    Research Contributors and Experts

    Donna Bales
    Principal Research Director
    Info-Tech Research Group

    Scott Bickley
    Practice Lead – Vendor Management Practice
    Info-Tech Research Group

    Christine Coz
    Executive Counselor – Executive Services
    Info-Tech Research Group

    Valence Howden
    Principal Research Director
    Info-Tech Research Group

    Duraid Ibrahim
    Executive Counselor – Executive Services
    Info-Tech Research Group

    Chris Goodhue
    Managing Partner– Executive Services
    Info-Tech Research Group

    Carlene McCubbin
    Practice Lead – CIO Practice
    Info-Tech Research Group

    Mike Tweedie
    Practice Lead – CIO Practice
    Info-Tech Research Group

    Vicki van Alphen
    Executive Counselor – Executive Services
    Info-Tech Research Group

    *Plus an additional 5 industry experts who anonymously contributed to this research piece.

    Related Info-Tech Research

    Adopt an Exponential IT Mindset

    • To succeed in the coming business transformation, IT will have to adopt different priorities in its mission, governance, capabilities, and partnerships.
    • CIOs will have to provide exceptionally mature services while owning business targets.

    Become a Transformational CIO

    • Business transformations are happening, but CIOs are often involved only when it comes time to implement change. This makes it difficult for the CIO to be perceived as an organizational leader.
    • Elevate your stature as a business leader.
    • Create a high-powered IT organization that is focused on driving lasting change, improving client experiences, and encouraging collaboration across the entire enterprise.

    Define Your Digital Business Strategy

    • Design a strategy that applies innovation to your business model, streamline and transform processes, and make use of technologies to enhance interactions with customers and employees.
    • Pre-pandemic digital strategies have been primarily focused on automation. However, your post-pandemic digital strategy must focus on driving resilience for growth opportunities.

    Bibliography

    Bennet, Trevon. "What is a Chief Experience Officer (CXO)? And what do they do?" Indeed, 14 March 2023. https://www.indeed.com/career-advice/finding-a-job/what-is-chief-experience-officer#:~:text=A%20CXO%20plans%20strategies%20and,customer%20acquisition%20and%20retention%20strategies
    Bishop, Carrie. "Five years of Digital Services in San Francisco." Medium, 20 January 2022. https://medium.com/san-francisco-digital-services/five-years-of-digital-services-in-san-francisco-805a758c2b83
    DAC Digital and Chawla, Yash. "Global surge in embedded software demand; here is why." DAC Digital, 2023 <ttps://dac.digital/global-surge-in-embedded-software-demand-here-is-why/
    Deloitte. "If you want your digital transformation to succeed, align your operating model to your strategy." Harvard Business Review, 31 January 2020. https://hbr.org/sponsored/2020/01/if-you-want-your-digital-transformation-to-succeed-align-your-operating-model-to-your-strategy.
    Deloitte. "2023 Global Human Capital Trends Report." Deloitte, 2023. https://www2.deloitte.com/content/dam/Deloitte/sg/Documents/human-capital/sea-cons-hc-trends-report-2023.pdf
    Dose, Jens. "Deutsche Bahn CIO on track to decentralize IT." CIO, 19 April 2023. https://www.cio.com/article/473071/deutsche-bahn-cio-on-track-to-decentralize-it.html
    Ehrlich, Oliver., Fanderl, Harald., Maldara, David., & Mittangunta, Divya. "How the operating model can unlock the power of customer experience." McKinsey, 28 June 2022. https://www.mckinsey.com/capabilities/growth-marketing-and-sales/our-insights/how-the-operating-model-can-unlock-the-full-power-of-customer-experience
    FCW. "Digital Government Summit Agenda." FCW. 2021. https://events-archive.fcw.com/events/2021/digital-government-summit/index.html
    Foundry. "State of the CIO." IDG, 25 January 2023. https://foundryco.com/tools-for-marketers/research-state-of-the-cio/
    Foundry. "Digital Business Study 2023: IT Leaders are future-proofing their business with digital strategies." IDG, 2023. https://foundryco.com/tools-for-marketers/research-digital-business/
    Indeed Editorial Team. "Centralized vs. Decentralized Structures: 7 Key Differences." Indeed, 10 March 2023. https://www.indeed.com/career-advice/career-development/centralized-vs-decentralized
    Indeed Editorial Team. "What is process integration?." Indeed, 14 November 2022. https://ca.indeed.com/career-advice/career-development/process-integration#:~:text=Process%20integration%2C%20or%20business%20process,it%20reach%20its%20primary%20objectives
    KPMG International. "Global Tech Report." KPMG, 2022.
    McHugh, Brian. "Service orchestration is reshaping IT—Here's what to know." Active Batch, 8 November 2022. https://www.advsyscon.com/blog/service-orchestration-what-is/
    Morris, Chris. "IDC FutureScape: Worldwide CIO Agenda 2023 Predictions."" IDC, January, 2023. https://www.idc.com/getdoc.jsp?containerId=AP49998523
    PwC. "Global Digital Trust Insights Report." PwC, 2023
    Roberts, Dan. "5 CIOs on building a service-oriented IT culture." CIO, 13 April 2023. https://www.cio.com/article/472805/5-cios-on-building-a-service-oriented-it-culture.html
    Singh, Yashvendra. "CIOs must evolve to stave off existential threat to their role." CIO, 30 March 2023. https://www.cio.com/article/465612/cios-must-evolve-to-stave-off-existential-threat-to-their-role.html
    Spacey, John. "16 Examples of IT Services." Simplicable, 28 January 2018. https://simplicable.com/IT/it-services

    Acquire the Right Hires with Effective Interviewing

    • Buy Link or Shortcode: {j2store}576|cart{/j2store}
    • member rating overall impact: 8.5/10 Overall Impact
    • member rating average dollars saved: $15,749 Average $ Saved
    • member rating average days saved: 2 Average Days Saved
    • Parent Category Name: Attract & Select
    • Parent Category Link: /attract-and-select
    • Scope: Acquiring the best talent relies heavily on an effective interviewing process, which involves the strategic preparation of stakeholders, including interviewers. Asking the most effective questions will draw out the most appropriate information to best assess the candidate. Evaluating the interview process and recording best practices will inspire continuous interviewing improvement within the organization.
    • Challenge: The majority of organizations do not have a solid interviewing process in place, and most interviewers are not practiced at interviewing. This results in many poor hiring decisions, costing the organization in many ways. Upsizing is on the horizon, the competition for good talent is escalating, and distinguishing between a good interviewee and a good candidate fit for a position is becoming more difficult.
    • Pain/Risk: Although properly preparing for and conducting an interview requires additional time on the part of HR, the hiring manager, and all interviewers involved, the long-term benefits of an effective interview process positively affect the organization’s bottom line and company morale.

    Our Advice

    Critical Insight

    • Most interviewers are not as good as they think they are, resulting in many poor hiring decisions. A poor hire can cost an organization up to 15 times the position’s annual salary, as well as hurt employee morale.
    • The Human Resources department needs to take responsibility for an effective interview process, but the business needs to take responsibility for developing its new hire needs, and assessing the candidates using the best questions and the most effective interview types and techniques.
    • All individuals with a stake in the interview process need to invest sufficient time to help define the ideal candidate, understand their roles and decision rights in the process, and prepare individually to interview effectively.
    • There are hundreds of different interview types, techniques, and tools for an organization to use, but the most practiced and most effective is behavioral interviewing.
    • There is no right interview type and technique. Each hiring scenario needs to be evaluated to pick the appropriate type and technique that should be practiced, and the right questions that should be asked.

    Impact and Result

    • Gain insight into and understand the need for a strong interview process.
    • Strategize and plan your organization’s interview process, including how to make up an ideal candidate profile, who should be involved in the process, and how to effectively match interview types, techniques, and questions to assess the ideal candidate attributes.
    • Understand various hiring scenarios, and how an interview process may be modified to reflect your organization’s scenario.
    • Learn about the most common interview types and techniques, when they are appropriate to use, and best practices around using them effectively.
    • Evaluate your interview process and yourself as an interviewer to better inform future candidate interviewing strategy.

    Acquire the Right Hires with Effective Interviewing Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Implement an effective interview and continuous improvement process

    Acquire the right hire.

    • Storyboard: Acquire the Right Hires with Effective Interviewing

    2. Document all aspects of your interview strategy and plan with stakeholders

    Ensure an effective and seamless interview process.

    • Candidate Interview Strategy and Planning Guide

    3. Recognize common interviewing errors and study best practices to address these errors

    Be an effective interviewer.

    • Screening Interview Template
    • Interview Guide Template
    • Supplement: Quick Fixes to Common Interview Errors
    • Pre-interview Guide for Interviewers
    • Candidate Communication Template
    [infographic]

    Effectively Acquire Infrastructure Services

    • Buy Link or Shortcode: {j2store}467|cart{/j2store}
    • member rating overall impact: 9.6/10 Overall Impact
    • member rating average dollars saved: $26,627 Average $ Saved
    • member rating average days saved: 12 Average Days Saved
    • Parent Category Name: Data Center & Facilities Optimization
    • Parent Category Link: /data-center-and-facilities-optimization
    • Most organizations are good at procuring IT products, but few are truly good at acquiring infrastructure services.
    • The lack of expertise in acquiring services is problematic – not only is the acquisition process for services more complex, but it also often has high stakes with large deal sizes, long-term contracts, and high switching costs.

    Our Advice

    Critical Insight

    • Don’t treat infrastructure service acquisitions lightly. Not only are failure rates high, but the stakes are high as well.
    • Make sure your RFP strategy aligns with your deal value. Large deals, characterized by high monthly spend, high criticality to the organization, and high switching costs, warrant a more thorough and lengthy planning period and RFP process.
    • Word your RFP carefully and do your due diligence when reviewing SLAs. Make sure your RFP will help you understand what the vendor’s standard offerings are and don’t treat your service level agreements like an open negotiation. The vendor’s standard offerings will be your most reliable options.

    Impact and Result

    • Follow this blueprint to avoid common pitfalls and navigate the tricky business of acquiring infrastructure services.
    • This blueprint will provide step-by-step guidance from assessing your acquisition goals to transitioning your service. Make sure you do the due diligence required to acquire the best service for your needs.

    Effectively Acquire Infrastructure Services Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should follow the blueprint to effectively acquire infrastructure services, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Develop the procurement strategy and process

    Kick off an acquisition by establishing acquisition goals, validating the decision to acquire a service, and structuring an acquisition approach. There are several RFP approaches and strategies – evaluate the options and develop one that aligns with the nature of the acquisition.

    • Effectively Acquire Infrastructure Services – Phase 1: Develop the Procurement Strategy and Process

    2. Assess requirements and build the RFP

    A solid RFP is critical to the success of this project. Assess the current and future requirements, examine the characteristics of an effective RFP, and develop an RFP.

    • Effectively Acquire Infrastructure Services – Phase 2: Assess Requirements and Build the RFP
    • Infrastructure Service RFP Template

    3. Manage vendor questions and select the vendor

    Manage the activities surrounding vendor questions and score the RFP responses to select the best-fit solution.

    • Effectively Acquire Infrastructure Services – Phase 3: Manage Vendor Questions and Select the Vendor
    • Vendor Question Organizer Template
    • Infrastructure Outsourcing RFP Scoring Tool

    4. Manage the contract, transition, and vendor

    Perform due diligence in reviewing the SLAs and contract before signing. Plan to transition the service into the environment and manage the vendor on an ongoing basis for a successful partnership.

    • Effectively Acquire Infrastructure Services – Phase 4: Manage the Contract, Transition, and Vendor
    • Service Acquisition Planning and Tracking Tool
    • Vendor Management Template
    [infographic]

    Workshop: Effectively Acquire Infrastructure Services

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Develop the Procurement Strategy and Process

    The Purpose

    Establish procurement goals and success metrics.

    Develop a projected acquisition timeline.

    Establish the RFP approach and strategy.

    Key Benefits Achieved

    Defined acquisition approach and timeline.

    Activities

    1.1 Establish your acquisition goals.

    1.2 Establish your success metrics.

    1.3 Develop a projected acquisition timeline.

    1.4 Establish your RFP process and refine your RFP timeline.

    Outputs

    Acquisition goals

    Success metrics

    Acquisition timeline

    RFP strategy and approach

    2 Gather Service Requirements

    The Purpose

    Gather requirements for services to build into the RFP.

    Key Benefits Achieved

    Gathered requirements.

    Activities

    2.1 Assess the current state.

    2.2 Evaluate service requirements and targets.

    2.3 Assess the gap and validate the service acquisition.

    2.4 Define requirements to input into the RFP.

    Outputs

    Current State Assessment

    Service requirements

    Validation of services being acquired and key processes that may need to change

    Requirements to input into the RFP

    3 Develop the RFP

    The Purpose

    Build the RFP.

    Key Benefits Achieved

    RFP development.

    Activities

    3.1 Build the RFP requirement section.

    3.2 Develop the rest of the RFP.

    Outputs

    Service requirements input into the RFP

    Completed RFP

    4 Review RFP Responses and Select a Vendor (Off-Site)

    The Purpose

    Review RFP responses to select the best solution for the acquisition.

    Key Benefits Achieved

    Vendor selected.

    Activities

    4.1 Manage vendor questions regarding the RFP.

    4.2 Review RFP responses and shortlist the vendors.

    4.3 Conduct additional due diligence on the vendors.

    4.4 Select a vendor.

    Outputs

    Managed RFP activities

    Imperceptive scoring of RFP responses and ranking of vendors

    Additional due diligence and further questions for the vendor

    Selected vendor

    Build a Data Integration Strategy

    • Buy Link or Shortcode: {j2store}125|cart{/j2store}
    • member rating overall impact: 8.8/10 Overall Impact
    • member rating average dollars saved: $11,677 Average $ Saved
    • member rating average days saved: 7 Average Days Saved
    • Parent Category Name: Enterprise Integration
    • Parent Category Link: /enterprise-integration
    • As organizations process more information at faster rates, there is increased pressure for faster and more efficient data integration.
    • Data integration is becoming more and more critical for downstream functions of data management and for business operations to be successful. Poor integration holds back these critical functions.

    Our Advice

    Critical Insight

    • Every IT project requires data integration. Regardless of the current problem and the solution being implemented, any change in the application and database ecosystem requires you to solve a data integration problem.
    • Data integration problem solving needs to start with business activity. After understanding the business activity, move to application and system integration to drive the optimal data integration activities.
    • Data integration improvement needs to be backed by solid requirements that depend on the use case. Info-Tech’s use cases will help you identify your organization’s requirements and integration architecture for its ideal data integration solution.

    Impact and Result

    • Create a data integration solution that supports the flow of data through the organization and meets the organization’s requirements for data latency, availability, and relevancy.
    • Build your data integration practice with a firm foundation in governance and reference architecture; use best-fit reference architecture patterns and the related technology and resources to ensure that your process is scalable and sustainable.
    • The business’ uses of data are constantly changing and evolving, and as a result, the integration processes that ensure data availability must be frequently reviewed and repositioned in order to continue to grow with the business.

    Build a Data Integration Strategy Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why your organization should improve its data integration, review Info-Tech’s methodology, and understand how we can help you create a loosely coupled integration architecture.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Collect integration requirements

    Identify data integration pains and needs and use them to collect effective business requirements for the integration solution.

    • Break Down Data Silos With a Data-Centric Integration Strategy – Phase 1: Collect Integration Requirements
    • Data Integration Requirements Gathering Tool

    2. Analyze integration requirements

    Determine technical requirements for the integration solution based on the business requirement inputs.

    • Break Down Data Silos With a Data-Centric Integration Strategy – Phase 2: Analyze Integration Requirements
    • Data Integration Trends Presentation
    • Data Integration Pattern Selection Tool

    3. Design the data-centric integration solution

    Determine your need for a data integration proof of concept, and then design the data model for your integration solution.

    • Break Down Data Silos With a Data-Centric Integration Strategy – Phase 3: Design the Data-Centric Integration Solution
    • Data Integration POC Template
    • Data Integration Mapping Tool
    [infographic]

    Workshop: Build a Data Integration Strategy

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Collect Integration Requirements

    The Purpose

    Explain approach and value proposition.

    Review the common business drivers and how the organization is driving a need to optimize data integration.

    Understand Info-Tech’s approach to data integration.

    Key Benefits Achieved

    Current integration architecture is understood.

    Priorities for tactical initiatives in the data architecture practice related to integration are identified.

    Target state for data integration is defined.

    Activities

    1.1 Discuss the current data integration environment and the pains that are felt by the business and IT.

    1.2 Determine what the problem statement and business case look like to kick-start a data integration improvement initiative.

    1.3 Understand data integration requirements from the business.

    Outputs

    Data Integration Requirements Gathering Tool

    2 Analyze Integration Requirements

    The Purpose

    Understand what the business requires from the integration solution.

    Identify the common technical requirements and how they relate to business requirements.

    Review the trends in data integration to take advantage of new technologies.

    Brainstorm how the data integration trends can fit within your environment.

    Key Benefits Achieved

    Business-aligned requirements gathered for the integration solution.

    Activities

    2.1 Understand what the business requires from the integration solution.

    2.2 Identify the common technical requirements and how they relate to business requirements.

    Outputs

    Data Integration Requirements Gathering Tool

    Data Integration Trends Presentation

    3 Design the Data-Centric Integration Solution

    The Purpose

    Learn about the various integration patterns that support organizations’ data integration architecture.

    Determine the pattern that best fits within your environment.

    Key Benefits Achieved

    Improvement initiatives are defined.

    Improvement initiatives are evaluated and prioritized to develop an improvement strategy.

    A roadmap is defined to depict when and how to tackle the improvement initiatives.

    Activities

    3.1 Learn about the various integration patterns that support organizations’ data integration architecture.

    3.2 Determine the pattern that best fits within your environment.

    Outputs

    Integration Reference Architecture Patterns

    Data Integration POC Template

    Data Integration Mapping Tool

    Further reading

    Build a Data Integration Strategy

    Integrate your data or disintegrate your business.

    ANALYST PERSPECTIVE

    Integrate your data or disintegrate your business.

    "Point-to-point integration is an evil that builds up overtime due to ongoing business changes and a lack of integration strategy. At the same time most businesses are demanding consistent, timely, and high-quality data to fuel business processes and decision making.

    A good recipe for successful data integration is to discover the common data elements to share across the business by establishing an integration platform and a canonical data model.

    Place yourself in one of our use cases and see how you fit into a common framework to simplify your problem and build a data-centric integration environment to eliminate your data silos."

    Rajesh Parab, Director, Research & Advisory Services

    Info-Tech Research Group

    Our understanding of the problem

    This Research Is Designed For:

    • Data engineers feeling the pains of poor integration from inaccuracies and inefficiencies during the data integration lifecycle.
    • Business analysts communicating the need for improved integration of data.
    • Data architects looking to design and facilitate improvements in the holistic data environment.
    • Data architects putting high-level architectural design changes into action.

    This Research Will Also Assist:

    • CIOs concerned with the costs, benefits, and the overall structure of their organization’s data flow.
    • Enterprise architects trying to understand how improved integration will affect overall organizational architecture.

    This Research Will Help You:

    • Understand what integration is, and how it fits into your organization.
    • Identify opportunities for leveraging improved integration for data-driven insights.
    • Design a loosely coupled integration architecture that is flexible to changing needs.
    • Determine the needs of the business for integration and design solutions for the gaps that fit the requirements.

    This Research Will Help Them:

    • Get a handle on the current data situation and how data interacts within the organization.
    • Understand how data architecture affects operations within the enterprise.

    Executive summary

    Situation

    • As organizations process more information at faster rates, there is increased pressure for faster and more efficient data integration.
    • Data integration is becoming more and more critical for downstream functions of data management and for business operations to be successful. Poor integration holds back these critical functions.

    Complication

    • Investments in integration can be a tough sell for the business, and it is difficult to get support for integration as a standalone project.
    • Evolving business models and uses of data are growing rapidly at rates that often exceed the investment in data management and integration tools. As a result, there is often a gap between data availability and the business’ latency demands.

    Resolution

    • Create a data-centric integration solution that supports the flow of data through the organization and meets the organization’s requirements for data accuracy, relevance, availability, and timeliness.
    • Build your data-centric integration practice with a firm foundation in governance and reference architecture; use best-fit reference architecture patterns and the related technology and resources to ensure that your process is scalable and sustainable.
    • The business’ uses of data are constantly changing and evolving, and as a result the integration processes that ensure data availability must be frequently reviewed and repositioned to continue to grow with the business.

    Info-Tech Insight

    1. Every IT project requires data integration.Any change in the application and database ecosystem requires you to solve a data integration problem.
    2. Integration problem solving needs to start with business activity. After understanding the business activity, move to application and system integration to drive optimal data integration activities.
    3. Integration initiatives need to be backed by requirements that depend on use cases. Info-Tech’s use cases will help identify organizational requirements and the ideal data-centric integration solution.

    Your data is the foundation of your organization’s knowledge and ability to make decisions

    Integrate the Data, Not the Applications

    Data is one of the most important assets in a modern organization. Contained within an organization’s data are the customers, the products, and the operational details that make an organization function. Every organization has data, and this data might serve the needs of the business today.

    However, the only constant in the world is change. Changes in addresses, amounts, product details, partners, and more occur at a rapid rate. If your data is isolated, it will quickly become stale. Getting up-to-date data to the right place at the right time is where data-centric integration comes in.

    "Data is the new oil." – Clive Humby, Chief Data Scientist Source: Medium, 2016

    The image shows two graphics. The top shows two sets of circles with an arrow pointing to the right between them: on the left, there is a large centre circle with the word APP in it, and smaller circles surrounding it that read DATA. On the right, the large circle reads DATA, and the smaller circles, APP. On the lower graphic, there are also two sets of circles, with an arrow pointing to the right between them. This time, the largest circle envelopes the smaller circles. The circle on the right has a larger circle in the centre that reads Apple Watch Heart Monitoring App, and smaller circles around it labelled with types of data. The circle on the right contains a larger circle in the centre that reads Heart Data, and the smaller circles are labelled with types of apps.

    Organizations are having trouble keeping up with the rapid increases in data growth and complexity

    To keep up with increasing business demands and profitability targets and decreasing cost targets, organizations are processing and exchanging more data than ever before.

    To get more value from their information, organizations are relying on more and more complex data sources. These diverse data sources have to be properly integrated to unlock the full potential of your data:

    The most difficult integration problems are caused by semantic heterogeneity (Database Research Technology Group, n.d.).

    80% of business decisions are made using unstructured data (Concept Searching, 2015).

    85% of businesses are struggling to implement the correct integration solution to accurately interpret their data (KPMG, 2014).

    Break Down Your Silos

    Integrating large volumes of data from the many varied sources in an organization has incredible potential to yield insights, but many organizations struggle with creating the right structure for that blending to take place, and data silos form.

    Data-centric integration capabilities can break down organizational silos. Once data silos are removed and all the information that is relevant to a given problem is available, problems with operational and transactional efficiencies can be solved, and value from business intelligence (BI) and analytics can be fully realized.

    Data-centric integration is the solution you need to bring data together to break down data silos

    On one hand…

    Data has massive potential to bring insight to an organization when combined and analyzed in creative ways.

    On the other hand…

    It is difficult to bring data together from different sources to generate insights and prevent stale data.

    How can these two ideas be reconciled?

    Answer: Info-Tech’s Data Integration Onion Framework summarizes an organization’s data environment at a conceptual level, and is used to design a common data-centric integration environment.

    Info-Tech’s Data Integration Onion Framework

    The image shows Info Tech's Data Integration Onion Framework. It is a circular graphic, with a series on concentric rings, each representing a category and containing specific examples of items within those categories.

    Poor integration will lead to problems felt by the business and IT

    The following are pains reported by the business due to poor integration:

    59% Of managers said they experience missing data every day due to poor distribution results in data sets that are valuable to their central work functions. (Experian, 2016)

    42% Reported accidentally using the wrong information, at least once a week. (Computerworld, 2017)

    37% Of the 85% of companies trying to be more data driven, only 37% achieved their goal. (Information Age, 2019)

    "I never guess. It is a capital mistake to theorize before one has data. Insensibly one begins to twist facts to suit theories, instead of theories to suit facts." – Sir Arthur Conan Doyle, Sherlock Holmes

    Poor integration can make IT less efficient as well:

    90% Of all company generated data is “dark.” Getting value out of dark data is not difficult or costly. (Deloitte Insights, 2017)

    5% As data sits in a database, up to 5% of customer data changes per month. (Data.com, 2016)

    "Most traditional machine learning techniques are not inherently efficient or scalable enough to handle the data. Machine learning needs to reinvent itself for big data processing primarily in pre-processing of data." – J. Qiu et al., ‎2016

    Understand the common challenges of integration to avoid the pains

    There are three types of challenges that organizations face when integrating data:

    1. Disconnect from the business

    Poor understanding of the integration problem and requirements lead to integrations being built that are not effective for quality data.

    50% of project rework is attributable to problems with requirements. (Info-Tech Research Group)

    45% of IT professionals admit to being “fuzzy” about the details of a project’s business objectives. (Blueprint Software Systems Inc., 2012)

    2. Lack of strategy

    90% Of organizations will lack an integration strategy through to 2018. (Virtual Logistics, 2017)

    Integrating data without a long-term plan is a recipe for point-to-point integration spaghettification:

    The image shows two columns of rectangles, each with the word Application Services. Between them are arrows, matching boxes in one column to the other. The lines of the arrows are curvy.

    3. Data complexity

    Data architects and other data professionals are increasingly expected to be able to connect data using whatever interface is provided, at any volume, and in any format – all without affecting the quality of the data.

    36% Of developers report problems integrating data due to different standards interpretations. (DZone, 2015)

    These challenges lead to organizations building a data architecture and integration environment that is tightly coupled.

    A loose coupling integration strategy helps mitigate the challenges and realize the benefits of well-connected data

    Loose Coupling

    Most organizations don’t have the foresight to design their architecture correctly the first time. In a perfect world, organizations would design their application and data architecture to be scalable, modular, and format-neutral – like building blocks.

    Benefits of a loosely coupled architecture:

    • Increased ability to support business needs by adapting easily to changes.
    • Added ability to incorporate new vendors and new technology due to increased flexibility.
    • Potential for automated, real-time integration.
    • Elimination of re-keying/manual entry of data.
    • Federation of data.

    Vs. Tight Coupling

    However, this is rarely the case. Most architectures are more like a brick wall – permanent, hard to add to and subtract from, and susceptible to weathering.

    Problems with a tightly coupled architecture:

    • Delays in combining data for analysis.
    • Manual/Suboptimal DI in the face of changing business needs.
    • Lack of federation.
    • Lack of flexibility.
    • Fragility of integrated platforms.
    • Limited ability to explore new functionalities.

    2020 CIO Priorities Report

    • Buy Link or Shortcode: {j2store}97|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Innovation
    • Parent Category Link: /innovation
    • The velocity and magnitude of technology changes today has increased dramatically compared to anything that has come before.
    • The velocity and magnitude of advancements in technology has always seemed unprecedented in every wave of technology change we have experienced over the past 40 years. With each new wave of innovation, “unprecedented” is redefined to a new level, and so it remains true that today’s CIO is faced with unprecedented levels of change as a direct result of emerging technologies.
    • What is different today is that we are at the point where the emerging technology itself is now capable of accelerating the pace of change even more through artificial intelligence capabilities.
    • If we are to realize the business value through the adoption of emerging technologies, CIOs must address significant challenges. We believe addressing these challenges lies in the CIO priorities for 2020.

    Our Advice

    Critical Insight

    • First there was IT/business alignment, then there was IT/business integration – both states characterized as IT “getting on the same page” as the business. In the context of emerging technologies, the CIO should no longer be focused on getting on the same page as the CEO.
    • Today it is about the CEO and the CIO collaborating to write a new book about convergence of all things: technology (infrastructure and applications), people (including vendors), process, and data.
    • Digital transformation and adoption of emerging technologies is not a goal, it is a journey – a means to the end, not the end unto itself.

    Impact and Result

    • Use Info-Tech's 2020 CIO Priorities Report to ascertain, based on our research, what areas of focus for 2020 are critical for success in adopting emerging technologies.
    • Adopting these technologies requires careful planning and consideration for what is critical to your business customers.
    • This report provides focus on the business benefits of the technology and not just the capabilities themselves. It puts the CIO in a position to better understand the true value proposition of any of today’s technology advancements.

    2020 CIO Priorities Report Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to understand the top five priorities for CIOs in 2020 and why these are so critical to success.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Refine and adapt processes

    Learn about how processes can make or break your adoption of emerging technologies.

    • 2020 CIO Priorities Report – Priority 1: Refine and Adapt Processes

    2. Re-invent IT as collaboration engine

    Learn about how IT can transform its role within the organization to optimize business value.

    • 2020 CIO Priorities Report – Priority 2: Re-Invent IT as Collaboration Engine

    3. Acquire and retain talent for roles in emerging technologies

    Learn about how IT can attract and keep employees with the skills and knowledge needed to adopt these technologies for the business.

    • 2020 CIO Priorities Report – Priority 3: Acquire and Retain Talent for Roles in Emerging Technologies

    4. Define and manage cybersecurity and cyber resilience requirements related to emerging technologies

    Understand how the adoption of emerging technologies has created new levels of risk and how cybersecurity and resilience can keep pace.

    • 2020 CIO Priorities Report – Priority 4: Define and Manage Cybersecurity and Cyber Resilience Requirements Related to Emerging Technologies

    5. Leverage emerging technology to create Wow! customer experiences

    Learn how IT can leverage emerging technology for its own customers and those of its business partners.

    • 2020 CIO Priorities Report – Priority 5: Leverage Emerging Technology to Create Wow! Customer Experiences
    [infographic]

    Reimagine Learning in the Face of Crisis

    • Buy Link or Shortcode: {j2store}601|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Train & Develop
    • Parent Category Link: /train-and-develop
    • As organizations re-evaluate their priorities and shift to new ways of working, leaders and employees are challenged to navigate unchartered territory and to adjust quickly to ever-evolving priorities.
    • Learning how to perform effectively through the crisis and deliver on new priorities is crucial to the success of all employees and the organization.

    Our Advice

    Critical Insight

    The most successful organizations recognize that learning is critical to adjusting quickly and effectively to their new reality. This requires L&D to reimagine their approach to deliver learning that enables the organization’s immediate and evolving priorities.

    Impact and Result

    • L&D teams should focus on how to support employees and managers to develop the critical competencies they need to successfully perform through the crisis, enabling organizations to survive and thrive during and beyond the crisis.
    • Ensure learning needs align closely with evolving organizational priorities, collaborate cross-functionally, and curate content to provide the learning employees and leaders need most, when they need it.

    Reimagine Learning in the Face of Crisis Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Prioritize

    Involve key stakeholders, identify immediate priorities, and conduct high-level triage of L&D.

    • Reimagine Learning in the Face of Crisis Storyboard
    • Reimagine Learning in the Face of Crisis Workbook

    2. Reimagine

    Determine learning needs and ability to realistically deliver learning. Leverage existing or curate learning content that can support learning needs.

    3. Transform

    Identify technical requirements for the chosen delivery method and draft a four- to six-week action plan.

    • How to Curate Guide
    • Tips for Building an Online Learning Community
    • Ten Tips for Adapting In-Person Training During a Crisis
    • Tips for Remote Learning in the Face of Crisis
    [infographic]

    Drive Efficiency and Agility with a Fit-for-Purpose Quality Management Program

    • Buy Link or Shortcode: {j2store}338|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Performance Measurement
    • Parent Category Link: /performance-measurement
    • According to Info-Tech research, 74% of our clients feel that IT quality management is an important process, however, only 15% said they actually had effective quality management.
    • IT is required to deliver high quality projects and services, but if CIOs are ineffective at quality management, how can IT deliver?
    • Rather than disturb the status quo with holistic quality initiatives, heads of IT leave quality in the hands of process owners, functional areas, and other segmented facets of the department.
    • CIOs are facing greater pressures to be innovative, agile, and cost-effective, but cannot do so without stable operations, an accountable staff base, and business support; all of which are achieved by high IT quality.

    Our Advice

    Critical Insight

    • Quality management needs more attention that it’s typically getting. It’s not going to happen randomly; you must take action to see results.
    • Quality must be holistic. Centralized accountability will align inconsistencies in quality and refocus IT towards a common goal.
    • Accountability is the key to quality. Clearly defined roles and responsibilities will put your staff on the hook for quality outcomes.

    Impact and Result

    • Shift your mindset to the positive implications of high quality. Info-Tech’s quality management methodology will promote innovation, agility, lower costs, and improved operations.
    • We will help you develop a fully functional quality management program in four easy steps:
      • Position your program as a group to encourage buy-in and unite IT around a common quality vision. Enact a center of excellence to build, support, and monitor the program.
      • Build flexible program requirements that will be adapted for a fit-to-purpose solution.
      • Implement the program using change management techniques to alleviate challenges and improve adoption.
      • Operate the program with a focus on continual improvement to ensure that your IT department continues to deliver high quality projects and services as stakeholder needs change.

    Drive Efficiency and Agility with a Fit-for-Purpose Quality Management Program Research & Tools

    Start here – read the Executive Brief

    Understand why Info-Tech’s unique approach to quality management can fix a variety of IT issues and understand the four ways we can support you in building a quality management program designed just for you.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Position the program

    Hold a positioning working session to focus the program around business needs, create solid targets, and create quality champions to get the job done.

    • Drive Efficiency and Agility with a Fit-for-Purpose Quality Management Program – Phase 1: Position the Quality Program
    • Quality Management Program Charter
    • Quality Management Capability Assessment and Planning Tool
    • Quality Management Roadmap

    2. Build the program

    Build program requirements and design standard templates that will unite IT quality.

    • Drive Efficiency and Agility with a Fit-for-Purpose Quality Management Program – Phase 2: Build a Quality Program
    • Quality Management Quality Plan Template
    • Quality Management Review Template
    • Quality Management Dashboard Template

    3. Implement the program

    Evaluate the readiness of the department for change and launch the program at the right time and in the right way to transform IT quality.

    • Drive Efficiency and Agility with a Fit-for-Purpose Quality Management Program – Phase 3: Implement the Quality Program
    • Quality Management Communication Plan Template
    • Quality Management Readiness Assessment Template

    4. Operate the program

    Facilitate the success of key IT practice areas by operating the Center of Excellence to support the key IT practice areas’ quality initiatives.

    • Drive Efficiency and Agility with a Fit-for-Purpose Quality Management Program – Phase 4: Operate the Quality Program
    • Quality Management User Satisfaction Survey
    • Quality Management Practice Area Assessment and Planning Tool
    • Quality Management Capability Improvement Plan
    [infographic]

    Workshop: Drive Efficiency and Agility with a Fit-for-Purpose Quality Management Program

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Position Your Program

    The Purpose

    Create a quality center of excellence to lead and support quality initiatives.

    Position your quality program to meet the needs of your business.

    Develop clear targets and create a roadmap to achieve your vision. 

    Key Benefits Achieved

    Defined Center of Excellence roles & responsibilities.

    A firm vision for your program with clearly outlined targets.

    A plan for improvements to show dedication to the program and create accountability. 

    Activities

    1.1 Identify current quality maturity.

    1.2 Craft vision and mission.

    1.3 Define scope.

    1.4 Determine goals and objectives.

    1.5 Specify metrics and critical success factors.

    1.6 Develop quality principles.

    1.7 Create action plan.

    Outputs

    Completed Maturity Assessment

    Completed Project Charter

    Completed Quality Roadmap

    2 Build Your Program

    The Purpose

    Build the requirements for the quality program, including outputs for quality planning, quality assurance, quality control, and quality improvement.

    Key Benefits Achieved

    Defined standards for the quality program.

    General templates to be used to unify quality throughout IT. 

    Activities

    2.1 Define quality policy, procedures, and guidelines.

    2.2 Define your standard Quality Plan.

    2.3 Define your standard Quality Review Document.

    2.4 Develop your Standard Quality Management Dashboard.

    Outputs

    Quality Policy

    Standard Quality Plan Template

    Standard Quality Review Template

    Standard Quality Dashboard

    3 Implement Your Program

    The Purpose

    Launch the program and begin quality improvement.

    Key Benefits Achieved

    Perform a readiness assessment to ensure your organization is ready to launch its quality program.

    Create a communication plan to ensure constant and consistent communication throughout implementation. 

    Activities

    3.1 Assess organizational readiness.

    3.2 Create a communication plan.

    Outputs

    Completed Readiness Assessment

    Completed Communication Plan

    4 Operate Your Program

    The Purpose

    Have the Center of Excellence facilitate the roll-out of the quality program in your key practice areas.

    Initiate ongoing monitoring and reporting processes to enable continuous improvement.  

    Key Benefits Achieved

    Quality plans for each practice area aligned with the overall quality program.

    Periodic quality reviews to ensure plans are being acted upon.

    Methodology for implementing corrective measures to ensure quality expectations are met.

    Activities

    4.1 Perform a quality management satisfaction survey.

    4.2 Complete a practice area assessment.

    4.3 Facilitate the creation of practice area quality plans.

    4.4 Populate quality dashboards.

    4.5 Perform quality review(s).

    4.6 Address issues with corrective and preventative measures.

    4.7 Devise a plan for improvement.

    4.8 Report on quality outcomes.

    Outputs

    Completed Satisfaction Surveys

    Practice Area Assessments

    Quality Plans (for each practice area)

    Quality Reviews (for each practice area)

    Quality Improvement Plan

    Set Meaningful Employee Performance Measures

    • Buy Link or Shortcode: {j2store}597|cart{/j2store}
    • member rating overall impact: 10.0/10 Overall Impact
    • member rating average dollars saved: After each Info-Tech experience, we ask our members to quantify the real-time savings, monetary impact, and project improvements our research helped them achieve.
    • member rating average days saved: Read what our members are saying
    • Parent Category Name: Manage & Coach
    • Parent Category Link: /manage-coach
    • Despite the importance of performance measures, most organizations struggle with choosing appropriate metrics and standards of performance for their employees.
    • Performance measures are often misaligned with the larger strategy, gamed by employees, or too narrow to provide an accurate picture of employee achievements.
    • Additionally, many organizations track too many metrics, resulting in a bureaucratic nightmare with little payoff.

    Our Advice

    Critical Insight

    • Focus on what matters by aligning your departmental goals with the enterprise's mission and business goals. Break down departmental goals into specific goals for each employee group.
    • Employee engagement, which results in better performance, is directly correlated with employees’ understanding what is expected of them on the job and with their performance reviews reflecting their actual contributions.
    • Shed unnecessary metrics in favor of a lean, holistic approach to performance measurement. Include quantitative, qualitative, and behavioral dimensions in each goal and set appropriate measures for each dimension to meet simple targets. This encourages well-rounded behaviors and discourages rogue behavior.
    • Get rid of the stick-and-carrot approach to management. Use performance measurement to inspire and engage employees, not punish them.

    Impact and Result

    • Learn about and leverage the McLean & Company framework and process to effective employee performance measurement setting.
    • Plan effective communications and successfully manage departmental employee performance measurement by accurately recording goals, measures, and requirements.
    • Find your way through the maze of employee performance management with confidence.

    Set Meaningful Employee Performance Measures Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Set Meaningful Employee Performance Measures Storyboard – This deck provides a comprehensive framework for setting, communicating, and reviewing employee performance measures that will drive business results

    This research will help you choose an appropriate measurement framework, set effective measures. and communicate and review your performance measures. Use Info-Tech's process to set meaningful measures that will inspire employees and drive performance.

    • Set Meaningful Employee Performance Measures Storyboard

    2. Employee Performance Measures Goals Cascade – A tool to assist you in turning your organizational goals into meaningful individual employee performance measures.

    This tool will help you set departmental goals based on organizational mission and business goals and choose appropriate measures and weightings for each goal. Use this template to plan a comprehensive employee measurement system.

    • Employee Performance Measures Goals Cascade

    3. Employee Performance Measures Template – A template for planning and tracking your departmental goals, employee performance measures, and reporting requirements.

    This tool will help you set departmental goals based on your organizational mission and business goals, choose appropriate measures and weightings for each goal, and visualize you progress toward set goals. Use this template to plan and implement a comprehensive employee measurement system from setting goals to communicating results.

    • Employee Performance Measures Template

    4. Feedback and Coaching Guide for Managers – A tool to guide you on how to coach your team members.

    Feedback and coaching will improve performance, increase employee engagement, and build stronger employee manager relationships. Giving feedback is an essential part of a manger's job and if done timely can help employees to correct their behavior before it becomes a bigger problem.

    • Feedback and Coaching Guide for Managers

    Infographic

    Workshop: Set Meaningful Employee Performance Measures

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Source and Set Goals

    The Purpose

    Ensure that individual goals are informed by business ones.

    Key Benefits Achieved

    Individuals understand how their goals contribute to organizational ones.

    Activities

    1.1 Understand how your department contributes to larger organizational goals.

    1.2 Determine the timelines you need to measure employees against.

    1.3 Set Business aligned department, team, and individual goals.

    Outputs

    Business-aligned department and team goals

    Business-aligned individual goals

    2 Design Measures

    The Purpose

    Create holistic performance measures.

    Key Benefits Achieved

    Holistic performance measures are created.

    Activities

    2.1 Choose your employee measurement framework: generic or individual.

    2.2 Define appropriate employee measures for preestablished goals.

    2.3 Determine employee measurement weightings to drive essential behaviors.

    Outputs

    Determined measurement framework

    Define employee measures.

    Determined weightings

    3 Communicate to Implement and Review

    The Purpose

    Learn how to communicate measures to stakeholders and review measures.

    Key Benefits Achieved

    Learn how to communicate to stakeholders and coach employees through blockers.

    Activities

    3.1 Learn how to communicate selected performance measures to stakeholders.

    3.2 How to coach employees though blockers.

    3.3 Reviewing and updating measures.

    Outputs

    Effective communication with stakeholders

    Coaching and feedback

    When to update

    4 Manager Training

    The Purpose

    Train managers in relevant areas.

    Key Benefits Achieved

    Training delivered to managers.

    Activities

    4.1 Deliver Build a Better Manager training to managers.

    4.2

    Outputs

    Manager training delivered

    Further reading

    Set Meaningful Employee Performance Measures

    Set holistic measures to inspire employee performance.

    EXECUTIVE BRIEF

    Set employees up for success by implementing performance measures that inspire great performance, not irrelevant reporting.

    Executive Summary

    Your Challenge

    In today’s competitive environment, managers must assess and inspire employee performance in order to assess the achievement of business goals.

    Despite the importance of performance measures, many leaders struggle with choosing appropriate metrics.

    Performance measures are often misaligned with the larger strategy, gamed by employees, or are too narrow to provide an accurate picture of employee achievements.

    Common Obstacles

    Managers who invest time in creating more effective performance measures will be rewarded with increased employee engagement and better employee performance.

    Too little time setting holistic employee measures often results in unintended behaviors and gaming of the system.

    Conversely, too much time setting employee measures will result in overreporting and underperforming employees.

    Info-Tech’s Approach

    Info-Tech helps managers translate organizational goals to employee measures. Communicating these to employees and other stakeholders will help managers keep better track of workforce productivity, maintain alignment with the organization’s business strategy, and improve overall results.

    Info-Tech Insight

    Performance measures are not about punishing bad performance, but inspiring higher performance to achieve business goals.

    Meaningful performance measures drive employee engagement...

    Clearly defined performance measures linked to specific goals bolster engagement by showing employees the importance of their contributions.

    Significant components of employee engagement are tied to employee performance measures.

    A diagram of employee engagement survey and their implications.

    Which, in turn, drives business success.

    Improved employee engagement is proven to improve employee performance. Setting meaningful measures can impact your bottom line.

    Impact of Engagement on Performance

    A diagram that shows Percent of Positive Responses Among Engaged vs. Disengaged
    Source: McLean & Company Employee Engagement Survey Jan 2020-Jan 2023; N=5,185 IT Employees; were either Engaged or Disengaged (Almost Engaged and Indifferent were not included)

    Engaged employees don’t just work harder, they deliver higher quality service and products.

    Engaged employees are significantly more likely to agree that they regularly accomplish more than what’s expected of them, choose to work extra hours to improve results, and take pride in the work they do.

    Without this sense of pride and ownership over the quality-of-service IT provides, IT departments are at serious risk of not being able to deliver quality service, on-time and on-budget.

    Create meaningful performance measures to drive employee engagement by helping employees understand how they contribute to the organization.

    Unfortunately, many employee measures are meaningless and fail to drive high-quality performance.

    Too many ineffective performance measures create more work for the manager rather than inspire employee performance. Determine if your measures are worth tracking – or if they are lacking.

    Meaningful performance measures are:

    Ineffective performance measures are:

    Clearly linked to organizational mission, values, and objectives.

    Based on a holistic understanding of employee performance.

    Relevant to organizational decision-making.

    Accepted by employees and managers.

    Easily understood by employees and managers.

    Valid: relevant to the role and goals and within an employee’s control.

    Reliable: consistently applied to assess different employees doing the same job.

    Difficult to track, update, and communicate.

    Easily gamed by managers or employees.

    Narrowly focused on targets rather than the quality of work.

    The cause of unintended outcomes or incentive for the wrong behaviors.

    Overly complex or elaborate.

    Easily manipulated due to reliance on simple calculations.

    Negotiable without taking into account business needs, leading to lower performance standards.

    Adopt a holistic approach to create meaningful performance measurement

    A diagram that shows a holistic approach to create meaningful performance measurement, including inputs, organizational costs, department goals, team goals, individual goals, and output.

    Info-Tech’s methodology to set the stage for more effective employee measures

    1. Source and Set Goals

    Phase Steps
    1.1 Create business-aligned department and team goals
    1.2 Create business-aligned individual goals

    Phase Outcomes
    Understand how your department contributes to larger organizational goals.
    Determine the timelines you need to measure employees against.
    Set business-aligned department, team, and individual goals.

    2. Design Measures

    Phase Steps
    1.1 Choose measurement framework
    1.2 Define employee measures
    1.3 Determine weightings

    Phase Outcomes
    Choose your employee measurement framework: generic or individual.
    Define appropriate employee measures for preestablished goals.
    Determine employee measurement weightings to drive essential behaviors.
    Ensure employee measures are communicated to the right stakeholders.

    3. Communicate to Implement and Review

    Phase Steps
    1.1 Communicate to stakeholders
    1.2 Coaching and feedback
    1.3 When to update

    Phase Outcomes
    Communicate selected performance measure to stakeholders.
    Learn how to coach employees though blockers.
    Understand how to review and when to update measures.

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit
    "Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful."

    Guided Implementation
    "Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track."

    Workshop
    "We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place."

    Consulting
    "Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project."

    Diagnostics and consistent frameworks are used throughout all four options.

    Guided Implementation

    A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization.

    A typical GI is four to six calls over the course of two to four months.

    What does a typical GI on this topic look like?

    A diagram that shows Guided Implementation in 3 phases.

    Avoid Project Management Pitfalls

    • Buy Link or Shortcode: {j2store}374|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Program & Project Management
    • Parent Category Link: /program-and-project-management
    • IT organizations seem to do everything in projects, yet fewer than 15% successfully complete all deliverables on time and on budget.
    • Project managers seem to succumb to the relentless pressure from stakeholders to deliver more, more quickly, with fewer resources, and with less support than is ideal.
    • To achieve greater likelihood that your project will stay on track, watch out for the four big pitfalls: scope creep, failure to obtain stakeholder commitment, inability to assemble a team, and failure to plan.

    Our Advice

    Critical Insight

    • While many project managers worry about proper planning as the key to project success, skilled management of the political factors around a project has a much greater impact on success.
    • Alone, combating scope creep can improve your likelihood of success by a factor of 2x.
    • A strong project sponsor will be key to fighting the inevitable battles to control scope and obtain resources.

    Impact and Result

    • Take steps to avoid falling into common project pitfalls.
    • Assess which pitfalls threaten your project in its current state and take appropriate steps to avoid falling into them.
    • Avoiding pitfalls will allow you to deliver value on time and on budget, creating the perception of success in users’ and managers’ eyes.

    Avoid Project Management Pitfalls Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Learn about common PM pitfalls and the strategies to avoid them

    Consistently meet project goals through enhanced PM knowledge and awareness.

    • Storyboard: Avoid Project Management Pitfalls
    • None

    2. Detect project pitfalls

    Take action and mitigate a pitfall before it becomes a problem.

    • Project Pitfall Detection & Mitigation Tool

    3. Document and report PM issues

    Learn from issues encountered to help map PM strategies for future projects.

    • Project Management Pitfalls Issue Log
    [infographic]

    Create an Effective SEO Keyword Strategy

    • Buy Link or Shortcode: {j2store}568|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Marketing Solutions
    • Parent Category Link: /marketing-solutions

    Digital Marketers working with an outdated or bad SEO strategy often see:

    • Declining keyword ranking and traffic
    • Poor keyword strategy
    • On-page errors

    Our Advice

    Critical Insight

    Most marketers fail in their SEO efforts because they focus on creating content for computers, not people.

    Impact and Result

    Using the SoftwareReviews methodology, digital marketers are able to break up their SEO project and data into bite-sized, actionable steps that focus on long-term improvement. Our methodology includes:

    • Competitive keyword research and identification of opportunities
    • On-page keyword strategy

    Create an Effective SEO Keyword Strategy Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Create an Effective SEO Keyword Strategy

    Update your on-page SEO strategy with competitively relevant keywords.

    • Create an Effective SEO Keyword Strategy Storyboard
    [infographic]

    Further reading

    Create an Effective SEO Keyword Strategy
    Update your on-page SEO strategy with competitively relevant keywords.

    Analyst Perspective

    Most marketers fail in their SEO efforts because they focus on creating content for computers, not people.

    Leading search engine optimization methods focus on creating and posting relevant keyword-rich content, not just increasing page rank. Content and keywords should move a buyer along their journey, close a sale, and develop long-term relationships. Unfortunately, many SEO specialists focus on computers, not the buyer. What's even more concerning is that up to 70% of SaaS businesses have already been impacted by outdated and inefficient SEO techniques. Poor strategies often focus on ballooning SEO metrics in the short-term instead of building the company's long-term PageRank.

    Best-in-class digital marketers stop chasing the short-term highs and focus on long-term growth. This starts with developing a competitive keyword strategy and updating website content with the new keywords.

    SEO is a large topic, so we have broken the strategy into small, easy-to-implement steps, taking the guesswork out of how to use the data from SEO tools and giving CMOs a solid path to increase their SEO results.

    This is a picture of Terra Higginson

    Terra Higginson
    Marketing Research Director
    SoftwareReviews

    Executive Summary

    Your Challenge

    Digital marketers working with an outdated or bad SEO strategy often see:

    • Declining keyword ranking and traffic
    • Poor keyword strategy
    • On-page errors

    Search algorithms change all the time, which means that the strategy is often sitting on the sifting sands of technology, making SEO strategies quickly outdated.

    Common Obstacles

    Digital marketers are responsible for developing and implementing a competitive SEO strategy but increasingly encounter the following obstacles:

    • SEO practitioners that focus on gaming the system
    • Ever-changing SEO technology
    • Lack of understanding of the best SEO techniques
    • SEO techniques focus on the needs of computers, not people
    • Lack of continued investment

    SoftwareReviews' Approach

    Using the SoftwareReviews methodology, digital marketers are able to break up their SEO project and data into bite-sized, actionable steps that focus on long-term improvement. Our methodology includes:

    • Competitive keyword research and identification of opportunities
    • On-page keyword strategy

    Our methodology will take a focused step-by-step strategy in a series of phases that will increase PageRank and competitive positioning.

    SoftwareReviews' SEO Methodology

    In this blueprint, we will cover:

    Good SEO vs. Poor SEO Techniques

    The difference between good and bad SEO techniques.

    Common Good
    SEO Techniques

    Common Poor
    SEO Techniques

    • Writing content for people, not machines.
    • Using SEO tools to regularly adjust and update SEO content, keywords, and backlinks.
    • Pillar and content cluster strategy in addition to a basic on- and off-page strategy.
    • Keyword stuffing and content duplication.
    • A strategy that focuses on computers first and people second.
    • Low-quality or purchased backlinks.

    Companies With Great SEO…

    Keyword Strategy

    • Have identified a keyword strategy that carves out targets within the white space available between themselves and the competition.

    Error-Free Site

    • Have error-free sites without duplicate content. Their URLs and redirects are all updated. Their site is responsive, and every page loads in under two seconds.

    Pillar & Content Clusters

    • Employ a pillar and content cluster strategy to help move the buyer through their journey.

    Authentic Off-Page Strategy

    • Build an authentic backlink strategy that incorporates the right information on the right sites to move the buyer through their journey.

    SEO Terms Defined

    A glossary to define common Phase 1 SEO terms.

    Search Volume: this measures the number of times a keyword is searched for in a certain time period. Target keywords with a volume of between 100-100,000. A search volume greater than 100,000 will be increasingly difficult to rank (A Beginner's Guide to Keyword Search Volume, 2022, Semrush).

    Keyword Difficulty: the metric that quantifies how difficult it will be to rank for a certain keyword. The keyword difficulty percentage includes the number of competitors attempting to rank for the same keyword, the quality of their content, the search intent, backlinks, and domain authority (Keyword Difficulty: What Is It and Why Is It Important? 2022, Semrush).

    Intent: this metric focuses on the intent of the user's search. All search intent is categorized into Informational, Commercial, Navigational, and Transactional (What Is Search Intent? A Complete Guide, 2022, Semrush).

    On-Page SEO: refers to the practice of search engine optimizing elements of your site such as title tags, internal links, HTML code, URL optimization, on-page content, images, and user experience.

    Off-Page SEO: refers to the practice of optimizing brand awareness (What Is Off-Page SEO? A Comprehensive Guide, 2022, Semrush).

    H1: HTML code that tells a search engine the title of the page (neilpatel.com).

    SEO Tool: A subscription-based all-in-one search engine optimization MarTech tool.

    Google's mission is to organize the world's information and make it universally accessible and useful… We believe Search should deliver the most relevant and reliable information available.
    – An excerpt from Google's mission statement

    Your Challenge

    Google makes over 4.5k algorithm changes per year1, directly impacting digital marketing search engine optimization efforts.

    Digital marketers with SEO problems will often see the following issues:

    • Keyword ranking – A decline in keyword ranking is alarming and results in decreased PageRank.
    • Bounce rate – Attracting the wrong audience to your site will increase the bounce rate because the H1 doesn't resonate with your audience.
    • Outdated keywords – Many companies are operating on a poor keyword strategy, or even worse, no keyword strategy. In addition, many marketers haven't updated their strategy to include pillar and cluster content.
    • Errors – Neglected sites often have a large number of errors.
    • Bad backlinks – Neglected sites often have a large number of toxic backlinks.

    The best place to hide a dead body is on page two of the search results.
    – Huffington Post

    Common Obstacles

    Digital marketers are responsible for developing and executing a competitive SEO strategy but increasingly encounter the following obstacles:

    • Inefficient and ineffective SEO practitioners.
    • Changing SEO technology and search engine algorithms.
    • Lack of understanding of the best-in-class SEO techniques.
    • Lack of a sustainable plan to manage the strategy and invest in SEO.

    SEO is a helpful activity when it's applied to people-first content. However, content created primarily for search engine traffic is strongly correlated with content that searchers find unsatisfying.
    – Google Search Central Blog

    Benefits of Proper SEO

    A good SEO keyword strategy will create long-term, sustainable SEO growth:

    • Write content for people, not algorithms – Good SEO prioritizes the needs of humans over the needs of computers, being ever thoughtful of the meaning of content and keywords.
    • Content that aligns with intent – Content and keyword intent will align with the buyer journey to help move prospects through the funnel.
    • Competitive keyword strategy – Find keyword white space for your brand. Keywords will be selected to optimize your ranking among competition with reasonable and sustainable targets.
    • Actionable and impactful fixes – By following the SoftwareReviews phases of SEO, you will be able to take a very large task and divide it into conquerable actions. Small improvements everyday lead to very large improvements over time.

    Digital Marketing SEO Stats

    61%
    61% of marketers believe that SEO is the key to online success.
    Source: Safari Digital

    437%
    Updating an existing title tag with an SEO optimised one can increase page clicks by more than 437%.
    Source: Safari Digital

    Good SEO Aligns With Search Intent

    What type of content is the user searching for? Align your keyword to the logical search objective.

    Informational

    This term categorizes search intent for when a user wants to inform or educate themselves on a specific topic.

    Commercial

    This term categorizes search intent for when a user wants to do research before making a purchase.

    Transactional

    This term categorizes search intent for when a user wants to purchase something.

    Navigational

    This term categorizes search intent for when a user wants to find a specific page.

    SoftwareReviews' Methodology toCreate an Effective SEO Strategy

    1. Competitive Analysis & Keyword Discovery 2. On-Page Keyword Optimization
    Phase Steps
    1. Make a list of keywords in your current SEO strategy – including search volume, keyword difficulty percentage, intent.
    2. Research the keywords of top competitors.
    3. Make a list of target keywords you would like to own – including the search volume, keyword difficulty percentage, and intent. Make sure that these keywords align with your buyer persona.
    1. List product and service pages, along with the URL and current ranking(s) for the keyword(s) for that URL.
    2. Create a new individual page strategy for each URL. Record the current keyword, rank, title tag, H1 tag, and meta description. Then, with keyword optimization in mind, develop the new title tag, new H1 tag, and new meta description. Build the target keywords into the pages and tags.
    3. Record the current ranking for the pages' keywords then reassess after three to six months.
    Phase Outcomes
    • Understanding of competitive landscape for SEO
    • A list of target new keywords
    • Keyword optimized product and service pages

    Guided Implementation

    What does a typical GI on this topic look like?

    Phase 1 Phase 2

    Call #1: Identify your current SEO keyword strategy.

    Call #2: Discuss how to start a competitive keyword analysis.

    Call #4: Discuss how to build the list of target keywords.

    Call #6: Discuss keyword optimization of the product & services pages.

    Call #8: (optional)

    Schedule a call to update every three to six months.

    Call #3: Discuss the results of the competitive keyword analysis.

    Call #5: Discuss which pages to update with new target keywords.

    Call #7: Review final page content and tags.

    Call #9: Schedule a call for SEO Phase 2: On-Page Technical Refinement.

    A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization.

    A typical GI is between 8 to 12 calls over the course of 1 to 2 months.

    Guided Implementation

    What does a typical GI on this topic look like?

    Phase 1 Phase 2

    Call #1: Identify your current SEO keyword strategy.

    Call #2: Discuss how to start a competitive keyword analysis.

    Call #4: Discuss how to build the list of target keywords.

    Call #6: Discuss keyword optimization of the product & services pages.

    Call #8: (optional)

    Schedule a call to update every three to six months.

    Call #3: Discuss the results of the competitive keyword analysis.

    Call #5: Discuss which pages to update with new target keywords.

    Call #7: Review final page content and tags.

    Call #9: Schedule a call for SEO Phase 2: On-Page Technical Refinement.

    A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization.

    A typical GI is between 8 to 12 calls over the course of 1 to 2 months.

    SoftwareReviews offers various levels of support to best suit your needs

    Included Within an Advisory Membership Optional Add-Ons
    DIY Toolkit Guided Implementation Workshop Consulting
    "Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful." "Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track." "We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place." "Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project."

    Insight Summary

    People-First Content

    Best-in-class SEO practitioners focus on people-first content, not computer-first content. Search engine algorithms continue to focus on how to rank better content first, and a strategy that moves your buyers through the funnel in a logical and cohesive way will beat any SEO trick over the long run.

    Find White Space

    A good SEO strategy uses competitive research to carve out white space and give them a competitive edge in an increasingly difficult ranking algorithm. An understanding of the ideal client profile and the needs of their buyer persona(s) sit as a pre-step to any good SEO strategy.

    Optimize On-Page Keywords

    By optimizing the on-page strategy with competitively relevant keywords that target your ideal client profile, marketers are able to take an easy first step at improving the SEO content strategy.

    Understand the Strategy

    If you don't understand the strategy of your SEO practitioner, you are in trouble. Marketers need to work hand in hand with their SEO specialists to quickly uncover gaps, create a strategy that aligns with the buyer persona(s), and execute the changes.

    Quality Trumps Quantity

    The quality of the prospect that your SEO efforts bring to your site is more important than the number of people brought to your site.

    Stop Here and Ask Yourself:

    • Do I have an updated (completed within the last two years) buyer persona and journey?
    • Do I know who the ICP (ideal client profile) is for my product or company?

    If not, stop here, and we can help you define your buyer persona and journey, as well as your ideal client profile before moving forward with SEO Phase 1.

    The Steps to SEO Phase 1

    The Keyword Strategy

    1. Current Keywords
      • Identify the keywords your SEO strategy is currently targeting.
    2. Competitive Analysis
      • Research the keywords of competitor(s). Identify keyword whitespace.
    3. New Target Keywords
      • Identify and rank keywords that will result in more quality leads and less competition.
    4. Product & Service Pages
      • Identify your current product and service pages. These pages represent the easiest content to update on your site.
    5. Individual Page Update
      • Develop an SEO strategy for each of your product and service pages, include primary target keyword, H1, and title tags, as well as keyword-rich description.

    Resources Needed for Search Engine Optimization

    Consider the working skills required for search engine optimization.

    Required Skills/Knowledge

    • SEO
    • Web development
    • Competitive analysis
    • Content creation
    • Understanding of buyer persona and journey
    • Digital marketing

    Suggested Titles

    • SEO Analyst
    • Competitive Intelligence Analyst
    • Content Marketing Manager
    • Website Developer
    • Digital Marketing Manager

    Digital Marketing Software

    • CMS that allows you to easily access and update your content

    SEO Software

    • SEO tool

    Step 1: Current Keywords

    Use this sheet to record your current keyword research.

    Use your SEO tool to research keywords and find the following:
    Use a quality tool like SEMRush to obtain SEO data.

    1. Keyword difficulty
    2. Search volume
    3. Search intent

    This is a screenshot of the SEO tool SEMRush, which can be used to identify current keywords.

    Step 2: Competitive Analysis

    Use this sheet to guide the research on your competitors' keywords.

    Use your SEO tool to find the following:

    1. Top organic keywords
    2. Ranking of keywords
    3. Domain authority and trust
    4. Position changes

    This is a screenshot of the SEO tool SEMRush, which can be used to perform an competitive analysis

    Step 3: New Target Keywords

    Use this sheet to record target keywords that have a good volume but are less competitive. The new target keywords should align with your buyer persona and their journey.

    Use your SEO tool to research keywords and find the following:
    Use a quality tool like SEMRush to obtain SEO data.

    1. Keyword difficulty
    2. Search volume
    3. Search intent

    This is a screenshot of the SEO tool SEMRush, which can be used to identify new target keywords.

    Step 4: Product & Service Pages

    Duplicate this page so that you have a separate page for each URL from Step 4

    Use this sheet to identify your current product and service pages.

    Use your SEO tool to find the following:

    1. Current rank
    2. Current keywords

    This is a screenshot of the SEO tool SEMRush, showing where you can display product and service pages.

    Step 5: Individual Page Strategy

    Develop a keyword strategy for each of your product and service pages. Use a fresh page for each URL.

    Date last optimized:
    mm/dd/yyyy

    This is a screenshot of the SEO tool SEMRush, with an example of how you can use an individual page strategy to develop a keyword strategy.

    Bibliography

    Council, Y. "Council Post: The Rundown On Black Hat SEO Techniques And Why You Should Avoid Them." Forbes, 2022. Accessed September 2022.

    "Our approach – How Google Search works." Google Search. Accessed September 2022.

    "The Best Place to Hide a Dead Body is Page Two of Google." HuffPost, 2022. Accessed September 2022.

    Patel, Neil. "How to Create the Perfect H1 Tag for SEO." neilpatel.com. Accessed September 2022.

    Schwartz, B. "Google algorithm updates 2021 in review: Core updates, product reviews, page experience and beyond." Search Engine Land, 2022. Accessed September 2022.

    Schwartz, B. "Google algorithm updates 2021 in review: Core updates, product reviews, page experience and beyond." Search Engine Land, 2022. Accessed September 2022.

    Manage an IT Budget

    • Buy Link or Shortcode: {j2store}70|cart{/j2store}
    • member rating overall impact: 8.0/10 Overall Impact
    • member rating average dollars saved: After each Info-Tech experience, we ask our members to quantify the real-time savings, monetary impact, and project improvements our research helped them achieve.
    • member rating average days saved: Read what our members are saying
    • Parent Category Name: Cost & Budget Management
    • Parent Category Link: /cost-and-budget-management
    • IT is viewed as a cost center without a clear understanding of the value it provides.
    • After completing the budget, the CIO is faced with changing expectations, disruptions, new risks, and new threats.
    • IT departments often lack a reliable budget management process to keep itself on track towards its budget goals.
    • Over budgeting risks credibility if projects are not all delivered, while under budgeting risks not being able to execute important projects.

    Our Advice

    Critical Insight

    • Managing your budget is not just about numbers; it’s also about people and processes. Better relationships and a proper process leads to better management of your budget. Understand how your relationships and current processes might be leveraged to manage your budget.
    • No one likes to be over budget, but being under budget isn’t necessarily good either. Coming in under budget may mean that you are not accomplishing the initiatives that you promised you would, reflecting poor job performance.

    Impact and Result

    • Implement a formal budget management process that documents your planned budget and actual expenditures, tracks variances, and responds to those variances to stay on track towards budget goals.
    • Manage the expectations of business stakeholders by communicating the links between IT spend and business value in a way that is easily understood by the business.
    • Control for under- or overspending by using Info Tech’s budget management tool and tactics.

    Manage an IT Budget Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to understand the increasing expectations for IT departments to better manage their budgets, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Document

    Create a streamlined documentation process that also considers the elements of people and technology.

    • Manage an IT Budget – Phase 1: Document
    • Manage Your IT Budget Tool

    2. Track

    Track your planned budget against actual expenditures to catch areas of over- and underspending in a timely manner.

    • Manage an IT Budget – Phase 2: Track

    3. Control

    Leverage control mechanisms to manage variances in your budget.

    • Manage an IT Budget – Phase 3: Control
    [infographic]

    Workshop: Manage an IT Budget

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Document Budget

    The Purpose

    The first step of managing your IT budget is to make sure there is a properly documented budget that everyone agrees upon.

    Key Benefits Achieved

    A properly documented budget facilitates management and communication of the budget.

    Activities

    1.1 Review budget for the year.

    1.2 Document each budget in the tool.

    1.3 Review CAPEX vs. OPEX.

    1.4 Customize accounts to match your organization.

    Outputs

    Budget broken out into monthly increments and by each account.

    Budget documented in tool.

    Tool customized to reflect organization's specific accounts and terminology.

    2 Optimize Documentation Process

    The Purpose

    A proper documentation process forms the backbone for effective budget management.

    Key Benefits Achieved

    A streamlined documentation process with accurate inputs that also considers the elements of people and technology.

    Activities

    2.1 Draw out process flow of current documentation.

    2.2 Identify bottlenecks.

    2.3 Discuss and develop roadmap to solving bottlenecks.

    Outputs

    Process flow of current documentation process with identified bottlenecks.

    Plan to mitigate bottlenecks.

    3 Track and Control for Over- and Underspending

    The Purpose

    Track your planned budget against actual expenditures to catch areas of over- and underspending in a timely manner. Then, leverage control mechanisms to manage variances in your budget.

    Key Benefits Achieved

    Tracking and controlling for variances will help the IT department stay on track towards its budget goals. It will also help with communicating IT’s value to the business.

    Activities

    3.1 Walk through the “Overview Bar.”

    3.2 Document actual expenses incurred in fiscal to date.

    3.3 Review the risk of over- and underspending.

    3.4 Use the reforecast column to control for over- and underspend.

    Outputs

    Assess the “Overview Bar.”

    Document actual expenditures and committed expenses up to the current date.

    Develop a strategy and roadmap for how you will mitigate any current under- or overspends.

    Reforecast expenditures for each account for each month for the remainder of the fiscal year.

    Govern Office 365

    • Buy Link or Shortcode: {j2store}52|cart{/j2store}
    • member rating overall impact: 9.5/10 Overall Impact
    • member rating average dollars saved: $21,473 Average $ Saved
    • member rating average days saved: 21 Average Days Saved
    • Parent Category Name: End-User Computing Applications
    • Parent Category Link: /end-user-computing-applications

    Exploring the enterprise collaboration marketspace is difficult. The difficulty in finding a suitable collaboration tool is that there are many ways to collaborate, with just as many tools to match.

    Our Advice

    Critical Insight

    Map your organizational goals to the administration features available in the Office 365 console. Your governance should reflect your requirements.

    Impact and Result

    The result is a defined plan for controlling Office 365 by leveraging hard controls to align Microsoft’s toolset with your needs and creating acceptable use policies and communication plans to highlight the impact of the transition to Office 365 on the end-user population.

    Govern Office 365 Research & Tools

    Start here – read the Executive Brief

    Understand the challenges posed by governing Office 365 and the necessity of deploying proper governance.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Define your organizational goals

    Develop a list of organizational goals that will enable you to leverage the Office 365 toolset to its fullest extent while also implementing sensible governance.

    • Govern Office 365 – Phase 1: Define Your Organizational Goals

    2. Control your Office 365 environment

    Use Info-Tech's toolset to build out controls for OneDrive, SharePoint, and Teams that align with your organizational goals as they relate to governance.

    • Govern Office 365 – Phase 2: Control Your Office 365 Environment
    • Office 365 Control Map
    • Microsoft Teams Acceptable Use Policy
    • Microsoft SharePoint Online Acceptable Use Policy
    • Microsoft OneDrive Acceptable Use Policy

    3. Communicate your results

    Communicate the results of your Office 365 governance program using Info-Tech's toolset.

    • Govern Office 365 – Phase 3: Communicate Your Results
    • Office 365 Communication Plan Template

    Infographic

    Workshop: Govern Office 365

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Define Goals

    The Purpose

    Develop a plan to assess the capabilities of the Office 365 solution and select licensing for the product.

    Key Benefits Achieved

    Office 365 capability assessment (right-size licensing)

    Acceptable Use Policies

    Mapped Office 365 controls

    Activities

    1.1 Review organizational goals.

    1.2 Evaluate Office 365 capabilities.

    1.3 Conduct the Office 365 capability assessment.

    1.4 Define user groups.

    1.5 Finalize licensing.

    Outputs

    List of organizational goals

    Targeted licensing decision

    2 Build Refined Governance Priorities

    The Purpose

    Leverage the Office 365 governance framework to develop and refined governance priorities.

    Build a SharePoint acceptable use policy and define SharePoint controls.

    Key Benefits Achieved

    Refined governance priorities

    List of SharePoint controls

    SharePoint acceptable use policy

    Activities

    2.1 Explore the Office 365 Framework.

    2.2 Conduct governance priorities refinement exercise.

    2.3 Populate the Office 365 control map (SharePoint).

    2.4 Build acceptable use policy (SharePoint).

    Outputs

    Refined governance priorities

    SharePoint control map

    Sharepoint acceptable use policy

    3 Control Office 365

    The Purpose

    Implement governance priorities for OneDrive and Teams.

    Key Benefits Achieved

    Clearly defined acceptable use policies for OneDrive and Teams

    List of OneDrive and Teams controls

    Activities

    3.1 Populate the Office 365 Control Map (OneDrive).

    3.2 Build acceptable use policy (OneDrive).

    3.3 Populate the Office 365 Control Map (Teams).

    3.4 Build acceptable use policy (Teams).

    Outputs

    OneDrive controls

    OneDrive acceptable use policy

    Teams controls

    Teams acceptable use policy

    4 SOW Walkthrough

    The Purpose

    Build a plan to communicate coming changes to the productivity environment.

    Key Benefits Achieved

    Communication plan covering SharePoint, Teams, and OneDrive

    Activities

    4.1 Build SharePoint one pager.

    4.2 Build OneDrive one pager.

    4.3 Build Teams one pager.

    4.4 Finalize communication plan.

    Outputs

    SharePoint one pager

    OneDrive one pager

    Teams one pager

    Overall finalized communication plan

    5 Communicate and Implement

    The Purpose

    Finalize deliverables and plan post-workshop communications.

    Key Benefits Achieved

    Completed Office 365 governance plan

    Finalized deliverables

    Activities

    5.1 Completed in-progress deliverables from previous four days.

    5.2 Set up review time for workshop deliverables and to discuss next steps.

    5.3 Validate governance with stakeholders.

    Outputs

    Completed acceptable use policies

    Completed control map

    Completed communication plan

    Completed licensing decision

    Modernize Your Corporate Website to Drive Business Value

    • Buy Link or Shortcode: {j2store}524|cart{/j2store}
    • member rating overall impact: 8.0/10 Overall Impact
    • member rating average dollars saved: $10,399 Average $ Saved
    • member rating average days saved: 10 Average Days Saved
    • Parent Category Name: Marketing Solutions
    • Parent Category Link: /marketing-solutions
    • Users are demanding more valuable web functionalities and improved access to your website services. They are expecting development teams to keep up with their changing needs.
    • The criteria of user acceptance and satisfaction involves more than an aesthetically pleasing user interface (UI). It also includes how emotionally attached the user is to the website and how it accommodates user behaviors.

    Our Advice

    Critical Insight

    Complication

    • Organizations are focusing too much on the UI when they optimize the user experience of their websites. The UI is only one of many components involved in successful websites with good user experience.
    • User experience (UX) is often an afterthought in development, risking late and costly fixes to improve end-user reception after deployment.

    Insights

    • Organizations often misinterpret UX as UI. In fact, UX incorporates both the functional and emotional needs of the user, going beyond the website’s UI.
    • Human behaviors and tendencies are commonly left out of the define and design phases of website development, putting user satisfaction and adoption at risk.

    Impact and Result

    • Gain a deep understanding of user needs and behaviors. Become familiar with the human behaviors, emotions, and pain points of your users in order to shortlist the design elements and website functions that will receive the highest user satisfaction.
    • Perform a comprehensive website review. Leverage satisfaction surveys, user feedback, and user monitoring tools (e.g. heat maps) to reveal high-level UX issues. Use these insights to drill down into the execution and composition of your website to identify the root causes of issues.
    • Incorporate modern UX trends in your design. New web technologies are continuously emerging in the industry to enhance user experience. Stay updated on today’s UX trends and validate their fit for the specific needs of your target audience.

    Modernize Your Corporate Website to Drive Business Value Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should modernize your website, review Info-Tech’s methodology, and discover the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Define UX requirements

    Reveal the opportunities to heighten the user experience of your website through a deep understanding of the behaviors, emotions, and needs of your end users in order to design a receptive and valuable website.

    • Modernize Your Corporate Website to Drive Business Value – Phase 1: Define UX Requirements
    • Website Design Document Template

    2. Design UX-driven website

    Design a satisfying and receptive website by leveraging industry best practices and modern UX trends and ensuring the website is supported with reliable and scalable data and infrastructure.

    • Modernize Your Corporate Website to Drive Business Value – Phase 2: Design UX-Driven Website
    [infographic]

    Workshop: Modernize Your Corporate Website to Drive Business Value

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Define Your UX Requirements

    The Purpose

    List the business objectives of your website.

    Describe your user personas, use cases, and user workflow.

    Identify current UX issues through simulations, website design, and system reviews.

    Key Benefits Achieved

    Strong understanding of the business goals of your website.

    Knowledge of the behaviors and needs of your website’s users.

    Realization of the root causes behind the UX issues of your website.

    Activities

    1.1 Define the business objectives for the website you want to optimize

    1.2 Define your end-user personas and map them to use cases

    1.3 Build your website user workflow

    1.4 Conduct a SWOT analysis of your website to drive out UX issues

    1.5 Gauge the UX competencies of your web development team

    1.6 Simulate your user workflow to identify the steps driving down UX

    1.7 Assess the composition and construction of your website

    1.8 Understand the execution of your website with a system architecture

    1.9 Pinpoint the technical reason behind your UX issues

    1.10 Clarify and prioritize your UX issues

    Outputs

    Business objectives

    End-user personas and use cases

    User workflows

    Website SWOT analysis

    UX competency assessment

    User workflow simulation

    Website design assessment

    Current state of web system architecture

    Gap analysis of web system architecture

    Prioritized UX issues

    2 Design Your UX-Driven Website

    The Purpose

    Design wireframes and storyboards to be aligned to high priority use cases.

    Design a web system architecture that can sufficiently support the website.

    Identify UX metrics to gauge the success of the website.

    Establish a website design process flow.

    Key Benefits Achieved

    Implementation of key design elements and website functions that users will find stimulating and valuable.

    Optimized web system architecture to better support the website.

    Website design process aligned to your current context.

    Rollout plan for your UX optimization initiatives.

    Activities

    2.1 Define the roles of your UX development team

    2.2 Build your wireframes and user storyboards

    2.3 Design the target state of your web environment

    2.4 List your UX metrics

    2.5 Draw your website design process flow

    2.6 Define your UX optimization roadmap

    2.7 Identify and engage your stakeholders

    Outputs

    Roles of UX development team

    Wireframes and user storyboards

    Target state of web system architecture

    List of UX metrics

    List of your suppliers, inputs, processes, outputs, and customers

    Website design process flow

    UX optimization rollout roadmap

    Enterprise Application Selection and Implementation

    • Buy Link or Shortcode: {j2store}29|cart{/j2store}
    • Related Products: {j2store}29|crosssells{/j2store}
    • member rating overall impact: 9.0/10
    • member rating average dollars saved: $37,356
    • member rating average days saved: 34
    • Parent Category Name: Applications
    • Parent Category Link: /applications

    The challenge

    • Large scale implementations are prone to failure. This is probably also true in your company. Typically large endeavors like this overrun the budget, are late to deliver, or are abandoned altogether. It would be best if you manage your risks when starting such a new project.

    Our advice

    Insight

    • Large-scale software implementations continue to fail at very high rates. A recent report by McKinsey & Company estimates that 66% go over budget, 33% over time, and 17% delivered less value than expected. Most companies will survive a botched implementation, but 17% threatened the existence of the company involved.
    • With all the knowledge sharing that we have today with oodles of data at our disposal, we should expect IT-providers to have clear, standardized frameworks to handle these implementations. But projects that overrun by more than 200% still occur more often than you may think.
    • When you solicit a systems integrator (SI), you want to equip yourself to manage the SI and not be utterly dependent on their methodology.

    Impact and results 

    • You can assume proper accountability for the implementation and avoid over-reliance on the systems integrator.
    • Leverage the collective knowledge and advice of additional IT professionals
    • Review the pitfalls and lessons learned from failed integrations.
    • Manage risk at every stage.
    • Perform a self-assessment at various stages of the integration path.

    The roadmap

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    Executive Summary

    Determine the rations for your implementation

    See if a custom-of-the-shelf process optimization makes sense.

    • Storyboard: Govern and Manage an Enterprise Software Implementation (ppt)

    Prepare

    Determine the right (level of) governance for your implementation.

    • Large Software Implementation Maturity Assessment Tool (xls)
    • Project Success Measurement Tool (xls)
    • Risk Mitigation Plan Template (xls)

    Plan and analyze

    Prepare for the overall implementation journey and gather your requirements. Then conduct a stage-gate assessment of this phase.

    • Project Phases Entry and Exit Criteria Checklist Tool (xls)
    • Project Lessons Learned Document (doc)

    Design, build and deploy

    Conduct a stage-gate assessment after every step below.

    • Make exact designs of the software implementation and ensure that all stakeholders and the integrator completely understand.
    • Build the solution according to the requirements and designs.
    • Thoroughly test and evaluate that the implementation meets your business expectations. 
    • Then deploy

    Initiate your roadmap

    Review your dispositions to ensure they align with your goals. 

    • Build an Application Rationalization Framework – Phase 4: Initiate Your Roadmap (ppt)
    • Disposition Prioritization Tool (xls)

    Key Metrics for Every CIO

    • Buy Link or Shortcode: {j2store}119|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Performance Measurement
    • Parent Category Link: /performance-measurement
    • As a CIO, you are inundated with data and information about how your IT organization is performing based on the various IT metrics that exist.
    • The information we receive from metrics is often just that – information. Rarely is it used as a tool to drive the organization forward.
    • CIO metrics need to consider the goals of key stakeholders in the organization.

    Our Advice

    Critical Insight

    • The top metrics for CIOs don’t have anything to do with IT.
    • CIOs should measure and monitor metrics that have a direct impact on the business.
    • Be intentional with the metric and number of metrics that you monitor on a regular basis.
    • Be transparent with your stakeholders on what and why you are measuring those specific metrics.

    Impact and Result

    • Measure fewer metrics, but measure those that will have a significant impact on how your deliver value to your organization.
    • Focus on the metrics that you can take action against, rather than simply monitor.
    • Ensure your metrics tie to your top priorities as a CIO.

    Key Metrics for Every CIO Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Key Metrics for Every CIO deck – The top metrics every CIO should measure and act on

    Leverage the top metrics for every CIO to help focus your attention and provide insight into actionable steps.

    • Key Metrics for Every CIO Storyboard
    [infographic]

    Further reading

    Key Metrics for Every CIO

    The top six metrics for CIOs – and they have very little to do with IT

    Analyst Perspective

    Measure with intention

    Be the strategic CIO who monitors the right metrics relevant to their priorities – regardless of industry or organization. When CIOs provide a laundry list of metrics they are consistently measuring and monitoring, it demonstrates a few things.

    First, they are probably measuring more metrics than they truly care about or could action. These “standardized” metrics become something measured out of expectation, not intention; therefore, they lose their meaning and value to you as a CIO. Stop spending time on these metrics you will be unable or unwilling to address.

    Secondly, it indicates a lack of trust in the IT leadership team, who can and should be monitoring these commonplace operational measures. An empowered IT leader will understand the responsibility they have to inform the CIO should a metric be derailing from the desired outcome.

    Photo of Brittany Lutes, Senior Research Analyst, Organizational Transformation Practice, Info-Tech Research Group. Brittany Lutes
    Senior Research Analyst
    Organizational Transformation Practice
    Info-Tech Research Group

    Executive Summary

    Your Challenge

    CIOs need to measure a set of specific metrics that:

    • Will support the organization’s vision, their career, and the IT function all in one.
    • Can be used as a tool to make informed decisions and take appropriate actions that will improve the IT function’s ability to deliver value.
    • Consider the influence of critical stakeholders, especially the end customer.
    • Are easily measured at any point in time.
    Common Obstacles

    CIOs often cannot define these metrics because:

    • We confuse the operational metrics IT leaders need to monitor with strategic metrics CIOs need to monitor.
    • Previously monitored metrics did not deliver value.
    • It is hard to decide on a metric that will prove both insightful and easily measurable.
    • We measure metrics without any method or insight on how to take actionable steps forward.
    Info-Tech’s Approach

    For every CIO, there are six areas that should be a focus, no matter your organization or industry. These six priorities will inform the metrics worth measuring:

    • Risk management
    • Delivering on business objectives
    • Customer satisfaction
    • Employee engagement
    • Business leadership relations
    • Managing to a budget

    Info-Tech Insight

    The top metrics for a CIO to measure and monitor have very little to do with IT and everything to do with ensuring the success of the business.

    Your challenge

    CIOs are not using metrics as a personal tool to advance the organization:
    • Metrics should be used as a tool by the CIO to help inform the future actions that will be taken to reach the organization’s strategic vision.
    • As a CIO, you need to have a defined set of metrics that will support your career, the organization, and the IT function you are accountable for.
    • CIO metrics must consider the most important stakeholders across the entire ecosystem of the organization – especially the end customer.
    • The metrics for a CIO are distinctly different from the metrics you use to measure the operational effectiveness of the different IT functions.
    “CIOs are businesspeople first and technology people second.” (Myles Suer, Source: CIO, 2019.)

    Common obstacles

    These barriers make this challenge difficult to address for many CIOs:
    • CIOs often do not measure metrics because they are not aware of what should or needs to be measured.
    • As a result of not wanting to measure the wrong thing, CIOs can often choose to measure nothing at all.
    • Or they get too focused on the operational metrics of their IT organization, leaving the strategic business metrics forgotten.
    • Moreover, narrowing the number of metrics that are being measured down to an actionable number is very difficult.
    • We rely only on physical data sets to help inform the measurements, not considering the qualitative feedback received.
    CIO priorities are business priorities

    46% of CIOs are transforming operations, focused on customer experiences and employee productivity. (Source: Foundry, 2022.)

    Finances (41.3%) and customers (28.1%) remain the top two focuses for CIOs when measuring IT effectiveness. All other focuses combine for the remaining 30.6%. (Source: Journal of Informational Technology Management, 2018.)

    Info-Tech’s approach

    Organizational goals inform CIO metrics

    Diagram with 'CIO Metrics' at the center surrounded by 'Directive Goals', 'Product/Service Goals', 'IT Goals', and 'Operations Goals', each of which are connected to eachother by 'Customers'.

    The Info-Tech difference:
    1. Every CIO has the same set of priorities regardless of their organization or industry given that these metrics are influenced by similar goals of organizations.
    2. CIO metrics are a tool to help inform the actions that will support each core area in reaching their desired goals.
    3. Be mindful of the goals different business units are using to reach the organization’s strategic vision – this includes your own IT goals.
    4. Directly or indirectly, you will always influence the ability to acquire and retain customers for the organization.

    CIO priorities

    MANAGING TO A BUDGET
    Reducing operational costs and increasing strategic IT spend.
    Table centerpiece for CIO Priorities. DELIVERING ON BUSINESS OBJECTIVES
    Aligning IT initiatives to the vision of the organization.
    CUSTOMER SATISFACTION
    Directly and indirectly impacting customer experience.
    EMPLOYEE ENGAGEMENT
    Creating an IT workforce of engaged and purpose-driven people.
    RISK MANAGEMENT
    Actively knowing and mitigating threats to the organization.
    BUSINESS LEADERSHIP RELATONS
    Establishing a network of influential business leaders.

    High-level process flow

    How do we use the CIO metrics?
    Process flow that starts at 'Consider - Identify and analyze CIO priorities', and is followed by 'Select priorities - Identify the top priorities for CIOs (see previous slide)', 'Create a measure - Determine a measure that aligns to each priority', 'Make changes & improvements - Take action to improve the measure and reach the goal you are trying to achieve', 'Demonstrate progress - Use the metrics to demonstrate progress against priorities'. Using priority-based metrics allows you to make incremental improvements that can be measured and reported on, which makes program maturation a natural process.

    Example CIO dashboard

    Example CIO dashboard.
    * Arrow indicates month-over-month trend

    Harness the value of metric data

    Metrics are rarely used accurately as a tool
    • When you have good metrics, you can:
      • Ensure employees are focused on the priorities of the organization
      • Have insight to make better decisions
      • Communicate with the business using language that resonates with each stakeholder
      • Increase the performance of your IT function
      • Continually adapt to meet changing business demands
    • Metrics are tools that quantifiably indicate whether a goal is on track to being achieved (proactive) or if the goal was successfully achieved (retroactive)
    • This is often reflected through two metric types:
      • Leading Metrics: The metric indicates if there are actions that should be taken in the process of achieving a desired outcome.
      • Lagging Metrics: Based on the desired outcome, the metric can indicate where there were successes or failures that supported or prevented the outcome from being achieved.
    • Use the data from the metrics to inform your actions. Do not collect this data if your intent is simply to know the data point. You must be willing to act.
    "The way to make a metric successful is by understanding why you are measuring it." (Jeff Neyland CIO)

    CIOs measure strategic business metrics

    Keep the IT leadership accountable for operational metrics
    • Leveraging the IT leadership team, empower and hold each leader accountable for the operational metrics specific to their functional area
    • As a CIO, focus on the metrics that are going to impact the business. These are often tied to people or stakeholders:
      • The customers who will purchase the product or service
      • The decision makers who will fund IT initiatives
      • The champions of IT value
      • The IT employees who will be driven to succeed
      • The owner of an IT risk event
    • By focusing on these priority areas, you can regularly monitor aspects that will have major business impacts – and be able to address those impacts.
    As a CIO, avoid spending time on operational metrics such as:
    • Time to deliver
    • Time to resolve
    • Project delivery (scope, time, money)
    • Application usage
    • User experiences
    • SLAs
    • Uptime/downtime
    • Resource costs
    • Ticket resolution
    • Number of phishing attempts
    Info-Tech Insight

    While operational metrics are important to your organization, IT leaders should be empowered and responsible for their management.

    SECTION 1

    Actively Managing IT Risks

    Actively manage IT risks

    The impact of IT risks to your organization cannot be ignored any further
    • Few individuals in an organization understand IT risks and can proactively plan for the prevention of those threats, making the CIO the responsible and accountable individual when it comes to IT risks – especially the components that tie into cybersecurity.
    • When the negative impacts of an IT threat event are translated into terms that can be understood and actioned by all in the organization, it increases the likelihood of receiving the sponsorship and funding support necessary.
    • Moreover, risk management can be used as a tool to drive the organization toward its vision state, enabling informed risk decisions.

    Risk management metric:

    Number of critical IT threats that were detected and prevented before impact to the organization.

    Beyond risk prevention
    Organizations that have a clear risk tolerance can use their risk assessments to better inform their decisions.
    Specifically, taking risks that could lead to a high return on investment or other key organizational drivers.

    Protect the organization from more than just cyber threats

    Other risk-related metrics:
    • Percentage of IT risks integrated into the organization’s risk management approach.
    • Number of risk management incidents that were not identified by your organization (and the potential financial impact of those risks).
    • Business satisfaction with IT actions to reduce impact of negative IT risk events.
    • Number of redundant systems removed from the organizations portfolio.
    Action steps to take:
    • Create a risk-aware culture, not just with IT folks. The entire organization needs to understand how IT risks are preventable.
    • Clearly demonstrate the financial and reputational impact of potential IT risks and ensure that this is communicated with decision-makers in the organization.
    • Have a single source of truth to document possible risk events and report prevention tactics to minimize the impact of risks.
    • Use this information to recommend budget changes and help make risk-informed decisions.

    49%

    Investing in Risk

    Heads of IT “cited increasing cybersecurity protections as the top business initiative driving IT investments this year” (Source: Foundry, 2022.)

    SECTION 2

    Delivering on Business Objectives

    Delivering on business objectives

    Deliver on initiatives that bring value to your organization and stop benchmarking
    • CIOs often want to know how they are performing in comparison to their competitors (aka where do you compare in the benchmarking?)
    • While this is a nice to know, it adds zero value in demonstrating that you understand your business, let alone the goals of your business
    • Every organization will have a different set of goals it is striving toward, despite being in the same industry, sector, or market.
    • Measuring your performance against the objectives of the organization prevents CIOs from being more technical than it would do them good.

    Business Objective Alignment Metric:

    Percentage of IT metrics have a direct line of impact to the business goals

    Stop using benchmarks to validate yourself against other organizations. Benchmarking does not provide:
    • Insight into how well that organization performed against their goals.
    • That other organizations goals are likely very different from your own organization's goals.
    • It often aggregates the scores so much; good and bad performers stop being clearly identified.

    Provide a clear line of sight from IT metrics to business goals

    Other business alignment metrics:
    • Number of IT initiatives that have a significant impact on the success of the organization's goals.
    • Number of IT initiatives that exceed the expected value.
    • Positive impact ($) of IT initiatives on driving business innovation.
    Action steps to take:
    • Establish a library or dashboard of all the metrics you are currently measuring as an IT organization, and align each of them to one or more of the business objectives your organization has.
    • Leverage the members of the organization’s executive team to validate they understand how your metric ties to the business objective.
    • Any metric that does not have a clear line of sight should be reconsidered.
    • IT metrics should continue to speak in business terms, not IT terms.

    50%

    CIOs drive the business

    The percentage of CEOs that recognize the CIO as the main driver of the business strategy in the next 2-3 years. (Source: Deloitte, 2020.)

    SECTION 3

    Impact on Customer Satisfaction

    Influencing end-customer satisfaction

    Directly or indirectly, IT influences how satisfied the customer is with their product or service
    • Now more than ever before, IT can positively influence the end-customer’s satisfaction with the product or service they purchase.
    • From operational redundancies to the customer’s interaction with the organization, IT can and should be positively impacting the customer experience.
    • IT leaders who take an interest in the customer demonstrate that they are business-focused individuals and understand the intention of what the organization is seeking to achieve.
    • With the CIO role becoming a strategic one, understanding why a customer would or would not purchase your organization’s product or service stops being a “nice to have.”

    Customer satisfaction metric:

    What is the positive impact ($ or %) of IT initiatives on customer satisfaction?

    Info-Tech Insight

    Be the one to suggest new IT initiatives that will impact the customer experience – stop waiting for other business leaders to make the recommendation.

    Enhance the end-customer experience with I&T

    Other customer satisfaction metrics:
    • Amount of time CIO spends interacting directly with customers.
    • Customer retention rate.
    • Customer attraction rate.
    Action steps to take:
    • Identify the core IT capabilities that support customer experience. Automation? Mobile application? Personal information secured?
    • Suggest an IT-supported or-led initiative that will enhance the customer experience and meet the business goals. Retention? Acquisition? Growth in spend?
    • This is where operational metrics or dashboards can have a real influence on the customer experience. Be mindful of how IT impacts the customer journey.

    41%

    Direct CX interaction

    In 2022, 41% of IT heads were directly interacting with the end customer. (Source: Foundry, 2022.)

    SECTION 4

    Keeping Employees Engaged

    Keeping employees engaged

    This is about more than just an annual engagement survey
    • As a leader, you should always have a finger on the pulse of how engaged your employees are
    • Employee engagement is high when:
      • Employees have a positive disposition to their place of work
      • Employees are committed and willing to contribute to the organization's success
    • Employee engagement comprises three types of drivers: organizational, job, and retention. As CIO, you have a direct impact on all three drivers.
    • Providing employees with a positive work environment where they are empowered to complete activities in line with their desired skillset and tied to a clear purpose can significantly increase employee engagement.

    Employee engagement metric:

    Number of employees who feel empowered to complete purposeful activities related to their job each day

    Engagement leads to increases in:
    • Innovation
    • Productivity
    • Performance
    • Teamwork
    While reducing costs associated with high turnover.

    Employees daily tasks need to have purpose

    Other employee engagement metrics:
    • Tenure of IT employees at the organization.
    • Number of employees who seek out or use a training budget to enhance their knowledge/skills.
    • Degree of autonomy employees feel they have in their work on a daily basis.
    • Number of collaboration tools provided to enable cross-organizational work.
    Action steps to take:
    • If you are not willing to take actionable steps to address engagement, don’t bother asking employees about it.
    • Identify the blockers to empowerment. Common blockers include insufficient team collaboration, bureaucracy, inflexibility, and feeling unsupported and judged.
    • Ensure there is a consistent understanding of what “purposeful” means. Are you talking about “purposeful” to the organization or the individual?
    • Provide more clarity on what the organization’s purpose is and the vision it is driving toward. Just because you understand does not mean the employees do.

    26%

    Act on engagement

    Only 26% of leaders actually think about and act on engagement every single day. (Source: SHRM, 2022.)

    SECTION 5

    Establishing Trusted Business Relationships

    Establishing trusted business partnerships

    Leverage your relationships with other C-suite executives to demonstrate IT’s value
    • Your relationship with other business peers is critical – and, funny enough, it is impacted by the use of good metrics and data.
    • The performance of your IT team will be recognized by other members of the executive leadership team (ELT) and is a direct reflection of you as a leader.
    • A good relationship with the ELT can alleviate issues if concerns about IT staff surface.
      • Of the 85% of IT leaders working on transformational initiatives, only 30% are trying to cultivate an IT/business partnership (Foundry, 2022).
    • Don’t let other members of the organizations ELT overlook you or the value IT has. Build the key relationships that will drive trust and partnerships.

    Business leadership relationship metric:

    Ability to influence business decisions with trusted partners.

    Some key relationships that are worth forming with other C-suite executives right now include:
    • Chief Sustainability Officer
    • Chief Revenue Officer
    • Chief Marketing Officer
    • Chief Data Officer

    Influence business decisions with trusted partners

    Other business relations metrics:
    • The frequency with which peers on the ELT complain about the IT organization to other ELT peers.
    • Percentage of business leaders who trust IT to make the right choices for their accountable areas.
    • Number of projects that are initiated with a desired solution versus problems with no desired solution.
    Action steps to take:
    • From lunch to the boardroom, it is important you make an effort to cultivate relationships with the other members of the ELT.
    • Identify who the most influential members of the ELT are and what their primary goals or objectives are.
    • Follow through on what you promise you will deliver – if you do not know, do not promise it!
    • What will work for one member of the ELT will not work for another – personalize your approach.

    60%

    Enterprise-wide collaboration

    “By 2023, 60% of CIOs will be primarily measured for their ability to co-create new business models and outcomes through extensive enterprise and ecosystem-wide collaboration.” (Source: IDC, 2021.)

    SECTION 6

    Managing to a Budget

    Managing to a budget

    Every CIO needs to be able to spend within budget while increasing their strategic impact
    • From security, to cloud, to innovating the organization's products and services, IT has a lot of initiatives that demand funds and improve the organization.
    • Continuing to demonstrate good use of the budget and driving value for the organization will ensure ongoing recognition in the form of increased money.
    • 29% of CIOs indicated that controlling costs and expense management was a key duty of a functional CIO (Foundry, 2022).
    • Demonstrating the ability to spend within a defined budget is a key way to ensure the business trusts you.
    • Demonstrating an ability to spend within a defined budget and reducing the cost of operational expenses while increasing spend on strategic initiatives ensures the business sees the value in IT.

    Budget management metric:

    Proportion of IT budget that is strategic versus operational.

    Info-Tech Insight

    CIOs need to see their IT function as its own business – budget and spend like a CEO.

    Demonstrate IT’s ability to spend strategically

    Other budget management metrics:
    • Cost required to lead the organization through a digital transformation.
    • Reduction in operational spend due to retiring legacy solutions.
    • Percentage of budget in the run, grow, and transform categories.
    • Amount of money spent keeping the lights on versus investing in new capabilities.

    Action steps to take:

    • Consider opportunities to automate processes and reduce the time/talent required to spend.
    • Identify opportunities and create the time for resources to modernize or even digitize the organization to enable a better delivery of the products or services to the end customer.
    • Review the previous metrics and tie it back to running the business. If customer satisfaction will increase or risk-related threats decrease through an initiative IT is suggesting, you can make the case for increased strategic spend.

    90%

    Direct CX interaction

    Ninety percent of CIOs expect their budget to increase or remain the same in their next fiscal year. (Source: Foundry, 2022.)

    Research contributors and experts

    Photo of Jeff Neyland. Jeff Neyland
    Chief Information Officer – University of Texas at Arlington
    Photo of Brett Trelfa. Brett Trelfa
    SVP and CIO – Arkansas Blue Cross Blue Shield
    Blank photo template. Lynn Fyhrlund
    Chief Information Officer – Milwaukee County Department of Administrative Services

    Info-Tech Research Group

    Vicki Van Alphen Executive Counselor Ibrahim Abdel-Kader Research Analyst
    Mary Van Leer Executive Counselor Graham Price Executive Counselor
    Jack Hakimian Vice President Research Valence Howden Principal Research Director
    Mike Tweedie CIO Practice Lead Tony Denford Organization Transformation Practice Lead

    Related Info-Tech Research

    Sample of the 'IT Metrics Library'. IT Metrics Library
    • Use this tool to review commonly used KPIs for each practice area
    • Identify KPI owners, data sources, baselines, and targets. It also suggests action and research for low-performing KPIs.
    • Use the "Action Plan" tab to keep track of progress on actions that were identified as part of your KPI review.
    Sample of 'Define Service Desk Metrics That Matter'. Define Service Desk Metrics That Matter
    • Consolidate your metrics and assign context and actions to those currently tracked.
    • Establish tension metrics to see and tell the whole story.
    • Split your metrics for each stakeholder group. Assign proper cadences for measurements as a first step to building an effective dashboard.
    Sample of 'CIO Priorities 2022'. CIO Priorities 2022
    • Understand how to respond to trends affecting your organization.
    • Determine your priorities based on current state and relevant internal factors.
    • Assign the right resources to accomplish your vision.
    • Consider what new challenges outside of your control will demand a response.

    Bibliography

    “Developing and Sustaining Employee Engagement.” SHRM, 2022.

    Dopson, Elise. “KPIs Vs. Metrics: What’s the Difference & How Do You Measure Both?” Databox, 23 Jun. 2021.

    Shirer, Michael, and Sarah Murray. “IDC Unveils Worldwide CIO Agenda 2022 Predictions.” IDC, 27 Oct. 2021.

    Suer, Myles. “The Most Important Metrics to Drive IT as a Business.” CIO, 19 Mar. 2019.

    “The new CIO: Business Savvy.” Deloitte Insights. Deloitte, 2020.

    “2022 State of the CIO: Rebalancing Act: CIO’s Operational Pandemic-Era Innovation.” Foundry, 2022.

    “Why Employee Engagement Matters for Leadership at all Levels.” Walden University, 20 Dec. 2019.

    Zhang, Xihui, et al. “How to Measure IT Effectiveness: The CIO’s Perspective.” Journal of Informational Technology Management, 29(4). 2018.

    Maintain Employee Engagement During the COVID-19 Pandemic

    • Buy Link or Shortcode: {j2store}548|cart{/j2store}
    • member rating overall impact: 10.0/10 Overall Impact
    • member rating average dollars saved: $12,399 Average $ Saved
    • member rating average days saved: 5 Average Days Saved
    • Parent Category Name: Engage
    • Parent Category Link: /engage
    • The uncertainty of the pandemic means that employee engagement is at higher risk.
    • Organizations need to think beyond targeting traditional audiences by considering engagement of onsite, remote, and laid-off employees.

    Our Advice

    Critical Insight

    • The changing way of work triggered by this pandemic means engagement efforts must be easy to implement and targeted for relevant audiences.

    Impact and Result

    • Identify key drivers to leverage during the pandemic to boost engagement as well as at-risk drivers to focus efforts on.
    • Select quick-win tactics to sustain and boost engagement for relevant target audiences.

    Maintain Employee Engagement During the COVID-19 Pandemic Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Determine the scope

    Evaluate the current state, stakeholder capacity, and target audience of engagement actions.

    • Maintain Employee Engagement During the COVID-19 Pandemic Storyboard
    • Pandemic Engagement Workbook

    2. Identify engagement drivers

    Review impact to engagement drivers in order to prioritize and select tactics for addressing each.

    • Tactics Catalog: Maintain Employee Engagement During the COVID-19 Pandemic
    • Employee Engagement During COVID-19: Manager Tactics

    3. Determine ownership and communicate engagement actions

    Designate owners of tactics, select measurement tools and cadence, and communicate engagement actions.

    • Crisis Communication Guide for HR
    • Crisis Communication Guide for Leaders
    • Leadership Crisis Communication Guide Template
    • HR Action and Communication Plan
    [infographic]

    Implement an IT Chargeback System

    • Buy Link or Shortcode: {j2store}71|cart{/j2store}
    • member rating overall impact: 8.0/10 Overall Impact
    • member rating average dollars saved: After each Info-Tech experience, we ask our members to quantify the real-time savings, monetary impact, and project improvements our research helped them achieve.
    • member rating average days saved: Read what our members are saying
    • Parent Category Name: Cost & Budget Management
    • Parent Category Link: /cost-and-budget-management
    • Business units voraciously consume IT services and don’t understand the actual costs of IT. This is due to lack of IT cost transparency and business stakeholder accountability for consumption of IT services.
    • Business units perceive IT costs as uncompetitive, resulting in shadow IT and a negative perception of IT.
    • Business executives have decided to implement an IT chargeback program and IT must ensure the program succeeds.

    Our Advice

    Critical Insight

    Price IT services so that business consumers find them meaningful, measurable, and manageable:

    • The business must understand what they are being charged for. If they can’t understand the value, you’ve chosen the wrong basis for charge.
    • Business units must be able to control and track their consumption levels, or they will feel powerless to control costs and you’ll never attain real buy-in.

    Impact and Result

    • Explain IT costs in ways that matter to the business. Instead of focusing on what IT pays for, discuss the value that IT brings to the business by defining IT services and how they serve business users.
    • Develop a chargeback model that brings transparency to the flow of IT costs through to business value. Demonstrate how a good chargeback model can bring about fair “pay-for-value” and “pay-for-what-you-use” pricing.
    • Communicate IT chargeback openly and manage change effectively. Business owners will want to know how their profit and loss statements will be affected by the new pricing model.

    Implement an IT Chargeback System Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should implement an IT chargeback program, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Launch

    Make the case for IT chargeback, then assess the financial maturity of the organization and identify a pathway to success. Create a chargeback governance model.

    • Implement IT Chargeback – Phase 1: Launch
    • IT Chargeback Kick-Off Presentation

    2. Define

    Develop a chargeback model, including identifying user-facing IT services, allocating IT costs to services, and setting up the chargeback program.

    • Implement IT Chargeback – Phase 2: Define
    • IT Chargeback Program Development & Management Tool

    3. Implement

    Communicate the rollout of the IT chargeback model and establish a process for recovering IT services costs from business units.

    • Implement IT Chargeback – Phase 3: Implement
    • IT Chargeback Communication Plan
    • IT Chargeback Rollout Presentation
    • IT Chargeback Financial Presentation

    4. Revise

    Gather and analyze feedback from business owners, making necessary modifications to the chargeback model and communicating the implications.

    • Implement IT Chargeback – Phase 4: Revise
    • IT Chargeback Change Communication Template
    [infographic]

    Workshop: Implement an IT Chargeback System

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Kick-Off IT Chargeback

    The Purpose

    Make the case for IT chargeback.

    Identify the current and target state of chargeback maturity.

    Establish a chargeback governance model.

    Key Benefits Achieved

    Investigated the benefits and challenges of implementing IT chargeback.

    Understanding of the reasons why traditional chargeback approaches fail.

    Identified the specific pathway to chargeback success.

    Activities

    1.1 Investigate the benefits and challenges of implementing IT chargeback

    1.2 Educate business owners and executives on IT chargeback

    1.3 Identify the current and target state of chargeback maturity

    1.4 Establish chargeback governance

    Outputs

    Defined IT chargeback mandate

    IT chargeback kick-off presentation

    Chargeback maturity assessment

    IT chargeback governance model

    2 Develop the Chargeback Model

    The Purpose

    Develop a chargeback model.

    Identify the customers and user-facing services.

    Allocate IT costs.

    Determine chargeable service units.

    Key Benefits Achieved

    Identified IT customers.

    Identified user-facing services and generated descriptions for them.

    Allocated IT costs to IT services.

    Identified meaningful, measurable, and manageable chargeback service units.

    Activities

    2.1 Identify user-facing services and generate descriptions

    2.2 Allocate costs to user-facing services

    2.3 Determine chargeable service units and pricing

    2.4 Track consumption

    2.5 Determine service charges

    Outputs

    High-level service catalog

    Chargeback model

    3 Communicate IT Chargeback

    The Purpose

    Communicate the implementation of IT chargeback.

    Establish a process for recovering the costs of IT services from business units.

    Share the financial results of the charge cycle with business owners.

    Key Benefits Achieved

    Managed the transition to charging and recovering the costs of IT services from business units.

    Communicated the implementation of IT chargeback and shared the financial results with business owners.

    Activities

    3.1 Create a communication plan

    3.2 Deliver a chargeback rollout presentation

    3.3 Establish a process for recovering IT costs from business units

    3.4 Share the financial results from the charge cycle with business owners

    Outputs

    IT chargeback communication plan

    IT chargeback rollout presentation

    IT service cost recovery process

    IT chargeback financial presentation

    4 Review the Chargeback Model

    The Purpose

    Gather and analyze feedback from business owners on the chargeback model.

    Make necessary modifications to the chargeback model and communicate implications.

    Key Benefits Achieved

    Gathered business stakeholder feedback on the chargeback model.

    Made necessary modifications to the chargeback model to increase satisfaction and accuracy.

    Managed changes by communicating the implications to business owners in a structured manner.

    Activities

    4.1 Address stakeholder pain points and highly disputed costs

    4.2 Update the chargeback model

    4.3 Communicate the chargeback model changes and implications to business units

    Outputs

    Revised chargeback model with business feedback, change log, and modifications

    Chargeback change communication

    Formalize Your Digital Business Strategy

    • Buy Link or Shortcode: {j2store}101|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Innovation
    • Parent Category Link: /innovation

    Your organization already has a digital strategy, but there is a lack of understanding of what digital means across the enterprise. Digital investments have been made in the past but failed to yield or demonstrate business value. Given the pace of change, the current digital strategy is outdated, and new digital opportunities need to be identified to inform the technology innovation roadmap.

    Our Advice

    Critical Insight

    Turn your digital strategy into a compelling change story that will create a unified vision of how you want to transform your business.

    Impact and Result

    • Identify new digitally enabled growth opportunities.
    • Understand which digital ideas yield the biggest return and the value they generate for the organization.
    • Understand the impact of opportunities on your business capabilities.
    • Map a customer journey to identify opportunities to transform stakeholder experiences.

    Formalize Your Digital Business Strategy Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Formalize Your Digital Business Strategy – a document that walks you through a series of activities to help brainstorm and ideate on possible new digital opportunities as an input into building your business case for a new IT innovation roadmap.

    Knowing which digital opportunities create the greatest business value requires a structured approach to ideate, prioritize, and understand the value they create for the business to help inform the creation of your business case for investment approval.

    • Formalize Your Digital Strategy Storyboard

    Infographic

    Further reading

    Formalize Your Digital Business Strategy

    Stay relevant in an evolving digital economy

    Executive Summary

    Your Challenge

    Common Obstacles

    Solution

    • Since 2020, the environment has been volatile, leading many CIOs to rethink their priorities and strategies.
    • The organization already has a digital strategy, but there is a lack of understanding of what digital means across the enterprise.
    • Digital investments have been made but fail to demonstrate the business value.
    • The current digital strategy was developed in isolation and failed to garner consensus on a common understanding of the digital vision from across the business.
    • CIOs struggle to understand what existing capabilities need to transform or what new digital capabilities are needed to support the digital ambitions.
    • The existing Digital Strategy is synonymous with the IT Strategy.
    • Identify new digitally enabled growth opportunities.
    • Understand which digital ideas yield the biggest return and the value they generate for the organization.
    • Understand the impact of opportunities on your business capabilities.
    • Map the customer journey to identify opportunities to transform the stakeholder experience.

    Info-Tech Insight

    Turn your existing digital strategy into a compelling change story that will create a unified vision of how you want to transform your business.

    Info-Tech’s Digital Transformation Journey

    Your journey: An IT roadmap for your Digital Business Strategy

    The image contains a screenshot of Info-Tech's Digital Transformation Journey.

    By now, you understand your current business context and capabilities

    The image contains a screenshot of the IT roadmap for your Digital Business Strategy.

    By this point you have leveraged industry roundtables to better understand the art of the possible, exploring global trends, shifts in market forces, customer needs, emerging technologies, and economic forecasts to establish your business objectives and innovation goals.

    Now you need to formalize digital business strategy.

    Phase 1: Industry Trends Report

    The image contains a screenshot of phase 1 industry trends report.

    Phase 2: Digital Maturity Assessment

    The image contains a screenshot of phase 2 digital maturity assessment.

    Phase 3: Zero-In on Business Objectives

    The image contains a screenshot of phase 3 Zero-in on business objectives.

    Business and innovation goals are established through stakeholder interviews and a heatmap of your current capabilities for transformation.

    Since 2020, market dynamics have forced organizations to reassess their strategies

    The unprecedented pace of global disruptions has become both a curse and a silver lining for many CIOs. The ability to maximize the value of digital will be vital to remain relevant in the new digital economy.

    The image contains a screenshot of an image that demonstrates how market dynamics force organizations to reassess their strategies.

    Formalize your digital strategy to address industry trends and market dynamics

    The goal of this phase is to ensure the scope of the current digital strategy reflects the right opportunities to allocate capital to resources, assets, and capabilities to drive strategic growth and operational efficiency.

    There are three key activities outlined in this deck that that can be undertaken by industry members to help evolve their current digital business strategy.

    1. Identify New Digitally Enabled Growth Opportunities
      • Host an ideation session to identify new leapfrog ideas
      • Discuss assumptions, value drivers, and risks
      • Translate ideas into opportunities and consolidate
    2. Evaluate New Digital Opportunities and Business Capabilities
      • Build an opportunity profile
      • Identify business capabilities for transformation
    3. Transform Stakeholder Journeys
      • Understand the impact of opportunities on value-chains
      • Identify stakeholder personas
      • Build a stakeholder journey map
      • Compile your new list of digital opportunities
    The image contains a screenshot of Formalize your digital business strategy.

    Info-Tech’s approach

    1. Identify New Digital Opportunities
      • Conduct an ideation session
      • Identify leapfrog ideas from trends
      • Evaluate each leapfrog idea to define opportunity
    2. Evaluate Opportunities and Business Capabilities
      • Build Opportunity Profile
      • Understand the impact of opportunities on business capabilities
    3. Transform Stakeholder Journeys
      • Analyze value chains
      • Map your Stakeholder Journey
      • Breakdown opportunities into initiatives

    Overview of Key Activities

    Formalize your digital business strategy

    Methodology

    Members Engaged

    • CIO
    • Business Executives

    Info-Tech

    • Industry Analyst
    • Executive Advisor

    Phase 1: New Digital Opportunities

    Phase 2: Evaluate Opportunities and Business Capabilities

    Phase 3: Transform Stakeholder Journeys

    Content Leveraged

    • Digital Business Strategy blueprint
    • Client’s Business Architecture
    1. Hold an ideation session with business executives.
      • Review relevant reports on industry trends, market shifts, and emerging technologies.
      • Establish guiding principles for digital transformation.
      • Leverage a trend-analysis approach to determine the most impactful and relevant trends.
      • From tends, elicit leapfrog ideas for growth opportunities.
      • For each idea, engage in discussion on assumptions, value drivers, benefits, and risks.
    1. Create opportunity profiles.
      • Evaluate each opportunity to determine if it is important to turn into initiatives
    2. Evaluate the impact of opportunities on your business capabilities.
      • Leverage a value-chain analysis to assess the impact of the opportunity across value chains in order to understand the impact across your business capabilities.
    1. Map stakeholder journey:
      • Identify stakeholder personas
      • Identify one journey scenario
      • Map stakeholder journey
      • Consolidate opportunities
    2. Breakdown opportunities into actional initiatives
      • Brainstorm priority initiatives against opportunities.

    Deliverable:

    Client’s Digital Business Strategy

    Phase 1: Deliverable

    1. Compiled list of leapfrog ideas for new growth opportunities

    Phase 2: Deliverables

    1. Opportunity Profile
    2. Business Capability Impact

    Phase 3: Deliverables

    1. Opportunity Profile
    2. Business Capability Impact

    Glossary of Terms

    LEAPFROG IDEAS

    The concept was originally developed in the area of industrial organizations and economic growth. Leapfrogging is the notion that organizations can identify opportunities to skip one or several stages ahead of their competitors.

    DIGITAL OPPORTUNITIES

    Opening of new possibilities to transform or change your business model and create operational efficiencies and customer experiences through the adoption of digital platforms, solutions, and capabilities.

    INITIATIVES

    Breakdown of opportunities into actionable initiatives that creates value for organizations through new or changes to business models, operational efficiencies, and customer experiences.

    1. LEAPFROG IDEAS:
      • Precision medicine
    2. DIGITAL OPPORTUNITY:
      • Machine Learning to sniff out pre-cancer cells
    3. INITIATIVES:
      1. Define genomic analytics capabilities and recruit
      2. Data quality and cleansing review
      3. Implement Machine Learning SW

    Identify Digitally Enabled Opportunities

    Host an ideation session to turn trends into growth opportunities with new leapfrog ideas.

    Phase 1Phase 2Phase 3

    Identify New Digitally Enabled Opportunities

    Evaluate Opportunities and Business Capabilities

    Transform Stakeholder Journeys

    Phase 1

    Host an Ideation Session to Identify New Digital Opportunities

    1.1

    IDENTIFY AND ASSEMBLE YOUR KEY STAKEHOLDERS

    Build support and eliminate blind spots

    It is important to make sure the right stakeholders participate in this working group. Designing a digital strategy will require debate, insights, and business decisions from a broad perspective across the enterprise. The focus is on the value to be generated from digital.

    Consider:

    • Who are the decision makers and key influencers?
    • Who will impact the business?
    • Who has a vested interest in the success or failure of the practice? Who has the skills and competencies necessary to help you be successful?

    Avoid:

    • Don’t focus on the organizational structure and hierarchy. Often stakeholder groups don’t fit the traditional structure.
    • Don’t ignore subject matter experts on either the business or IT side. You will need to consider both.
    1.2

    ESTABLISH GUIDING PRINCIPLES

    Define the guardrails to focus your ideas

    All ideas are great until you need one that works. Establish guiding principles that will help you establish the perimeters for turning big ideas into opportunities.

    Consider:

    • Focus on the breadth and alignment to support business objectives
    • This should help narrow conceptual ideas into actionable initiatives

    Avoid:

    • Don’t recreate the corporate guiding principles
    • Focus on what will help define strategic growth opportunities and operational efficiencies
    1.3

    LEVERAGE STRATEGIC FORESIGHT TO IDENTIFY LEAPFROG IDEAS

    Create space to elicit “big ideas”

    Leverage industry roundtables and trend reports imagining how digital solutions can help drive strategic growth and operational efficiency. Brainstorm new opportunities and discuss their viability to create value and better experiences for your stakeholders.

    Consider:

    • Accelerate this exercise by leveraging stakeholder insights from:
      • Your corporate strategy and financial plan
      • Outputs from stakeholder interviews
      • Market research

    Avoid:

    • Don’t simply go with the existing documented strategic objectives for the business. Ensure they are up to date and interview the decision makers to validate their perspectives if needed.

    Host an Ideation Session

    Identify digitally enabled opportunities

    Industry Roundtables and Trend Reports

    Industry Trends Report

    The image contains a screenshot of phase 1 industry trends report.

    Business Documents

    The image contains a screenshot of Business Documents.

    Digital Maturity Assessment

    The image contains a screenshot of phase 2 digital maturity assessment.

    Activity: 2-4 hours

    Members Engaged

    • CIO
    • Business Executives

    Info-Tech

    • Industry Analyst
    • Executive Advisor

    Hold a visioning session with key business executives (e.g., CIO, CEO, CFO, CCO, and COO) and others as needed. Here is a proposed agenda of activities for the ideation session:

    1. Leverage current trend reports and relevant emerging trend reports, market analysis, and customer research to envision future possibilities.
    2. Establish guiding principles for defining your digital strategy and scope.
    3. Leverage insights from trend reports and market analysis to generate leapfrog ideas that can be turned into opportunities.
    4. For each leapfrog idea, engage in a discussion on assumptions, value drivers, benefits, and risks.

    Content Leveraged

    • Digital Trends Report
    • Industry roundtables and trend reports
    • Digital Maturity Assessment
    • Digital Business Strategy v1.0

    Deliverable:

    1. Guiding principles
    2. Strategic growth opportunities

    1.1 Executive Stakeholder Engagement

    Assemble Executive Stakeholders

    Set yourself up for success with these three steps.

    CIOs tasked with designing digital strategies must add value to the business. Given the goal of digital is to transform the business, CIOs will need to ensure they have both the mandate and support from the business executives.

    Designing the digital strategy is more than just writing up a document. It is an integrated set of business decisions to create a competitive advantage and financial returns. Establishing a forum for debates, decisions, and dialogue will increase the likelihood of success and support during execution.

    1. Confirm your role

    2. Identify Stakeholders

    3. Diverse Perspective

    The digital strategy aims to transform the business. Given the scope, validate your role and mandate to lead this work. Identify a business executive to co-sponsor.

    Identify key decision-makers and influencers who can help make rapid decisions as well as garner support across the enterprise.

    Don’t be afraid to include contrarians or naysayers. They will help reduce any blind spots but can also become the greatest allies through participation.

    1.2 Guiding Principles

    Set the Guiding Principles

    Guiding principles help define the parameters of your digital strategy. They act as priori decisions that establish the guardrails to limit the scope of opportunities from the perspective of people, assets, capabilities, and budgets that are aligned with the business objectives. Consider these components when brainstorming guiding principles:

    Consider these three components when brainstorming

    Breadth

    Digital strategy should span people, culture, organizational structure, governance, capabilities, assets, and technology. The guiding principle should cover a 3600 view across the entire organization.

    Planning Horizon

    Timing should anchor stakeholders to look to the long-term with an eye on the foreseeable future i.e., business value realization in one, two, and three years.

    Depth

    Needs to encompass more than the enterprise view of lofty opportunities but establish boundaries to help define actionable initiatives (i.e., individual projects).

    1.2 Guiding Principles

    Examples of Guiding Principles

    IT Principle NameIT Principle Statement
    1.Enterprise value focusWe aim to provide maximum long-term benefits to the enterprise as a whole while optimizing total costs of ownership and risks.
    2.Fit for purposeWe maintain capability levels and create solutions that are fit for purpose without over engineering them.
    3.SimplicityWe choose the simplest solutions and aim to reduce operational complexity of the enterprise.
    4.Reuse > buy > buildWe maximize reuse of existing assets. If we can’t reuse, we procure externally. As a last resort, we build custom solutions.
    5.Managed dataWe handle data creation and modification and use it enterprise-wide in compliance with our data governance policy.
    6.Controlled technical diversityWe control the variety of what technology platforms we use.
    7.Managed securityWe manage security enterprise-wide in compliance with our security governance policy.
    8.Compliance to laws and regulationsWe operate in compliance with all applicable laws and regulations.
    9.InnovationWe seek innovative ways to use technology for business advantage.
    10.Customer centricityWe deliver best experiences to our customers with our services and products.
    11.Digital by default We always put digital solutions at the core of our plans for all viable solutions across the organization.
    12.Customer-centricity by designWe design new products and services with the goal to drive greater engagement and experiences with our customers.

    1.3 Trend-Analysis

    Leverage strategic foresight to identify growth opportunities

    What is Strategic Foresight?

    In times of increasing uncertainty, rapid change, market volatility, and complexity, the development of strategies can be difficult. Strategic foresight offers a solution.
    Strategic foresight refers to an approach that uses a range of methodologies, such as scanning the horizon for emerging changes and signals, analyzing megatrends, and developing multiple scenarios to identify opportunities (source: OECD, 2022). However, it cannot predict the future and is distinct from:

    • Forecasting tools
    • Strategic planning
    • Scenario planning (only)
    • Predictive analyses of the future

    Why is Strategic Foresight useful?

    • Reduce uncertainties about the future
    • Better anticipate changes
    • Future-proof to stress test proposed strategies
    • Explore innovation to reveal new products, services, and approaches

    Explore Info-Tech’s Strategic Foresight Process Tool

    “When situations lack analogies to the past, it’s hard to envision the future.”

    - J. Peter Scoblic, HBR, 2020

    1.3 Trend-Analysis

    Leverage industry roundtables and trend reports to understand the art of the possible

    Uncover important business and industry trends that can inform possibilities for technology innovation.

    Explore trends in areas such as:

    • Machine Learning
    • Citizen Dev 2.0
    • Venture Architecture
    • Autonomous Organizations
    • Self-Sovereign Cloud
    • Digital Sustainability

    Market research is critical in identifying factors external to your organization and identifying technology innovation that will provide a competitive edge. It’s important to evaluate the impact each trend or opportunity will have in your organization and market.

    Visit Info-Tech’s Trends & Priorities Research Center

    Visit Info-Tech’s Industry Coverage Research to get started.

    The image contains screenshots from Info-Tech blueprints.

    Images are from Info-Tech’s Rethinking Higher Education Report and 2023 Tech Trends Report

    1.3 Trend-Analysis

    Scan the Horizon

    Understand how the environment is evolving in your industry

    Scan the horizon to detect early signs of future changes or threats.

    Horizon scanning involves scanning, analyzing, and communicating changes in an organization’s environment to prepare for potential threats and opportunities. Much of what we know about the future is based around the interactions and trajectory of macro trends, trends, and drivers. These form the foundations for future intelligence.

    Macro Trends

    A macro trend captures a large-scale transformative trend on a global scale that could impact your addressable market

    Industry Trend

    An industry trend captures specific use cases of the macro trend in relation to your market and industry. Consider this in terms of shifts in your market dynamics i.e., competitors, size, transaction, international trade, supply/demand, etc.

    Driver(s)

    A driver is an underlying force causing the trend to occur. There can be multiple causal forces, or drivers, that influence a trend, and multiple trends can be influenced by the same causal force.

    Identify signals of change in the present and their potential future impacts.

    1.3 Trend-Analysis

    Identify macro trends

    Macro trends capture a global shift that can change the market and the industry. Here are examples of macro-trends to consider when scanning the horizon for your own organization:

    Talent Availability

    Customer Expectations

    Emerging Technologies

    Regulatory System

    Supply Chain Continuity

    Decentralized workforce

    Hybrid workforce

    Diverse workforce

    Skills gap

    Digital workforce

    Multigenerational workforce

    Personalization

    Digital experience

    Data ownership

    Transparency

    Accessibility

    On-demand

    Mobility

    AI & robotics

    Virtual world

    Ubiquitous connectivity

    Genomics (nano, bio, smart….)

    Big data

    Market control

    Economic shifts

    Digital regulation

    Consumer protection

    Global green

    Resource scarcity

    Sustainability

    Supply chain digitization

    Circular supply chains

    Agility

    Outsource

    1.3 Trend-Analysis

    Determine impact and relevance of trends

    Understand which trends create opportunities or risks for your organization.

    Key Concepts:

    Once an organization has uncovered a set of trends that are of potential importance, a judgment must be made on which of the trends should be prioritized to understand their impact on your market and ultimately, the implications for your business or organization. Consider the following criteria to help you prioritize your trends.

    Impact to Industry: The degree of impact the trend will have on your industry and market to create possibilities or risks for your business. Will this trend create opportunities for the business? Or does it pose a risk that we need to mitigate?

    Relevance to Organization. The relevance of the trend to your organization. Does the trend align with the mission, vision, and business objectives of your organization?

    Activity: 2-4hours

    In order to determine which trends will have an impact on your industry and are relevant to your organization, you need to use a gating approach to short-list those that may create opportunities to capitalize on while you need to manage the ones that pose risk.

    Impact

    What does this trend mean for my industry and market?

    • Degree – how broad or narrow is the impact
    • Likelihood – the reality of disrupting an industry or market
    • Timing – when do we expect disruption?

    Relevance

    What opportunity or risk does it pose to my business/organization?

    • Significance – depth and breadth across the enterprise
    • Duration – how long is the anticipated impact?

    1.3 Trend-Analysis

    Prioritize Trends for Exploration

    The image contains a screenshot of a table to demonstrate the trends.The image contains a graph that demonstrates the trends from the table on a graph to show how to prioritze them based on relevance and impact.

    Info-Tech Insight

    While the scorecard may produce a ranking based on weighted metrics, you need to leverage the group discussion to help contextualize and challenge assumptions when validating the priority. The room for debate is important to truly understand whether a trend is a fad or a fact that needs to be addressed.

    1.3 Trend-Analysis

    Discuss the driver(s) behind the trend

    Determining the root cause(s) of a trend is an important precursor to understanding the how, why, and to what extent a trend will impact your industry and market.

    Trend analysis can be a valuable approach to reduce uncertainties about the future and an opportunity to understand the underlying drivers (forces) that may be contributing to a shift in pattern. Understanding the drivers is important to help determine implication on your organization and potential opportunities.

    The image contains a screenshot of a driver diagram.

    1.3 Trend-Analysis

    Examples of driver(s)

    INDUSTRY

    Healthcare Exemplar

    Macro Trends

    (Transformative change)

    Industry Trend

    (A pattern of change…)

    Drivers

    (“Why”….)

    Accessibility

    Increase in wait times

    Aging population leading to global workforce shortage

    New models of care e.g., diversify scope of practice

    Address capacity issues

    Understanding the drivers is not about predicting the future. Don’t get stuck in “analysis paralysis.” The key objective is to determine what opportunities and risks the trend and its underlying driver pose to your business. This will help elicit leapfrog opportunities that can be funneled into actionable initiatives.

    Other examples…

    Dimensions

    Macro-Trends

    Industry Trend

    Driver

    Social

    Demographic shift

    Global shortage of healthcare workers

    Workforce age

    Customer expectations

    Patients as partners

    Customer demographics

    Technology

    AI and robotics

    Early detection of cancer

    Patient outcomes

    Ubiquitous connectivity

    Virtual health

    Capacity

    Economic

    Recession

    Cost-savings

    Sustainability

    Consumer spending

    Value-for-money

    Prioritization

    Environment

    Climate change

    Shift in manufacturers

    ESG compliant vendors

    Pandemic

    Supply chain disruption

    Local production

    Political

    Regulatory

    Consolidation of professional colleges

    Operational efficiency

    De-regulation

    New models of care

    New service (business) model

    1.3 Trend-Analysis

    Case Study

    Industry

    Healthcare

    Artificial Intelligence (AI) in Precision Medicine (Genomics)

    Precision Medicine has become very popular over the recent years fueled by research but also political and patient demands to focus more on better outcomes vs. profits. A cancer care center in Canada wanted to look at what was driving this popularity but more importantly, what this potentially meant to their current service delivery model and operations and what opportunities and risks they needed to address in the foreseeable future. They determined the following drivers:

    • Improve patient outcomes
    • Earlier detection of cancer
    • Better patient experience
    • Ability to compute vast amounts of data to reduce manual effort and errors
    • Accelerate from research to clinical trials to delivery

    The image contains a screenshot of AI in Genomics.

    1.3 Trend-Analysis

    INDUSTRY

    Healthcare Exemplar

    Category

    Macro-Trends

    Industry Trends

    (Use-Case)

    Drivers

    Impact to Industry

    Impact to Business

    Talent Availability

    Diverse workforce

    Aboriginal health

    Systemic inequities

    Brand and legal

    Policies in place

    Hybrid workforce

    Virtual care

    COVID-19 and infectious disease

    New models of care

    New digital talent

    Customer Expectation

    Personalization

    On-demand care

    Patient experience

    Patients as consumers

    New operating model

    Digital experience

    Patient portals

    Democratization of data

    Privacy and security

    Capacity

    Emerging Technologies

    Internet of Things (IoT)

    Smart glucometers

    Greater mobility

    System redesign

    Shift from hospital to home care

    Quantum computing

    Genomic sequencing

    Accelerate analysis

    Improve quality of data analysis

    Faster to clinical trial and delivery

    Regulatory System

    Consumer protection

    Protect access to sensitive patient data

    HIPPA legislation

    Restrict access to health record

    Electronic health records

    Global green

    Green certification for redev. projects

    Political optics

    Higher costs

    Contract management

    Supply Chain

    Supply chain disruptions

    Surgical strategic sourcing

    Preference cards

    Quality

    Organizational change management

    New pharma entrants

    Telco’s move into healthcare

    Demand/supply

    Funding model

    Resource competition

    Sample Output From Trend Analysis

    1.3 Elicit New Opportunities

    Leapfrog into the future

    Turn trends into growth opportunities.

    To thrive in the digital age, organizations must innovate big, leverage internal creativity, and prepare for flexibility.

    In this digital era, organizations are often playing catch up to a rapidly evolving technological landscape and following a strict linear approach to innovation. However, this linear catch-up approach does not help companies get ahead of competitors. Instead, organizations must identify avenues to skip one or several stages of technological development to leapfrog ahead of their competitors.

    “The best way to predict the future is to invent it.”

    – Alan Kay

    Leapfrogging takes place when an organization introduces disruptive innovation into the market and sidesteps competitors, who are unable to mobilize to respond to the opportunities.

    1.3 Elicit New Opportunities

    Funnel trends into leapfrog ideas

    Go from trend insights into ideas for opportunities

    Brainstorm ways to generate leapfrog ideas from trend insights.

    Dealing with trends is one of the most important tasks for innovation. It provides the basis of developing the future orientation of the organization. However, being aware of a trend is one thing, to develop strategies for response is another.

    To identify the impact the trend has on the organization, consider the four areas of growth for the organization:

    1. New Customers: Leverage the trend to target new customers for existing products or services.
    2. New Business Models: Adjust the business model to capture a change in how the organization delivers value.
    3. New Markets: Enter or create new markets by applying existing products or services to different problems.
    4. New Product or Service Offerings: Introduce new products or services to the existing market.

    1.3 Elicit New Opportunities

    INDUSTRY: Healthcare

    SOURCE: Memorial Sloan Kettering Cancer Center

    Case Study

    Machine Learning Sensor to Sniff Out Cancer

    Challenge

    Solution

    Results

    Timely access to diagnostic services is a key indicator of a cancer patient’s prognosis i.e., outcome. Early detection of cancer means the difference between life and death for cancer patients.

    Typically, cancer biomarkers need to be present to detect cancer. Often the presence of these biomarkers is late in the disease state when the cancer cells have likely spread, resulting in suspicions of cancer only when the patient does not feel well or suspects something is wrong.

    Researchers in partnership with IBM Watson at Memorial Sloan Kettering Cancer Center (MSK) have created a tool that can sniff for and identify cancer in a blood sample using machine learning.

    Originally, MSK worked with IBM Watson to identify machine learning as an emerging technology that could drive early cancer detection without the use of cancer biomarkers. But they needed to find specific use cases. After a series of concept prototypes, they were able to use machine learning to detect patterns in blood cells vs. cancer biomarkers to detect cancer disease.

    Machine learning was an emerging trend that researchers at MSK felt held great promise. They needed to turn the trend into tangible opportunities by identifying some key use cases that could be prototyped.

    Computational tools in oncology have the ability to greatly reduce clinician labor, improve the consistency of variant classification, and help accelerate the analytics of vast amounts of clinical data that would be prone to errors and delays when done manually.

    From trends to leapfrog ideas

    Additional Examples in the Appendix

    Example of leapfrog ideas that can generate opportunities for consideration

    Trend

    New Customer

    New Market

    New Business or Operating Model

    New Service Offering

    What trend(s) pose a significant impact on your business?

    New stakeholder segment

    Enter or create new markets

    Adjust the business or operating model to capture change in how the business creates and delivers value

    Introduce new digital products, services and experiences

    Virtualize Registration

    Empower patients as consumers of healthcare partners

    Direct B2C to close gap between providers and patients by removing middle administrative overhead.

    24/7 On-Demand Patient Portal

    Leverage AI to develop chatbots and on-demand

    Phase 1: Deliverable

    Phase 1 Deliverable

    Example of output from phase 1 ideation session

    Business Objectives

    New Customers

    (Customer Experience)

    New Markets

    (Health Outcomes)

    New Business or

    Operating Models

    (Operational Excellence)

    New Service Offering

    (Value for Money)

    Description:

    Focus on improving experiences for patients and providers

    Improve quality and standards of care to continually drive better health outcomes

    Deliver care better, faster, and more efficiently

    Reduce cost per capital of delivery care and increase value for services

    Trends:

    • Global workforce shortage due to ageing demographics
    • Clinicians are burnt-out and unable to practice at the top of their profession
    • On-demand care/mobile/wearables
    • Virtual care
    • Faster access to quality service
    • Help navigating complex medical ecosystem from primary to acute to community
    • Standardize care across regions
    • New models of care to expand capacity
    • Improve medication errors
    • Opportunities to use genomics to design personalized medicine
    • Automate tasks
    • Leverage AI and robotics more effectively
    • Regulatory colleges consolidation mandate
    • Use data and analytics to forecast capacity and health outcomes
    • Upskill vs. virtualize workforce
    • Payment reform i.e., move to value-based care vs. fee-for-service
    • Consolidation of back-office functions like HR, supply chain, IT, etc. to reduce cost i.e., shared services model

    Digital Opportunities:

    1. Virtual health command center
    2. Self-scheduling patient portal
    3. Patient way-finder
    4. Smart glucometer for diabetes
    1. Machine learning for early detection of cancer
    2. Visualization tools for capacity planning and forecasting
    3. Contact tracing apps for public health
    1. Build advanced analytics capabilities with new skills and business intelligence tools
    2. Pharmacy robotics
    3. Automate registration
    1. Automate provider billing solution
    2. Payment gateways – supplier portal in the cloud

    Phase 2

    Evaluate Opportunities and Business Capabilities

    Build a better understanding of the opportunities and their impact on your business.

    Phase 1Phase 2Phase 3

    Identify New Digitally Enabled Opportunities

    Evaluate Opportunities and Business Capabilities

    Transform Stakeholder Journeys

    Phase 2

    Evaluate Opportunities and Business Capabilities

    2.1

    CREATE OPPORTUNITY PROFILES

    Evaluate each opportunity

    Some opportunities will have an immediate and significant impact on your business. Some may have a significant impact but on a longer time scale or some may be unlikely to have a significant impact at all. Understanding these trends is an important context for your digital business strategy.

    Consider:

    • Does this opportunity conform with your guiding principles?
    • Can this opportunity feasibly deliver the anticipated benefits?
    • Is this opportunity desired by your stakeholders?

    Avoid:

    • Overly vague language. Opportunities need to be specific enough to evaluate what impact they will have.
    • Simply following what competitors are doing. Be ambitious and tailor your digital strategy to your organizational values, goals, and priorities.
    2.2

    UNDERSTAND THE IMPACT OF OPPORTUNITIES ON BUSINESS CAPABILITIES

    Understand the impact across your value chains

    Each opportunity has the potential to impact multiple areas of your business. Prioritize where to start acting on new opportunities based on your business objectives and capabilities. You need to assess their impacts across value chains. Does the opportunity impact existing value chain(s) or create a new value chain?

    Consider:

    • How well does this opportunity align with your digital vision, mission, and goals?
    • What will be the overall impact of this opportunity?
    • How urgently must you act?

    Avoid:

    • Guessing. Validate assumptions and use clear, unbiased information to make decisions. Info-Tech has extensive resources to assist in evaluating trends, opportunities, and solutions.
    • Making everything a high priority. Most organizations can only prioritize one to two initiatives at a time.

    2.1 Build an opportunity profile

    Evaluate each opportunity

    Discussion Framework:

    In your discussion, evaluate each opportunity to assess assumptions, value drivers, and benefits.

    Ideas matter, but not all ideas are created equal. Now that you have elicited opportunities, discuss the assumptions, risks, and benefits associated with each new digital opportunity.

    Design Thinking

    Leverage the guiding principles as the guardrails to limit the scope of your new digital opportunities. You may want to consider taking a design-thinking approach to innovation by discussing the merits of each opportunity based on:

    • DesirabilityDesirability: People want it. Does the solution enable the organization to meet the expectations of stakeholders?
    • Feasibility
    • Feasibility: Able to Execute. Do we have the capabilities to deliver e.g., the right skills, partners, technology, and leadership?

    • Viability
    • Viability: Delivers Value. Will this idea meet business goals e.g., cost, revenue, and benefits?

    Source: Adapted from IDEO

    Transform the Business

    Must Prioritize

    Should Plan

    Drive Digital Experiences

    Build Digital Capabilities

    High Value/Low Complexity

    • stakeholders want it
    • easy to implement
    • capabilities exist to deliver
    • creates significant value
    • strategic growth = competitive advantage

    High Value/High Complexity

    • customers want it
    • not easy to implement without carefully planning
    • need to invest in developing capabilities
    • Competitive differentiator

    Low Value/Low Complexity

    • stakeholders don’t want it
    • easy to implement but takes resources away from priority
    • some capabilities exist
    • creates marginal value
    • minimal growth

    Low Value/High Complexity

    • stakeholders don’t want it
    • difficult to implement
    • need to invest in developing capabilities
    • no real strategic growth

    Could Have

    Don’t Need

    Transform Operations

    IMPACT

    COMPLEXITY

    Source: Adapted from MoSCoW prioritization model

    Exemplar: Opportunity Profile

    Example:

    An example of a template to capture the output of discussion.

    Automate the Registration Process Around Admission, Discharge, and Transfer (ADT)

    Description of Opportunity:

    ADT is a critical function of registration that triggers patient identification to support services and billing. Currently, ADT is a heavily manual process with a high degree of errors as a result of human intervention. There is an opportunity to leverage intelligent automation by using RPA and AI.

    Alignment With Business Objectives

    Improve patient outcome

    Drive operational efficiency and effectiveness

    Better experiences for patients

    Business Architecture

    This opportunity may impact the following business capabilities:

    • Referral evaluation
    • Admission, discharge, and transfer management
    • Scheduling management
    • Patient registry management
    • Provider registry management
    • Patient billing
    • Provider billing
    • Finance management
    • EHR/EMR integration management
    • Enterprise data warehouse for reporting
    • Provincial/state quality reporting

    Benefits & Outcomes

    • Reduce errors by manual registration
    • Improve turnaround time for registration
    • Create a consistent customer experience
    • Improve capacity
    • Virtualize low-value work

    Key Risks & Assumptions

    • Need to add skills & knowledge to maintain systems
    • Perception of job loss or change by unions
    • assume documentation of standard work for automation vs. non-standard

    Opportunity Owner

    VP, Health Information Management (HIM)

    Incremental Value

    Reduce errors in patient identity

    • Next Steps
    • Investigate use cases for RPA and AI in registration
    • Build business case for funding

    2.2 Business capabilities impact

    Understand the impact on your business capabilities

    Each opportunity has the potential to impact multiple areas of your business. Prioritize where to start acting on new opportunities based on your business objectives and capabilities.

    You will need:

    Industry Reference Architecture.Industry Reference Architecture

    Activity: 1-2 hours

    1. Using your industry reference architecture, highlight the business capabilities that may be impacted by the opportunity. Use a value chain analysis approach to help with this exercise.
    2. Referring to your Prioritized Opportunities for Transformation, prioritize areas to transform. Priority should be given to low maturity areas that are highly or urgently relevant to your overall strategic goals.
    +
    Prioritized Opportunities for Transformation.Prioritized Opportunities for TransformationPrioritized Business Capability Map.

    2.2 Business capabilities impact

    Start with a value chain analysis

    This will help identify the impact on your business capabilities.

    As we identify and prioritize the opportunities available to us, we need to assess impacts on value chains. Does the opportunity directly impact an existing value chain? Or does it open us to the creation of a new value chain?

    The image contains a screenshot of the value chain analysis.

    The value chain perspective allows an organization to identify how to best minimize or enhance impacts and generate value.

    As we move from opportunity to impact, it is important to break down opportunities into the relevant pieces so we can see a holistic picture of the sources of differentiation.

    Exemplar: Prioritized Business Capability Map

    The image contains a screenshot of the exemplar prioritized business capability map.

    In this example, intelligent automation for referral and admission would create opportunity to virtualize repeatable tasks.

    Phase 3

    ETransform Stakeholder Journeys

    Understand the impact of opportunities across the value chain and possibilities of new or better stakeholder experiences.

    Phase 1Phase 2Phase 3

    Identify New Digitally Enabled Opportunities

    Evaluate Opportunities and Business Capabilities

    Transform Stakeholder Journeys

    Phase 3

    Identify opportunities to transform stakeholder experiences

    3.1 IDENTIFY STAKEHOLDER PERSONA

    Understand WHO gains value from the value chain

    To define a stakeholder scenario, you need to understand whom we are mapping for. Developing stakeholder personas is a great way to understand their needs through a lens of empathy.

    Consider:

    • Keep your stakeholder persona groupings to the core clusters typical of your industry.
    • See it from their perspective not the business’s.

    Avoid:

    • Don’t create a multitude of personas based on discrete nuances.
    3.2 BUILD A STAKEHOLDER JOURNEY

    Identify opportunities to transform the stakeholder experience

    A stakeholder or customer journey helps teams visualize the impact of a given opportunity through a value chain. This exercise uncovers the specific initiatives and features that should be considered in the evolution of the digital strategy.

    Consider:

    • Which stakeholders may be most affected by this opportunity?
    • How might stakeholders feel about a given solution as they move through the journey? What pain points can be solved?

    Avoid:

    • Simply listing steps in a process. Put yourself in the shoes of whoever’s journey you are mapping. What do they care about?
    • Choosing a stakeholder with limited involvement in the process.
    3.3 BREAKDOWN OPPORTUNITIES INTO INITIATIVES ALIGNED TO BUSINESS OBJECTIVES

    Unlock key initiatives to deliver value

    Opportunities need to be broken down into actionable initiatives that can be turned into business cases with clear goals, benefits realization, scope, work plans, and investment ask.

    Consider:

    • Multiple initiatives can be grouped into one opportunity that is similar or in phases.
    • Ensure the initiatives support and enable the business goals.

    Avoid:

    • Creating a laundry list of initiatives.
    • Initiatives that don’t align with business goals.

    Map Stakeholder Journey

    Conduct a journey mapping exercise to further refine and identify value streams to transform.

    Stakeholder Journey Mapping

    Digital Business Strategy Blueprint

    Activity: 4-6 hours

    Our analysts can guide and support you, where needed.

    1. First download the Define Your Digital Business Strategy blueprint to review the Stakeholder Journey Mapping exercise.
    2. Identify a stakeholder persona and a one-journey scenario.
    3. Map a stakeholder journey using a single persona across one-journey scenarios to identify pain points and opportunities to improve experiences and generate value.
    4. Consolidate a list of opportunities for business case prioritization.

    Key Concepts:

    Value Stream: a set of activities to create and capture value for and from the end consumer.

    Value Chain: a string of end-to-end processes that creates value for the consumer.

    Journey Scenario: a specific use case across a value chain (s).

    Members Engaged

    • CIO
    • Business Executives

    Info-Tech

    • Industry Analyst
    • Executive Advisor

    Stakeholder Persona.Stakeholder Persona

    1-Journey Use Case.1-Journey Use Case

    Map Stakeholder Journey 
Map Stakeholder Journey

    Content Leveraged

    • Stakeholder Persona
    • Journey Use Case
    • Map Stakeholder Journey

    Deliverable:

    1. Guiding principles
    2. Strategic growth opportunities

    Download the Define Your Digital Business Strategy blueprint for Customer Journey Mapping Activities

    3.1 Persona identification

    Identify a stakeholder persona and journey scenario

    From value chain to journey scenario.

    Stakeholder personas and scenarios help us build empathy towards our customers. It helps put us into the shoes of a stakeholder and relate to their experience to solve problems or understand how they experience the steps or processes required to accomplish a goal. A user persona is a valuable basis for stakeholder journey mapping.

    A stakeholder persona is a fictitious profile to represent a customer or a user segment. Creating this persona helps us understand who your customers really are and why they are using your service or product.

    A stakeholder scenario describes the situation the journey map addresses. Scenarios can be real (for existing products and services) or anticipated.

    Learn more about applying design thinking methodologies

    3.1 Persona identification

    Identify a stakeholder persona

    Who are you transforming for?

    To define a stakeholder scenario, we need to understand who we are mapping for. In each value chain, we identified a stakeholder who gains value from that value chain. We now need to develop a stakeholder persona: a representation of the end user to gain a strong understanding of who they are, what they need, and their pains and gains.

    One of the best ways to flesh out your stakeholder persona is to engage with the stakeholders directly or to gather the input of those who may engage with them within the organization.

    For example, if we want to define a journey map for a student, we might want to gather the input of students or teaching faculty that have firsthand encounters with different student types and are able to define a common student type.

    Info-Tech Insight

    Run a survey to understand your end users and develop a stronger picture of who they are and what they are seeking to gain from your organization.

    3.1 Persona identification

    Identify stakeholder scenarios to map

    For your digital strategy, leverage the existing and opportunity value chains identified in phases 1 and 2 for journey mapping.

    Identify two existing value chains to be transformed.

    In section 1, we identified existing value chains to be transformed. For example, your stakeholder persona is a registration clerk who is part of the Health Information Management team responsible for registering and adjudicating patient identity.

    The image contains a screenshot example of two existing value chains to be transformed.

    Identify one new value chain.

    In section 2, we identified a new value chain. However, for a new opportunity, the scenario is more complex as it may capture many different areas of a value chain. Subsequently, a journey map for a new opportunity may require mapping all parts of the value chain.

    The image contains a screenshot of one value chain.

    3.1 Persona identification

    Example Stakeholder Persona

    Stakeholder demographics

    Name: Anne

    Age: 35

    Occupation: HIM Clerk

    Location: Unity Hospital System

    Pains

    What are their frustrations, fears, and anxieties?

    • Volume of patients to schedule
    • Too many applications to access
    • Data quality is an error
    • Extensive manual entry of data prone to errors
    • Disruptions with calls from patients, doctors, and FOI requests

    What do they need to do?

    What do they want to get done? How will they know they are successful?

    • Automate some non-valuable tasks that can also reduce human errors. Allow patients to self-schedule online or answer FAQs via a chatbox. Would love to have a virtual triage to alleviate volume of calls and redirects.

    Gains

    What are their wants, needs, hopes, and dreams?

    • Reduce errors in data entry for patient identity (reduce manual look-ups).
    • Have standard requests go through a chatbot.
    • Have physicians automate billing through front-end speech recognition software.

    3.1 Persona identification

    Define a journey statement for mapping

    Now that we understand who we are mapping for, we need to define a journey statement to capture the stakeholder journey.

    Leverage the following format to define the journey statement.

    “As a [stakeholder], I need to [prioritized value chain task], so that I can [desired result or overall goal].”

    The image contains a screenshot of a journey statement for mapping.

    3.2 Stakeholder Journey-Map

    Leverage customer journey mapping to capture value chains to be transformed

    Conduct a journey mapping exercise to identify opportunities for innovation or automation.

    A journey-based approach helps an organization understand how a stakeholder moves through a process and interacts with the organization in the form of touch points, channels, and supporting characters. By identifying pain points in the journey and the activity types, we can identify opportunities for innovation and automation along the journey.

    The image contains a screenshot of an example of journey mapping.

    Embrace design-thinking methodologies to elevate the stakeholder journey and build a competitive advantage for your organization.

    3.2 Stakeholder Journey-Map

    Key Concepts

    0. Name: Annie Smith

    Age: 35

    Occupation: HIM Registration Clerk for Unity Hospital System

    Key Concepts.0.Stakeholder Persona

    A fictitious profile of a representative stakeholder group that shares a common yet discrete set of characteristics that embodies how they think, feel, and act.

    1. Journey (Value Chain)

    Describes the end-to-end steps or processes that a customer takes across the value chain that groups a set of activities, interactions, touch-points, and experiences.

    2. Persona’s Goals

    Exemplifies what the persona is thinking and wanting across each specific step of their journey.

    3. Nature of Activity (see detailed definition in this section)

    This section captures two key components: 1) the description of the action or interaction between the personas to achieve their goals, and 2) the classification of the activity to determine the feasibility for automation. The type is based on four main characteristics: 1) routine cognitive, 2) non-routine cognitive , 3) routine manual, and 4) non-routine manual.

    4. Type of Touch-Point

    The channel by which a persona interacts or touches products, services, the organization, or information.

    5. Key Moments & Pain Points

    Captures the emotional experience and value of the persona across each step and interaction.

    6. Metrics

    This section captures the KPIs used to measure the experience, process or activity today. Future KPIs will need to be developed to measure the opportunities.

    7. Opportunities refer to both the possible initiatives to address the persona’s pain points, and the ability to enable business goals.

    3.2 Stakeholder Journey-Map

    Opportunities for Automation: Nature of Activity

    Example
    We identified opportunities for automation

    Categorize the activity type to identify opportunities for automation. While there is no perfect framework for automation, this 4x4 matrix provides a general guide to identifying automation opportunities for consideration.

    Automation example list.Automation Quadrant Analysis

    Info-Tech Insight

    Automation is more than a 1:1 relationship between the defined task or job and automation. When considering automation, look for opportunities to: 1) streamline across multiple processes, 2) utilize artificial intelligence to augment or virtualize manual tasks, and 3) create more structured data to allow for improved data quality over the long-term.

    3.2 Stakeholder Journey-Map

    Example of stakeholder journey output: Healthcare

    Stakeholder: HIM Clerks

    Journey: Follow-up visit of 80-year-old diabetes patient at diabetic clinic outpatient

    Journey

    (Value Chain)

    AppointmentRegistrationIdentity ReconciliationEligibility VerificationTreatment Consult

    Persona’s Goals

    • Confirm appointment
    • Verify referral through provider registry
    • Request medical insurance or care card
    • Enroll patient into CIS
    • Patient registry validation
    • Secondary identification request
    • Verify eligibility through the patient registry
    • Schedule follow referrals & appointments
    • Coding for billing

    Nature of Activity

    Priority

    Priority

    Investigate – ROI

    Investigate – ROI

    Defer

    Type of Touchpoint

    • Telephone (land/mobile)
    • Email
    • CIS Application
    • Verbal
    • Patient registry system
    • Telephone
    • Patient and provider registry
    • CIS
    • Email, call, verbal
    • Physician billing
    • Hospital ERP
    • CIS
    • Paper appointments

    Pain Points & Gains

    • Volume of calls
    • Manual scheduling
    • Too many applications
    • Data entry errors
    • Limited languages
    • Too many applications
    • Data entry errors
    • Too many applications
    • Limited languages
    • Ask patients to repeat info
    • Data entry errors
    • Too many applications
    • Limited languages
    • Ask patients to repeat info
    • Patient identity not linked to physician billing
    • Manual coding entry

    Metrics

    Time to appointment

    Time to enrollment

    Patient mis-match

    Provider mis-match

    Percentage of errors in billing codes

    Opportunities

    • Patient scheduling portal (24/7)
    • Use of AI and chatbots
    • Automate patient matching index digitalization and integration
    • Automate provider matching index digitalization and integration
    • Natural language processing using front-end speech recognition software for billing

    Break opportunities into a series of initiatives aligned to business objectives

    Opportunity 1

    Virtual Registration

    »

    Business Goals

    Initiatives

    Health Outcomes

    Stakeholder Experience

    New Models of Care

    Operational Efficiency

    • Enterprise master patient index integration with patient registry
    • Intelligent automation for outpatient department
    • Customer service chat box for triage FOI1
    • Front-end speech recognition for billing (FESR)

    Opportunity 2

    Machine Learning Pre-Cancer Diagnosis

    »

    Business Goals

    Initiatives

    Health Outcomes

    Stakeholder Experience

    New Models of Care

    Operational Efficiency

    • Enterprise Datawarehouse architecture (build data lake)
    • Build genomics analytics capabilities e.g., recruitment, data-quality review
    • Implementation of machine learning software
    • Supply chain integration with ERP for medical and research supplies
    FOI = Freedom of Information

    Info-Tech Insight

    Evaluate if an opportunity will require a series of discrete activities to execute and/or if they can be a stand-alone initiative.

    Now you are ready to select and prioritize digital initiatives for business case development

    After completing all three phases of activities in this blueprint, you will have compiled a list of new and planned digital initiatives for prioritization and business case development in the next phase.

    Consolidated List of Digital Initiatives.

    Example: Consolidated List of Digital Initiatives

    The next step will focus on prioritizing and building a business case for your top digital initiatives.

    IT Roadmap for your Digital Business Strategy.

    Appendix: Additional Examples

    From trend to leapfrog ideas

    Every idea is a good one, unless you need one that works.

    Additional Examples
    Examples of leapfrog ideas that can generate opportunities for consideration

    Example 1 Finance

    Trend

    New Customer

    New Market

    New Business or Operating Model

    New Service Offering

    What trend(s) pose a significant impact on your business?

    New customer segments

    Enter or create new markets

    Adjust the business or operating model to capture change in how the business creates and delivers value

    Introduce new digital products, services, and experiences

    Open banking

    Account integrators (AISPs)

    Payment integrators
    (PISPs)

    Data monetization

    Social payments

    Example 2: Retail

    Trend

    New Customer

    New Market

    New Business or Operating Model

    New Service Offering

    What trend(s) pose a significant impact on your business?

    New customer segments

    Enter or create new markets

    Adjust the business or operating model to capture change in how the business creates and delivers value

    Introduce new digital products, services, and experiences

    Virtual cashier

    (RFID Enablement)

    Big-box retailers

    Brick & mortar stores

    Automated stores driving new customer experiences

    Digital cart

    From trend to leapfrog ideas

    Every idea is a good one, unless you need one that works.

    Additional Exemplars in Appendix

    Examples of leapfrog ideas that can generate opportunities for consideration

    Example 3:

    Manufacturing

    Trend

    New Customer

    New Market

    New Business or

    Operating Model

    New Service Offering

    What trend(s) pose a significant impact on your business?

    New customer segments

    Enter or create new markets

    Adjust the business or operating model to capture change in how the business creates and delivers value

    Introduce new digital products, services, and experiences

    IT/OT convergence

    Value-added resellers

    New geographies

    Train quality-control algorithms and sell as a service to other manufacturers

    Quality control as a service

    Case Study: International Airport

    Persona Journey Map: International/Domestic Departure

    Persona: Super Traveler

    Name: Annie Smith

    Age: 35

    Occupation: Engineer, Global Consultant

    Journey Activity Name: Inspired to Travel

    Persona’s Goals

    What Am I Thinking?

    • I am planning on traveling to Copenhagen, Denmark for work.
    • It’s my first time and I need to gather information about the destination, accommodation, costs, departure information, bag weight, etc..

    Nature of Activity

    What Am I Doing?

    • Logging onto airline website
    • Confirming departure gates

    Type of Touchpoint

    • Airport rewards program
    • Airport Website
    • Online hotel eCommerce
    • Social media
    • Transportation services on mobile

    Key moments & pain points

    How Am I Feeling?

    • Frustrated because the airport website is difficult to navigate to get information
    • Annoyed because there is no FAQ online and I have to call; there’s a long wait to speak to someone.
    • Stress & uncertainty (cancellation, logistics, insurance, etc..)

    Metrics

    • Travel dates
    • Trip price & budget

    Opportunities

    • Tailored communication based on search history
    • Specific messaging (e.g., alerts for COVID-19, changes in events, etc.)
    • Interactive VR experience that guides customers through the airport as a navigator

    Related Info-Tech Research

    Tech Trends and Priorities Research Center

    • Access Info-Tech’s Tech Trends reports and research center to learn about current industry trends, shifts in markets, and disruptions that are impacting your industry and sector. This is a great starting place to gain insights into how the ecosystem is changing your business and the impact of these changes on IT.

    Digital Business Strategy

    • Leverage Info-Tech’s Digital Business Strategy to identify opportunities to transform the customer experience.

    Industry Reference Architecture

    • Access Info-Tech’s Industry coverage to accelerate your understanding of your business capabilities and opportunities for automation.

    Contact Your Account Manager

    Research Contributors and Experts

    Joanne Lee

    Joanne Lee

    Principal, Research Director, CIO Strategy

    Info-Tech Research Group

    Kim Osborne-Rodgriguez

    Kim Osborne-Rodgriguez

    Research Director, CIO Strategy

    Info-Tech Research Group

    Joanne is an executive with over 25 years of in digital technology and management consulting across both public and private entities from solution delivery to organizational redesign across Canada and globally.

    Prior to joining Info-Tech Research Group, Joanne was a management consultant within KPMG’s CIO management consulting services and the Western Canada Digital Health Practice lead. She has held several executive roles in the industry with the most recent position as Chief Program Officer for a large $450M EHR implementation. Her expertise spans cloud strategy, organizational design, data and analytics, governance, process redesign, transformation, and PPM. She is passionate about connecting people, concepts, and capital.

    Joanne holds a Master’s in Business and Health Policy from the University of Toronto and a Bachelor of Science (Nursing) from the University of British Columbia.

    Kim is a professional engineer and Registered Communications Distribution Designer (RCDD) with over a decade of experience in management and engineering consulting spanning healthcare, higher education, and commercial sectors. She has worked on some of the largest hospital construction projects in Canada, from early visioning and IT strategy through to design, specifications, and construction administration. She brings a practical and evidence-based approach to digital transformation, with a track record of supporting successful implementations.

    Kim holds a Bachelor’s degree in Mechatronics Engineering from University of Waterloo.

    Research Contributors and Experts

    Jack Hakimian

    Jack Hakimian

    Vice President, Research

    Info-Tech Research Group

    Charl Lombard.

    Charl Lombard

    President, Digital Transformation Consulting

    Info-Tech Research Group

    Jack has more than 25 years of technology and management consulting experience. He has served multi-billion dollar organizations in multiple industries including Financial Services and Telecommunications. Jack also served a number of large public sector institutions.

    Prior to joining the Info-Tech Research Group, he worked for leading consulting players such as Accenture, Deloitte, EY, and IBM.

    Jack led digital business strategy engagements as well as corporate strategy and M&A advisory services for clients across North America, Europe, the Middle East, and Africa. He is a seasoned technology consultant who has developed IT strategies and technology roadmaps, led large business transformations, established data governance programs, and managed the deployment of mission-critical CRM and ERP applications.

    He is a frequent speaker and panelist at technology and innovation conferences and events and holds a Master’s degree in Computer Engineering as well as an MBA from the ESCP-EAP European School of Management.

    Charl has more than 20 years of professional services experience, “majoring” in digital transformation and strategic topics. He has led multiple successful Digital Transformation programs across a range of industries like Information technology, hospitality, Advanced Industries, High Tech, Entertainment, Travel and Transport, Insurance & Financial Services, Metals & Mining, Electric Power, Renewable Energy, Telecoms, Manufacturing) across different geographics (i.e., North America, EU, Africa) in both private and public sectors.

    Prior to joining Info-Tech Research Group, Charl was the Vice President of Global Product Management and Strategy (Saber Hospitality Solution), Associate President, McKinsey Transformation Practice, e-Business Practice for PwC, and tech start-up founder and investor.

    Charl is a frequent speaker at innovation and digital transformation conferences and holds an MBA from the University of Cape Town Graduate School of Business, and a bachelor’s degree from the University of Pretoria, South Africa.

    Research Contributors and Experts

    Mike Tweedie

    Mike Tweedie

    Practice Lead, CIO Strategy

    Info-Tech Research Group

    Michael Alemany

    Michael Alemany

    Vice President, Digital Transformation Consulting

    Info-Tech Research Group

    Mike Tweedie brings over 25 years of experience as a technology executive. He’s led several large transformation projects across core infrastructure, application, and IT services as the head of Technology at ADP Canada. He was also the Head of Engineering and Service Offerings for a large French IT services firm, focused on cloud adoption and complex ERP deployment and management.

    Mike holds a Bachelor’s degree in Architecture from Ryerson University.

    Michael is a leader in Info-Tech’s digital transformation consulting practice. He brings over 10 years of experience working with companies across a range of industries. His work experience includes ~4.5 years at McKinsey & Company where he led large-scale transformations for fortune 500 companies. Prior to joining Info-Tech, he worked for Sabre Corp., an SaaS platform provider for the travel and hospitality sector, leading Product Strategy & Operations. Michael holds an MBA from the Tuck School of Business at Dartmouth and a B.S in Business Strategy from Brigham Young University.

    Research Contributors and Experts

    Duane Cooney

    Duane Cooney

    Executive Counselor, Healthcare

    Info-Tech Research Group

    Denis Goulet

    Denis Goulet

    Senior Workshop Director

    Info-Tech Research Group

    Duane brings over 30 years of experiences a healthcare IT leader with a passion for the transformation of people, processes, and technology. He has led large-scale health technology transformation and operations across the enterprise. Before joining Info-Tech, Duane served as the Deputy CIO, Senior Information Technology Director, and Enterprise Architect for both public not-for-profit and private sectors. He has a Bachelors in Computer Science and is a graduate of EDS Operations. He holds certifications in EHR, LEAN/Agile, ITIL, and PMP.

    Denis is an IAF Certified Professional Facilitator who has helped organizations and technology executives develop IT strategies for small to large global enterprises. He firmly believes in a collaborative value-driven approach. Prior to joining Info-Tech Research Group, Denis held several industry positions as CIO, Chief Administrative Office (City Manager), General Manager, and Vice President of Engineering. Denis holds an MBA from Queen’s University and a Diploma in Technology Engineering and Executive Municipal Management.

    Jay Cappis.

    Jay Cappis

    Executive Advisor, Real-Estate

    Info-Tech Research Group

    Christine Brick.

    Christine Brick

    Executive Advisor, Financial Services
    Info-Tech Research Group

    Jay brings over 30 years of experience in management and technology across small and medium enterprises to large global enterprises including Exxon and Xerox. His cross-industry experience includes professional services, commercial real estate, oil and gas, digital start-ups, insurance, and aerospace. Jay has led business process improvements and change management and has expertise in software development lifecycle management and DevOps practices.

    Christine brings over 20 years in IT transformation across DevOps, infrastructure, operations, supply chain, IT Strategy, modernization, cost optimization, data management, and operational risk. She brings expertise in business transformation, mergers and acquisitions, vendor selection, and contract management.

    Bibliography

    Bhatia, AD. “Transforming through disruptions: A conversation with Dan Antonelli. Transformation Insights.” McKinsey & Company. January 31, 2022. Web
    Bertoletti, Antonella and Peter Eeles. “Use an IT Maturity Model.” IBM Garage Methodology. Web. accessed May 30, 2022.
    Catlin, Tanguy, Jay Scanlan, and Paul Willmott. “Raising your Digital Quotient.” McKinsey Quarterly. June 1, 2015. Article
    Custers, Heidi. “Digital Blueprint. Reference Architecture. Deloitte Digital.Accessed May 15, 2022.
    Coundouris, Anthony. “Reviewed: The Top 5 Digital Transformation Frameworks in 2020.” Run-frictionless Blog. Accessed May 15, 2022. Web.
    Daub, Matthias and Anna Wiesinger. “Acquiring the Capabilities you need to go digital.” Business Technology Office – McKinsey and Company. March 2015. Web.
    De La Boutetiere, Alberto Montagner and Angelika Reich. “Unlocking success in digital transformations.” McKinsey and Company. October 2018. Web.
    “Design Thinking Defined.” IDEO.com. November 21, 2022. Web.
    Dorner, Karle and David Edelman. “What ‘Digital’ really means.” McKinsey Digital. July 2015. Web
    “Everything Changed. Or Did it? Harvey Nash KPMG CIO Survey 2020.” KPMG, 2020
    Kane, Gerald C., Doug Palmer, Ahn Nguyen Phillips, David Kiron, Natasha Buckley. “Aligning the organization for its digital future.” Findings from the 2016 Digital Business Global Executive Study and Research Project. MIT Sloan Management Review. July 26, 2016. Web
    LaBerge, Laura, et al. “How COVID-19 has pushed companies over the technology tipping point—and transformed business forever.” McKinsey, 5 Oct. 2020. Accessed 14 June 2021
    Mindtools Content Team. “Cause and Effect Analysis.” Mindtools.com. November 21, 2022. Web.
    “Strategic Foresight.” OECD.org. November 21, 2022, Web
    Sall, Sherman, Dan Lichtenfeld. “The Digital ME Method. Turning digital opportunities into customer engagement and business growth.” Sygnific. 2017. Web.
    Scoblic, J. Peter. “Learning from the Future. How to make robust strategy in times of deep uncertainty.” Harvard Business Review, August 2020.
    Silva, Bernardo and Schoenwaelder, Tom. ‘Why Good Strategies fail. Addressing the three critical strategic tensions.” Deloitte Monitor Group. 2019.

    Don’t Allow Software Licensing to Derail Your M&A

    • Buy Link or Shortcode: {j2store}135|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Vendor Management
    • Parent Category Link: /vendor-management
    • Assuming that all parties are compliant in their licensing is a risky proposition. Most organizations are deficient in some manner of licensing. Know where those gaps are before finalizing M&A activity and have a plan in place to mitigate them right away.
    • Vendors will target companies that have undergone recent M&A activity with an audit. Vendors know that the many moving parts of M&A activity often result in license shortfall, and they may look to capitalize during the transition with audit revenue.
    • New organizational structure can offer new licensing opportunities. Take advantage of the increased volume discounting, negotiation leverage, and consolidation opportunities afforded by a merger or acquisition.

    Our Advice

    Critical Insight

    • To mitigate risks and create accurate cost estimates, create a contingency fund to compensate for unavailability of information.
    • Gathering and analyzing information is an iterative process that is ongoing throughout due diligence. Update your assumptions, risks, and budget as you obtain new information.
    • Communication with the M&A team and business process owners should be constant throughout due diligence. IT integration does not exist in isolation.

    Impact and Result

    • CIOs must be part of the conversation during the exploration/due diligence phase before the deal is closed to examine licensing compliance and software costs that could have a direct result on the valuation of the new organization.
    • Both organizations must conduct thorough due diligence (such as internal SAM audits), analyze the information, and define critical assumptions to create a strategy for the resultant IT enterprise.
    • The IT team is involved in integration, synergy realization, and cost considerations that the business often does not consider or take into account with respect to IT. License transfer, assignability, use, and geographic rights all come into play and can be overlooked.

    Don’t Allow Software Licensing to Derail Your M&A Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you shouldn’t allow software licensing to derail your M&A deal, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Understand the M&A process with respect to software licensing

    Grasp the key pain points of software licensing and the effects it has on an M&A. Review the benefits of early IT involvement and identify IT’s capabilities.

    • Don’t Allow Software Licensing to Derail Your M&A – Phase 1: M&A Overview
    • M&A Software Asset Maturity Assessment

    2. Perform due diligence

    Understand the various steps and process when conducting due diligence. Request information and assess risks, make assumptions, and budget costs.

    • Don’t Allow Software Licensing to Derail Your M&A – Phase 2: Due Diligence
    • License Inventory
    • IT Due Diligence Report
    • M&A Software Asset RACI Template

    3. Prepare for integration

    Take a deeper dive into the application portfolios and vendor contracts of both organizations. Review integration strategies and design the end-state of the resultant organization.

    • Don’t Allow Software Licensing to Derail Your M&A – Phase 3: Pre-Integration Planning
    • Effective Licensing Position Tool
    • IT Integration Roadmap Tool

    4. Execute on the integration plan

    Review initiatives being undertaken to ensure successful integration execution. Discuss long-term goals and how to communicate with vendors to avoid licensing audits.

    • Don’t Allow Software Licensing to Derail Your M&A – Phase 4: Integration Execution
    [infographic]

    Workshop: Don’t Allow Software Licensing to Derail Your M&A

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 M&A Overview

    The Purpose

    Identify the goals and objectives the business has for the M&A.

    Understand cultural and organizational structure challenges and red flags.

    Identify SAM/licensing challenges and red flags.

    Conduct maturity assessment.

    Clarify stakeholder responsibilities.

    Build and structure the M&A team.

    Key Benefits Achieved

    The capabilities required to successfully examine software assets and licensing during the M&A transaction.

    M&A business goals and objectives identified.

    IT M&A team selected.

    Severity of SAM challenges and red flags examined.

    Activities

    1.1 Document pain points from previous experience.

    1.2 Identify IT opportunities during M&A.

    Outputs

    M&A Software Asset Maturity Assessment

    2 Due Diligence

    The Purpose

    Take a structured due diligence approach that properly evaluates the current state of the organization.

    Review M&A license inventory and use top five vendors as example sets.

    Identify data capture and reporting methods/tools.

    Scheduling challenges.

    Scope level of effort and priority list.

    Common M&A pressures (internal/external).

    Key Benefits Achieved

    A clear understanding of the steps that are involved in the due diligence process.

    Recognition of the various areas from which information will need to be collected.

    Licensing pitfalls and compliance risks to be examined.

    Knowledge of terms and conditions that will limit ability in pre-integration planning.

    Activities

    2.1 Identify IT capabilities for an M&A.

    2.2 Create your due diligence team and assign accountability.

    2.3 Use Info-Tech’s IT Due Diligence Report Template to track key elements.

    2.4 Document assumptions to back up cost estimates and risk.

    Outputs

    M&A Software Asset RACI Template

    IT Due Diligence Report

    3 Pre-Integration Planning

    The Purpose

    Review and map legal operating entity structure for the resultant organization.

    Examine impact on licensing scenarios for top five vendors.

    Identify alternative paths and solutions.

    Complete license impact for top five vendors.

    Brainstorm action plan to mitigate negative impacts.

    Discuss and explore the scalable process for second level agreements.

    Key Benefits Achieved

    Identification of the ideal post-M&A application portfolio and licensing structures.

    Recognition of the key considerations when determining the appropriate combination of IT integration strategies.

    Design of vendor contracts for the resultant enterprise.

    Recognition of how to create an IT integration budget.

    Activities

    3.1 Work with the senior management team to review how the new organization will operate.

    3.2 Document the strategic goals and objectives of IT’s integration program.

    3.3 Interview business leaders to understand how they envision their business units.

    3.4 Perform internal SAM audit.

    3.5 Create a library of all IT processes in the target organization as well as your own.

    3.6 Examine staff using two dimensions: competency and capacity.

    3.7 Design the end-state.

    3.8 Communicate your detailed pre-integration roadmap with senior leadership and obtain sign-off.

    Outputs

    IT Integration Roadmap Tool

    Effective License Position

    4 Manage Post-M&A Activities

    The Purpose

    Finalize path forward for top five vendors based on M&A license impact.

    Disclose findings and financial impact estimate to management.

    Determine methods for second level agreements to be managed.

    Provide listing of specific recommendations for top five list.

    Key Benefits Achieved

    Initiatives generated and executed upon to achieve the technology end-state of each IT domain.

    Vendor audits avoided.

    Contracts amended and vendors spoken to.

    Communication with management on achievable synergies and quick wins.

    Activities

    4.1 Identify initiatives necessary to realize the application end-state.

    4.2 Identify initiatives necessary to realize the end-state of IT processes.

    4.3 Identify initiatives necessary to realize the end-state of IT staffing.

    4.4 Prioritize initiatives based on ease of implementation and overall business impact.

    4.5 Manage vendor relations.

    Outputs

    IT Integration Roadmap Tool

    Create an Agile-Friendly Project Gating and Governance Approach

    • Buy Link or Shortcode: {j2store}162|cart{/j2store}
    • member rating overall impact: 9.0/10 Overall Impact
    • member rating average dollars saved: $33,499 Average $ Saved
    • member rating average days saved: 57 Average Days Saved
    • Parent Category Name: Development
    • Parent Category Link: /development
    • Organizations often apply gating and governance to IT projects to ensure resources are being used efficiently and effectively.
    • Agile project teams often complain that traditional project gating and governance interfere with their ability to delivery because traditional gating and governance were designed for Waterfall delivery methods.

    Our Advice

    Critical Insight

    Imposing a traditional gating and governance approach on an Agile project can eliminate the advantages that Agile delivery methods offer. Make sure to rework your traditional project gating and governance approach to be Agile friendly.

    Impact and Result

    • Create a project gating and governance approach that is Agile friendly and helps your organization realize the most benefit from its Agile transformation.
    • Oversee your Agile projects with confidence by adjusting the level of support and oversight they receive based on their Agilometer score.
    • Define a revised set of project gating artifacts that support Agile delivery methods.
    • Adopt a “trust but verify” approach to Agile project gating that will reduce risk and help ensure value delivery.

    Create an Agile-Friendly Project Gating and Governance Approach Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Create an Agile-Friendly Project Gating and Governance Approach Deck – A step-by-step guide to creating an Agile-friendly project gating and governance approach that will support Agile delivery methods in your organization.

    This deck is a guide to creating your own Agile-friendly project gating and governance approach using Info-Tech’s Agile Gating Framework.

    • Create an Agile-Friendly Project Gating and Governance Approach – Phases 1-3

    2. Your Gates 3 and 3A Checklists – The Gates 3 and 3A Checklists are used to determine when a project is ready to enter and exit the Risk Reduction & Value Confirmation phase.

    Modify Info-Tech’s Gates 3 and 3A Checklists to meet your organization’s needs, and then use them to determine when Agile projects are ready to enter and exit the RRVC phase.

    • Gates 3 and 3A Checklists

    3. Your Agilometer – The Agilometer is used to determine a project’s readiness to use an Agile delivery method.

    Modify Info-Tech’s Agilometer to meet your organization’s needs, and then use it to determine the level of support and oversight the project will need.

    • Agilometer

    4. Your Agile Project Status Report – An Agile Status Report will be used to monitor project progress.

    Modify Info-Tech’s Agile Project Status Report to meet your organization’s needs, and then use it to monitor in-flight Agile projects.

    • Agile Project Status Report

    5. Project Burndown Chart – A tool to let you monitor project burndown over time.

    Use Info-Tech’s Project Burndown Chart to monitor the progress of your in-flight Agile projects.

    • Project Burndown Chart

    6. Traditional to Agile Gating Artifact Mapping – A tool to help you rework your project gating artifacts to be Agile-friendly.

    Use Info-Tech’s Traditional to Agile Gating Artifact Mapping tool to modify your gating artifacts for Agile projects.

    • Traditional to Agile Gating Artifact Mapping
    [infographic]

    Further reading

    Create an Agile-Friendly Project Gating and Governance Approach

    Use Info-Tech’s Agile Gating Framework as a guide to gating your Agile projects using a “trust but verify” approach.

    Table of Contents

    Analyst Perspective

    Executive Summary

    Phase 1: Establish Your Gating and Governance Purpose

    Phase 2: Understand and Adapt Info-Tech’s Agile Gating Framework

    Phase 3: Complete Your Agile Gating Framework

    Where Do I Go Next?

    Bibliography

    Facilitator Slides

    Analyst Perspective

    Make your gating and governance process Agile friendly by following a “trust but verify” approach

    Most project gating and governance approaches are designed for traditional (Waterfall) delivery methods. However, Agile delivery methods call for a different way of working that doesn’t align well with these approaches.

    Applying traditional project gating and governance to Agile projects is like trying to fit a square peg in a round hole. Not only will it make Agile project delivery less efficient, but in the extreme, it can lead to outright project failure and even derail your organization’s Agile transformation.

    If you want Agile to successfully take root in your organization, be prepared to rethink your current gating and governance practices. This document presents a framework that you can use to rework your approach to provide both effective oversight and support for your Agile projects.

    Photo of Alex Ciraco, Principal Research Director, Application Delivery and Management, Info-Tech Research Group. Alex Ciraco
    Principal Research Director,
    Application Delivery and Management
    Info-Tech Research Group

    Executive Summary

    Your Challenge
    • Many government organizations are adopting Agile project delivery methods because they have proven to be more effective than traditional delivery approaches at responding to today’s fast pace of change.
    • Government organizations have an obligation to govern projects to ensure effective use of public resources, regardless of the delivery method being used.
    Common Obstacles
    • Most government gating and governance frameworks were designed around traditional (often called “Waterfall”) delivery methods.
    • Agile and Waterfall work in completely different ways, so imposing traditional gating and governance frameworks on Agile projects will stifle progress and can even lead to project failure.
    • Government organizations must adjust their gating and governance frameworks to accommodate Agile delivery methods.
    Info-Tech’s Approach
    • Begin by understanding the fundamental purpose of project gating and governance.
    • Next, understand the major differences between Agile and Waterfall delivery methods.
    • Then, armed with this knowledge, use Info-Tech’s Agile Gating Framework to redefine your gating and governance approach to be Agile friendly.
    Info-Tech Insight

    Imposing a traditional governance approach on an Agile project can eliminate the advantages that Agile delivery methods offer. Make sure to rework your project gating and governance approach to be Agile friendly.

    Info-Tech’s methodology for Creating an Agile-Friendly Project Gating and Governance Approach

    1. Establish Your Gating and Governance Purpose 2. Understand and Adapt Info-Tech’s Agile Gating Framework 3. Complete your Agile Gating Framework
    Phase Steps

    1.1 Understand How We Gate and Govern Projects

    1.2 Compare Traditional to Agile Delivery

    1.3 Realize What Traditional Gating Looks Like and Why

    2.1 Understand How Agile Manages Risk and Ensures Value Delivery

    2.2 Introducing Info-Tech’s Agile Gating Framework

    2.3 Create Your Agilometer

    2.4 Create an Agile-Friendly Project Status Report

    2.5 Select Your Agile Health Check Tool

    3.1 Map Your Traditional Gating Artifacts to Agile Delivery

    3.2 Determine Your Now, Next, Later Roadmap for Implementation

    Phase Outcomes
    1. Your gating/governance purpose statement
    2. A fundamental understanding of the difference between traditional and Agile delivery methods.
    1. An understanding of Info-Tech’s Agile Gating Framework
    2. Your Gates 3 and 3A checklists
    3. Your Agilometer tool
    4. Your Agile project status report template
    5. Your Agile health check tool
    1. Artifact map for your Agile gating framework
    2. Roadmap for Agile gating implementation

    Key Deliverables

    Each step of this blueprint is accompanied by supporting deliverables to help you accomplish your goals, including:

    Agilometer Tool

    Create your customized Agilometer tool to determine project support and oversight needs.
    Sample of the 'Agilometer Tool' deliverable.

    Gates 3 and 3A Checklists

    Create your customized checklists for projects at Gates 3 and 3A.
    Sample of the 'Gates 3 and 3A Checklists' deliverable.

    Agile-Friendly Project Status Report

    Create your Agile-friendly project status report to monitor progress.
    Sample of the 'Agile-Friendly Project Status Report' deliverable.

    Artifact Mapping Tool

    Map your traditional gating artifacts to their Agile replacements.
    Sample of the 'Artifact Mapping Tool' deliverable.

    Create an Agile-Friendly Project Gating and Governance Approach

    Phase 1

    Establish your gating and governance purpose

    Phase 1

    1.1 Understand How We Gate and Govern Projects

    1.2 Compare Traditional to Agile Delivery

    1.3 Realize What Traditional Gating Looks Like And Why

    Phase 2

    2.1 Understand How Agile Manages Risk and Ensures Value Delivery

    2.2 Introducing Info-Tech’s Agile Gating Framework

    2.3 Create Your Agilometer

    2.4 Create Your Agile-Friendly Project Status Report

    2.5 Select Your Agile Health Check Tool

    Phase 3

    3.1 Map Your Traditional Gating Artifacts to Agile Delivery

    3.2 Determine Your Now, Next, Later Roadmap for Implementation

    This phase will walk you through the following activities:

    • Understand why gating and governance are so important to your organization.
    • Compare and contrast traditional to Agile delivery.
    • Identify what form traditional gating takes in your organization.

    This phase involves the following participants:

    • PMO/Gating Body
    • Delivery Managers
    • Delivery Teams
    • Other Interested Parties

    Agile gating–related facts and figures

    73% of organizations created their project gating framework before adopting or considering Agile delivery practices. (Athens Journal of Technology and Engineering)

    71% of survey respondents felt an Agile-friendly gating approach improves both productivity and product quality. (Athens Journal of Technology and Engineering)

    Moving to an Agile-friendly gating approach has many benefits:
    • Faster response to change
    • Improved productivity
    • Higher team morale
    • Better product quality
    • Faster releases
    (Journal of Product Innovation Management)

    Traditional gating approaches can undermine an Agile project

    • Most existing gating and governance frameworks (often referred to as phase-gate) impose requirements on projects that are anti-patterns to an Agile delivery approach
    • For example, any gating approach that requires a project to deliver a detailed requirements document before coding can begin will make it difficult or impossible for the project to use an Agile delivery method.
    • The same can be said for other common phase-gate requirements including:
      • Imposing a formal (and onerous) change control process on project requirements.
      • Requiring a detailed design document and/or detailed user acceptance test plan at the beginning of the project.
      • Asking the project to produce a detailed project plan.
    (DZone)
    Don’t make the mistake of asking an Agile project to follow a traditional phase-gate approach to project delivery!

    Before reworking your gating approach, you need to consider two important questions

    Answering these questions will help guide your new gating process to both be Agile friendly and meet your organization’s needs

    1. What is the fundamental purpose of gating? By examining the fundamental purpose of gating, you will be better able to adjust your approach to achieve the desired outcomes in an Agile context.
    2. How does Agile delivery differ from traditional? By understanding how Agile delivery differs from traditional, you will be better able to adjust your gating approach to support Agile delivery methods.

    Stock image of speech bubbles hanging on string with a question mark and lightbulb drawn on them.

    Application Development Throughput

    • Buy Link or Shortcode: {j2store}27|cart{/j2store}
    • Related Products: {j2store}27|crosssells{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Applications
    • Parent Category Link: /applications

    The challenge

    • As we work more and more using agile techniques, teams tend to optimize their areas of responsibility.
    • IT will still release lower-quality applications when there is a lack of clarity around the core SDLC processes.
    • Software development teams continue to struggle with budget and time constraints within their releases.
    • Typically each group claims to be optimized, yet the final deliverable falls short of the expected quality.

    Our advice

    Insight

    • Database administrators know this all too well: Optimizing can you perform worse. The software development lifecycle (SDLC) must be optimized holistically, not per area or team.
    • Separate how you work from your framework. You do not need "agile" or "extreme" or "agifall" or "safe" to optimize your SDLC.
    • SDLC optimization is a continuous effort. Start from your team's current capabilities and improve over time.

    Impact and results 

    • You can assume proper accountability for the implementation and avoid over-reliance on the systems integrator.
    • Leverage the collective knowledge and advice of additional IT professionals
    • Review the pitfalls and lessons learned from failed integrations.
    • Manage risk at every stage.
    • Perform a self-assessment at various stages of the integration path.

    The roadmap

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    Get started.

    Read our executive brief to understand our approach to SDLC optimization and why we advocate a holistic approach for your company.

    Document your current state

    This phase helps you understand your business goals and priorities. You will document your current SDLC process and find where the challenges are.

    • Create a Horizontally Optimized SDLC to Better Meet Business Demands – Phase 1: Document the Current State of the SDLC (ppt)
    • SDLC Optimization Playbook (xls)

    Find out the root causes, define how to move forward, and set your target state

    • Create a Horizontally Optimized SDLC to Better Meet Business Demands – Phase 2: Define Root Causes, Determine Optimization Initiatives, and Define Target State (ppt)

    Develop the roll-out strategy for SDLC optimization

    Prioritize your initiatives and formalize them in a roll-out strategy and roadmap. Communicate your plan to all your stakeholders.

    • Create a Horizontally Optimized SDLC to Better Meet Business Demands – Phase 3: Develop a Rollout Strategy for SDLC Optimization (ppt)
    • SDLC Communication Template (ppt)

     

    Drive Successful Sourcing Outcomes With a Robust RFP Process

    • Buy Link or Shortcode: {j2store}216|cart{/j2store}
    • member rating overall impact: 9.4/10 Overall Impact
    • member rating average dollars saved: $25,860 Average $ Saved
    • member rating average days saved: 14 Average Days Saved
    • Parent Category Name: Vendor Management
    • Parent Category Link: /vendor-management
    • Most IT organizations do not have standard RFP templates and tools.
    • Many RFPs lack sufficient requirements.
    • Most RFP team members are not adequately trained on RFP best practices.
    • Most IT departments underestimate the amount of time that is required to perform an effective RFP.

    Our Advice

    Critical Insight

    • Vendors generally do not like RFPs
      Vendors view RFPs as time consuming and costly to respond to and believe that the decision is already made.
    • Dont ignore the benefits of an RFI
      An RFI is too often overlooked as a tool for collecting information from vendors about their product offerings and services.
    • Leverage a pre-proposal conference to maintain an equal and level playing field
      Pre-proposal conference is a convenient and effective way to respond to vendors’ questions ensuring all vendors have the same information to provide a quality response.

    Impact and Result

    • A bad or incomplete RFP results in confusing and incomplete vendor RFP responses which consume time and resources.
    • Incomplete or misunderstood requirements add cost to your project due to the change orders required to complete the project.

    Drive Successful Sourcing Outcomes With a Robust RFP Process Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Storyboard – Leverage your vendor sourcing process to get better results

    Discover a proven process for your RFPs. Review Info-Tech’s process and understand how you can prevent your organization from leaking negotiation leverage while preventing vendors from taking control of your RFP. Our 7-phase process prevents a bad RFP from taking your time, money, and resources.

    • Drive Successful Sourcing Outcomes With a Robust RFP Process Storyboard

    2. Define your RFP Requirements Tool – A convenient tool to gather your requirements and align them to your negotiation strategy.

    Use this tool to assist you and your team in documenting the requirements for your RFP. Use the results of this tool to populate the requirements section of your RFP.

    • RFP Requirements Worksheet

    3. RFP Development Suite of Tools – Use Info-Tech’s RFP, pricing, and vendor response tools and templates to increase your efficiency in your RFP process.

    Configure this time-saving suite of tools to your organizational culture, needs, and most importantly the desired outcome of your RFP initiative. This suite contains four unique RFP templates. Evaluate which template is appropriate for your RFP. Also included in this suite are a response evaluation guidebook and several evaluation scoring tools along with a template to report the RFP results to stakeholders.

    • RFP Calendar and Key Date Tool
    • Vendor Pricing Tool
    • Lean RFP Template
    • Short-Form RFP Template
    • Long-Form RFP Template
    • Excel Form RFP Tool
    • RFP Evaluation Guidebook
    • RFP Evaluation Tool
    • Vendor TCO Tool
    • Consolidated Vendor RFP Response Evaluation Summary
    • Vendor Recommendation Presentation

    Infographic

    Workshop: Drive Successful Sourcing Outcomes With a Robust RFP Process

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Foundation for Creating Requirements

    The Purpose

    Problem Identification

    Key Benefits Achieved

    Current process mapped and requirements template configured

    Activities

    1.1 Overview and level-setting

    1.2 Identify needs and drivers

    1.3 Define and prioritize requirements

    1.4 Gain business authorization and ensure internal alignment

    Outputs

    Map Your Process With Gap Identification

    Requirements Template

    Map Your Process With Gap Identification

    Requirements Template

    Map Your Process With Gap Identification

    Requirements Template

    Map Your Process With Gap Identification

    Requirements Template

    2 Creating a Sourcing Process

    The Purpose

    Define Success Target

    Key Benefits Achieved

    Baseline RFP and evaluation templates

    Activities

    2.1 Create and issue RFP

    2.2 Evaluate responses/proposals and negotiate the agreement

    2.3 Purchase goods and services

    Outputs

    RFP Calendar Tool

    RFP Evaluation Guidebook

    RFP Respondent Evaluation Tool

    3 Configure Templates

    The Purpose

    Configure Templates

    Key Benefits Achieved

    Configured Templates

    Activities

    3.1 Assess and measure

    3.2 Review templates

    Outputs

    Long-Form RFP Template

    Short-Form RFP Template

    Excel-Based RFP Template

    Further reading

    Drive Successful Sourcing Outcomes With a Robust RFP Process

    Leverage your vendor sourcing process to get better results.

    EXECUTIVE BRIEF

    Drive Successful Sourcing Outcomes with a Robust RFP Process

    Lack of RFP Process Causes...
    • Stress
    • Confusion
    • Frustration
    • Directionless
    • Exhaustion
    • Uncertainty
    • Disappointment
    Solution: RFP Process
    Steps in an RFP Process, 'Identify Need', 'Define Business Requirements', 'Gain Business Authorization', 'Perform RFI/RFP', 'Negotiate Agreement', 'Purchase Good and Services', and 'Assess and Measure Performance'.
    • Best value solutions
    • Right-sized solutions
    • Competitive Negotiations
    • Better requirements that feed negotiations
    • Internal alignment on requirements and solutions
    • Vendor Management Governance Plan
    Requirements
    • Risk
    • Legal
    • Support
    • Security
    • Technical
    • Commercial
    • Operational
    • Vendor Management Governance
    Templates, Tools, Governance
    • RFP Template
    • Your Contracts
    • RFP Procedures
    • Pricing Template
    • Evaluation Guide
    • Evaluation Matrix
    Vendor Management
    • Scorecards
    • Classification
    • Business Review Meetings
    • Key Performance Indicators
    • Contract Management
    • Satisfaction Survey

    Analyst Perspective

    Consequences of a bad RFP

    Photo of Steven Jeffery, Principal Research Director, Vendor Management, Co-Author: The Art of Creating a Quality RFP, Info-Tech Research Group

    “A bad request for proposal (RFP) is the gift that keeps on taking – your time, your resources, your energy, and your ability to accomplish your goal. A bad RFP is ineffective and incomplete, it creates more questions than it answers, and, perhaps most importantly, it does not meet your organization’s expectations.”

    Steven Jeffery
    Principal Research Director, Vendor Management
    Co-Author: The Art of Creating a Quality RFP
    Info-Tech Research Group

    Executive Summary

    Your Challenge

    • Most IT organizations are absent of standard RFP templates, tools, and processes.
    • Many RFPs lack sufficient requirements from across the business (Legal, Finance, Security, Risk, Procurement, VMO).
    • Most RFP team members are not adequately trained on RFP best practices.
    • Most IT departments underestimate the amount of time required to perform an effective RFP.
    • An ad hoc sourcing process is a common recipe for vendor performance failure.

    Common Obstacles

    • Lack of time
    • Lack of resources
    • Right team members not engaged
    • Poorly defined requirements
    • Too difficult to change supplier
    • Lack of a process
    • Lack of adequate tools/processes
    • Lack of a vendor communications plan that includes all business stakeholders.
    • Lack of consensus as to what the ideal result should look like.

    Info-Tech’s Approach

    • Establish a repeatable, consistent RFP process that maintains negotiation leverage and includes all key components.
    • Create reusable templates to expedite the RFP evaluation and selection process.
    • Maximize the competition by creating an equal and level playing field that encourages all the vendors to respond to your RFP.
    • Create a process that is clear and understandable for both the business unit and the vendor to follow.
    • Include Vendor Management concepts in the process.

    Info-Tech Insight

    A well planned and executed sourcing strategy that focuses on solid requirements, evaluation criteria, and vendor management will improve vendor performance.

    Executive Summary

    Your Challenge

    Your challenge is to determine the best sourcing tool to obtain vendor information on capabilities, solution(s), pricing and contracting: RFI, RFP, eRFX.

    Depending on your organization’s knowledge of the market, your available funding, and where you are in the sourcing process, there are several approaches to getting the information you need.

    An additional challenge is to answer the question “What is the purpose of our RFX?”

    If you do not have in-depth knowledge of the market, available solutions, and viable vendors, you may want to perform an RFI to provide available market information to guide your RFP strategy.

    If you have defined requirements, approved funding, and enough time, you can issue a detailed, concise RFP.

    If you have “the basics” about the solution to be acquired and are on a tight timeframe, an “enhanced RFI” may fit your needs.

    This blueprint will provide you with the tools and processes and insights to affect the best possible outcome.

    Executive Summary

    Common Obstacles

    • Lack of process/tools
    • Lack of input from stakeholders
    • Stakeholders circumventing the process to vendors
    • Vendors circumventing the process to key stakeholders
    • Lack of clear, concise, and thoroughly articulated requirements
    • Waiting until the vendor is selected to start contract negotiations
    • Waiting until the RFP responses are back to consider vendor management requirements
    • Lack of clear communication strategy to the vendor community that the team adheres to

    Many organizations underestimate the time commitment for an RFP

    70 Days is the average duration of an IT RFP.

    The average number of evaluators is 5-6

    4 Is the average number of vendor submissions, each requiring an average of two to three hours to review. (Source: Bonfire, 2019. Note: The 2019 Bonfire report on the “State of the RFP” is the most recent published.)

    “IT RFPs take the longest from posting to award and have the most evaluators. This may be because IT is regarded as a complex subject requiring complex evaluation. Certainly, of all categories, IT offers the most alternative solutions. The technology is also changing rapidly, as are the requirements of IT users – the half-life of an IT requirement is less than six months (half the requirements specified now will be invalid six months from now). And when the RFP process takes up two of those months, vendors may be unable to meet changed requirements when the time to implement arrives. This is why IT RFPs should specify the problem to be resolved rather than the solution to be provided. If the problem resolution is the goal, vendors are free to implement the latest technologies to meet that need.” (Bonfire, “2019 State of the RFP”)

    Why Vendors Don’t Like RFPs

    Vendors’ win rate

    44%

    Vendors only win an average of 44% of the RFPs they respond to (Loopio, 2022).
    High cost to respond

    3-5%

    Vendors budget 3-5% of the anticipated contract value to respond (LinkedIn, 2017, Note: LinkedIn source is the latest information available).
    Time spent writing response

    23.8 hours

    Vendors spend on average 23.8 hours to write or respond to your RFP (Marketingprofs, 2021).

    Negative effects on your organization from a lack of RFP process

    Visualization titled 'Lack of RFP Process Causes' with the following seven items listed.

    Stress, because roles and responsibilities aren’t clearly defined and communication is haphazard, resulting in strained relationships.

    Confusion, because you don’t know what the expected or desired results are.

    Directionless, because you don’t know where the team is going.

    Uncertainty, with many questions of your own and many more from other team members.

    Frustration, because of all the questions the vendors ask as a result of unclear or incomplete requirements.

    Exhaustion, because reviewing RFP responses of insufficient quality is tedious.

    Disappointment in the results your company realizes.

    (Source: The Art of Creating a Quality RFP)

    Info-Tech’s approach

    Develop an inclusive and thorough approach to the RFP Process

    Steps in an RFP Process, 'Identify Need', 'Define Business Requirements', 'Gain Business Authorization', 'Perform RFI/RFP', 'Negotiate Agreement', 'Purchase Good and Services', and 'Assess and Measure Performance'.

    The Info-Tech difference:

    1. The secret to managing an RFP is to make it as manageable and as thorough as possible. The RFP process should be like any other aspect of business – by developing a standard process. With a process in place, you are better able to handle whatever comes your way, because you know the steps you need to follow to produce a top-notch RFP.
    2. The business then identifies the need for more information about a product/service or determines that a purchase is required.
    3. A team of stakeholders from each area impacted gather all business, technical, legal, and risk requirements. What are the expectations of the vendor relationship post-RFP? How will the vendors be evaluated?
    4. Based on the predetermined requirements, either an RFI or an RFP is issued to vendors with a predetermined due date.

    Insight Summary

    Overarching insight

    Without a well defined, consistent RFP process, with input from all key stakeholders, the organization will not achieve the best possible results from its sourcing efforts.

    Phase 1 insight

    Vendors are choosing to not respond to RFPs due to their length and lack of complete requirements.

    Phase 2 insight

    Be clear and concise in stating your requirements and include, in addition to IT requirements, procurement, security, legal, and risk requirements.

    Phase 3 insight

    Consider adding vendor management requirements to manage the ongoing relationship post contract.

    Tactical insight

    Consider the RFP Evaluation Process as you draft the RFP, including weighting the RFP components. Don’t underestimate the level of effort required to effectively evaluate responses – write the RFP with this in mind.

    Tactical insight

    Provide strict, prescriptive instructions detailing how the vendor should submit their responses. Controlling vendor responses will increase your team’s efficiency in evaluations while providing ease of reference responses across multiple vendors.

    Key deliverables

    Each step of this blueprint is accompanied by supporting deliverables to help you accomplish your goals:

    Key deliverables:

    Info-Tech provides you with the tools you need to go to market in the most efficient manner possible, with guidance on how to achieve your goals.

    Sample of

    Long-Form RFP Template
    For when you have complete requirements and time to develop a thorough RFP.
    Sample of the Long-Form RFP Template deliverable. Short-Form RFP Template
    When the requirements are not as extensive, time is short, and you are familiar with the market.
    Sample of the Short-Form RFP Template deliverable.
    Lean RFP Template
    When you have limited time and some knowledge of the market and wish to include only a few vendors.
    Sample of the Lean RFP Template deliverable. Excel-Form RFP Template
    When there are many requirements, many options, multiple vendors, and a broad evaluation team.
    Sample of the Excel-Form RFP Template deliverable.

    Blueprint benefits

    IT Benefits
    • Side-by-side comparison of vendor capabilities
    • Pricing alternatives
    • No surprises
    • Competitive solutions to deliver the best results
    Mutual IT and Business Benefits
    • Reduced time to implement
    • Improved alignment between IT /Business
    • Improved vendor performance
    • Improved vendor relations
    Business Benefits
    • Budget alignment, reduced cost
    • Best value
    • Risk mitigation
    • Legal and risk protections

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    Guided Implementation

    Workshop

    Consulting

    "Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful." "Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track." "We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place." "Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project."

    Diagnostics and consistent frameworks used throughout all four options

    Guided Implementation

    A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization.

    A typical GI is seven to twelve calls over the course of four to six months.

    What does a typical GI on this topic look like?

    Phase 1

    Phase 2

    Phase 3

    Phase 4

    Phase 5

    Phase 6

    Phase 7

    Call #1: Identify the need Call #3: Gain business authorization Call #5: Negotiate agreement strategy Call #7: Assess and measure performance
    Call #2: Define business requirements Call #4: Review and perform the RFX or RFP Call #6: Purchase goods and services

    Workshop Overview

    Contact your account representative for more information.
    workshops@infotech.com1-888-670-8889

    Day 1 Day 2 Day 3
    Activities
    Answer “What problem do we need to solve?”

    1.1 Overview and level-setting

    1.2 Identify needs and drivers

    1.3 Define and prioritize requirements

    1.4 Gain business authorization and ensure internal alignment

    Define what success looks like?

    2.1 Create and issue RFP

    2.2 Evaluate responses/ proposals and negotiate the agreement.

    2.3 Purchase goods and services

    Configure Templates

    3.1 Assess and measure

    3.2 Review tools

    Deliverables
    1. Map your process with gap identification
    2. RFP Requirements Worksheet
    1. RFP Calendar and Key Date Tool
    2. RFP Evaluation Guidebook
    3. RFP Evaluation Tool
    1. Long-form RFP Template
    2. Short-form RFP Template
    3. Excel-based RFP Tool
    4. Lean RFP Template

    Phase 1

    Identify Need

    Steps

    1.1 Establish the need to either purchase goods/services (RFP) or acquire additional information from the market (RFI).

    Steps in an RFP Process with the first step, 'Identify Need', highlighted.

    This phase involves the following participants:

    • Business stakeholders
    • IT
    • Sourcing/Procurement
    • Finance

    Identify the need based on business requirements, changing technology, increasing vendor costs, expiring contracts, and changing regulatory requirements.

    Outcomes of this phase

    Agreement on the need to go to market to make a purchase (RFP) or to acquire additional information (RFI) along with a high-level agreement on requirements, rough schedule (is there time to do a full blown RFP or are you time constrained, which may result in an eRFP) and the RFP team is identified.

    Identify Need
    Phase 1 Phase 2 Phase 3 Phase 4 Phase 5 Phase 6 Phase 7

    Identify the Need for Your RFP

    • An RFP is issued to the market when you are certain that you intend to purchase a product/service and have identified an adequate vendor base from which to choose as a result of:

      • IT Strategy
      • Changes in technology
      • Marketplace assessment
      • Contract expiration/renewal
      • Changes in regulatory requirements
      • Changes in the business’ requirements
    • An RFI is issued to the market when you are uncertain as to available technologies or supplier capabilities and need budgetary costs for planning purposes.
    • Be sure to choose the right RFx tool for your situation!
    Stock photo of a pen circling the word 'needs' on a printed document.

    Phase 2

    Define Your RFP Requirements

    Steps

    2.1 Define and classify the technical, business, financial, legal, and support and security requirements for your business.

    Steps in an RFP Process with the second step, 'Define Business Requirements', highlighted.

    This phase involves the following participants:

    • IT
    • Legal
    • Finance
    • Risk management
    • Sourcing/Procurement
    • Business stakeholders

    Outcomes of this phase

    A detailed list of required business, technical, legal and procurement requirements classified as to absolute need(s), bargaining and concession need(s), and “nice to haves.”

    Define Business Requirements

    Phase 1 Phase 2 Phase 3 Phase 4 Phase 5 Phase 6 Phase 7

    Define RFP Requirements

    Key things to consider when defining requirements

    • Must be inclusive of the needs of all stakeholders: business, technical, financial, and legal
    • Strive for clarity and completeness in each area of consideration.
    • Begin defining your “absolute,” “bargaining,” “concession,” and ‘”dropped/out of scope” requirements to streamline the evaluation process.
    • Keep the requirements identified as “absolute” to a minimum, because vendors that do not meet absolute requirements will be removed from consideration.
    • Do you have a standard contract that can be included or do you want to review the vendor’s contract?
    • Don’t forget Data Security!
    • Begin defining your vendor selection criteria.
    • What do you want the end result to look like?
    • How will you manage the selected vendor after the contract? Include key VM requirements.
    • Defining requirements can’t be rushed or you’ll find yourself answering many questions, which may create confusion.
    • Collect all your current spend and budget considerations regarding the needed product(s) and service(s).

    “Concentrate on the needs of the organization and not the wants of the individuals when creating requirements to avoid scope creep.” (Donna Glidden, ITRG Research Director)

    Leverage the “ABCD” approach found in our Prepare for Negotiations More Effectively blueprint:
    https://tymansgrpup.com/research/ss/prepare-for-negotiations-more-effectively

    2.1 Prioritize your requirements

    1 hr to several days

    Input: List of all requirements from IT and IT Security, Business, Sourcing/Procurement, Risk Management, and Legal

    Output: Prioritized list of RFP requirements approved by the stakeholder team

    Materials: The RFP Requirements Worksheet

    Participants: All stakeholders impacted by the RFP: IT, IT Security, the Business, Sourcing/ Procurement, Risk Management, Legal

    1. Use this tool to assist you and your team in documenting the requirements for your RFP. Leverage it to collect and categorize your requirements in preparation for negotiations. Use the results of this tool to populate the requirements section of your RFP.
    2. As a group, review each of the requirements and determine their priority as they will ultimately relate to the negotiations.
      • Prioritizing your requirements will set up your negotiation strategy and streamline the process.
      • By establishing the priority of each requirement upfront, you will save time and effort in the selection process.
    3. Review RFP requirements with stakeholders for approval.

    Download the RFP Requirements Worksheet

    Phase 3

    Gain Business Authorization

    Steps

    3.1 Obtain business authorization from the business, technology, finance and Sourcing/Procurement

    Steps in an RFP Process with the third step, 'Gain Business Authorization', highlighted.

    This phase involves the following participants:

    • Business stakeholders
    • Technology and finance (depending upon the business)
    • Sourcing/Procurement

    Outcomes of this phase

    Approval by all key stakeholders to proceed with the issuing of the RFP and to make a purchase as a result.

    Gain Business Authorization

    Phase 1 Phase 2 Phase 3 Phase 4 Phase 5 Phase 6 Phase 7

    Gain Business Authorization

    Gain authorization for your RFP from all relevant stakeholders
    • Alignment of stakeholders
    • Agreement on final requirements
    • Financial authorization
    • Commitment of resources
    • Agreement on what constitutes vendor qualification
    • Finalization of selection criteria and their prioritization

    Obtaining cross-function alignment will clear the way for contract, SOW, and budget approvals and not waste any of your and your vendor’s resources in performing an RFP that your organization is not ready to implement or invest financial and human resources in.

    Stock photo of the word 'AUTHORIZED' stamped onto a white background with a much smaller stamp laying beside it.

    Phase 4

    Create and Issue

    Steps

    4.1 Build your RFP

    4.2 Decide RFI or not

    4.3 Create your RFP

    4.4 Receive & answer questions

    4.5 Perform Pre-Proposal Conference

    4.6 Evaluate responses

    Steps in an RFP Process with the fourth step, 'Perform RFI/RFP', highlighted.

    This phase involves the following participants:

    • The RFP owner
    • IT
    • Business SMEs/stakeholders

    Outcomes of this phase

    RFP package is issued to vendors and includes the date of the Pre-Proposal Conference, which should be held shortly after RFP release and includes all parties.

    SME’s/stakeholders participate in providing answers to RFP contact for response to vendors.

    Create and Issue Your RFP/RFI

    Phase 1 Phase 2 Phase 3 Phase 4 Phase 5 Phase 6 Phase 7

    Six Steps to Perform RFI/RFP

    Step 1

    • Build your RFP with evaluation in mind.

    Step 2

    • RFI or no RFI
    • Consider a Lean RFP

    Step 3

    • Create your RFP
    • Establish your RFP dates
    • Decide on RFP template
      • Short
      • Long
      • Excel
    • Create a template for vendors’ response
    • Create your Pricing Template

    Step 4

    • Receive RFP questions from vendors
    • Review and prepare answers to questions for the Pre-Proposal Conference

    Step 5

    • Conduct a Pre-Proposal Conference

    Step 6

    • Receive vendors’ proposals
    • Review for compliance and completion
    • Team evaluates vendors’ proposals.
    • Prepare TCO
    • Draft executive recommendation report

    Build your RFP with evaluation in mind

    Easing evaluation frustrations

    At the beginning of your RFP creation process consider how your requirements will impact the vendor’s response. Concentrate on the instructions you provide the vendors and how you wish to receive their responses. View the RFP through the lens of the vendors and envision how they are going to respond to the proposal.

    Limiting the number of requirements included in the RFP will increase the evaluation team’s speed when reviewing vendors’ responses. This is accomplished by not asking questions for common features and functionality that all vendors provide. Don’t ask multiple questions within a question. Avoid “lifting” vendor-specific language to copy into the RFP as this will signal to vendors who their competition might be and may deter their participation. Concentrate your requirement questions to those areas that are unique to your solution to reduce the amount of time required to evaluate the vendors’ response.

    Things to Consider When Creating Your RFP:

    • Consistency is the foundation for ease of evaluation.
    • Provide templates, such as an Excel worksheet, for the vendor’s pricing submissions and for its responses to close-ended questions.
    • Give detailed instructions on how the vendor should organize their response.
    • Limit the number of open-ended questions requiring a long narrative response to must-have requirements.
    • Organize your requirements and objectives in a numerical outline and have the vendor respond in the same manner, such as the following:
      • 1
      • 1.1
      • 1.1.1

    Increase your response quality

    Inconsistent formatting of vendor responses prevents an apples-to-apples evaluation between vendor responses. Evaluation teams are frequently challenged and are unable to evaluate vendors’ responses equally against each other for the following reasons:

    Challenges
    • Vendor responses are submitted with different and confusing nomenclature
    • Inconsistent format in response
    • Disparate order of sections in the vendors responses
    • Different style of outlining their responses, e.g. 1.1 vs. I.(i)
    • Pricing proposal included throughout their response
    • Responses are comingled with marketing messages
    • Vendor answers to requirements or objectives are not consolidated in a uniform manner
    • Disparate descriptions for response subsections
    Prevention
    • Provide specific instructions as to how the vendor is to organize their response:
      • How to format and outline the response
      • No marketing material
      • No pricing in the body of the response
    • Provide templates for pricing, technical, operational, and legal aspects.

    Six Steps to Perform RFI/RFP

    Step 1

    • Build your RFP with evaluation in mind.

    Step 2

    • RFI or no RFI
    • Consider a Lean RFP

    Step 3

    • Create your RFP
    • Establish your RFP dates
    • Decide on RFP template
      • Short
      • Long
      • Excel
    • Create a template for vendors’ response
    • Create your Pricing Template

    Step 4

    • Receive RFP questions from vendors
    • Review and prepare answers to questions for the Pre-Proposal Conference

    Step 5

    • Conduct a Pre-Proposal Conference

    Step 6

    • Receive vendors’ proposals
    • Review for compliance and completion
    • Team evaluates vendors’ proposals.
    • Prepare TCO
    • Draft executive recommendation report

    Perform Request for Information

    Don’t underestimate the importance of the RFI

    As the name implies, a request for information (RFI) is a tool for collecting information from vendors about the companies, their products, and their services. We find RFIs useful when faced with a lot of vendors that we don’t know much about, when we want to benchmark the marketplace for products and services, including budgetary information, and when we have identified more potential vendors than we care to commit a full RFP to.

    RFIs are simpler and less time-consuming than RFPs to prepare and evaluate, so it can make a lot of sense to start with an RFI. Eliminating unqualified vendors from further consideration will save your team from weeding through RFP responses that do not meet your objectives. For their part, your vendors will appreciate your efforts to determine up-front which of them are the best bets before asking them to spend resources and money producing a costly proposal.

    While many organizations rarely use RFIs, they can be an effective tool in the vendor manager’s toolbox when used at the right time in the right way. RFIs can be deployed in competitive targeted negotiations.

    A Lean RFP is a two-stage strategy that speeds up the typical RFP process. The first stage is like an RFI on steroids, and the second stage is targeted competitive negotiation.

    Don’t rely solely on the internet to qualify vendors; use an RFI to acquire additional information before finalizing an RFP.

    4.2.1 In a hurry? Consider a Lean RFP instead of an RFP

    Several days
    1. Create an RFI with all of the normal and customary components. Next, add a few additional RFP-like requirements (e.g. operational, technical, and legal requirements). Make sure you include a request for budgetary pricing and provide any significant features and functionality requirements so that the vendors have enough information to propose solutions. In addition, allow the vendors to ask questions through your single point of coordination and share answers with all of the vendors. Finally, notify the vendors that you will not be doing an RFP.
    2. Review the vendors’ proposals and evaluate their proposals against your requirements along with their notional or budgetary pricing.
    3. Have the evaluators utilize the Lean RFP Template to record their scores accordingly.
    4. After collecting the scores from the evaluators, consolidate the scores together to discuss which vendors – we recommend two or three – you want to present demos.
    5. Based on the vendors’ demos, the team selects at least two vendors to negotiate contract and pricing terms with intent of selecting the best-value vendor.
    6. The Lean RFP shortens the typical RFP process, maintains leverage for your organization, and works great with low- to medium-spend items (however your organization defines them). You’ll get clarification on vendors’ competencies and capabilities, obtain a fair market price, and meet your internal clients’ aggressive timelines while still taking steps to protect your organization.

    Download the Lean RFP Template

    Download the RFP Evaluation Tool

    4.2.1 In a hurry? Consider a Lean RFP instead of an RFP continued

    Input

    • List of technical, operational, business, and legal requirements
    • Budgetary pricing ask

    Output

    • A Lean RFP document that includes the primary components of an RFP
    • Lean RFP vendors response evaluation

    Materials

    • Lean RFP Template
    • RFP Evaluation Tool
    • Contracting requirements
    • Pricing

    Participants

    • IT
    • Business
    • Finance
    • Sourcing/Procurement

    Case Study

    A Lean RFP saves time
    INDUSTRY: Pharmaceutical
    SOURCE: Guided Implementation
    Challenge
    • The vendor manager (VM) was experiencing pressure to shorten the expected five-month duration to perform an RFP for software that planned, coordinated, and submitted regulatory documents to the US Food and Drug Administration.
    • The VM team was not completely familiar with the qualified vendors and their solutions.
    • The organization wanted to capitalize on this opportunity to enhance its current processes with the intent of improving efficiencies in documentation submissions.
    Solution
    • Leveraging the Lean RFP process, the team reduced the 200+ RFP questionnaire into a more manageable list of 34 significant questions to evaluate vendor responses.
    • The team issued the Lean RFP and requested the vendors’ responses in three weeks instead of the five weeks planned for the RFP process.
    • The team modified the scoring process to utilize a simple weighted-scoring methodology, using a scale of 1-5.
    Results
    • The Lean RFP scaled back the complexity of a large RFP.
    • The customer received three vendor responses ranging from 19 to 43 pages and 60-80% shorter than expected if the RFP had been used. This allowed the team to reduce the evaluation period by three weeks.
    • The duration of the RFx process was reduced by more than two months – from five months to just under three months.

    Six Steps to Perform RFI/RFP

    Step 1

    • Build your RFP with evaluation in mind.

    Step 2

    • RFI or no RFI
    • Consider a Lean RFP

    Step 3

    • Create your RFP
    • Establish your RFP dates
    • Decide on RFP template
      • Short
      • Long
      • Excel
    • Create a template for vendors’ response
    • Create your Pricing Template

    Step 4

    • Receive RFP questions from vendors
    • Review and prepare answers to questions for the Pre-Proposal Conference

    Step 5

    • Conduct a Pre-Proposal Conference

    Step 6

    • Receive vendors’ proposals
    • Review for compliance and completion
    • Team evaluates vendors’ proposals.
    • Prepare TCO
    • Draft executive recommendation report

    4.3.1 RFP Calendar

    1 hour

    Input: List duration in days of key activities, RFP Calendar and Key Date Tool, For all vendor-inclusive meetings, include the dates on your RFP calendar and reference them in the RFP

    Output: A timeline to complete the RFP that has the support of each stakeholder involved in the process and that allows for a complete and thorough vendor response.

    Materials: RFP Calendar and Key Date Tool

    Participants: IT management, Business stakeholder(s), Legal (as required), Risk management (as required), Sourcing/Procurement, Vendor management

    1. As a group, identify the key activities to be accomplished and the amount of time estimated to complete each task:
      1. Identify who is ultimately accountable for the completion of each task
      2. Determine the length of time required to complete each task
    2. Use the RFP Calendar and Key Date Tool to build the calendar specific to your needs.
    3. Include vendor-related dates in the RFP, i.e., Pre-Proposal Conference, deadline for RFP questions as well as response.

    Download the RFP Calendar and Key Date Tool

    Draft your RFP

    Create and issue your RFP, which should contain at least the following:
    • The ability for the vendors to ask clarifying questions (in writing, sent to the predetermined RFP contact)
    • Pre-Proposal/Pre-Bid Conference schedule where vendors can receive the same answer to all clarifying written questions
    • A calendar of events (block the time on stakeholder calendars – see template).
    • Instructions to potential vendors on how they should construct and return their response to enable effective and timely evaluation of each offer.
    • Requirements; for example: Functional, Operational, Technical, and Legal.
    • Specification drawings as if applicable.
    • Consider adding vendor management requirements – how do you want to manage the relationship after the deal is done?
    • A pricing template for vendors to complete that facilitates comparison across multiple vendors.
    • Contract terms required by your legal team (or your standard contract for vendors to redline as part of their response and rated/ranked accordingly).
    • Create your RFP with the evaluation process and team in mind to ensure efficiency and timeliness in the process. Be clear, concise, and complete in the document.
    • Consistency and completeness is the foundation for ease of evaluation.
    • Give vendors detailed instruction on how to structure and organize their response.
    • Limit the number of open-ended questions requiring a long narrative response.
    • Be sure to leverage Info-Tech’s proven and field-tested Short-Form, Long-Form, and Lean RFP Templates provided in this blueprint.

    Create a template for the vendors’ response

    Dictating to the vendors the format of their response will increase your evaluation efficiency
    Narrative Response:

    Create either a Word or Excel document that provides the vendor with an easy vehicle for their response. This template should include the question identifier that ties the response back to the requirement in the RFP. Instruct vendors to include the question number on any ancillary materials they wish to include.

    Pricing Response:

    Create a separate Excel template that the vendors must use to provide their financial offer. This template should include pricing for hardware, software, training, implementation, and professional services, as well as placeholders for any additional fees.

    Always be flexible in accepting alternative proposals after the vendor has responded with the information you requested in the format you require.

    Stock image of a paper checklist in front of a laptop computer's screen.

    4.3.2 Vendor Pricing Tool

    1 hour

    Input: Identify pricing components for hardware, software, training, consulting/services, support, and additional licenses (if needed)

    Output: Vendor Pricing Tool

    Materials: RFP Requirements Worksheet, Pricing template

    Participants: IT, Finance, Business stakeholders, Sourcing/Procurement, Vendor management

    1. Using a good pricing template will prevent vendors from providing pricing offers that create a strategic advantage designed to prevent you from performing an apples-to-apples comparison.
    2. Provide specific instructions as to how the vendor is to organize their pricing response, which should be submitted separate from the RFP response.
    3. Configure and tailor pricing templates that are specific to the product and/or services.
    4. Upon receipt of all the vendor’s responses, simply cut and paste their total response to your base template for an easy side-by-side pricing comparison.
    5. Do not allow vendors to submit financial proposals outside of your template.

    Download the Vendor Pricing Tool

    Three RFP Templates

    Choose the right template for the right sourcing initiative

    • Short-Form
    • Use the Short-Form RFP Template for simple, non-complex solutions that are medium to low dollar amounts that do not require numerous requirements.

    • Long-Form
    • We recommend the Long-Form RFP Template for highly technical and complex solutions that are high dollar and have long implementation duration.

    • Excel-Form
    • Leverage the Excel-Form RFP Tool for requirements that are more specific in nature to evaluate a vendor’s capability for their solution. This template is designed to be complete and inclusive of the RFP process, e.g., requirements, vendor response, and vendor response evaluation scoring.

    Like tools in a carpenters’ tool box or truck, there is no right or wrong template for any job. Take into account your organization culture, resources available, time frame, policies, and procedures to pick the right tool for the job. (Steve Jeffery, Principal Research Director, Vendor Management, Co-Author: The Art of Creating a Quality RFP, Info-Tech Research Group)

    4.3.3 Short-Form RFP Template

    1-2 hours

    Input: List of technical, legal, business, and data security requirements

    Output: Full set of requirements, prioritized, that all participants agree to

    Materials: Short-Form RFP Template, Vendor Pricing Tool, Supporting exhibits

    Participants: IT management, Business stakeholder(s), Legal (as required), Risk management (as required), Sourcing/Procurement, Vendor management

    • This is a less complex RFP that has relatively basic requirements and perhaps a small window in which the vendors can respond. As with the long-form RFP, exhibits are placed at the end of the RFP, an arrangement that saves both your team and the vendors time. Of course, the short-form RFP contains less-specific instructions, guidelines, and rules for vendors’ proposal submissions.
    • We find that short-form RFPs are a good choice when you need to use something more than a request for quote (RFQ) but less than an RFP running 20 or more pages. It’s ideal, for example, when you want to send an RFP to only one vendor or to acquire items such as office supplies, contingent labor, or commodity items that don’t require significant vendor risk assessment.

    Download the Short-Form RFP Template

    4.3.4 Long-Form RFP Template

    1-3 hours

    Input: List of technical, legal, business, and data security requirements

    Output: Full set of requirements, prioritized, that all stakeholders agree to

    Materials: Long-Form RFP Template, Vendor Pricing Tool, Supporting exhibits

    Participants: IT management, Business stakeholder(s), Legal (as required), Risk management (as required), Sourcing/Procurement, Vendor management

    • A long-form or major RFP is an excellent tool for more complex and complicated requirements. This template is for a baseline RFP.
    • It starts with best-in-class RFP terms and conditions that are essential to maintaining your control throughout the RFP process. The specific requirements for the business, functional, technical, legal, and pricing areas should be included in the exhibits at the end of the template. That makes it easier to tailor the RFP for each deal, since you and your team can quickly identify specific areas that need modification. Grouping the exhibits together also makes it convenient for both your team to review and the vendors to respond.
    • You can use this sample RFP as the basis for your template RFP, taking it all as is or picking and choosing the sections that best meet the mission and objectives of the RFP and your organization.

    Download the Long-Form RFP Template

    4.3.5 Excel-Form RFP Tool

    Several weeks

    Input: List of technical, legal, business, and data security requirements

    Output: Full set of requirements, prioritized, that all stakeholders agree to

    Materials: Excel-Form RFP Template, Vendor Pricing Tool, Supporting exhibits

    Participants: IT management, Business stakeholder(s), Legal (as required), Risk management (as required), Sourcing/Procurement, Vendor management

    • The Excel-Form RFP Tool is used as an alternative to the other RFP toolsets if you have multiple requirements and have multiple vendors to choose from.
    • Requirements are written as a “statement” and the vendor can select from five answers as to their ability to meet the requirements, with the ability to provide additional context and materials to augment their answers, as needed.
    • Requirements are listed separately in each tab, for example, Business, Legal, Technical, Security, Support, Professional Services, etc.

    Download the Excel-Form RFP Template

    Six Steps to Perform RFI/RFP

    Step 1

    • Build your RFP with evaluation in mind.

    Step 2

    • RFI or no RFI
    • Consider a Lean RFP

    Step 3

    • Create your RFP
    • Establish your RFP dates
    • Decide on RFP template
      • Short
      • Long
      • Excel
    • Create a template for vendors’ response
    • Create your Pricing Template

    Step 4

    • Receive RFP questions from vendors
    • Review and prepare answers to questions for the Pre-Proposal Conference

    Step 5

    • Conduct a Pre-Proposal Conference

    Step 6

    • Receive vendors’ proposals
    • Review for compliance and completion
    • Team evaluates vendors’ proposals.
    • Prepare TCO
    • Draft executive recommendation report

    Answer Vendor Questions

    Maintaining your equal and level playing field among vendors

    • Provide an adequate amount of time from the RFP issue date to the deadline for vendor questions. There may be multiple vendor staff/departments that need to read the RFP and then discuss their response approach and gather any clarifying questions, so we generally recommend three to five business days.
    • There should be one point of contact for all Q&A, which should be submitted in writing via email only. Be sure to plan for enough time to get the answers back from the RFP stakeholders.
    • After the deadline, collect all Q&A and begin the process of consolidating into one document.
    Large silver question mark.
    • Be sure to anonymize both vendor questions and your responses, so as not to reveal who asked or answered the question.
    • Send the document to all RFP respondents via your sourcing tool or BCC in an email to the point of contact, with read receipt requested. That way, you can track who has received and opened the correspondence.
    • Provide the answers a few days prior to the Pre-Proposal Conference to allow all respondents time to review the document and prepare any additional questions.
    • Begin the preparation for the Pre-Proposal Conference.

    Six Steps to Perform RFI/RFP

    Step 1

    • Build your RFP with evaluation in mind.

    Step 2

    • RFI or no RFI
    • Consider a Lean RFP

    Step 3

    • Create your RFP
    • Establish your RFP dates
    • Decide on RFP template
      • Short
      • Long
      • Excel
    • Create a template for vendors’ response
    • Create your Pricing Template

    Step 4

    • Receive RFP questions from vendors
    • Review and prepare answers to questions for the Pre-Proposal Conference

    Step 5

    • Conduct a Pre-Proposal Conference

    Step 6

    • Receive vendors’ proposals
    • Review for compliance and completion
    • Team evaluates vendors’ proposals.
    • Prepare TCO
    • Draft executive recommendation report

    Conduct Pre-Proposal Conference

    Maintain an equal and level playing field

    • Consolidate all Q&A to be presented to all vendors during the Pre-Proposal Conference.
    • If the Pre-Proposal Conference is conducted via conference call, be sure to record the session and advise all participants at the beginning of the call.
    • Be sure to have key stakeholders present on the call to answer questions.
    • Read each question and answer, after which ask if there are any follow up questions. Be sure to capture them and then add them to the Q&A document.
    • Remind respondents that no further questions will be entertained during the remainder of the RFP response period.
    • Send the updated and completed document to all vendors (even if circumstances prevented their attending the Pre-Proposal Conference). Use the same process as when you sent out the initial answers: via email, blind copy the respondents and request read/receipt.

    “Using a Pre-Proposal Conference allows you to reinforce that there is a level playing field for all of the vendors…that each vendor has an equal chance to earn your business. This encourages and maximizes competition, and when that happens, the customer wins.” (Phil Bode, Principal Research Director, Co-Author: The Art of Creating a Quality RFP, Info-Tech Research Group)

    Pre-Proposal Conference Agenda

    Modify this agenda for your specific organization’s culture
    1. Opening Remarks & Welcome – RFP Manager
      1. Agenda review
      2. Purpose of the Pre-Proposal Conference
    2. Review Agenda
      1. Introduction of your (customer) attendees
    3. Participating Vendor Introduction (company name)
    4. Executive or Sr. Leadership Comments (limit to five minutes)
      1. Importance of the RFP
      2. High-level business objective or definition of success
    5. Review Key Dates in the RFP

    (Source: The Art of Creating a Quality RFP, Jeffery et al., 2019)
    1. Review of any Technical Drawings or Information
      1. Key technical requirements and constraints
      2. Key infrastructure requirements and constraints
    2. Review of any complex RFP Issues
      1. Project scope/out of scope
    3. Question &Answer
      1. Vendors’ questions in alphabetical order
    4. Review of Any Specific Instructions for the Respondents
    5. Conclusion/Closing
      1. Review how to submit additional questions
      2. Remind vendors of the single point of contact

    Allow your executive or leadership sponsor to leave the Pre-Proposal Conference after they provide their comments to allow them to continue their day while demonstrating to the vendors the importance of the project.

    Six Steps to Perform RFI/RFP

    Step 1

    • Build your RFP with evaluation in mind.

    Step 2

    • RFI or no RFI
    • Consider a Lean RFP

    Step 3

    • Create your RFP
    • Establish your RFP dates
    • Decide on RFP template
      • Short
      • Long
      • Excel
    • Create a template for vendors’ response
    • Create your Pricing Template

    Step 4

    • Receive RFP questions from vendors
    • Review and prepare answers to questions for the Pre-Proposal Conference

    Step 5

    • Conduct a Pre-Proposal Conference

    Step 6

    • Receive vendors’ proposals
    • Review for compliance and completion
    • Team evaluates vendors’ proposals.
    • Prepare TCO
    • Draft executive recommendation report

    Evaluate Responses

    Other important information

    • Consider separating the pricing component from the RFP responses before sending them to reviewers to maintain objectivity until after you have received all ratings on the proposals themselves.
    • Each reviewer should set aside focused time to carefully read each vendor’s response
    • Read the entire vendor proposal – they spent a lot time and money responding to your request, so please read everything.
    • Remind reviewers that they should route any questions to the vendor through the RFP manager.
    • Using the predetermined ranking system for each section, rate each section of the response, capturing any notes, questions, or concerns as you proceed through the document(s).
    Stock photo of a 'Rating' meter with values 'Very Bad to 'Excellent'.

    Use a proven evaluation method

    Two proven methods to reviewing vendors’ proposals are by response and by objective

    The first, by response, is when the evaluator reviews each vendor’s response in its entirety.

    The second, reviewing by objective, is when the evaluator reviews each vendor’s response to a single objective before moving on to the next.

    By Response

    Two-way arrow with '+ Pros' in green on the left and 'Cons -' in red on the right.

    By Objective

    Two-way arrow with '+ Pros' in green on the left and 'Cons -' in red on the right.

    • Each response is thoroughly read all the way through.
    • Response inconsistencies are easily noticed.
    • Evaluators obtain a good feel for the vendor's response.
    • Evaluators will lose interest as they move from one response to another.
    • Evaluation will be biased if the beginning of response is subpar, influencing the rest of the evaluation.
    • Deficiencies of the perceived favorite vendor are overlooked.
    • Evaluators concentrate on how each objective is addressed.
    • Evaluators better understand the responses, resulting in identifying the best response for the objective.
    • Evaluators are less susceptible to supplier bias.
    • Electronic format of the response hampers response review per objective.
    • If a hard copy is necessary, converting electronic responses to hard copy is costly and cumbersome.
    • Discipline is required to score each vendor's response as they go.

    Maintain evaluation objectivity by reducing response evaluation biases

    Evaluation teams can be naturally biased during their review of the vendors’ responses.

    You cannot eliminate bias completely – the best you can do is manage it by identifying these biases with the team and mitigating their influence in the evaluation process.

    Vendor

    The evaluator only trusts a certain vendor and is uncomfortable with any other vendor.
    • Evaluate the responses blind of vendor names, if possible.
    Centerpiece for this table, titled 'BIAS' and surrounding by iconized representations of the four types listed.

    Account Representatives

    Relationships extend beyond business, and an evaluator doesn't want to jeopardize them.
    • Craft RFP objectives that are vendor neutral.

    Technical

    A vendor is the only technical solution the evaluator is looking for, and they will not consider anything else.
    • Conduct fair and open solution demonstrations.

    Price

    As humans, we can justify anything at a good price.
    • Evaluate proposals without awareness of price.

    Additional insights when evaluating RFPs

    When your evaluation team includes a member of the C-suite or senior leadership, ensure you give them extra time to sufficiently review the vendor's responses. When your questions require a definitive “Yes”/“True” or “No”/“False” responses, we recommend giving the maximum score for “Yes”/“True” and the minimum score for “No”/“False”.
    Increase your efficiency and speed of evaluation by evaluating the mandatory requirements first. If a vendor's response doesn't meet the minimum requirements, save time by not reviewing the remainder of the response. Group your RFP questions with a high-level qualifying question, then the supporting detailed requirements. The evaluation team can save time by not evaluating a response that does not meet a high-level qualifying requirement.

    Establish your evaluation scoring scale

    Define your ranking scale to ensure consistency in ratings

    Within each section of your RFP are objectives, each of which should be given its own score. Our recommended approach is to award on a scale of 0 to 5. With such a scale, you need to define every level. Below are the recommended definitions for a 0 to 5 scoring scale.

    Score Criteria for Rating
    5 Outstanding – Complete understanding of current and future needs; solution addresses current and future needs
    4 Competent – Complete understanding and adequate solution
    3 Average – Average understanding and adequate solution
    2 Questionable – Average understanding; proposal questionable
    1 Poor – Minimal understanding
    0 Not acceptable – Lacks understanding
    Stock photo of judges holding up their ratings.

    Weigh the sections of your RFP on how important or critical they are to the RFP

    Obtain Alignment on Weighting the Scores of Each Section
    • There are many ways to score responses, ranging from extremely simple to highly complicated. The most important thing is that everyone responsible for completing scorecards is in total agreement about how the scoring system should work. Otherwise, the scorecards will lose their value, since different weighting and scoring templates were used to arrive at their scores.
    • You can start by weighting the scores by section, with all sections adding up to 100%.
    Example RFP Section Weights
    Pie chart of example RFP section weights, 'Operational, 20%', 'Service-Level Agreements, 20%', 'Financial, 20%', 'Legal/Contractual, 15%', 'Technical, 10%' 'Functional, 15%'.
    (Source: The Art of Creating a Quality RFP, Jeffery et al., 2019)

    Protect your negotiation leverage with these best practices

    Protect your organization's reputation within the vendor community with a fair and balanced process.
    • Unless you regularly have the evaluators on your evaluation team, always assume that the team members are not familiar nor experienced with your process and procedures.
    • Do not underestimate the amount of preparations required to ensure that your evaluation team has everything they need to evaluate vendors’ responses without bias.
    • Be very specific about the expectations and time commitment required for the evaluation team to evaluate the responses.
    • Explain to the team members the importance of evaluating responses without conflicts of interest, including the fact that information contained within the responses and all discussions within the team are considered company owned and confidential.
    • Include examples of the evaluation and scoring processes to help the evaluators understand what they should be doing.
    • Finally – don’t forget to the thank the evaluation team and their managers for their time and commitment in contributing to this essential decision.
    Stock photo of a cork board with 'best practice' spelled out by tacked bits of paper, each with a letter in a different font.

    Evaluation teams must balance commercial vs. technical requirements

    Do not alter the evaluation weights after responses are submitted.
    • Evaluation teams are always challenged by weighing the importance of price, budget, and value against the technical requirements of “must-haves” and super cool “nice-to-haves.”
    • Encouraging the evaluation team not to inadvertently convert the nice-to-haves to must-haves will prevent scope creep and budget pressure. The evaluation team must concentrate on the vendors’ responses that drive the best value when balancing both commercial and technical requirements.
    Two blocks labelled 'Commercial Requirements' and 'Technical Requirements' balancing on either end of a flat sheet, which is balancing on a silver ball.

    4.6.1 Evaluation Guidebook

    1 hour

    Input: RFP responses, Weighted Scoring Matrix, Vendor Response Scorecard

    Output: One or two finalists for which negotiations will proceed

    Materials: RFP Evaluation Guidebook

    Participants: IT, Finance, Business stakeholders, Sourcing/Procurement, Vendor management

    1. Info-Tech provides an excellent resource for your evaluation team to better understand the process of evaluating vendor response. The guidebook is designed to be configured to the specifics of your RFP, with guidance and instructions to the team.
    2. Use this guidebook to provide instruction to the evaluation team as to how best to score and rate the RFP responses.
    3. Specific definitions are provided for applying the numerical scores to the RFP objectives will ensure consistency among the appropriate numerical score.

    Download the RFP Evaluation Guidebook

    4.6.2 RFP Vendor Proposal Scoring Tool

    1-4 hours

    Input: Each vendor’s RFP response, A copy of the RFP (less pricing), A list of the weighted criteria incorporated into a vendor response scorecard

    Output: A consolidated ranked and weighted comparison of the vendor responses with pricing

    Materials: Vendor responses, RFP Evaluation Tool

    Participants: Sourcing/Procurement, Vendor management

    1. Using the RFP outline as a base, develop a scorecard to evaluate and rate each section of the vendor response, based on the criteria predetermined by the team.
    2. Provide each stakeholder with the scorecard when you provide the vendor responses for them to review and provide the team with adequate time to review each response thoroughly and completely.
    3. Do not, at this stage, provide the pricing. Allow stakeholders to review the responses based on the technical, business, operational criteria without prejudice as to pricing.
    4. Evaluators should always be reminded that they are evaluating each vendor’s response against the objectives and requirements of the RFP. The evaluators should not be evaluating each vendor’s response against one another.
    5. While the team is reviewing and scoring responses, review and consolidate the vendor pricing submissions into one document for a side-by-side comparison.

    Download the RFP Evaluation Tool

    4.6.3 Total Cost of Owners (TCO)

    1-2 hours

    Input: Consolidated vendor pricing responses, Consolidated vendor RFP responses, Current spend within your organization for the product/service, if available, Budget

    Output: A completed TCO model summarizing the financial results of the RFP showing the anticipated costs over the term of the agreement, taking into consideration the impact of renewals.

    Materials: Vendor TCO Tool, Vendor pricing responses

    Participants: IT, Finance, Business stakeholders, Sourcing/Procurement

    • Use Info-Tech’s Vendor TCO Tool to normalize each vendor’s pricing proposal and account for the lifetime cost of the product.
    • Fill in pricing information (the total of all annual costs) from each vendor's returned Pricing Proposal.
    • The tool will summarize the net present value of the TCO for each vendor proposal.
    • The tool will also provide the rank of each pricing proposal.

    Download the Vendor TCO Tool

    Conduct an evaluation team results meeting

    Follow the checklist below to ensure an effective evaluation results meeting

    • Schedule the evaluation team’s review meeting well in advance to ensure there are no scheduling conflicts.
    • Collect the evaluation team’s scores in advance.
    • Collate scores and provide an initial ranking.
    • Do not reveal the pricing evaluation results until after initial discussions and review of the scoring results.
    • Examine both high and low scores to understand why the team members scored the response as they did.
    • Allow the team to discuss, debate, and arrive at consensus on the ranking.
    • After consensus, reveal the pricing to examine if or how it changes the ranking.
    • Align the team on the next steps with the applicable vendors.

    4.6.4 Consolidated RFP Response Scoring

    1-2 hours

    Input: Vendor Response Scorecard from each stakeholder, Consolidated RFP responses and pricing, Any follow up questions or items requiring further vendor clarification.

    Output: An RFP Response Evaluation Summary that identifies the finalists based on pre-determined criteria.

    Materials: RFP Evaluation Tool from each stakeholder, Consolidated RFP responses and pricing.

    Participants: IT, Finance, Business stakeholders, Sourcing/Procurement, Vendor management

    1. Collect from the evaluation team all scorecards and any associated questions requiring further clarification from the vendor(s). Consolidate the scorecards into one for presentation to the team and key decision makers.
    2. Present the final scores to the team, with the pricing evaluation, to determine, based on your needs, two or three finalists that will move forward to the next steps of negotiations.
    3. Discuss any scores that are have large gaps, e.g., a requirement with a score of one from one evaluator and the same requirement with a score five from different evaluator.
    4. Arrive at a consensus of your top one or two potential vendors.
    5. Determine any required follow-up actions with the vendors and include them in the Evaluation Summary.

    Download the Consolidated Vender RFP Response Evaluation Summary

    4.6.5 Vendor Recommendation Presentation

    1-3 hours
    1. Use the Vendor Recommendation Presentation to present your finalist and obtain final approval to negotiate and execute any agreements.
    2. The Vendor Recommendation Presentation provides leadership with:
      1. An overview of the RFP, its primary goals, and key requirements
      2. A summary of the vendors invited to participate and why
      3. A summary of each component of the RFP
      4. A side-by-side comparison of key vendor responses to each of the key/primary requirements, with ranking/weighting results
      5. A summary of the vendor’s responses to key legal terms
      6. A consolidated summary of the vendors’ pricing, augmented by the TCO calculations for the finalist(s).
      7. The RFP team’s vendor recommendations based on its findings
      8. A summary of next steps with dates
      9. Request approval to proceed to next steps of negotiations with the primary and secondary vendor

    Download the Vendor Recommendation Presentation

    4.6.5 Vendor Recommendation Presentation

    Input

    • Consolidated RFP responses, with a focus on key RFP goals
    • Consolidated pricing responses
    • TCO Model completed, approved by Finance, stakeholders

    Output

    • Presentation deck summarizing the key findings of the RFP results, cost estimates and TCO and the recommendation for approval to move to contract negotiations with the finalists

    Materials

    • Consolidated RFP responses, including legal requirements
    • Consolidated pricing
    • TCO Model
    • Evaluators scoring results

    Participants

    • IT
    • Finance
    • Business stakeholders
    • Legal
    • Sourcing/Procurement

    Caution: Configure templates and tools to align with RFP objectives

    Templates and tools are invaluable assets to any RFP process

    • Leveraging templates and tools saves time and provides consistency to your vendors.
    • Maintain a common repository of your templates and tools with different versions and variations. Include a few sentences with instructions on how to use the template and tools for team members who might not be familiar with them.

    Templates/Tools

    RFP templates and tools are found in a variety of places, such as previous projects, your favorite search engine, or by asking a colleague.

    Sourcing

    Regardless of the source of these documents, you must take great care and consideration to sanitize any reference to another vendor, company, or name of the deal.

    Review

    Then you must carefully examine the components of the deal before creating your final documents.

    Popular RFP templates include:

    • RFP documents
    • Pricing templates
    • Evaluation and scoring templates
    • RFP requirements
    • Info-Tech research

    Phase 5

    Negotiate Agreement(s)

    Steps

    5.1 Perform negotiation process

    Steps in an RFP Process with the fifth step, 'Negotiate Agreement', highlighted.

    This phase involves the following participants:

    • Procurement
    • Vendor management
    • Legal
    • IT stakeholders
    • Finance

    Outcomes of this phase

    A negotiated agreement or agreements that are a result of competitive negotiations.

    Negotiate Agreement(s)

    Phase 1 Phase 2 Phase 3 Phase 4 Phase 5 Phase 6 Phase 7

    Negotiate Agreement

    You should evaluate your RFP responses first to see if they are complete and the vendor followed your instructions.


    Then you should:

    • Plan negotiation(s) with one or more vendors based on your questions and opportunities identified during evaluation.
    • Select finalist(s).
    • Apply selection criteria.
    • Resolve vendors’ exceptions.

    Info-Tech Insight

    Be certain to include any commitments made in the RFP, presentations, and proposals in the agreement – dovetails to underperforming vendor.

    Centerpiece of the table, titled 'Negotiation Process'.

    Leverage Info-Tech's negotiation process research for additional information

    Negotiate before you select your vendor:
    • Negotiating with two or more vendors will maintain your competitive leverage while decreasing the time it takes to negotiate the deal.
    • Perform legal reviews as necessary.
    • Use sound competitive negotiations principles.

    Info-Tech Insight

    Providing contract terms in an RFP can dramatically reduce time for this step by understanding the vendor’s initial contractual position for negotiation.

    Phase 6

    Purchase Goods and Services

    Steps

    6.1 Purchase Goods & Services

    Steps in an RFP Process with the sixth step, 'Purchase Goods and Services', highlighted.

    This phase involves the following participants:

    • Procurement
    • Vendor management
    • IT stakeholders

    Outcomes of this phase

    A purchase order that completes the RFP process.

    The beginning of the vendor management process.

    Purchase Goods and Services

    Phase 1 Phase 2 Phase 3 Phase 4 Phase 5 Phase 6 Phase 7

    Purchase Goods and Services

    Prepare to purchase goods and services

    Prepare to purchase goods and services by completing all items on your organization’s onboarding checklist.
    • Have the vendor complete applicable tax forms.
    • Set up the vendor in accounts payable for electronic payment (ACH) set-up.
    Then transact day-to-day business:
    • Provide purchasing forecasts.
    • Complete applicable purchase requisition and purchase orders. Be sure to reference the agreement in the PO.
    Stock image of a computer monitor with a full grocery cart shown on the screen.

    Info-Tech Insight

    As a customer, honoring your contractual obligations and commitments will ensure that your organization is not only well respected but considered a customer of choice.

    Phase 7

    Assess and Measure Performance

    Steps

    7.1 Assess and measure performance against the agreement

    Steps in an RFP Process with the seventh step, 'Assess and Measure Performance', highlighted.

    This phase involves the following participants:

    • Vendor management
    • Business stakeholders
    • Senior leadership (as needed)
    • IT stakeholders
    • Vendor representatives & senior management

    Outcomes of this phase

    A list of what went well during the period – it’s important to recognize successes

    A list of areas needing improvement that includes:

    • A timeline for each item to be completed
    • The team member(s) responsible

    Purchase Goods and Services

    Phase 1 Phase 2 Phase 3 Phase 4 Phase 5 Phase 6 Phase 7

    Assess and Measure Performance

    Measure to manage: the job doesn’t end when the contract is signed.

    • Classify vendor
    • Assess vendor performance
    • Manage improvement
    • Conduct periodic vendor performance reviews or quarterly business reviews
    • Ensure contract compliance for both the vendor and your organization
    • Build knowledgebase for future
    • Re-evaluate and improve appropriately your RFP processes

    Info-Tech Insight

    To be an objective vendor manager, you should also assess and measure your company’s performance along with the vendor’s performance.

    Summary of Accomplishment

    Problem Solved

    Upon completion of this blueprint, guided implementation, or workshop, your team should have a comprehensive, well-defined end-to-end approach to performing a quality sourcing event. Leverage Info-Tech’s industry-proven tools and templates to provide your organization with an effective approach to maintain your negotiation leverage, improve the ease with which you evaluate vendor proposals, and reduce your risk while obtaining the best market value for your goods and services.

    Additionally, your team will have a foundation to execute your vendor management principles. These principles will assist your organization in ensuring you receive the perceived value from the vendor as a result of your competitive negotiations.

    If you would like additional support, have our analysts guide you through other phases as part of an Info-Tech workshop.

    Contact your account representative for more information.

    workshops@infotech.com 1-888-670-8889

    Final Thoughts: RFP Do’s and Don’ts

    DO

    • Leverage your team’s knowledge
    • Document and explain your RFP process to stakeholders and vendors
    • Include contract terms in your RFP
    • Consider vendor management requirements up front
    • Plan to measure and manage performance after contract award leveraging RFP objectives
    • Seek feedback from the RFP team for process improvements

    DON'T

    • Reveal your budget
    • Do an RFP in a vacuum
    • Send an RFP to a vendor your team is not willing to award the business to
    • Hold separate conversations with candidate vendors during your RFP process
    • Skimp on the requirements definition to speed the process
    • Tell the vendor they are selected before negotiating

    Bibliography

    “2022 RFP Response Trends & Benchmarks.” Loopio, 2022. Web.

    Corrigan, Tony. “How Much Does it Cost to Respond to an RFP?” LinkedIn, March 2017. Accessed 10 Dec. 2019

    “Death by RFP:7 Reasons Not to Respond.” Inc. Magazine, 2013. Web.

    Jeffery, Steven, George Bordon, and Phil Bode. The Art of Creating a Quality RFP, 3rd ed. Info-Tech Research Group, 2019.

    “RFP Benchmarks: How Much Time and Staff Firms Devote to Proposals.” MarketingProfs, 2020. Web.

    “State of the RFP 2019.” Bonfire, 2019. Web.

    “What Vendors Want (in RFPs).” Vendorful, 2020. Web.

    Related Info-Tech Research

    Stock photo of two people looking at a tablet. Prepare for Negotiations More Effectively
    • Negotiations are about allocating risk and money – how much risk is a party willing to accept at what price point?
    • Using a cross-functional/cross-insight team structure for negotiation preparation yields better results.
    • Soft skills aren’t enough and theatrical negotiation tactics aren’t effective.
    Stock photo of two people in suits shaking hands. Understand Common IT Contract Provisions to Negotiate More Effectively
    • Focus on the terms and conditions, not just the price. Too often, organizations focus on the price contained within their contracts, neglecting to address core terms and conditions that can end up costing multiples of the initial price.
    • Lawyers can’t ensure you get the best business deal. Lawyers tend to look at general terms and conditions for legal risk and may not understand IT-specific components and business needs.
    Stock photo of three people gathered around a computer. Jump Start Your Vendor Management Initiative
    • Vendor management must be an IT strategy. Solid vendor management is an imperative – IT organizations must develop capabilities to ensure that services are delivered by vendors according to service-level objectives and that risks are mitigated according to the organization's risk tolerance.
    • Visibility into your IT vendor community. Understand how much you spend with each vendor and rank their criticality and risk to focus on the vendors you should be concentrating on for innovative solutions.

    Adopt Generative AI in Solution Delivery

    • Buy Link or Shortcode: {j2store}146|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Development
    • Parent Category Link: /development
    • Delivery teams are under continuous pressure to deliver high value and quality solutions with limited capacity in complex business and technical environments. Common challenges experienced by these teams include:
      • Attracting and retaining talent
      • Maximizing the return on technology
      • Confidently shifting to digital
      • Addressing competing priorities
      • Fostering a collaborative culture
      • Creating high-throughput teams
    • Gen AI offers a unique opportunity to address many of these challenges.

    Our Advice

    Critical Insight

    • Your stakeholders' understanding of Gen AI, its value, and its application can be driven by hype and misinterpretation. This confusion can lead to unrealistic expectations and set the wrong precedent for the role Gen AI is intended to play.
    • Your SDLC is not well documented and is often executed inconsistently. An immature practice will not yield the benefits stakeholders expect.
    • The Gen AI marketplace is broad and diverse. Selecting the appropriate tools and partners is confusing and overwhelming.
    • There is a skills gap for what is needed to configure, adopt, and operate Gen AI.

    Impact and Result

    • Ground your Gen AI expectations. Set realistic and achievable goals centered on driving business value and efficiency across the entire SDLC by enabling Gen AI in key tasks and activities. Propose the SDLC as the ideal pilot for Gen AI.
    • Select the right Gen AI opportunities. Discuss how proven Gen AI capabilities can be applied to your solution delivery practice to achieve the outcomes and priorities stakeholders expect. Lessons learned sow the foundation for future Gen AI scaling.
    • Assess your Gen AI readiness in your solution delivery teams. Clarify the roles, processes, and tools needed for the implementation, use, and maintenance of Gen AI.

    Adopt Generative AI in Solution Delivery Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Adopt Generative AI in Solution Delivery Storyboard – A step-by-step guide that helps you assess whether Gen AI is right for your solution delivery practices.

    Gain an understanding of the potential opportunities that Gen AI can provide your solution delivery practices and answer the question "What should I do next?"

    • Adopt Generative AI in Solution Delivery Storyboard

    2. Gen AI Solution Delivery Readiness Assessment Tool – A tool to help you understand if your solution delivery practice is ready for Gen AI.

    Assess the readiness of your solution delivery team for Gen AI. This tool will ask several questions relating to your people, process, and technology, and recommend whether or not the team is ready to adopt Gen AI practices.

    • Gen AI Solution Delivery Readiness Assessment Tool
    [infographic]

    Further reading

    Adopt Generative AI in Solution Delivery

    Drive solution quality and team productivity with the right generative AI capabilities.

    Analyst Perspective

    Build the case for Gen AI with the right opportunities.

    Generative AI (Gen AI) presents unique opportunities to address many solution delivery challenges. Code generation can increase productivity, synthetic data generation can produce usable test data, and scanning tools can identify issues before they occur. To be successful, teams must be prepared to embrace the changes that Gen AI brings. Stakeholders must also give teams the opportunity to optimize their own processes and gauge the fit of Gen AI.

    Start small with the intent to learn. The right pilot initiative helps you learn the new technology and how it benefits your team without the headache of complex setups and lengthy training and onboarding. Look at your existing solution delivery tools to see what Gen AI capabilities are available and prioritize the use cases where Gen AI can be used out of the box.

    This is a picture of Andrew Kum-Seun

    Andrew Kum-Seun
    Research Director,
    Application Delivery and Management
    Info-Tech Research Group

    Executive Summary

    Your Challenge

    Delivery teams are under continuous pressure to deliver high-value, high-quality solutions with limited capacity in complex business and technical environments. Common challenges experienced by these teams include:

    • Attracting and retaining talent
    • Maximizing the return on technology
    • Confidently shifting to digital
    • Addressing competing priorities
    • Fostering a collaborative culture
    • Creating high-throughput teams

    Generative AI (Gen AI) offers a unique opportunity to address many of these challenges.

    Common Obstacles

    • Your stakeholders' understanding of what is Gen AI, its value and its application, can be driven by hype and misinterpretation. This confusion can lead to unrealistic expectations and set the wrong precedent for the role Gen AI is intended to play.
    • Your solution delivery process is not well documented and is often executed inconsistently. An immature practice will not yield the benefits stakeholders expect.
    • The Gen AI marketplace is very broad and diverse. Selecting the appropriate tools and partners is confusing and overwhelming.
    • There is a skills gap for what is needed to configure, adopt, and operate Gen AI.

    Info-Tech's Approach

    • Ground your Gen AI expectations. Set realistic and achievable goals centered on driving business value and efficiency across the entire solution delivery process by enabling Gen AI in key tasks and activities. Propose this process as the ideal pilot for Gen AI.
    • Select the right Gen AI opportunities. Discuss how proven Gen AI capabilities can be applied to your solution delivery practice and achieve the outcomes and priorities stakeholders expect. Lessons learned sow the foundation for future Gen AI scaling.
    • Assess your Gen AI readiness in your solution delivery teams. Clarify the roles, processes, and tools needed for the implementation, use, and maintenance of Gen AI.

    Info-Tech Insight

    Position Gen AI as a tooling opportunity to enhance the productivity and depth of your solution delivery practice. Current Gen AI tools are unable to address the various technical and human complexities that commonly occur in solution delivery. Assess the fit of Gen AI by augmenting low-risk, out-of-the-box tools in key areas of your solution delivery process and teams.

    Insight Summary

    Overarching Info-Tech Insight

    Position Gen AI is a tooling opportunity to enhance the productivity and depth of your solution delivery practice. However, current Gen AI tools are unable to address the various technical and human complexities that commonly occur in solution delivery. Assess the fit of Gen AI by augmenting low-risk, out-of-the-box tools in key areas of your solution delivery process and teams.

    Understand and optimize first, automate with Gen AI later.
    Gen AI magnifies solution delivery inefficiencies and constraints. Adopt a user-centric perspective to understand your solution delivery teams' interactions with solution delivery tools and technologies to better replicate how they complete their tasks and overcome challenges.

    Enable before buy. Buy before build.
    Your solution delivery vendors see AI as a strategic priority in their product and service offering. Look into your existing toolset and see if you already have the capabilities. Otherwise, prioritize using off-the-shelf solutions with pre-trained Gen AI capabilities and templates.

    Innovate but don't experiment.
    Do not reinvent the wheel and lower your risk of success. Stick to the proven use cases to understand the value and fit of Gen AI tools and how your teams can transform the way they work. Use your lessons learned to discover scaling opportunities.

    Blueprint benefits

    IT benefits

    Business benefits

    • Select the Gen AI tools and capabilities that meet both the solution delivery practice and team goals, such as:
    • Improved team productivity and throughput.
    • Increased solution quality and value.
    • Greater team satisfaction.
    • Motivate stakeholder buy-in for the investment in solution delivery practice improvements.
    • Validate the fit and opportunities with Gen AI for future adoption in other IT departments.
    • Increase IT satisfaction by improving the throughput and speed of solution delivery.
    • Reduce the delivery and operational costs of enterprise products and services.
    • Use a pilot to demonstrate the fit and value of Gen AI capabilities and supporting practices across business and IT units.

    What is Gen AI?

    An image showing where Gen AI sits within the artificial intelligence.  It consists of four concentric circles.  They are labeled from outer-to-inner circle in the following order: Artificial Intelligence; Machine Learning; Deep Learning; Gen AI

    Generative AI (Gen AI)
    A form of ML whereby, in response to prompts, a Gen AI platform can generate new output based on the data it has been trained on. Depending on its foundational model, a Gen AI platform will provide different modalities and use case applications.

    Machine Learning (ML)
    The AI system is instructed to search for patterns in a data set and then make predictions based on that set. In this way, the system learns to provide accurate content over time. This requires a supervised intervention if the data is inaccurate. Deep learning is self-supervised and does not require intervention.

    Artificial Intelligence (AI)
    A field of computer science that focuses on building systems to imitate human behavior. Not all AI systems have learning behavior; many systems (such as customer service chatbots) operate on preset rules.

    Info-Tech Insight

    Many vendors have jumped on Gen AI as the latest marketing buzzword. When vendors claim to offer Gen AI functionality, pin down what exactly is generative about it. The solution must be able to induce new outputs from inputted data via self-supervision – not trained to produce certain outputs based on certain inputs.

    Augment your solution delivery teams with Gen AI

    Position Gen AI as a tooling opportunity to enhance the productivity and depth of your solution delivery practice. Current Gen AI tools are unable to address the various technical and human complexities that commonly occur in solution delivery; assess the fit of Gen AI by augmenting low-risk, out-of-the-box tools in key areas of your solution delivery process and teams.

    Solution Delivery Team

    Humans

    Gen AI Bots

    Product owner and decision maker
    Is accountable for the promised delivery of value to the organization.

    Business analyst and architect
    Articulates the requirements and aligns the team to the business and technical needs.

    Integrator and builder
    Implements the required solution.

    Collaborator
    Consults and supports the delivery.

    Administrator
    Performs common administrative tasks to ensure smooth running of the delivery toolchain and end-solutions.

    Designer and content creator
    Provides design and content support for common scenarios and approaches.

    Paired developer and tester
    Acts as a foil for existing developer or tester to ensure high quality output.

    System monitor and support
    Monitors and recommends remediation steps for operational issues that occur.

    Research deliverable

    This research is accompanied by a supporting deliverable to help you accomplish your goals.

    Gen AI Solution Delivery Readiness Assessment Tool

    Assess the readiness of your solution delivery team for Gen AI. This tool will ask several questions relating to your people, process, and technology, and recommend whether the team is ready to adopt Gen AI practices.

    This is a series of three screenshots from the Gen AI Solution Delivery Readiness Assessment Tool

    Step 1.1

    Set the context

    Activities

    1.1.1 Understand the challenges of your solution delivery teams.

    1.1.2 Outline the value you expect to gain from Gen AI.

    This step involves the following participants:

    • Applications VP
    • Applications Director
    • Solution Delivery Manager
    • Solution Delivery Team

    Outcomes of this step

    • SWOT Analysis to help articulate the challenges facing your teams.
    • A Gen AI Canvas that will articulate the value you expect to gain.

    IT struggles to deliver solutions effectively

    • Lack of skills and resources
      Forty-six percent of respondents stated that it was very or somewhat difficult to attract, hire, and retain developers (GitLab, 2023; N=5,010).
    • Delayed software delivery
      Code development (37%), monitoring/observability (30%), deploying to non-production environments (30%), and testing (28%) were the top areas where software delivery teams or organizations encountered the most delays (GitLab, 2023, N=5,010).
    • Low solution quality and satisfaction
      Only 64% of applications were identified as effective by end users. Effective applications are identified as at least highly important and have high feature and usability satisfaction (Application Portfolio Assessment, August 2021 to July 2022; N=315).
    • Burnt out teams
      While workplace flexibility comes with many benefits, longer work hours jeopardize wellbeing. Sixty-two percent of organizations reported increased working hours, while 80% reported an increase in flexibility ("2022 HR Trends Report," McLean & Company, 2022; N=394) .

    Creating high-throughput teams is an organizational priority.

    CXOs ranked "optimize IT service delivery" as the second highest priority. "Achieve IT business" was ranked first.

    (CEO-CIO Alignment Diagnostics, August 2021 to July 2022; n=568)

    1.1.1 Understand the challenges of your solution delivery teams

    1-3 hours

    1. Complete a SWOT analysis of your solution delivery team to discover areas where Gen AI can be applied.
    2. Record this information in the Gen AI Solution Delivery Readiness Assessment Tool.

    Strengths

    Internal characteristics that are favorable as they relate to solution delivery

    Weaknesses

    Internal characteristics that are unfavorable or need improvement

    Opportunities

    External characteristics that you may use to your advantage

    Threats

    External characteristics that may be potential sources of failure or risk

    Record the results in the Gen AI Solution Delivery Readiness Assessment Tool

    Output

    • SWOT analysis of current state of solution delivery practice

    Participants

    • Applications VP
    • Applications Director
    • Solution Delivery Manager
    • Solution Delivery Team

    Gen AI can help solve your solution delivery challenges

    Why is software delivery an ideal pilot candidate for Gen AI?

    • Many software delivery practices are repeatable and standardized.
    • Software delivery roles that are using and implementing Gen AI are technically savvy.
    • Automation is a staple in many commonly used tools.
    • Change will likely not impact business operations.

    Improved productivity

    Gen AI jumpstarts the most laborious and mundane parts of software delivery. Delivery teams saved 22 hours (avg) per software use case when using AI in 2022, compared to last year when AI was not used ("Generative AI Speeds Up Software Development," PRNewswire, 2023).

    Fungible resources

    Teams are transferrable across different frameworks, platforms, and products. Gen AI provides the structure and guidance needed to work across a wider range of projects ("Game changer: The startling power generative AI is bringing to software development," KPMG, 2023).

    Improved solution quality

    Solution delivery artifacts (e.g. code) are automatically scanned to quickly identify bugs and defects based on recent activities and trends and validate against current system performance and capacity.

    Business empowerment

    AI enhances the application functionalities workers can build with low- and no-code platforms. In fact, "AI high performers are 1.6 times more likely than other organizations to engage non-technical employees in creating AI applications" ("The state of AI in 2022 — and a half decade in review." McKinsey, 2022, N=1,492).

    However, various fears, uncertainties, and doubts challenge Gen AI adoption

    Black Box

    Little transparency is provided on the tool's rationale behind content creation, decision making, and the use and storage of training data, creating risks for legal, security, intellectual property, and other areas.

    Role Replacement

    Some workers have job security concerns despite Gen AI being bound to their rule-based logic framework, the quality of their training data, and patterns of consistent behavior.

    Skills Gaps

    Teams need to gain expertise in AI/ML techniques, training data preparation, and continuous tooling improvements to support effective Gen AI adoption across the delivery practice and ensure reliable operations.

    Data Inaccuracy

    Significant good quality data is needed to build trust in the applicability and reliability of Gen AI recommendations and outputs. Teams must be able to combine Gen AI insights with human judgment to generate the right outcome.

    Slow Delivery of AI Solution

    Timelines are sensitive to organizational maturity, experience with Gen AI, and investments in good data management practices. 65% of organizations said it took more than three months to deploy an enterprise-ready AIOps solution (OpsRamp, 2022).

    Define the value you want Gen AI to deliver

    Well-optimized Gen AI instills stakeholder confidence in ongoing business value delivery and ensures stakeholder buy-in, provided proper expectations are set and met. However, business value is not interpreted or prioritized the same across the organization. Come to a common business value definition to drive change in the right direction by balancing the needs of the individual, team, and organization.

    Business value cannot always be represented by revenue or reduced expenses. Dissecting value by the benefit type and the value source's orientation allows you to see the many ways in which Gen AI brings value to the organization.

    Financial benefits vs. intrinsic needs

    • Financial benefits refers to the degree to which the value source can be measured through monetary metrics, such as revenue generation and cost saving.
    • Intrinsic needs refers to how a product, service, or business capability enhanced with Gen AI meets functional, user experience, and existential needs.

    Inward vs. outward orientation

    • Inward refers to value sources that are internally impacted by Gen AI and improve your employees' and teams' effectiveness in performing their responsibilities.
    • Outward refers to value sources that come from your interaction with external stakeholders and customers and were improved from using Gen AI.

    See our Build a Value Measurement Framework blueprint for more information about business value definition.

    An image of the Business Value Matrix for Gen AI

    Measure success with the right metrics

    Establishing and monitoring metrics are powerful ways to drive behavior and strategic changes in your organization. Determine the right measures that demonstrate the value of your Gen AI implementation by aligning them with your Gen AI objectives, business value drivers, and non-functional requirements.

    Select metrics with different views

    1. Solution delivery practice effectiveness
      The ability of your practice to deliver, support, and operate solutions with Gen AI
      Examples: Solution quality and throughput, delivery and operational costs, number of defects and issues, and system quality
    2. Solution quality and value
      The outcome of your solutions delivered with Gen AI tools
      Examples: Time and money saved, utilization of products and services, speed of process execution, number of errors, and compliance with standards
    3. Gen AI journey goals and milestones
      Your organization's position in your Gen AI journey
      Examples: Maturity score, scope of Gen AI adoption, comfort and
      confidence with Gen AI capabilities, and complexity of Gen AI use cases

    Leverage Info-Tech's Diagnostics

    IT Management & Governance

    • Improvement to application development quality and throughput effectiveness
    • Increased importance of application delivery and maintenance capabilities across the IT organization
    • Delegation of delivery accountability across more IT roles

    CIO Business Vision

    • Improvements to IT satisfaction and value from delivered solutions
    • Changes to the value and importance of IT core services enabled with Gen AI
    • The state of business and IT relationships
    • Capability to deliver and support Gen AI effectively

    1.1.2 Outline the value you expect to gain from Gen AI

    1-3 hours

    1. Complete the following fields to build your Gen AI canvas:
      1. Problem that Gen AI is intending to solve
      2. List of stakeholders
      3. Desired business and IT outcomes
      4. In-scope solution delivery teams, systems, and capabilities.
    2. Record this information in the Gen AI Solution Delivery Readiness Assessment Tool.

    Output

    • Gen AI Canvas

    Participants

    • Applications VP
    • Applications Director
    • Solution Delivery Manager
    • Solution Delivery Team

    Record the results in the Gen AI Solution Delivery Readiness Assessment Tool

    1.1.2 Example

    Example of an outline of the value you expect to gain from Gen AI

    Problem statements

    • Manual testing procedures hinder pace and quality of delivery.
    • Inaccurate requirement documentation leads to constant redesigning.

    Business and IT outcomes

    • Improve code quality and performance.
    • Expedite solution delivery cycle.
    • Improve collaboration between teams and reduce friction.

    List of stakeholders

    • Testing team
    • Application director
    • CIO
    • Design team
    • Project manager
    • Business analysts

    In-scope solution delivery teams, system, and capabilities

    • Web
    • Development
    • App development
    • Testing
    • Quality assurance
    • Business analysts
    • UI/UX design

    Align your objectives to the broader AI strategy

    Why is an organizational AI strategy important for Gen AI?

    • All Gen AI tactics and capabilities are designed, delivered, and managed to support a consistent interpretation of the broader AI vision and goals.
    • An organizational strategy gives clear understanding of the sprawl, criticality, and risks of Gen AI solutions and applications to other IT capabilities dependent on AI.
    • Gen AI initiatives are planned, prioritized, and coordinated alongside other software delivery practice optimizations and technology modernization initiatives.
    • Resources, skills, and capacities are strategically allocated to meet the needs of Gen AI considering other commitments in the software delivery optimization backlog and roadmap.
    • Gen AI expectations and practices uphold the persona, values, and principles of the software delivery team.

    What is an AI strategy?

    An AI strategy details the direction, activities, and tactics to deliver on the promise of your AI portfolio. It often includes:

    • AI vision and goals
    • Application, automation, and process portfolio involved or impacted by AI
    • Values and principles
    • Health of your AI portfolio
    • Risks and constraints
    • Strategic roadmap

    Step 1.2

    Evaluate opportunities for Gen AI

    Activities

    1.2.1 Align Gen AI opportunities with teams and capabilities.

    This step involves the following participants:

    • Applications VP
    • Applications Director
    • Solution Delivery Manager
    • Solution Delivery Team

    Outcomes of this step

    • Understand the Gen AI opportunities for your solution delivery practice.

    Learn how Gen AI is employed in solution delivery

    Gen AI opportunity Common Gen AI tools and vendors Teams than can benefit How can teams leverage this? Case study
    Synthetic data generation
    • Testing
    • Data Analysts
    • Privacy and Security
    • Create test datasets
    • Replace sensitive personal data

    How Unity Leverages Synthetic Data

    Code generation
    • Development
    • Testing
    • Code Templates & Boilerplate
    • Code Refactoring

    How CI&T accelerated development by 11%

    Defect forecasting and debugging
    • Project Manager & Quality Assurance
    • Development
    • Testing
    • Identify root cause
    • Static and dynamic code analysis
    • Debugging assistance

    Altran Uses Microsoft Code Defect AI Solution

    Requirements documentation and elicitation
    • Business Analysts
    • Development
    • Document functional requirements
    • Writing test cases

    Google collaborates with Replit to reduce time to bring new products to market by 30%

    UI design and prototyping
    • UI/UX Design
    • Development
    • Deployment
    • Rapid prototyping
    • Design assistance

    How Spotify is Upleveling Their Entire Design Team

    Other common AI opportunities solutions include test case generation, code translation, use case creation, document generation, and automated testing.

    Opportunity 1: Synthetic data generation

    Create artificial data that mimics the structure of real-life data.

    What are the expected benefits?

    • Availability of test data: Creation of large volumes of data compatible for testing multiple systems within the organization.
    • Improved privacy: Substituting real data with artificial leads to reduced data leaks.
    • Quicker data provisioning: Automated generation of workable datasets aligned to company policies.

    What are the notable risks and challenges?

    • Generalization and misrepresentations: Data models used in synthetic data generation may not be an accurate representation of production data because of potentially conflicting definitions, omission of dependencies, and multiple sources of truth.
    • Lack of accurate representation: It is difficult for synthetic data to fully capture real-world data nuances.
    • Legal complexities: Data to build and train the Gen AI tool does not comply with data residency and management standards and regulations.

    How should teams prepare for synthetic data generation?

    It can be used:

    • To train machine learning models when there is not enough real data, or the existing data does not meet specific needs.
    • To improve quality of test by using data that closely resembles production without the risk of leveraging sensitive and private information.

    "We can simply say that the total addressable market of synthetic data and the total addressable market of data will converge,"
    Ofir Zuk, CEO, Datagen (Forbes, 2022)

    Opportunity 2: Code generation

    Learn patterns and automatically generate code.

    What are the expected benefits?

    • Increased productivity: It allows developers to generate more code quickly.
    • Improved code consistency: Code is generated using a standardized model and lessons learnt from successful projects.
    • Rapid prototyping: Expedite development of a working prototype to be verified and validated.

    What are the notable risks and challenges?

    • Limited contextual understanding: AI may lack domain-specific knowledge or understanding of requirements.
    • Dependency: Overreliance on AI generated codes can affect developers' creativity.
    • Quality concerns: Generated code is untested and its alignment to coding and quality standards is unclear.

    How should teams prepare for code generation?

    It can be used to:

    • Build solutions without the technical expertise of traditional development.
    • Discover different solutions to address coding challenges.
    • Kickstart new development projects with prebuilt code.

    According to a survey conducted by Microsoft's GitHub, a staggering 92% of programmers were reported as using AI tools in their workflow (GitHub, 2023).

    Opportunity 3: Defect forecasting & debugging

    Predict and proactively address defects before they occur.

    What are the expected benefits?

    • Reduced maintenance cost: Find defects earlier in the delivery process, when it's cheaper to fix them.
    • Increased efficiency: Testing efforts can remain focused on critical and complex areas of solution.
    • Reduced risk: Find critical defects before the product is deployed to production.

    What are the notable risks and challenges?

    • False positives and negatives: Incorrect interpretation and scope of defect due to inadequate training of the Gen AI model.
    • Inadequate training: Training data does not reflect the complexity of the solutions code.
    • Not incorporating feedback: Gen AI models are not retrained in concert with solution changes.

    How should teams prepare for defect forecasting and debugging?

    It can be used to:

    • Perform static and dynamic code analysis to find vulnerabilities in the solution source code.
    • Forecast potential issues of a solution based on previous projects and industry trends.
    • Find root cause and suggest solutions to address found defects.

    Using AI technologies, developers can reduce the time taken to debug and test code by up to 70%, allowing them to finish projects faster and with greater accuracy (Aloa, 2023).

    Opportunity 4: Requirements documentation & elicitation

    Capturing, documenting, and analyzing function and nonfunctional requirements.

    What are the expected benefits?

    • Improve quality of requirements: Obtain different perspectives and contexts for the problem at hand and help identify ambiguities and misinterpretation of risks and stakeholder expectation.
    • Increased savings: Fewer resources are consumed in requirements elicitation activities.
    • Increased delivery confidence: Provide sufficient information for the solution delivery team to confidently estimate and commit to the delivery of the requirement.

    What are the notable risks and challenges?

    • Conflicting bias: Gen AI models may interpret the problem differently than how the stakeholders perceive it.
    • Organization-specific interpretation: Inability of the Gen AI models to accommodate unique interpretation of terminologies, standards, trends and scenarios.
    • Validation and review: Interpreting extracted insights requires human validation.

    How should teams prepare for requirements documentation & elicitation?

    It can be used to:

    • Document requirements in a clear and concise manner that is usable to the solution delivery team.
    • Analyze and test requirements against various user, business, and technical scenarios.

    91% of top businesses surveyed report having an ongoing investment in AI (NewVantage Partners, 2021).

    Opportunity 5: UI design and prototyping

    Analyze existing patterns and principles to generate design, layouts, and working solutions.

    What are the expected benefits?

    • Increased experimentation: Explore different approaches and tactics to solve a solution delivery problem.
    • Improved collaboration: Provide quick design layouts that can be reshaped based on stakeholder feedback.
    • Ensure design consistency: Enforce a UI/UX design standard for all solutions.

    What are the notable risks and challenges?

    • Misinterpretation of UX Requirements: Gen AI model incorrectly assumes a specific interpretation of user needs, behaviors, and problem.
    • Incorrect or missing requirements: Lead to extensive redesigns and iterations, adding to costs while hampering user experience.
    • Design creativity: May lack originality and specific brand aesthetics if not augmented well with human customizability and creativity.

    How should teams prepare for UI design and prototyping?

    It can be used to:

    • Visualize the solution through different views and perspectives such as process flows and use-case diagrams.
    • Create working prototypes that can be verified and validated by stakeholders and end users.

    A study by McKinsey & Company found that companies that invest in AI-driven design outperform their peers in revenue growth and customer experience metrics. They were found to achieve up to two times higher revenue growth than industry peers and up to 10% higher net promoter score (McKinsey & Company, 2018).

    Determine the importance of your opportunities by answering these questions

    Realizing the complete potential of Gen AI relies on effectively fostering its adoption and resulting changes throughout the entire solution delivery process.

    What are the challenges faced by your delivery teams that could be addressed by Gen AI?

    • Recognize the precise pain points, bottlenecks, or inefficiencies faced by delivery teams.
    • Include all stakeholders' perspectives during problem discovery and root cause analysis.

    What's holding back Gen AI adoption in the organization?

    • Apart from technical barriers, address cultural and organizational challenges and discuss how organizational change management strategies can mitigate Gen AI adoption risk.

    Are your objectives aligned with Gen AI capabilities?

    • Identify areas where processes can be modernized and streamlined with automation.
    • Evaluate the current capabilities and resources available within the organization to leverage Gen AI technologies effectively.

    How can Gen AI improve the entire solution delivery process?

    • Investigate and evaluate the improvements Gen AI can reasonably deliver, such as increased accuracy, quickened delivery cycles, improved code quality, or enhanced cross-functional collaboration.

    1.2.1 Align Gen AI opportunities to teams and capabilities

    1-3 hours

    1. Associate the Gen AI opportunities that can be linked to your system capabilities. These opportunities refer to the potential applications of generative AI techniques, such as code generation or synthetic data, to address specific challenges.
      1. Start by analyzing your system's requirements, constraints, and areas where Gen AI techniques can bring value. Identify the potential benefits of integrating Gen AI, such as increased productivity, or enhanced creativity.
      2. Next, discern potential risks or challenges, such as dependency or quality concerns, associated with the opportunity implementation.
    2. Record this information in the Gen AI Solution Delivery Readiness Assessment Tool.

    Output

    • Gen AI opportunity selection

    Participants

    • Applications VP
    • Applications Director
    • Solution Delivery Manager
    • Solution Delivery Team

    Record the results in the Gen AI Solution Delivery Readiness Assessment Tool

    Keep an eye out for red flags

    Not all Gen AI opportunities are delivered and adopted the same. Some present a bigger risk than others.

    • Establishing vague targets and success criteria
    • Defining Gen AI as substitution of human capital
    • Open-source software not widely adopted or validated
    • High level of dependency on automation
    • Unadaptable cross-functional training across organization
    • Overlooking privacy, security, legal, and ethical implications
    • Lack of Gen AI expertise and understanding of good practices

    Step 1.3

    Assess your readiness for Gen AI

    Activities

    1.3.1 Assess your readiness for Gen AI.

    This step involves the following participants:

    • Applications VP
    • Applications Director
    • Solution Delivery Manager
    • Solution Delivery Team

    Outcomes of this step

    • A completed Gen AI Readiness Assessment to confirm how prepared you are to embrace Gen AI in your solution delivery team.

    Prepare your SDLC* to leverage Gen AI

    As organizations evolve and adopt more tools and technology, their solution delivery processes become more complex. Process improvement is needed to simplify complex and undocumented software delivery activities and artifacts and prepare it for Gen AI. Gen AI scales process throughput and output quantity, but it multiplies the negative impact of problems the process already has.

    When is your process ready for Gen AI?

    • Solution value Ensures the accuracy and alignment of the committed feature and change requests to what the stakeholder truly expects and receives.
    • ThroughputDelivers new products, enhancements, and changes at a pace and frequency satisfactory to stakeholder expectations and meets delivery commitments.
    • Process governance Has clear ownership and appropriate standardization. The roles, activities, tasks, and technologies are documented and defined. At each stage of the process someone is responsible and accountable.
    • Process management Follows a set of development frameworks, good practices, and standards to ensure the solution and relevant artifacts are built, tested, and delivered consistently and repeatably.
    • Technical quality assurance – Accommodates committed non-functional requirements within the stage's outputs to ensure products meet technical excellence expectations.

    *software development lifecycle

    To learn more, visit Info-Tech's Modernize Your SDLC blueprint.

    To learn more, visit Info-Tech's Build a Winning Business Process Automation Playbook

    Assess the impacts from Gen AI changes

    Ensure that no stone is left unturned as you evaluate the fit of Gen AI and prepare your adoption and support plans.

    By shining a light on considerations that might have otherwise escaped planners and decision makers, an impact analysis is an essential component to Gen AI success. This analysis should answer the following questions on the impact to your solution delivery teams.

    1. Will the change impact how our clients/customers receive, consume, or engage with our products/services?
    2. Will there be an increase in operational costs, and a change to compensation and/or rewards?
    3. Will this change increase the workload and alter staffing levels?
    4. Will the vision or mission of the team change?
    5. Will a new or different set of skills be needed?
    6. Will the change span multiple locations/time zones?
    7. Are multiple products/services impacted by this change?
    8. Will the workflow and approvals be changed, and will there be a substantial change to scheduling and logistics?
    9. Will the tools of the team be substantially different?
    10. Will there be a change in reporting relationships?

    See our Master Organizational Change Management Practices blueprint for more information.

    Brace for impact

    A thorough analysis of change impacts will help your software delivery teams and change leaders:

    • Bypass avoidable problems.
    • Remove non-fixed barriers to success.
    • Acknowledge and minimize the impact of unavoidable barriers.
    • Identify and leverage potential benefits.
    • Measure the success of the change.

    Many key IT capabilities are required to successfully leverage Gen AI

    Portfolio Management

    An accurate and rationalized inventory of all Gen AI tools verifies they support the goals and abide to the usage policies of the broader delivery practice. This becomes critical when tooling is updated frequently and licenses and open- source community principles drastically change (e.g. after an acquisition).

    Quality Assurance

    Gen AI tools are routinely verified and validated to ensure outcomes are accurate, complete, and aligned to solution delivery quality standards. Models are retrained using lessons learned, new use cases, and updated training data.

    Security & Access Management

    Externally developed and trained Gen AI models may not include the measures, controls, and tactics you need to prevent vulnerabilities and protect against threats that are critical in your security frameworks, policies, and standards.

    Data Management & Governance

    All solution delivery data and artifacts can be transformed and consumed in various ways as they transit through solution delivery and Gen AI tools. Data integrations, structures, and definitions must be well-defined, governed, and monitored.

    OPERATIONAL SUPPORT

    Resources are available to support the ongoing operations of the Gen AI tool, including infrastructure, preparing training data, and managing integration with other tools. They are also prepared to recover backups, roll back, and execute recovery plans at a moment's notice.

    Apply Gen AI good practices in your solution delivery practice

    1. Keep the human in the loop.
      Gen AI models cannot produce high-quality content with 100% confidence. Keeping the human in the loop allows people to directly give feedback to the model to improve output quality.
    2. Strengthen prompt and query engineering.
      The value of the outcome is dependent on what is being asked. Good prompts and queries focus on creating the optimal input by selecting and phrasing the appropriate words, sentence structures, and punctuation to illustrate the focus, scope, problem, and boundaries.
    3. Thoughtfully prepare your training data.
      Externally hosted Gen AI tools may store your training data in their systems or use it to train their other models. Intellectual property and sensitive data can leak into third-party systems and AI models if it is not properly masked and sanitized.
    4. Build guardrails into your Gen AI models.
      Guardrails can limit the variability of any misleading Gen AI responses by defining the scope and bounds of the response, enforcing the policies of its use, and clarifying the context of its response.
    5. Monitor your operational costs.
      The cost breakdown will vary among the types of Gen AI solution and the vendor offerings. Cost per query, consultant fees, infrastructure hosting, and licensing costs are just a few cost factors. Open source can be an attractive cost-saving option, but you must be willing to invest in the roles to assume traditional vendor accountabilities.
    6. Check the licenses of your Gen AI tool.
      Each platform has licenses and agreements on how their solution can or cannot be used. They limit your ability to use the tool for commercial purposes or reproductions or may require you to purchase and maintain a specific license to use their solution and materials.

    See Build Your Generative AI Roadmap for more information.

    Assess your Gen AI readiness

    • Solution delivery team
      The team is educated on Gen AI, its use cases, and the tools that enable it. They have the skills and capacity to implement, create, and manage Gen AI.
    • Solution delivery process and tools
      The solution delivery process is documented, repeatable, and optimized to use Gen AI effectively. Delivery tools are configured to enable, leverage and manage Gen AI assets to improve their performance and efficiency.
    • Solution delivery artifacts
      Delivery artifacts (e.g. code, scripts, documents) that will be used to train and be leveraged by Gen AI tools are discoverable, accurate, complete, standardized, of sufficient quantity, optimized for Gen AI use, and stored in an accessible shared central repository.
    • Governance
      Defined policies, role definitions, guidelines, and processes that guide the implementation, development, operations, and management of Gen AI.
    • Vision and executive support
      Clear alignment of Gen AI direction, ambition, and objectives with broader business and IT priorities. Stakeholders support the Gen AI initiative and allocate human and financial resources for its implementation within the solution delivery team.
    • Operational support
      The capabilities to manage the Gen AI tools and ensure they support the growing needs of the solution delivery practice, such as security management, hosting infrastructure, risk and change management, and data and application integration.

    1.3.1 Assess your readiness for Gen AI

    1-3 hours

    1. Review the current state of your solution delivery teams including their capacity, skills and knowledge, delivery practices, and tools and technologies.
    2. Determine the readiness of your team to adopt Gen AI.
    3. Discuss the gaps that need to be filled to be successful with Gen AI.
    4. Record this information in the Gen AI Solution Delivery Readiness Assessment Tool.

    Record the results in the Gen AI Solution Delivery Readiness Assessment Tool

    Output

    • Gen AI Solution Delivery Readiness Assessment

    Participants

    • Applications VP
    • Applications Director
    • Solution Delivery Manager
    • Solution Delivery Team

    Recognize that Gen AI does not require a fully optimized solution delivery process

    1. Consideration; 2. Exploration; 3. Incorporation; 4. Proliferation; 5. Optimization.  Steps 3-5 are Recommended maturity levels to properly embrace Gen AI.

    To learn more, visit Info-Tech's Develop Your Value-First Business Process Automation (BPA) Strategy.

    Be prepared to take the next steps

    Deliver Gen AI to your solution delivery teams

    Modernize Your SDLC
    Efficient and effective SDLC practices are vital, as products need to readily adjust to evolving and changing business needs and technologies.

    Adopt Generative AI in Solution Delivery
    Generative AI can drive productivity and solution quality gains to your solution delivery teams. Level set expectations with the right use case to demonstrate its value potential.

    Select Your AI Vendor & Implementation Partner
    The right vendor and partner are critical for success. Build the selection criteria to shortlist the products and services that best meets the current and future needs of your teams.

    Drive Business Value With Off-the-Shelf AI
    Build a framework that will guide your teams through the selection of an off-the-shelf AI tool with a clear definition of the business case and preparations for successful adoption.

    Build Your Enterprise Application Implementation Playbook
    Your Gen AI implementation doesn't start with technology, but with an effective plan that your team supports and is aligned to broader stakeholder and sponsor priorities and goals.

    Build your Gen AI practice

    • Get Started With AI
    • AI Strategy & Generative AI Roadmap
    • AI Governance

    Related Info-Tech Research

    Build a Winning Business Process Automation Playbook
    Optimize and automate your business processes with a user-centric approach.

    Embrace Business Managed Applications
    Empower the business to implement their own applications with a trusted business-IT relationship.

    Application Portfolio Management Foundations
    Ensure your application portfolio delivers the best possible return on investment.

    Maximize the Benefits from Enterprise Applications with a Center of Excellence
    Optimize your organization's enterprise application capabilities with a refined and scalable methodology.

    Create an Architecture for AI
    Build your target state architecture from predefined best-practice building blocks.

    Deliver on Your Digital Product Vision
    Build a product vision your organization can take from strategy through execution.

    Enhance Your Solution Architecture Practices
    Ensure your software systems solution is architected to reflect stakeholders' short- and long-term needs.

    Apply Design Thinking to Build Empathy With the Business
    Use design thinking and journey mapping to make IT the business' go-to problem solver.

    Modernize Your SDLC
    Deliver quality software faster with new tools and practices.

    Drive Business Value With Off-the-Shelf AI
    A practical guide to ensure return on your off-the-shelf AI investment.

    Bibliography

    "Altran Helps Developers Write Better Code Faster with Azure AI." Microsoft, 2020.
    "Apply Design Thinking to Complex Teams, Problems, and Organizations." IBM, 2021.
    Bianca. "Unleashing the Power of AI in Code Generation: 10 Applications You Need to Know — AITechTrend." AITechTrend, 16 May 2023.
    Biggs, John. "Deep Code Cleans Your Code with the Power of AI." TechCrunch, 26 Apr 2018.
    "Chat GPT as a Tool for Business Analysis — the Brazilian BA." The Brazilian BA, 24 Jan 2023.
    Davenport, Thomas, and Randy Bean. "Big Data and AI Executive Survey 2019." New Vantage Partners, 2019.
    Davenport, Thomas, and Randy Bean. "Big Data and AI Executive Survey 2021." New Vantage Partners, 2021.
    Das, Tamal. "9 Best AI-Powered Code Completion for Productive Development." Geek flare, 5 Apr 2023.
    Gondrezick, Ilya. "Council Post: How AI Can Transform the Software Engineering Process." Forbes, 24 Apr 2020.
    "Generative AI Speeds up Software Development: Compass UOL Study." PR Newswire, 29 Mar 2023.
    "GitLab 2023 Global Develops Report Series." Gitlab, 2023.
    "Game Changer: The Startling Power Generative AI Is Bringing to Software Development." KPMG, 30 Jan 2023.
    "How AI Can Help with Requirements Analysis Tools." TechTarget, 28 July 2020.
    Indra lingam, Ashanta. "How Spotify Is Upleveling Their Entire Design Team." Framer, 2019.
    Ingle, Prathamesh. "Top Artificial Intelligence (AI) Tools That Can Generate Code to Help Programmers." Matchcoat, 1 Jan 2023.
    Kaur, Jagreet . "AI in Requirements Management | Benefits and Its Processes." Xenon Stack, 13 June 2023.
    Lange, Danny. "Game On: How Unity Is Extending the Power of Synthetic Data beyond the Gaming Industry." CIO, 17 Dec 2020.
    Lin, Ying. "10 Artificial Intelligence Statistics You Need to Know in 2020." OBERLO, 17 Mar. 2023.
    Mauran, Cecily. "Whoops, Samsung Workers Accidentally Leaked Trade Secrets via ChatGPT." Mashable, 6 Apr 2023.

    Modernize Communications and Collaboration Infrastructure

    • Buy Link or Shortcode: {j2store}306|cart{/j2store}
    • member rating overall impact: 9.4/10 Overall Impact
    • member rating average dollars saved: $68,332 Average $ Saved
    • member rating average days saved: 22 Average Days Saved
    • Parent Category Name: Voice & Video Management
    • Parent Category Link: /voice-video-management
    • Organizations are losing productivity from managing the limitations of yesterday’s technology. The business is changing and the current communications solution no longer adequately connects end users.
    • Old communications technology, including legacy telephony systems, disjointed messaging and communication or collaboration mediums, and unintuitive video conferencing, deteriorates the ability of users to work together in a productive manner.
    • You need a solution that meets budgetary requirements and improves internal and external communication, productivity, and the ability to work together.

    Our Advice

    Critical Insight

    • Project scope and assessment will take more time than you initially anticipate. Poorly defined technical requirements can result in failure to meet the needs of the business. Defining project scope and assessing the existing solution is 60% of project time. Being thorough here will make the difference moving forward.
    • Even when the project is about modernizing technology, it’s not really about the technology. The requirements of your people and the processes you want to maintain or reform should be the influential factors in your decisions on technology.
    • Gaining business buy-in can be difficult for projects that the business doesn’t equate with directly driving revenue. Ensure your IT team communicates with the business throughout the process and establishes business requirements. Framing conversations in a “business first, IT second” way is crucial to speaking in a language the business will understand.

    Impact and Result

    • Define a comprehensive set of requirements (across people, process, and technology) at the start of the project. Communication solutions are long-term commitments and mistakes in planning will be amplified during implementation.
    • Analyze the pros and cons of each deployment option and identify a communications solution that balances your budget and communications objectives and requirements.
    • Create an effective RFP by outlining your specific business and technical needs and goals.
    • Make the case for your communications infrastructure modernization project and be prepared to support it.

    Modernize Communications and Collaboration Infrastructure Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should modernize your communications and collaboration infrastructure, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Assess communications infrastructure

    Evaluate the infrastructure requirements and the ability to undergo modernization from legacy technology.

    • Modernize Communications and Collaboration Infrastructure – Phase 1: Assess Communications Infrastructure
    • Communications Infrastructure Roadmap Tool
    • Team Skills Inventory Tool
    • MACD Workflow Mapping Template - Visio
    • MACD Workflow Mapping Template - PDF

    2. Define the target state

    Build and document a formal set of business requirements using Info-Tech's pre-populated template after identifying stakeholders, aligning business and user needs, and evaluating deployment options.

    • Modernize Communications and Collaboration Infrastructure – Phase 2: Define the Target State
    • Stakeholder Engagement Workbook
    • Communications Infrastructure Stakeholder Focus Group Guide
    • IP Telephony and UC End-User Survey Questions
    • Enterprise Communication and Collaboration System Business Requirements Document
    • Communications TCO-ROI Comparison Calculator

    3. Advance the project

    Draft an RFP for a UC solution and gain project approval using Info-Tech’s executive presentation deck.

    • Modernize Communications and Collaboration Infrastructure – Phase 3: Advance the Project
    • Unified Communications Solution RFP Template
    • Modernize Communications Infrastructure Executive Presentation
    [infographic]

    Workshop: Modernize Communications and Collaboration Infrastructure

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Assess the Communications Infrastructure

    The Purpose

    Identify pain points.

    Build a skills inventory.

    Define and rationalize template configuration needs.

    Define standard service requests and map workflow.

    Discuss/examine site type(s) and existing technology.

    Determine network state and readiness.

    Key Benefits Achieved

    IT skills & process understanding.

    Documentation reflecting communications infrastructure.

    Reviewed network readiness.

    Completed current state analysis.

    Activities

    1.1 Build a skills inventory.

    1.2 Document move, add, change, delete (MACD) processes.

    1.3 List relevant communications and collaboration technologies.

    1.4 Review network readiness checklist.

    Outputs

    Clearly documented understanding of available skills

    Documented process maps

    Complete list of relevant communications and collaboration technologies

    Completed readiness checklist

    2 Learn and Evaluate Options to Define the Future

    The Purpose

    Hold focus group meeting.

    Define business needs and goals.

    Define solution options.

    Evaluate options.

    Discuss business value and readiness for each option.

    Key Benefits Achieved

    Completed value and readiness assessment.

    Current targets for service and deployment models.

    Activities

    2.1 Conduct internal focus group.

    2.2 Align business needs and goals.

    2.3 Evaluate deployment options.

    Outputs

    Understanding of user needs, wants, and satisfaction with current solution

    Assessment of business needs and goals

    Understanding of potential future-state solution options

    3 Identify and Close the Gaps

    The Purpose

    Identify gaps.

    Examine and evaluate ways to remedy gaps.

    Determine specific business requirements and introduce draft of business requirements document.

    Key Benefits Achieved

    Completed description of future state.

    Identification of gaps.

    Identification of key business requirements.

    Activities

    3.1 Identify gaps and brainstorm gap remedies.

    3.2 Complete business requirements document.

    Outputs

    Well-defined gaps and remedies

    List of specific business requirements

    4 Build the Roadmap

    The Purpose

    Introduce Unified Communications Solution RFP Template.

    Develop statement of work (SOW).

    Document technical requirements.

    Complete cost-benefit analysis.

    Key Benefits Achieved

    Unified Communications RFP.

    Documented technical requirements.

    Activities

    4.1 Draft RFP (SOW, tech requirements, etc.).

    4.2 Conduct cost-benefit analysis.

    Outputs

    Ready to release RFP

    Completed cost-benefit analysis

    Enable Product Delivery – Executive Leadership Workshop

    • Buy Link or Shortcode: {j2store}353|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Development
    • Parent Category Link: /development
    • You need to clearly convey the direction and strategy of your product portfolio to gain alignment, support, and funding from your organization.
    • IT organizations are traditionally organized to deliver initiatives in specific periods of time. This conflicts with product delivery, which continuously delivers value over the lifetime of a product.
    • Delivering multiple products together creates additional challenges because each product has its own pedigree, history, and goals.

    Our Advice

    Critical Insight

    • Empowered product managers and product owners are the key to ensuring your delivery teams are delivering the right value at the right time to the right stakeholders.
    • Establishing operationally aligned product families helps bridge the gap between enterprise priorities and product enhancements.
    • Leadership must be aligned to empower and support Agile values and product teams to unlock the full value realization within your organization.

    Impact and Result

    • Common understanding of product management and Agile delivery.
    • Commitment to support and empower product teams.

    Enable Product Delivery – Executive Leadership Workshop Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Enabling Product Delivery – Executive workshop to align senior leadership with their transition to product management and delivery.

    • Enabling Product Delivery – Executive Workshop Storyboard

    2. Enabling Product Delivery –Executive Workshop Outcomes.

    • Enabling Product Delivery – Executive Workshop Outcomes
    [infographic]

    Workshop: Enable Product Delivery – Executive Leadership Workshop

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Understanding Your Top Challenges

    The Purpose

    Understand the drivers for your product transformation.

    Key Benefits Achieved

    Define the drivers for your transition to product-centric delivery.

    Activities

    1.1 What is driving your organization to become product focused?

    Outputs

    List of challenges and drivers

    2 Transitioning From Projects to Product-Centric Delivery

    The Purpose

    Understand the product transformation journey and differences.

    Key Benefits Achieved

    Identify the cultural, behavioral, and leadership changes needed for a successful transformation.

    Activities

    2.1 Define the differences between projects and product delivery

    Outputs

    List of differences

    3 Enterprise Agility and the Value of Change

    The Purpose

    Understand why smaller iterations increase value realization and decrease accumulated risk.

    Key Benefits Achieved

    Leverage smaller iterations to reduce time to value and accumulated risk to core operations.

    Activities

    3.1 What is business agility?

    Outputs

    Common understanding about the value of smaller iterations

    4 Defining Products and Product Management in Your Context

    The Purpose

    Establish an organizational starting definition of products.

    Key Benefits Achieved

    Tailor product management to meet the needs and vision of your organization.

    Activities

    4.1 What is a product? Who are your consumers?

    4.2 Identify enablers and blockers of product ownership

    4.3 Define a set of guiding principles for product management

    Outputs

    Product definition

    List of enablers and blockers of product ownership

    Set of guiding principles for product management

    5 Connecting Product Management to Agile Practices

    The Purpose

    Understand the relationship between product management and product delivery.

    Key Benefits Achieved

    Optimize product management to prioritize the right changes for the right people at the right time.

    Activities

    5.1 Discussions

    Outputs

    Common understanding

    6 Commit to Empowering Agile Product Teams

    The Purpose

    Personalize and commit to supporting product teams.

    Key Benefits Achieved

    Embrace leadership and cultural changes needed to empower and support teams.

    Activities

    6.1 Your management culture

    6.2 Personal Cultural Stop, Start, and Continue

    6.3 Now, Next, Later to support product owners

    Outputs

    Your management culture map

    Personal Cultural Stop, Start, and Continue list

    Now, Next, Later roadmap

    Further reading

    Enable Product Delivery – Executive Leadership Workshop

    Strengthen product management in your organization through effective executive leadership by focusing on product teams, core capabilities, and proper alignment.

    Objective of this workshop

    To develop a common understanding and foundation for product management so we, as leaders, better understand how to lead product owners, product managers, and their teams.

    Enable Product Delivery - Executive Leadership Workshop

    Learn how enterprise agility can provide lasting value to the organization

    Clarify your role in supporting your teams to deliver lasting value to stakeholders and customers

    1. Understanding Your Top Challenges
      • Define your challenges, goals, and opportunities Agile and product management will impact.
    2. Transitioning from Projects to Product-centric Delivery
      • Understand the shift from fixed delivery to continuous improvement and delivery of value.
    3. Enterprise Agility and the Value of Change
      • Organizations need to embrace change and leverage smaller delivery cycles.
    4. Defining Your "Products" and Product Management
      • Define products in your culture and how to empower product delivery teams.
    5. Connecting Product Management to Agile Practices
      • Use product ownership to drive increased ROI into your product delivery teams and lifecycles.
    6. Commit to Empowering Agile Product Teams
      • Define the actions and changes you must make for this transformation to be successful.

    Your Product Transformation Journey

    1. Make the Case for Product Delivery
      • Align your organization with the practices to deliver what matters most
    2. Enable Product Delivery – Executive Workshop
      • One-day executive workshop – align and prepare your leadership
      • Audience: Senior executives and IT leadership.
        Size: 8-16 people
        Time: 6 hours
    3. Deliver on Your Digital Product Vision
      • Enhance product backlogs, roadmapping, and strategic alignment
      • Audience: Product Owners/Mangers
        Size: 10-20 people
        Time: 3-4 days
    4. Deliver Your Digital Products at Scale
      • Scale Product Families to Align Enterprise Goals
      • Audience: Product Owners/Mangers
        Size: 10-20 people
        Time: 3-4 days
    5. Mature and Scale Product Ownership
      • Align and mature your product owners
      • Audience: Product Owners/Mangers
        Size: 8-16 people
        Time: 2-4 days

    Repeat workshops with different companies, operating units, departments, or teams as needed.

    What is a workshop?

    We WILL ENGAGE in discussions and activities:

    • Flexible, to accommodate the needs of the group.
    • Open forum for discussion and questions.
    • Share your knowledge, expertise, and experiences (roadblocks and success stories).
    • Everyone is part of the process.
    • Builds upon itself.

    This workshop will NOT be:

    • A lecture or class.
    • A monologue that never ends.
    • Technical training.
    • A presentation.
    • Us making all the decisions.

    Roles within the workshop

    We each have a role to play to make our workshop successful!

    Facilitators

    • Introduce the best practice framework used by Info-Tech.
    • Ask questions about processes, procedures, and assumptions.
    • Guide for the methodology.
    • Liaison for any other relevant Info-Tech research or services.

    Participants

    • Contribute and speak out as much as needed.
    • Provide expertise on the current processes and technology.
    • Ask questions.
    • Provide feedback.
    • Collaborate and work together to produce solutions.

    Understanding Your Top Challenges

    • Understanding Your Top Challenges
    • Transitioning From Projects to Product-Centric Delivery
    • Enterprise Agility and the Value of Change
    • Defining Your Products and Product Management
    • Connecting Product Management to Agile Practices
    • Commit to Empowering Agile Product Teams
    • Wrap-Up and Retrospective

    Executive Summary

    Your Challenge

    • Products are the lifeblood of an organization. They deliver the capabilities needed to deliver value to customers, internal users, and stakeholders.
    • The shift to becoming a product organization is intended to continually increase the value you provide to the broader organization as you grow and evolve.
    • You need to clearly convey the direction and strategy of your product portfolio to gain alignment, support, and funding from your organization.

    Common Obstacles

    • IT organizations are traditionally organized to deliver initiatives in specific periods of time. This conflicts with product delivery, which continuously delivers value over the lifetime of a product.
    • Delivering multiple products together creates additional challenges because each product has its own pedigree, history, and goals.
    • Product owners struggle to prioritize changes to deliver product value. This creates a gap and conflict between product and enterprise goals.

    Info-Tech's Approach

    Info-Tech's approach will guide you through:

    • Understanding the top challenges driving your product initiative.
    • Improving your transitioning from projects to product-centric delivery.
    • Enhancing enterprise agility and the value of change.
    • Defining products and product management in your context.
    • Connecting product management to Agile practices.
    • Committing to empowering Agile Product teams.
    This is an image of an Info-Tech Thought Map for Accelerate Your Transition to Product Delivery
    This is an image of an Info-Tech Thought Map for Delier on your Digital Product Vision
    This is an image of an Info-Tech Thought Map for Deliver Digital Products at Scale via Enterprise Product Families.
    This is an image of an Info-Tech Thought Map for What We Mean by an Applcation Department Strategy.

    What is driving your organization to become product focused?

    30 minutes

    • Team introductions:
      • Share your name and role
      • What are the key challenges you are looking to solve around product management?
      • What blockers or challenges will we need to overcome?

    Capture in the Enable Product Delivery – Executive Leadership Workshop Outcomes and Next Steps.

    Input

    • Organizational knowledge
    • Goals and challenges

    Output

    • List of key challenges
    • List of workshop expectations
    • Parking lot items

    Transitioning From Projects to Product-Centric Delivery

    • Understanding Your Top Challenges
    • Transitioning From Projects to Product-Centric Delivery
    • Enterprise Agility and the Value of Change
    • Defining Your Products and Product Management
    • Connecting Product Management to Agile Practices
    • Commit to Empowering Agile Product Teams
    • Wrap-Up and Retrospective

    Define the differences between projects and product delivery

    30 minutes

    • Consider project delivery and product delivery.
    • Discussion:
      • What are some differences between the two?

    Capture in the Enable Product Delivery – Executive Leadership Workshop Outcomes and Next Steps.

    Input

    • Organizational knowledge
    • Internal terms and definitions

    Output

    • List of differences between projects and product delivery

    Define the differences between projects and product delivery

    15 minutes

    Project Delivery

    vs

    Product Delivery

    Point in time

    What is changed

    Method of funding changes

    Needs an owner

    Input

    • Organizational knowledge
    • Internal terms and definitions

    Output

    • List of differences between projects and product delivery

    Capture in the Enable Product Delivery – Executive Leadership Workshop Outcomes and Next Steps.

    Identify the differences between a project-centric and a product-centric organization

    Project

    Product

    Fund Projects

    Funding

    Fund Products or Teams

    Line of Business Sponsor

    Prioritization

    Product Owner

    Makes Specific Changes
    to a Product

    Product Management

    Improve Product Maturity
    and Support

    Assign People to Work

    Work Allocation

    Assign Work
    to Product Teams

    Project Manager Manages

    Capacity Management

    Team Manages Capacity

    Info-Tech Insight

    Product delivery requires significant shifts in the way you complete development work and deliver value to your users. Make the changes that support improving end user value and enterprise alignment.

    Projects can be a mechanism for funding product changes and improvements

    This is an image showing the relationship between the project lifecycle, a hybrid lifecycle, and a product lifecycle.

    Projects within products

    Regardless of whether you recognize yourself as a "product-based" or "project-based" shop, the same basic principles should apply.

    You go through a period or periods of project-like development to build a version of an application or product.

    You also have parallel services along with your project development, which encompass the more product-based view. These may range from basic support and maintenance to full-fledged strategy teams or services like sales and marketing.

    While Agile and product are intertwined, they are not the same!

    Delivering products does not necessarily require an Agile mindset. However, Agile methods help facilitate the journey because product thinking is baked into them.

    This image shows the product delivery maturity process from waterfall to continuous integration and delivery.

    Product roadmaps guide delivery and communicate your strategy

    In Deliver on Your Digital Product Vision, we demonstrate how the product roadmap is core to value realization. The product roadmap is your communicated path, and as a product owner, you use it to align teams and changes to your defined goals while aligning your product to enterprise goals and strategy.

    This is an image adapted from Pichler, What is Product Management.

    Adapted from: Pichler, "What Is Product Management?"

    Info-Tech Insight

    The quality of your product backlog – and your ability to realize business value from your delivery pipeline – is directly related to the input, content, and prioritization of items in your product roadmap.

    Assess Your IT Financial Management Maturity Effectively

    • Buy Link or Shortcode: {j2store}315|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Cost & Budget Management
    • Parent Category Link: /cost-and-budget-management

    Organizations wishing to mature their IT financial management (ITFM) maturity often face the following obstacles:

    • Unfamiliarity: Lack of knowledge and understanding related to ITFM maturity.
    • Shortsightedness: Randomly reacting to changing circumstances.
    • Exchange: Inability to consistently drive dialogues.
    • Perception: IT is perceived as a cost center instead of a trustworthy strategic partner.

    Our Advice

    Critical Insight

    No matter where you currently stand in your ITFM practice, there is always room for improvement. Hence, a maturity assessment should be viewed as a self-improvement tool that is only valuable if you are willing to act on it.

    Impact and Result

    A mature ITFM practice leads to many benefits.

    • Foundation: Improved governance, skill sets, processes, and tools.
    • Data: An appropriate taxonomy/data model alongside accurate data for high-quality reporting and insights.
    • Language: A common vocabulary across the organization.
    • Organization Culture: Improved communication and collaboration between IT and business partners.

    Assess Your IT Financial Management Maturity Effectively Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Assess Your IT Financial Management Maturity Effectively Storyboard – A framework and step-by-step methodology to assess your ITFM maturity.

    This research seeks to support IT leaders and ITFM practitioners in evaluating and improving their current maturity. It will help document both current and target states as well as prioritize focus areas for improvement.

    • Assess Your IT Financial Management Maturity Effectively Storyboard

    2. IT Financial Management Maturity Assessment Tool – A structured tool to help you assess your ITFM maturity.

    This Excel workbook guides IT finance practitioners to effectively assess their IT financial management practice. Incorporate the visual outputs into your final executive presentation document. Key activities include context setting, completing the assessment, and prioritizing focus areas based on results.

    • IT Financial Management Maturity Assessment Tool

    3. IT Financial Management Maturity Assessment Report Template – A report summarizing your ITFM maturity assessment results to help you communicate with stakeholders.

    Use this template to document your final ITFM maturity outputs, including the current and target states and your identified priorities.

    • IT Financial Management Maturity Assessment Report Template
    [infographic]

    Further reading

    Assess Your IT Financial Management Maturity Effectively

    Influence your organization’s strategic direction.

    Analyst Perspective

    Make better informed data-driven business decisions.

    Technology has been evolving throughout the years, increasing complexity and investments, while putting more stress on operations and people involved. As an IT leader, you are now entrusted to run your outfit as a business, sit at the executive table as a true partner, and be involved in making decisions that best suit your organization. Therefore, you have an obligation to fulfill the needs of your end customers and live up to their expectations, which is not an easy task.

    IT financial management (ITFM) helps you generate value to your organization’s clientele by bringing necessary trade-offs to light, while driving effective dialogues with your business partners and leadership team.

    This research will focus on Info-Tech’s approach to ITFM maturity, aiming for a state of continuous improvement, where an organization can learn and grow as it adapts to change. As the ITFM practice matures, IT and business leaders will be able to better understand one another and together make better business decisions, driven by data.

    This client advisory presentation and accompanying tool seek to support IT leaders and ITFM practitioners in evaluating and improving their current maturity. It will help document both current and target states as well as prioritize focus areas for improvement.

    Photo of Bilal Alberto Saab, Research Director, IT Financial Management, Info-Tech Research Group. Bilal Alberto Saab
    Research Director, IT Financial Management
    Info-Tech Research Group

    Executive Summary

    The value of ITFM is undermined

    ITFM is often discarded and not given enough importance and relevance due to the operational nature of IT, and the specialized skillset of its people, leading to several problems and challenges, such as:

    • Unfamiliarity: Lack of knowledge and understanding related to ITFM maturity.
    • Shortsightedness: Randomly reacting to changing circumstances.
    • Exchange: Inability to consistently drive dialogues.
    • Perception: IT is perceived as a cost center instead of a trustworthy strategic partner.

    Constructive dialogues with business partners are not the norm

    Business-driven conversations around financials (spending, cost, revenue) are a rarity in IT due to several factors, including:

    • Foundation: Weak governance, inadequate skillset, and less than perfect processes and tools.
    • Data: Lack of adequate taxonomy/data model, alongside inaccurate data leading to poor reporting and insights.
    • Language: Lack of a common vocabulary across the organization.
    • Organization culture: No alignment, alongside minimal communication and collaboration between IT and business partners.

    Follow Info-Tech’s approach to move up the ITFM maturity ladder

    Mature your ITFM practice by activating the means to make informed business decisions.

    Info-Tech’s methodology helps you move the dial by focusing on three maturity focus areas:

    • Build an ITFM Foundation
    • Manage and Monitor IT Spending
    • Bridge the Language Barrier

    Info-Tech Insight

    Influence your organization’s strategic direction by maturing your ITFM practice.

    What is ITFM?

    ITFM is not just about finance.

    • ITFM has evolved from traditional budgeting, accounting, and cost optimization; however, it is much more than those activities alone.
    • It starts with understanding the financial implications of technology by adopting different perspectives to become adept in communicating with various stakeholders, including finance, business partners, IT managers, and your CEO.
    • Armed with this knowledge, ITFM helps you address a variety of questions, such as:
      • How are technology funds being spent?
      • Which projects is IT prioritizing and why?
      • What are the resources needed to speed IT delivery?
      • What’s the value of IT within the organization?
    • ITFM’s main objective is thus to improve decision-making capabilities by facilitating communication between IT leaders and stakeholders, while enabling a customer focus attitude throughout the organization.

    “ITFM embeds technology in financial management practices. Through cost, demand, and value, ITFM brings technology and business together, forging the necessary relationships and starting the right conversations to enable the best decisions for the organization.”
    – Monica Braun, Research Director, Info-Tech Research Group

    Your challenge

    IT leaders struggle to articulate and communicate business value.

    • IT spending is often questioned by different stakeholders, such as business partners and various IT business units. These questions, usually resulting from shifts in business needs, may revolve around investments, expenditures, services, and speed to market, among others. While IT may have an idea about its spending habits, aligning it to the business strategy may prove difficult.
    • IT staff often does not have access to, or knowledge of, the business model and its intricacies. In an operational environment, the focus tends to be on technical issues rather than overall value.
    • People tend to fear what they do not know. Some business managers may not be comfortable with technology. They do not recognize the implications and ramifications of certain implementations or understand the related terminology, which puts a strain on any conversation.

    “Value is not the numbers you visualize on a chart, it’s the dialogue this data generates with your business partners and leadership team.”
    – Dave Kish, Practice Lead, Info-Tech Research Group

    Technology is constantly evolving

    Increasing IT spending and decision-making complexity.

    Timeline of IT technology evolution, starting with 'Timesharing' in the 1980s to 'All Things Digital' in the 2020s. 'IT Spend Growth' grows from start to finish.

    Common obstacles

    IT leaders are not able to have constructive dialogues with their stakeholders.

    • The way IT funds are spent has changed significantly, moving from the purchase of discrete hardware and software tools to implementing data lakes, cloud solutions, the metaverse and blockchain. This implies larger investments and more critical decisions. Conversations around interoperability, integration, and service-based solutions that focus more on big-picture architecture than day-to-day operations have become the norm.
    • Speed to market is now a survival criterion for most organizations, requiring IT to shift rapidly based on changing priorities and customer expectations. This leads to the need for greater financial oversight, with the CFO as the gatekeeper. Today’s IT leaders need to possess both business and financial management savvy to justify their spending with various stakeholders.
    • Any IT budget increase is tied to expectations of greater value. Hence, the compelling demands for IT to prove its worth to the business. Promoting value comes in two ways: 1) objectively, based on data, KPIs, and return on investment; and 2) subjectively, based on stakeholder satisfaction, alongside relationships. Building trust, credibility, and confidence can go a long way.

    In a technology-driven world, advances come at a price. With greater spending required, more complex and difficult conversations arise.

    Constructive dialogues are key

    You don’t know what you don’t know.

    • IT, being historically focused on operations, has become a hub for technically savvy personnel. On the downside, technology departments are often alien to business, causing problems such as:
      • IT staff have no knowledge of the business model and lack customer focus.
      • Business is not comfortable with technology and related jargon.
    • The lack of two-way communication and business alignment is hence an important ramification. If the business does not understand technology, and IT does not speak in business terms, where does that lead us?
    • Poor data quality and governance practices, alongside overly manual processes can only exasperate the situation.

    IT Spending Survey

    79% of respondents believe that decisions taking too long to make is either a significant or somewhat of a challenge (Flexera 2022 Tech Spend Pulse; N=501).

    81% of respondents believe that ensuring spend efficiency (avoiding waste) is either a challenge or somewhat of a challenge (Flexera 2022 Tech Spend Pulse; N=501).

    ITFM is trailing behind

    IT leaders must learn to speak business.

    In today’s world, where organizations are driving customer experience through technology investments, having a seat at the table means IT leaders must be well versed in business language and practice, including solid financial management skills.

    However, IT staff across all industries aren’t very confident in how well IT is doing in managing its finances. This becomes evident after looking at three core processes:

    • Demonstrating IT’s value to the business.
    • Accounting of costs and budgets.
    • Optimizing costs to gain the best return on investment.

    Recent data from 4,137 respondents to Info-Tech’s IT Management & Governance Diagnostic shows that while most IT staff feel that these three financial management processes are important, notably fewer feel that IT management is effective at executing on them.

    IT leadership’s capabilities around fundamental cost data capture appear to be lagging, not to mention the essential value-added capabilities around optimizing costs and demonstrating IT’s contribution to business value.

    Bar charts comparing percentages of people who 'Agree process is important' and 'Agree process is effective' for three processes: Business Value, Cost & Budget Management, and Cost Optimization. In all instances, the importance outweighed the perceived effectiveness.
    Source: Info-Tech Research Group, IT Management & Governance Diagnostic, 2023.

    Info-Tech’s approach

    We take a holistic approach to ITFM and support you throughout your maturity journey.

    Visualization of the IT maturity levels with three goals at the bottom, 'Build am ITFM Foundation', 'Manage & Monitor IT Spending', and 'Bridge the Language Barrier'. The 5 levels, from bottom to top, are 'Nascent - Level 1, Inability to consistently deliver financial planning services', 'Cost Operator - Level 2, Rudimentary financial planning capabilities', 'Trusted Coordinator - Level 3, Enablement of business through cost-effective supply of technology', 'Value Optimizer - Level 4, Effective impact on business performance', and 'Strategic Partner - Level 5, Influence on the organization's strategic direction'.

    The Info-Tech difference:

    • Info-Tech has a methodology and set of tools that will help assess your ITFM maturity and take the first step in developing an improvement plan. We have identified three maturity focus areas:
      • Build an ITFM Foundation
      • Manage and Monitor IT Spending
      • Bridge the Language Barrier
    • No matter where you currently stand in your ITFM practice, there is always room for improvement. Hence, a maturity assessment should be viewed as a self-improvement tool, which is only valuable if you are willing to act on it.

    Note: See Appendix A for maturity level definitions and descriptions.

    Climb the maturity ladder

    By growing along three maturity focus areas.

    A diagram with '3 Maturity Focus Areas' and '9 Maturity Levers' within them. The first area is 'Build an ITFM Foundation' with levers 'Establish your Team', 'Set up your Governance Structure', and 'Adopt ITFM Processes & Tools'. The second area is 'Manage & Monitor IT Spending', with levers 'Standardize your Taxonomy & Data Model', 'Identify, Gather & Prepare your Data', and 'Analyze your Findings and Develop your Reports'. The third area is 'Bridge the Language Barrier' with levers 'Communicate your IT Spending', 'Educate the Masses', and 'Influence your Organization's Culture'.

    Info-Tech identified three maturity focus areas, each containing three levers.

    Identify where you stand across the nine maturity levers, detect the gaps, and determine your priorities as a first step to develop an improvement plan.

    Note: See Appendix B for maturity level definitions and descriptions per lever.

    Key project deliverables

    Each step of this activity is accompanied by supporting deliverables to help you accomplish your goals.

    IT Financial Management Maturity Assessment Report Template

    A template of an ITFM maturity assessment report that can be customized based on your own results.

    IT Financial Management Maturity Assessment Tool

    A workbook including an ITFM maturity survey, generating a summary of your current state, target state, and priorities.

    Measure the value of this activity

    Reach your 12-month maturity target.

    • Determine your 12-month maturity target, identify your gaps, and set your priorities.
    • Use the ITFM maturity assessment to kickstart your improvement plan by developing actionable initiatives.
    • Implement your initiatives and monitor your progress to reach your 12-month target.

    Sample of a result page from the ITFM maturity assessment.

    Build your improvement plan and implement your initiatives to move the dial and climb the maturity ladder.

    Sample of a result page from the ITFM maturity assessment with a graph.

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    Guided Implementation

    Workshop

    Consulting

    "Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful." "Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track." "We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place." "Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project."

    Diagnostics and consistent frameworks used throughout all four options

    Step 1

    Prepare for the ITFM maturity assessment

    Content Overview

    1. Identify your stakeholders
    2. Set the context
    3. Determine the methodology
    4. Identify assessment takers

    This step involves the following participants:

    • CIO/IT director
    • CFO/finance director
    • IT finance lead
    • IT audit lead
    • Other IT management

    1. Prepare to take the ITFM maturity assessment

    3 hours

    Input: Understanding your context, objectives, and methodology

    Output: ITFM maturity assessment stakeholders and their objectives, ITFM maturity assessment methodology, ITFM maturity assessment takers

    Materials: 1a. Prepare for Assessment tab in the ITFM Maturity Assessment Tool

    Participants: CIO/IT director, CFO/finance director, IT finance lead, IT audit lead, Other IT management

    1. Identify your stakeholders and document it in the ITFM Maturity Assessment Tool (see next slides). We recommend having representatives from different business units across the organization, most notably IT, IT finance, finance, and IT audit.
    2. Set the context with your stakeholders and document it in the ITFM Maturity Assessment Tool. Discuss the reason behind taking the ITFM maturity assessment among the various stakeholders. Why do each of your stakeholders want to take the assessment? What are their main objectives? What would they like to achieve?
    3. Determine the methodology and document it in the ITFM Maturity Assessment Tool. Discuss how you want to go about taking the assessment with your stakeholders. Do you want to have representatives from each business unit take the assessment individually, then share and discuss their findings? Do you prefer forming a working group with representatives from each business unit and go through the assessment together? Or does any of your stakeholders have a different suggestion? You will have to consider the effort, skillset, and knowledge required.
    4. Identify the assessment takers and document it in the ITFM Maturity Assessment Tool. Determine who will be taking the assessment (specific names of stakeholders). Consider their availability, knowledge, and skills.

    Download the IT Financial Management Maturity Assessment Tool

    TEMPLATE & EXAMPLE

    Document your stakeholders, objectives, and methodology

    Excel Workbook: ITFM Maturity Assessment Tool – Prepare for Assessment worksheet

    Refer to the example and guidelines below on how to document stakeholders, objectives, and methodology (table range: columns B to G and rows 8 to 15).

    Example table from the ITFM Maturity Assessment Tool re: 'Maturity Assessment Stakeholders'.

    Column ID Input Type Guidelines
    B Formula Automatic calculation, no entry required.
    C Text Enter the full name of each stakeholder on a separate row.
    D Text Enter the job title related to each stakeholder.
    E Text Enter the objective(s) related to each stakeholder.
    F Text Enter the agreed upon methodology.
    G Text Enter any notes or comments per stakeholder (optional).

    Review the following in the Excel workbook as per guidelines:

    1. Navigate to the 1a. Prepare for Assessment tab.
    2. Enter the full names and job titles of the ITFM maturity assessment stakeholders.
    3. Document the maturity assessment objective of each of your stakeholders.
    4. Document the agreed-upon methodology.

    Download the IT Financial Management Maturity Assessment Tool

    TEMPLATE & EXAMPLE

    Document your assessment takers

    Excel Workbook: ITFM Maturity Assessment Tool – Prepare for Assessment worksheet

    Refer to the example and guidelines below on how to document assessment takers (table range: columns B to E and rows 18 to 25).

    Example table from the ITFM Maturity Assessment Tool re: 'Maturity Assessment Takers'.

    Column ID Input Type Guidelines
    B Formula Automatic calculation, no entry required.
    C Text Enter the full name of each assessment taker on a separate row.
    D Text Enter the job title related to each stakeholder to identify which party is being represented per assessment taker.
    E Text Enter any notes or comments per stakeholder (optional).

    Review the following in the Excel workbook as per guidelines:

    1. Navigate to the 1a. Prepare for Assessment tab.
    2. Enter the full name of each assessment taker, along with the job title of the stakeholder they are representing.

    Download the IT Financial Management Maturity Assessment Tool

    Step 2

    Take the ITFM maturity assessment

    Content Overview

    1. Complete the survey
    2. Review your assessment results
    3. Determine your priorities

    This step involves the following participants:

    • CIO/IT director
    • CFO/finance director
    • IT finance lead
    • IT audit lead
    • Other IT management

    2. Take the ITFM maturity assessment

    3 hours

    Input: Understanding of your ITFM current state and 12-month target state, ITFM maturity assessment results

    Output: ITFM current- and target-state maturity levels, average scores, and variance, ITFM current- and target-state average scores, variance, and priority by maturity focus area and maturity lever

    Materials: 1b. Glossary, 2a. Assess ITFM Foundation, 2b. Assess Mngt. & Monitoring, 2c. Assess Language, and 3. Assessment Summary tabs in the ITFM Maturity Assessment Tool

    Participants: CIO/IT director, CFO/finance director, IT finance lead, IT audit lead, Other IT management

    1. Complete the survey: select the current and target state of each statement – refer to the glossary as needed for definitions of key terms – in the ITFM Maturity Assessment Tool (see next slides). There are three tabs (one per maturity focus area) with three tables each (nine maturity levers). Review and discuss statements with all assessment takers: consider variations, differing opinions, and reach an agreement on each statement inputs.
    2. Review assessment results: navigate to the Assessment Summary tab in the ITFM maturity assessment tool (see next slides) to view your results. Review and discuss with all assessment takers: consider any shocking output and adjust survey input if necessary.
    3. Determine your priorities: decide on the priority (Low/Medium/High) by maturity focus area and/or maturity lever. Rank your maturity focus area priorities from 1 to 3 and your maturity lever priorities from 1 to 9. Consider the feasibility in terms of timeframe, effort, and skillset required, positive and negative impacts on business and technology, likelihood of failure, and necessary approvals. Document your priorities in the ITFM maturity assessment tool (see next slides).
      Review and discuss priorities with all assessment takers: consider variations, differing opinions, and reach an agreement on each priority.

    Download the IT Financial Management Maturity Assessment Tool

    TEMPLATE & EXAMPLE

    Complete the survey

    Excel workbook: ITFM Maturity Assessment Tool – Survey worksheets

    Refer to the example and guidelines below on how to complete the survey.

    Example table from the ITFM Maturity Assessment Tool re: Survey worksheets.

    Column ID Input Type Guidelines
    B Formula Automatic calculation, no entry required.
    C Formula Automatic calculation, no entry required: ITFM maturity statement to assess.
    D, E Dropdown Select the maturity levels of your current and target states. One of five maturity levels for each statement, from “1. Nonexistent” (lowest maturity) to “5. Advanced” (highest maturity).
    F, G, H Formula Automatic calculation, no entry required: scores associated with your current and target state selection, along with related variance (column G – column F).
    I Text Enter any notes or comments per ITFM maturity statement (optional).

    Review the following in the Excel workbook as per guidelines:

    1. Navigate to the survey tabs: 2a. Assess ITFM Foundation, 2b. Assess Management and Monitoring, and 2c. Assess Language.
    2. Select the appropriate current and target maturity levels.
    3. Add any notes or comments per ITFM maturity statement where necessary or helpful.

    Download the IT Financial Management Maturity Assessment Tool

    TEMPLATE & EXAMPLE

    Review your overall result

    Excel Workbook: ITFM Maturity Assessment Tool – Assessment Summary worksheet

    Refer to the example and guidelines below on how to review your results.

    Example table from the ITFM Maturity Assessment Tool re: Assessment Summary worksheet.

    Column ID Input Type Guidelines
    K Formula Automatic calculation, no entry required.
    L Formula Automatic calculation, no entry required: Current State, Target State, and Variance entries. Please ignore the current state benchmark, it’s a placeholder for future reference.
    M Formula Automatic calculation, no entry required: average overall maturity score for your Current State and Target State entries, along with related Variance.
    N, O Formula Automatic calculation, no entry required: maturity level and related name based on the overall average score (column M), where level 1 corresponds to an average score less than or equal to 1.49, level 2 corresponds to an average score between 1.5 and 2.49 (inclusive), level 3 corresponds to an average score between 2.5 and 3.49 (inclusive), level 4 corresponds to an average score between 3.5 and 4.49 (inclusive), and level 5 corresponds to an average score between 4.5 and 5 (inclusive).
    P, Q Formula Automatic calculation, no entry required: maturity definition and related description based on the maturity level (column N).

    Review the following in the Excel workbook as per guidelines:

    1. Navigate to tab 3. Assessment Summary.
    2. Review your overall current state and target state result along with the corresponding variance.

    Download the IT Financial Management Maturity Assessment Tool

    TEMPLATE & EXAMPLE

    Set your priorities

    Excel Workbook: ITFM Maturity Assessment Tool – Assessment Summary worksheet

    Refer to the example and guidelines below on how to review your results per maturity focus area and maturity lever, then prioritize accordingly.

    Example table from the ITFM Maturity Assessment Tool re: Assessment Summary worksheet.

    Column ID Input Type Guidelines
    B Formula Automatic calculation, no entry required.
    C Formula Automatic calculation, no entry required: ITFM maturity focus area or lever, depending on the table.
    D Placeholder Ignore this column because it’s a placeholder for future reference.
    E, F, G Formula Automatic calculation, no entry required: average score related to the current state and target state, along with the corresponding variance per maturity focus area or lever (depending on the table).
    H Formula Automatic calculation, no entry required: preliminary priority based on the average variance (column G), where Low corresponds to an average variance between 0 and 0.5 (inclusive), Medium corresponds to an average variance between 0.51 and 0.99 (inclusive), and High corresponds to an average variance greater than or equal to 1.
    J Dropdown Select your final priority (Low, Medium, or High) per ITFM maturity focus area or lever, depending on the table.
    K Whole Number Enter the appropriate rank based on your priorities; do not use the same number more than once. A whole number between 1 and 3 to rank ITFM maturity focus areas, and between 1 and 9 to rank ITFM maturity levers, depending on the table.

    Review the following in the Excel workbook as per guidelines:

    1. Navigate to tab 3. Assessment Summary.
    2. Review your current-state and target-state result along with the corresponding variance per maturity focus area and maturity lever.
    3. Select the appropriate priority for each maturity focus area and maturity lever.
    4. Enter a unique rank for each maturity focus area (1 to 3).
    5. Enter a unique rank for each maturity lever (1 to 9).

    Download the IT Financial Management Maturity Assessment Tool

    Step 3

    Communicate your ITFM maturity results

    Content Overview

    1. Review your assessment charts
    2. Customize the assessment report
    3. Communicate your results

    This step involves the following participants:

    • CIO/IT director
    • CFO/finance director
    • IT finance lead
    • IT audit lead
    • Other IT management

    3. Communicate your ITFM maturity results

    3 hours

    Input: ITFM maturity assessment results

    Output: Customized ITFM maturity assessment report

    Materials: 3. Assessment Summary tab in the ITFM Maturity Assessment Tool, ITFM Maturity Assessment Report Template

    Participants: CIO/IT director, CFO/finance director, IT finance lead, IT audit lead, Other IT management

    1. Review assessment charts: navigate to the Assessment Summary tab in the ITFM Maturity Assessment Tool (see next slides) to view your results and related charts.
    2. Edit the report template: complete the template based on your results and priorities to develop your customized ITFM maturity assessment report (see next slide).
    3. Communicate results: communicate and deliberate the assessment results with assessment takers at a first stage, and with your stakeholders at a second stage. The objective is to agree on next steps, including developing an improvement plan.

    Download the IT Financial Management Maturity Assessment Tool

    TEMPLATE & EXAMPLE

    Review assessment charts

    Excel Workbook: ITFM Maturity Assessment Tool – Assessment Summary worksheet

    Refer to the example below on charts depicting different views of the maturity assessment results across the three focus areas and nine levers.

    Samples of different tabs from the ITFM Maturity Assessment Tool: 'Assessment Summary tab: From cell B49 to cell M100' and 'Assessment Summary tab: From cell K13 to cell Q34'.

    From the Excel workbook, after completing your potential initiatives and filling all related entries in the Outline Initiatives tab:

    1. Navigate to tab 3. Assessment Summary.
    2. Review each of the charts.
    3. Navigate back to the survey tabs to examine, drill down, and amend individual entries as you deem necessary.

    Download the IT Financial Management Maturity Assessment Tool

    TEMPLATE & EXAMPLE

    Customize your report

    PowerPoint presentation: ITFM Maturity Assessment Report Template

    Refer to the example below on slides depicting different views of the maturity assessment results across the three maturity focus areas and nine maturity levers.

    Samples of different slides from the ITFM Maturity Assessment Report Template, detailed below.

    Slide 6: Edit levels based on your assessment results. Copy and paste the appropriate maturity level definition and description from slide 4.

    Slide 7: Copy related charts from the assessment summary tab in the Excel workbook and remove the chart title. You can use the “Outer Offset: Bottom” shadow under shape effects on the chart.

    Slide 8: Copy related charts from the assessment summary tab in the Excel workbook and remove the chart title and legend. You can use the “Outer Offset: Center” shadow under shape effects on the chart.

    From the ITFM Maturity Assessment Report Template:

    1. Edit the report based on your results found in the assessment summary tab of the Excel workbook (see previous slide).
    2. Review slides 6 to 8 and bring necessary adjustments.

    Download the IT Financial Management Maturity Assessment Report Template

    Make informed business decisions

    Take a holistic approach to ITFM.

    • A thorough understanding of your technology spending in relation to business needs and drivers is essential to make informed decisions. As a trusted partner, you cannot have effective conversations around budgets and cost optimization without a solid foundation.
    • It is important to realize that ITFM is not a one-time exercise, but a continuous, sustainable process to educate (teach, mentor, and train), increase transparency, and assign responsibility.
    • Move up the ITFM maturity ladder by improving across three maturity focus areas:
      • Build an ITFM Foundation
      • Manage and Monitor IT Spending
      • Bridge the Language Barrier

    What’s Next?

    Communicate your maturity results with stakeholders and develop an actionable ITFM improvement plan.

    And remember, having informed discussions with your business partners and stakeholders, where technology helps propel your organization forward, is priceless!

    IT Financial Management Team

    Photo of Dave Kish, Practice Lead, ITFM Practice, Info-Tech Research Group. Dave Kish
    Practice Lead, ITFM Practice
    Info-Tech Research Group
    Photo of Jennifer Perrier, Principal Research Director, ITFM Practice, Info-Tech Research Group. Jennifer Perrier
    Principal Research Director, ITFM Practice
    Info-Tech Research Group
    Photo of Angie Reynolds, Principal Research Director, ITFM Practice, Info-Tech Research Group. Angie Reynolds
    Principal Research Director, ITFM Practice
    Info-Tech Research Group
    Photo of Monica Braun, Research Director, ITFM Practice, Info-Tech Research Group. Monica Braun
    Research Director, ITFM Practice
    Info-Tech Research Group
    Photo of Rex Ding, Research Specialist, ITFM Practice, Info-Tech Research Group. Rex Ding
    Research Specialist, ITFM Practice
    Info-Tech Research Group
    Photo of Aman Kumari, Research Specialist, ITFM Practice, Info-Tech Research Group. Aman Kumari
    Research Specialist, ITFM Practice
    Info-Tech Research Group

    Research Contributors and Experts

    Photo of Amy Byalick, Vice President, IT Finance, Info-Tech Research Group. Amy Byalick
    Vice President, IT Finance
    Info-Tech Research Group
    Amy Byalick is an IT Finance practitioner with 15 years of experience supporting CIOs and IT leaders elevating the IT financial storytelling and unlocking insights. Amy is currently working at Johnson Controls as the VP, IT Finance, previously working at PepsiCo, AmerisourceBergen, and Jacobs.
    Photo of Carol Carr, Technical Counselor, Executive Services, Info-Tech Research Group. Carol Carr
    Technical Counselor, Executive Services
    Info-Tech Research Group
    Photo of Scott Fairholm, Executive Counselor, Executive Services, Info-Tech Research Group. Scott Fairholm
    Executive Counselor, Executive Services
    Info-Tech Research Group
    Photo of Gokul Rajan, Executive Counselor, Executive Services, Info-Tech Research Group. Gokul Rajan
    Executive Counselor, Executive Services
    Info-Tech Research Group
    Photo of Allison Kinnaird, Practice Lead, Infrastructure & Operations, Info-Tech Research Group. Allison Kinnaird
    Practice Lead, Infrastructure & Operations
    Info-Tech Research Group
    Photo of Isabelle Hertanto, Practice Lead, Security & Privacy, Info-Tech Research Group. Isabelle Hertanto
    Practice Lead, Security & Privacy
    Info-Tech Research Group

    Related Info-Tech Research

    Sample of the IT spending transparency research. Achieve IT Spending Transparency

    Mature your ITFM practice by activating the means to make informed business decisions.

    Sample of the IT cost optimization roadmap research. Build Your IT Cost Optimization Roadmap

    Develop an IT cost optimization strategy based on your specific circumstances and timeline.

    Bibliography

    Eby, Kate. “The Complete Guide to Organizational Maturity: Models, Levels, and Assessments.” Smartsheet, 8 June 2022. Web.

    “Financial Management Maturity Model.” National Audit Office, n.d. Accessed 28 Apr. 2023.

    “ITFM/TBM Program Maturity Guide.” Nicus Software, n.d. Accessed 28 Apr. 2023.

    Jouravlev, Roman. "Service Financial Management: ITIL 4 Practice Guide." Axelos, 2020.

    McCarthy, Seamus. “Financial Management Maturity Model: A Good Practice Guide.” Office of the Comptroller & Auditor General, 26 June 2018. Web.

    “Principles for Effective Risk Data Aggregation and Risk Reporting.“ Bank for International Settlements, Jan. 2013. Web.

    “Role & Influence of the Technology Decision-Maker 2022.” Foundry, 2022. Web.

    Stackpole, Beth. “State of the CIO, 2022: Focus turns to IT fundamentals.” CIO, 21 March 2022. Web.

    “Tech Spend Pulse.” Flexera, 2022. Web.

    Appendix A

    Definition and Description
    Per Maturity Level

    ITFM maturity levels and definitions

    Maturity Level

    Definition

    Description

    Nascent
    Level 1
    Inability to consistently deliver financial planning services ITFM practices are almost inexistent. Only the most basic financial tasks and activities are being performed on an ad hoc basis to fulfill the Finance department’s requests.
    Cost Operator
    Level 2
    Rudimentary financial planning capabilities. ITFM activities revolve around minimizing the IT budget as much as possible. ITFM practices are not well defined, and IT’s financial view is limited to day-to-day technical operations.
    IT is only involved in low complexity decision making, where financial conversations center on general ledger items and IT spending.
    Trusted Coordinator
    Level 3
    Enablement of business through cost-effective supply of technology. ITFM activities revolve around becoming a proficient and cost-effective technology supplier to business partners.
    ITFM practices are in place, with moderate coordination and adherence to execution. Various IT business units coordinate to produce a consolidated financial view focused on business services.
    IT is involved in moderate complexity decision making, as a technology subject matter expert, where financial conversations center on IT spending in relation to technology services or solutions provided to business partners.
    Value Optimizer
    Level 4
    Effective impact on business performance. ITFM activities revolve around optimizing existing technology investments to improve both IT and business performance.
    ITFM practices are well managed, established, documented, repeatable, and integrated as necessary across the organization. IT’s financial view tie technology investments to lines of business, business products, and business capabilities.
    Business partners are well informed on the technology mix and drive related discussion. IT is trusted to contribute to complex decision making around existing investments to cost-effectively plan initiatives, as well as enhance business performance.
    Strategic Partner
    Level 5
    Influence on the organization’s strategic direction. ITFM activities revolve around predicting the outcome of new or potential technology investments to continuously optimize business performance.
    ITFM practices are fully optimized, reviewed, and improved in a continuous and sustainable manner, and related execution is tracked by gathering qualitative and quantitative feedback. IT’s financial view is holistic and fully integrated with the business, with an outlook on innovation, growth, and strategic transformation.
    Business and IT leaders know the financial ramifications of every business and technology investment decision. IT is trusted to contribute to strategic decision making around potential and future investments to grow and transform the business.

    Appendix B

    Maturity Level Definitions and Descriptions
    Per Lever

    Establish your ITFM team

    Maturity focus area: Build an ITFM foundation.

    Maturity Level

    Definition

    Description

    Nascent
    Level 1
    Inability to provide any type of financial insight.ITFM tasks, activities, and functions are not being met in any way, shape, or form.
    Cost Operator
    Level 2
    Ability to provide basic financial insights.There is no dedicated ITFM team.


    Basic ITFM tasks, activities, and functions are being performed on an ad hoc basis, such as high-level budget reporting.

    Trusted Coordinator
    Level 3
    Ability to provide basic business insights.A dedicated team is fulfilling essential ITFM tasks, activities, and functions.


    ITFM team can combine and analyze financial and technology data to produce necessary reports.

    Value Optimizer
    Level 4
    Ability to provide valuable business driven insights.A dedicated ITFM team with well-defined roles and responsibilities can provide effective advice to IT leaders, in a timely fashion, and positively influence IT decisions.
    Strategic Partner
    Level 5
    Ability to influence both technology and business decisions.A dedicated and highly specialized ITFM team is trusted and valued by both IT and Business leaders.


    Insights provided by the ITFM team can influence and shape the organization’s strategy.

    Set up your governance structure

    Maturity focus area: Build an ITFM foundation

    Maturity Level

    Definition

    Description

    Nascent
    Level 1
    Inability to ensure any adherence to rules and regulations.ITFM frameworks, guidelines, policies, and procedures are not developed nor documented.
    Cost Operator
    Level 2
    Ability to ensure basic adherence to rules and regulations.Basic ITFM frameworks, guidelines, policies, and procedures are in place, developed on an ad hoc basis, with no apparent coherence or complete documentation.
    Trusted Coordinator
    Level 3
    Ability to ensure compliance to rules and regulations, as well as accountability across ITFM processes.Essential ITFM frameworks, guidelines, policies, and procedures are in place, coherent, and documented, aiming to (a) comply with rules and regulations, and (b) provide clear accountability.
    Value Optimizer
    Level 4
    Ability to ensure compliance to rules and regulations, as well as structure, transparency, and business alignment across ITFM processes.ITFM frameworks, guidelines, policies, and procedures are well defined, coherent, documented, and regularly reviewed, aiming to (a) comply with rules and regulations, (b) provide clear accountability, and (c) maintain business alignment.
    Strategic Partner
    Level 5
    Ability to:
    • Ensure compliance to rules and regulations, as well as ITFM processes are transparent, structured, focused on business objectives, and support decision making.
    • Reinforce and shape the organization culture.
    ITFM frameworks, guidelines, policies, and procedures are complete, well defined, coherent, documented, continuously reviewed, and improved, aiming to (a) comply with rules and regulations, (b) provide clear accountability, (c) maintain business alignment, and (d) facilitate the decision-making process.


    Enforcement of the ITFM governance structure can influence the organization culture.

    Adopt ITFM processes and tools

    Maturity focus area: Build an ITFM foundation.

    Maturity Level

    Definition

    Description

    Nascent
    Level 1
    Inability to deliver IT financial planning and performance output.ITFM processes and tools are not developed nor documented.
    Cost Operator
    Level 2
    Ability to deliver basic IT financial planning output.Basic ITFM processes and tools are in place, developed on an ad hoc basis, with no apparent coherence or complete documentation.
    Trusted Coordinator
    Level 3
    Ability to deliver accurate IT financial output and basic IT performance output in a consistent cadence.Essential ITFM processes and tools are in place, coherent, and documented, aiming to (a) maintain integrity across activities, tasks, methodologies, data, and reports; (b) deliver IT financial planning and performance output needed by stakeholders; and (c) provide clear accountability. ITFM tools and processes are adopted by the ITFM team and some IT business units but are not fully integrated.
    Value Optimizer
    Level 4
    Ability to deliver accurate IT financial planning and performance output at the needed level of detail to stakeholders in a consistent cadence.ITFM processes and tools are complete, well defined, coherent, documented, continuously reviewed, and improved, aiming to (a) maintain integrity across activities, tasks, methodologies, data, and reports; (b) deliver IT financial planning and performance output needed by stakeholders; (c) provide clear accountability; and (d) facilitate decision-making. ITFM tools and processes are adopted by IT and business partners but are not fully integrated.
    Strategic Partner
    Level 5
    Ability to:
    • Deliver accurate IT financial planning and performance output at the needed level of detail to stakeholders.
    • Leverage IT financial planning and performance output in real time and when needed by stakeholders.
    ITFM processes and tools are complete, well defined, coherent, documented, continuously reviewed, and improved, aiming to (a) maintain integrity across activities, tasks, methodologies, data, and reports; (b) deliver IT financial planning and performance output needed by stakeholders; (c) provide clear accountability; and (d) facilitate decision making.


    ITFM processes and tools are automated to the full extent needed by the organization, utilized to their full potential, and integrated into a single enterprise platform, providing a holistic view of IT spending and IT performance.

    Standardize your taxonomy and data model

    Maturity focus area: Manage and monitor IT spending.

    Maturity Level

    Definition

    Description

    Nascent
    Level 1
    Inability to provide transparency across technology spending.ITFM taxonomy and data model are not developed nor documented.
    Cost Operator
    Level 2
    Ability to provide transparency and support IT financial planning data, analysis, and reporting needs of finance stakeholders.ITFM taxonomy and data model are in place, developed on an ad hoc basis, with no apparent coherence or complete documentation, to comply with, and meet the needs of finance stakeholders.
    Trusted Coordinator
    Level 3
    Ability to provide transparency and support IT financial planning and performance data, analysis, and reporting needs of IT and finance stakeholders.ITFM taxonomy and data model are in place, coherent, and documented to meet the needs of IT and finance stakeholders.
    Value Optimizer
    Level 4
    Ability to provide transparency and support IT financial planning and performance data, analysis, and reporting needs of IT, finance, business, and executive stakeholders.ITFM taxonomy and data model are complete, well defined, coherent, documented, continuously reviewed, and improved, aiming to provide (a) a holistic view of IT spending and IT performance, (b) visibility and transparency, (c) flexibility, and (d) valuable insights to facilitate data driven decision making.


    ITFM taxonomy and data model are standardized to meet the needs of IT, finance, business, and executive stakeholders, but not flexible enough to be adjusted in a timely fashion as needed.

    Strategic Partner
    Level 5
    Ability to:
    • Provide transparency and support IT financial planning and performance data, analysis, and reporting needs of IT, finance, business, and executive stakeholders.
    • Change to meet evolving needs.
    ITFM taxonomy and data model are complete, well defined, coherent, documented, continuously reviewed, and improved, aiming to provide (a) a holistic view of IT spending and IT performance, (b) visibility and transparency, (c) flexibility, and (d) valuable insights to facilitate data driven decision making.


    ITFM taxonomy and data model are standardized and meet the changing needs of IT, finance, business, and executive stakeholders.

    Identify, gather, and prepare your data

    Maturity focus area: Manage and monitor IT spending.

    Maturity Level

    Definition

    Description

    Nascent
    Level 1
    Inability to provide accurate and complete across technology spending.ITFM data needs and requirements are not understood.
    Cost Operator
    Level 2
    Ability to provide accurate, but incomplete IT financial planning data to meet the needs of finance stakeholders.Technology spending data is extracted, transformed, and loaded on an ad hoc basis to meet the needs of finance stakeholders.
    Trusted Coordinator
    Level 3
    Ability to provide accurate and complete IT financial planning data to meet the needs of IT and finance stakeholders, but IT performance data remain incomplete.IT financial planning data is extracted, transformed, and loaded in a regular cadence to meet the needs of IT and finance stakeholders.


    IT financial planning data is (a) complete and accurate, as defined in related control documents (guideline, policies, procedures, etc.), (b) regularly validated for inconsistencies, and (c) sourced from the organization’s system of record.

    Value Optimizer
    Level 4
    Ability to provide accurate and complete IT financial planning and performance data to meet the needs of IT, finance, business, and executive stakeholders.ITFM data needs and requirements are understood.


    ITFM data is extracted, transformed, and loaded in a regular cadence to meet the needs of IT, finance, business, and executive stakeholders.


    IT financial planning and performance data are (a) complete and accurate, as defined in related control documents (guideline, policies, procedures, etc.), (b) regularly validated for inconsistencies, and (c) sourced from the organization’s system of record.

    Strategic Partner
    Level 5
    Ability to provide accurate and complete IT financial planning and performance data real time and when needed by IT, finance, business, and executive stakeholders.ITFM data needs and requirements are understood.


    IT financial planning and performance data are (a) complete and accurate, as defined in related control documents (guideline, policies, procedures, etc.), (b) regularly validated for inconsistencies, (c) available and refreshed as needed, and (d) sourced from the organization’s system of record.

    Analyze your findings and develop your reports

    Maturity focus area: Manage and monitor IT spending.

    Maturity Level

    Definition

    Description

    Nascent
    Level 1
    Inability to provide any type of financial insight.ITFM analysis and reports are not developed nor documented.
    Cost Operator
    Level 2
    Ability to provide basic financial insights.IT financial planning analysis is conducted on an ad hoc basis to meet the needs of finance stakeholders.
    Trusted Coordinator
    Level 3
    Ability to provide basic financial planning and performance insights to meet the needs of IT and finance stakeholders.IT financial planning and performance analysis are methodical and rigorous, as defined in related control documents (guideline, policies, procedures, etc.).


    IT financial planning and performance reports are accurate, precise, and methodical, as defined in related control documents (guideline, policies, procedures, etc.).

    Value Optimizer
    Level 4
    Ability to provide practical insights and useful recommendations as needed by IT, finance, business, and executive stakeholders to facilitate business decision making around technology investments.ITFM analysis and reports support business decision making around technology investments.


    IT financial planning and performance analysis are methodical and rigorous, as defined in related control documents (guideline, policies, procedures, etc.).


    IT financial planning and performance reports are (a) accurate, precise, and methodical, as defined in related control documents (guideline, policies, procedures, etc.), (b) fit for purpose, and (c) regularly validated for inconsistencies.

    Strategic Partner
    Level 5
    Ability to provide practical insights and useful recommendations as needed by IT, finance, business, and executive stakeholders to facilitate strategic decision making.ITFM analysis and reports support strategic decision making.


    IT financial planning and performance analysis are methodical and rigorous, as defined in related control documents (guideline, policies, procedures, etc.), and consider multiple point of views (hypotheses, interpretations, opinions, etc.).


    IT financial planning and performance reports are (a) accurate, precise, and methodical, as defined in related control documents (guideline, policies, procedures, etc.), (b) fit for purpose, (c) comprehensive, and (d) regularly validated for inconsistencies.

    Communicate your IT spending

    Maturity focus area: Bridge the language barrier.

    Maturity Level

    Definition

    Description

    Nascent
    Level 1
    Inability of organization stakeholders to communicate and understand each other.The organization stakeholders including IT, finance, business, and executives do not understand one another, and cannot speak the same language.
    Cost Operator
    Level 2
    Ability to understand business and finance requirements.IT understands and meets business and financial planning requirements but does not communicate in a similar language.


    IT cannot influence finance or business decision making.

    Trusted Coordinator
    Level 3
    Ability to understand the needs of different stakeholders including IT, finance, business, and executives and take part in decision making around technology spending.The organization stakeholders including IT, finance, business, and executives understand each other’s needs, but do not communicate in a common language.


    IT leaders provide insights as technology subject matter experts, where conversations center on IT spending in relation to technology services or solutions provided to business partners.


    IT can influence technology decisions around its own budget.

    Value Optimizer
    Level 4
    Ability to communicate in a common vocabulary across the organization and take part in business decision making around technology investments.The organization stakeholders including IT, finance, business, and executives communicate in a common vocabulary and understand one another.


    IT and business leaders, along with their respective teams, collaborate frequently across various initiatives.


    IT leaders provide valuable insight to support and influence business decision making around existing technology investments.

    Strategic Partner
    Level 5
    Ability to communicate in a common vocabulary across the organization and take part in strategic decision making.The organization stakeholders including IT, finance, business, and executives communicate in a common vocabulary and understand one another.


    IT and business leaders, along with their respective teams, collaborate frequently across various initiatives.


    IT leaders provide valuable insight to facilitate decision making around potential and future investments to grow and transform the business, thus influencing the organization’s overall strategic direction.

    Educate the masses

    Maturity focus area: Bridge the language barrier.

    Maturity Level

    Definition

    Description

    Nascent
    Level 1
    Inability of organization stakeholders to acquire knowledge.Educational resources are inexistent.
    Cost Operator
    Level 2
    Ability to acquire financial knowledge and understand financial concepts.IT leaders have access to educational resources to gain the financial knowledge necessary to perform their duties.
    Trusted Coordinator
    Level 3
    Ability to acquire financial and business knowledge and understand related concepts.IT leaders and their respective teams have access to educational resources to gain the financial and business knowledge necessary to perform their duties.


    ITFM team has access to the necessary educational resources to keep up with changing financial regulations and technology developments.

    Value Optimizer
    Level 4
    Ability to acquire knowledge, across technology, business, and finance as needed by different organization stakeholders, and the leadership understand concepts across these various domains.Stakeholders including IT, finance, business, and executives have access to various educational resources to gain knowledge in different domains as needed.


    IT leaders have a good understanding of business and financial concepts.


    Business leaders have a good understanding of technology concepts.

    Strategic Partner
    Level 5
    Ability to acquire knowledge, and understand concepts across technology, business, and finance as needed by different organization stakeholders.The organization promotes continuous learning through well designed programs including training, mentorship, and academic courses. Thus, stakeholders including IT, finance, business, and executives have access to various educational resources to gain knowledge in different domains as needed.


    IT leaders and their respective teams have a good understanding of business and financial concepts.


    Business leaders and their respective teams have a good understanding of technology concepts.

    Influence your organization’s culture

    Maturity focus area: Bridge the language barrier.

    Maturity Level

    Definition

    Description

    Nascent
    Level 1
    Inability to provide and foster an environment of collaboration and continuous improvement.Stakeholders including IT, finance, business, and executives operate in silos, and collaboration between different teams is inexistent.
    Cost Operator
    Level 2
    Ability to provide an environment of cooperation to meet the needs of IT, finance, and business leaders.IT, finance, and business leaders cooperate to meet financial planning requirements as necessary to perform their duties.
    Trusted Coordinator
    Level 3
    Ability to provide and foster an environment of collaboration across the organization.IT, finance, and business collaborate on various initiatives.

    ITFM employees are trusted and supported by their stakeholders (IT, finance, and business).

    Value Optimizer
    Level 4
    Ability to provide and foster an environment of collaboration and continuous improvement, where employees across the organization feel trusted, supported, empowered, and valued.Stakeholders including IT, finance, business, and executives support and promote continuous improvement, transparency practices, and collaboration across the organization.


    Employees are trusted, supported, empowered, and valued.

    Strategic Partner
    Level 5
    Ability to provide and foster an environment of collaboration and continuous improvement, where leaders are willing to change, and employees across the organization feel trusted, supported, empowered, and valued.Stakeholders including IT, finance, business, and executives support and promote continuous improvement, transparency practices, and collaboration across the organization.


    The organization’s leadership is adaptable and open to change.


    Employees are trusted, supported, empowered, and valued.

    Assess Infrastructure Readiness for Digital Transformation

    • Buy Link or Shortcode: {j2store}300|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Strategy and Organizational Design
    • Parent Category Link: /strategy-and-organizational-design

    There are many challenges for I&O when it comes to digital transformation, including:

    • Legacy infrastructure technical debt
    • Skills and talent in the IT team
    • A culture that resists change
    • Fear of job loss

    These and many more will hinder your progress, which demonstrates the need to invest in modernizing your infrastructure, investing in training and hiring talent, and cultivating a culture that supports digital transformation.

    Our Advice

    Critical Insight

    By using the framework of culture, competencies, collaboration and capabilities, organizations can create dimensions in their I&O structure in order to shift from traditional infrastructure management to becoming a strategic enabler, driving agility, innovation, and operational excellence though the effective integration of people, process, and technology.

    Impact and Result

    By driving a customer-centric approach, delivering a successful transformation can be tailored to the business goals and drive adoption and engagement. Refining your roadmap through data and analytics will drive this change. Use third-party expertise to guide your transformation and help build that vision of the future.

    Assess Infrastructure Readiness for Digital Transformation Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Assess Infrastructure Readiness for Digital Transformation – Unlock the full potential of your infrastructure with a digital transformation strategy and clear the barriers for success.

  • Be customer centric as opposed to being technology driven.
  • Understanding business needs and pain points is key to delivering solutions.
  • Approach infrastructure digital transformation in iterations and look at this as a journey.
    • Assess Infrastructure Readiness for Digital Transformation Storyboard
    • I&O Digital Transformation Maturity Assessment Tool

    Infographic

    Further reading

    Assess Infrastructure Readiness for Digital Transformation

    Unlock the full potential of your infrastructure with a digital transformation strategy and clear the barriers to success.

    Analyst Perspective

    It’s not just about the technology!

    Many businesses fail in their endeavors to complete a digital transformation, but the reasons are complex, and there are many ways to fail, whether it is people, process, or technology. In fact, according to many surveys, 70% of digital transformations fail, and it’s mainly down to strategy – or the lack thereof.

    A lot of organizations think of digital transformation as just an investment in technology, with no vision of what they are trying to achieve or transform. So, out of the gate, many organizations fail to undergo a meaningful transformation, change their business model, or bring about a culture of digital transformation needed to be seriously competitive in their given market.

    When it comes to I&O leaders who have been given a mandate to drive digital transformation projects, they still must align to the vision and mission of the organization; they must still train and hire staff that will be experts in their field; they must still drive process improvements and align the right technology to meet the needs of a digital transformation.

    John Donovan

    John Donovan

    Principal Research Director, I&O
    Info-Tech Research Group

    Insight summary

    Overarching insight

    Digital transformation requires I&O teams to shift from traditional infrastructure management to becoming a strategic enabler, driving agility, innovation, and operational excellence through effective integration of people, process, and technology.

    Insight 1

    Collaboration is a key component of I&O – Promote strong collaboration between I&O and other business functions. When doing a digital transformation, it is clear that this is a cross-functional effort. Business leaders and IT teams need to align their objectives, prioritize initiatives, and ensure that you are seamlessly integrating technologies with the new business functions.

    Insight 2

    Embrace agility and adaptability as core principles – As the digital landscape continues to evolve, it is paramount that I&O leaders are agile and adaptable to changing business needs, adopting new technology and implementing new innovative solutions. The culture of continuous improvement and openness to experimentation and learning will assist the I&O leaders in their journey.

    Insight 3

    Future-proof your infrastructure and operations – By anticipating emerging technologies and trends, you can proactively plan and organize your team for future needs. By investing in scalable, flexible infrastructure such as cloud services, automation, AI technologies, and continuously upskilling the IT staff, you can stay relevant and forward-looking in the digital space.

    Tactical insight

    An IT infrastructure maturity assessment is a foundational step in the journey of digital transformation. The demand will be on performance, resilience, and scalability. IT infrastructure must be able to support innovation and rapid deployment of services.

    Tactical insight

    Having a clear strategy, with leadership commitment along with hiring and training the right people, monitoring and measuring your progress, and ensuring it is a business-led journey will increase your chances of success.

    Executive Summary

    Your Challenge

    There are a lot of challenges for I&O when it comes to digital transformation, including:

    • Legacy infrastructure technical debt.
    • Skills and talent in the IT team.
    • A culture that resists change.
    • Fear of job loss.

    These and many more will hinder your progress, which demonstrates the need to invest in modernizing your infrastructure, investing in training and hiring talent, and cultivating a culture that supports digital transformation.

    Common Obstacles

    Many obstacles to digital transformation begin with non-I&O activities, including:

    • Lack of a clear vision and strategy.
    • Siloed organizational structure.
    • Lack of governance and data management.
    • Limited budget and resources.

    By addressing these obstacles, I&O will have a better chance of a successful transformation and delivering the full potential of digital technologies.

    Info-Tech's Approach

    Building a culture of innovation by developing clear goals and creating a vision will be key.

    • Be customer centric as opposed to being technology driven.
    • Understand the business needs and pain points in order to effectively deliver solutions.
    • Approach infrastructure digital transformation in iterations and look at it as a journey.

    By completing the Info-Tech digital readiness questionnaire, you will see where you are in terms of maturity and areas you need to concentrate on.

    Info-Tech Insight

    By driving a customer-centric approach, delivering a successful transformation can be tailored to the business goals and drive adoption and engagement. Refining your roadmap through data and analytics will drive this change. Use third-party expertise to guide your transformation and help build that vision of the future.

    The cost of digital transformation

    The challenges that stand in the way of your success, and what is needed to reverse the risk

    What CIOs are saying about their challenges

    26% of those CIOs surveyed cite resistance to change, with entrenched viewpoints demonstrating a real need for a cultural shift to enhance the digital transformation journey.

    Source: Prophet, 2019.

    70% of digital transformation projects fall short of their objectives – even when their leadership is aligned, often with serious consequences.

    Source: BCG, 2020.

    Having a clear strategy and commitment from leadership, hiring and training the right people, monitoring and measuring your progress, and ensuring it is a business-led journey will increase your chances of success.

    Info-Tech Insight

    Cultural change, business alignment, skills training, and setting a clear strategy with KPIs to demonstrate success are all key to being successful in your digital journey.

    Small and medium-sized enterprises

    What business owners and CEOs are saying about their digital transformation

    57% of small business owners feel they must improve their IT infrastructure to optimize their operations.

    Source: SMB Story, 2023.

    64% of CEOs believe driving digital transformation at a rapid pace is critical to attracting and retaining talent and customers.

    Source: KPMG, 2022.

    Info-Tech Insight

    An IT infrastructure maturity assessment is a foundational step in the journey of digital transformation. The demand will be on performance, resilience, and scalability. IT infrastructure must be able to support innovation and rapid deployments.

    Legacy Active Directory Environment

    • Buy Link or Shortcode: {j2store}471|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Cloud Strategy
    • Parent Category Link: /cloud-strategy

    You are looking to lose your dependency on Active Directory (AD), and you need to tackle infrastructure technical debt, but there are challenges:

    • Legacy apps that are in maintenance mode cannot shed their AD dependency or have hardware upgrades made.
    • You are unaware of what processes depend on AD and how integrated they are.
    • Departments invest in apps that are integrated with AD without informing you until they ask for Domain details after purchasing.

    Our Advice

    Critical Insight

    • Remove your dependency on AD one application at a time. If you are a cloud-first organization, rethink your AD strategy to ask “why” when you add a new device to your Active Directory.
    • With the advent of hybrid work, AD is now a security risk. You need to shore up your security posture. Think of zero trust architecture.
    • Take inventory of your objects that depend on Kerberos and NTML and plan on removing that barrier through applications that don’t depend on AD.

    Impact and Result

    Don’t allow Active Directory services to dictate your enterprise innovation and modernization strategies. Determine if you can safely remove objects and move them to a cloud service where your Azure AD Domain Services can handle your authentication and manage users and groups.

    Legacy Active Directory Environment Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Legacy Active Directory Environment Deck – Legacy AD was never built for modern infrastructure. Understand the history and future of Active Directory and what alternatives are in the market.

    Build all new systems with cloud integration in mind. Many applications built in the past had built-in AD components for access, using Kerberos and NTLM. This dependency has prevented organizations from migrating away from AD. When assessing new technology and applications, consider SaaS or cloud-native apps rather than a Microsoft-dependent application with AD ingrained in the code.

    • Legacy Active Directory Environment Storyboard
    [infographic]

    Further reading

    Legacy Active Directory Environment

    Kill the technical debt of your legacy Active Directory environment.

    Analyst Perspective

    Understand what Active Directory is and why Azure Active Directory does not replace it.

    It’s about Kerberos and New Technology LAN Manager (NTLM).

    The image contains a picture of John Donovan.

    Many organizations that want to innovate and migrate from on-premises applications to software as a service (SaaS) and cloud services are held hostage by their legacy Active Directory (AD). Microsoft did a good job taking over from Novell back in the late 90s, but its hooks into businesses are so deep that many have become dependent on AD services to manage devices and users, when in fact AD falls far short of needed capabilities, restricting innovation and progress.

    Despite Microsoft’s Azure becoming prominent in the world of cloud services, Azure AD is not a replacement for on-premises AD. While Azure AD is a secure authentication store that can contain users and groups, that is where the similarities end. In fact, Microsoft itself has an architecture to mitigate the shortcomings of Azure AD by recommending organizations migrate to a hybrid model, especially for businesses that have an in-house footprint of servers and applications.

    If you are a greenfield business and intend to take advantage of software, infrastructure, and platform as a service (SaaS, IaaS, and PaaS), as well as Microsoft 365 in Azure, then Azure AD is for you and you don’t have to worry about the need for AD.

    John Donovan
    Principal Director, I&O Practice
    Info-Tech Research Group

    Insight Summary

    Legacy AD was never built for modern infrastructure

    When Microsoft built AD as a free component for the Windows Server environment to replace Windows NT before the demise of Novell Directory Services in 2001, it never meant Active Directory to work outside the corporate network with Microsoft apps and devices. While it began as a central managing system for users and PCs on Microsoft operating systems, with one user per PC, the IT ecosystem has changed dramatically over the last 20 years, with cloud adoption, SaaS, IaaS, PaaS, and everything as a service. To make matters worse, work-from-anywhere has become a serious security challenge.

    Build all new systems with cloud integration in mind

    Many applications built in the past had built-in AD components for access, using Kerberos and NTLM. This dependency has prevented organizations from migrating away from AD. When assessing new technology and applications, consider SaaS or cloud-native apps rather than a Microsoft-dependent application with AD ingrained in the code. Ensure you are engaged when the business is assessing new apps. Stop the practice of the business purchasing apps without IT’s involvement; for example, if your marketing department is asking you for your Domain credentials for a vendor when you were not informed of this purchase.

    Hybrid AD is a solution but not a long-term goal

    Economically, Microsoft has no interest in replacing AD anytime soon. Microsoft wants that revenue and has built components like Azure AD Connect to mitigate the AD dependency issue, which is basically holding your organization hostage. In fact, Microsoft has advised that a hybrid solution will remain because, as we will investigate, Azure AD is not legacy AD.

    Executive Summary

    Your Challenge

    Common Obstacles

    Info-Tech’s Approach

    You are looking to lose your dependency on Active Directory, and you need to tackle infrastructure technical debt, but there are challenges.

    • Legacy apps that are in maintenance mode cannot shed their AD dependency or have hardware upgrades made.
    • You are unaware of what processes depend on AD and how integrated they are.
    • Departments invest in apps that are integrated with AD without informing you until they ask for Domain details after purchasing.
    • Legacy applications can prevent you from upgrading servers or may need to be isolated due to security concerns related to inadequate patching and upgrades.
    • You do not see any return on investment in AD maintenance.
    • Mergers and acquisitions can prevent you from migrating away from AD if one company is dependent on AD and the other is fully in the cloud. This increases technical debt.
    • Remove your dependency on AD one application at a time. If you are a cloud-first organization, rethink your AD strategy to ask “why” when you add a new device to your Active Directory.
    • With the advent of hybrid work, AD is now a security risk. You need to shore up your security posture. Think of zero trust architecture.
    • Take inventory of your objects that depend on Kerberos and NTML and plan on removing that barrier through applications that don’t depend on AD.

    Info-Tech Insight

    Don’t allow Active Directory services to dictate your enterprise innovation and modernization strategies. Determine if you can safely remove objects and move them to a cloud service where your Azure AD Domain Services can handle your authentication and manage users and groups.

    The history of Active Directory

    The evolution of your infrastructure environment

    From NT to the cloud

    AD 2001 Exchange Server 2003 SharePoint 2007 Server 2008 R2 BYOD Security Risk All in Cloud 2015
    • Active Directory replaces NT and takes over from Novell as the enterprise access and control plane.
    • With slow WAN links, no cellphones, no tablets, and very few laptops, security was not a concern in AD.
    • In 2004, email becomes business critical.
    • This puts pressure on links, increases replication and domains, and creates a need for multiple identities.
    • Collaboration becomes pervasive.
    • Cross domain authentication becomes prevalent across the enterprise.
    • SharePoint sites need to be connected to multiple Domain AD accounts. More multiple identities are required.
    • Exchange resource forest rolls out, causing the new forest functional level to be a more complex environment.
    • Fine-grained password policies have impacted multiple forests, forcing them to adhere to the new password policies.
    • There are powerful Domain controllers, strong LAN and WAN connections, and an increase in smartphones and laptops.
    • Audits and compliance become a focus, and mergers and acquisitions add complexity. Security teams are working across the board.
    • Cloud technology doesn’t work well with complicated, messy AD environment. Cloud solutions need simple, flat AD architecture.
    • Technology changes after 15+ years. AD becomes the backbone of enterprise infrastructure. Managers demand to move to cloud, building complexity again.

    Organizations depend on AD

    AD is the backbone of many organizations’ IT infrastructure

    73% of organizations say their infrastructure is built on AD.

    82% say their applications depend on AD data.

    89% say AD enables authenticated access to file servers.

    90% say AD is the main source for authentication.

    Source: Dimensions research: Active Directory Modernization :

    Info-Tech Insight

    Organizations fail to move away from AD for many reasons, including:

    • Lack of time, resources, budget, and tools.
    • Difficulty understanding what has changed.
    • Migrating from AD being a low priority.

    Active Directory components

    Physical and logical structure

    Authentication, authorization, and auditing

    The image contains a screenshot of the active directory components.

    Active Directory has its hooks in!

    AD creates infrastructure technical debt and is difficult to migrate away from.

    The image contains a screenshot of an active directory diagram.

    Info-Tech Insight

    Due to the pervasive nature of Active Directory in the IT ecosystem, IT organizations are reluctant to migrate away from AD to modernize and innovate.

    Migration to Microsoft 365 in Azure has forced IT departments’ hand, and now that they have dipped their toe in the proverbial cloud “lake,” they see a way out of the mounting technical debt.

    AD security

    Security is the biggest concern with Active Directory.

    Neglecting Active Directory security

    98% of data breaches came from external sources.

    Source: Verizon, Data Breach Report 2022

    85% of data breach took weeks or even longer to discover.

    Source: Verizon Data Breach Report, 2012

    The biggest challenge for recovery after an Active Directory security breach is identifying the source of the breach, determining the extent of the breach, and creating a safe and secure environment.

    Info-Tech Insight

    Neglecting legacy Active Directory security will lead to cyberattacks. Malicious users can steal credentials and hijack data or corrupt your systems.

    What are the security risks to legacy AD architecture?

    • It's been 22 years since AD was released by Microsoft, and it has been a foundational technology for most businesses over the years. However, while there have been many innovations over those two decades, like Amazon, Facebook, iPhones, Androids, and more, Active Directory has remained mostly unchanged. There hasn’t been a security update since 2016.
    • This lack of security innovation has led to several cyberattacks over the years, causing businesses to bolt on additional security measures and added complexity. AD is not going away any time soon, but the security dilemma can be addressed with added security features.

    AD event logs

    84% of organizations that had a breach had evidence of that breach in their event logs.

    Source: Verizon Data Breach Report, 2012

    What is the business risk

    How does AD impact innovation in your business?

    It’s widely estimated that Active Directory remains at the backbone of 90% of Global Fortune 1000 companies’ business infrastructure (Lepide, 2021), and with that comes risk. The risks include:

    • Constraints of AD and growth of your digital footprint
    • Difficulty integrating modern technologies
    • Difficulty maintaining consistent security policies
    • Inflexible central domains preventing innovation and modernization
    • Inability to move to a self-service password portal
    • Vulnerability to being hacked
    • BYOD not being AD friendly

    AD is dependent on Windows Server

    1. Even though AD is compliant with LDAP, software vendors often choose optional features of LDAP that are not supported by AD. It is possible to implement Kerberos in a Unix system and establish trust with AD, but this is a difficult process and mistakes are frequent.
    2. Restricting your software selection to Windows-based systems reduces innovation and may hamper your ability to purchase best-in-class applications.

    Azure AD is not a replacement for AD

    AD was designed for an on-premises enterprise

    The image contains a screenshot of a Azure AD diagram.

    • Despite Microsoft’s Azure becoming prominent in the world of cloud services, Azure AD is not a replacement for on-premises AD.
    • In fact, Microsoft itself has an architecture to mitigate the shortcomings of Azure AD by recommending organizations migrate to a hybrid model, especially those businesses that have an in-house footprint of servers and applications.
    • If you are a greenfield business and intend to take advantage of SaaS, IaaS, and PaaS, as well as Microsoft 365 in Azure, then Azure AD is for you and you don’t have to worry about the need for AD.

    "Azure Active Directory is not designed to be the cloud version of Active Directory. It is not a domain controller or a directory in the cloud that will provide the exact same capabilities with AD. It actually provides many more capabilities in a different way.

    That’s why there is no actual ‘migration’ path from Active Directory to Azure Active Directory. You can synchronize your on-premises directories (Active Directory or other) to Azure Active Directory but not migrate your computer accounts, group policies, OU etc."

    – Gregory Hall,
    Brand Representative for Microsoft
    (Source: Spiceworks)

    The hybrid model for AD and Azure AD

    How the model works

    The image contains a screenshot of a hybrid model for AD and Azure AD.

    Note: AD Federated Services (ADFS) is not a replacement for AD. It’s a bolt-on that requires maintenance, support, and it is not a liberating service.

    Many companies are:

    • Moving to SaaS solutions for customer relationship management, HR, collaboration, voice communication, file storage, and more.
    • Managing non-Windows devices.
    • Moving to a hybrid model of work.
    • Enabling BYOD.

    Given these trends, Active Directory is becoming obsolete in terms of identity management and permissions.

    The difference between AD Domain Services and Azure AD DS

    One of the core principles of Azure AD is that the user is the security boundary, not the network.

    Kerberos is the default authentication and authorization protocol for AD. Kerberos is involved in nearly everything from the time you log on to accessing Sysvol, which is used to deliver policy and logon scripts to domain members from the Domain Controller.

    Info-Tech Insight

    If you are struggling to get away from AD, Kerberos and NTML are to blame. Working around them is difficult. Azure AD uses SAML2.0 OpenID Connect and OAuth2.0.

    Feature Azure AD DS Self-managed AD DS
    Managed service
    Secure deployments Administrator secures the deployment
    DNS server ✓ (managed service)
    Domain or Enterprise administrator privileges
    Domain join
    Domain authentication using NTLM and Kerberos
    Kerberos-constrained delegation Resource-based Resource-based and account-based
    Custom OU structure
    Group Policy
    Schema extensions
    AD domain/forest trusts ✓ (one-way outbound forest trusts only)
    Secure LDAP (LDAPS)
    LDAP read
    LDAP write ✓ (within the managed domain)
    Geo-distributed deployments

    Source: “Compare self-managed Active Directory Domain Services...” Azure documentation, 2022

    Impact of work-from-anywhere

    How AD poses issues that impact the user experience

    IT organizations are under pressure to enable work-from-home/work-from-anywhere.

    • IT teams regard legacy infrastructure, namely Active Directory, as inadequate to securely manage remote workloads.
    • While organizations previously used VPNs to access resources through Active Directory, they now have complex webs of applications that do not reside on premises, such as AWS, G-Suite, and SaaS customer relationship management and HR management systems, among others. These resources live outside the Windows ecosystem, complicating user provisioning, management, and security.
    • The work environment has changed since the start of COVID-19, with businesses scrambling to enable work-from-home. This had a huge impact on on-premises identity management tools such as AD, exposing their limitations and challenges. IT admins are all too aware that AD does not meet the needs of work-from-home.
    • As more IT organizations move infrastructure to the cloud, they have the opportunity to move their directory services to the cloud as well.
      • JumpCloud, OneLogin, Okta, Azure AD, G2, and others can be a solution for this new way of working and free up administrators from the overloaded AD environment.
      • Identity and access management (IAM) can be moved to the cloud where the modern infrastructure lives.
      • Alternatives for printers using AD include Google Cloud Print, PrinterOn, and PrinterLogic.

    How AD can impact your migration to Microsoft 365

    The beginning of your hybrid environment

    • Businesses that have a large on-premises footprint have very few choices for setting up a hybrid environment that includes their on-premises AD and Azure AD synchronization.
    • Microsoft 365 uses Azure AD in the background to manage identities.
    • Azure AD Connect will need to be installed, along with IdFix to identify errors such as duplicates and formatting problems in your AD.
    • Password hash should be implemented to synchronize passwords from on-premises AD so users can sign in to Azure without the need for additional single sign-on infrastructure.
    • Azure AD Connect synchronizes accounts every 30 minutes and passwords within two minutes.

    Alternatives to AD

    When considering retiring Active Directory from your environment, look at alternatives that can assist with those legacy application servers, handle Kerberos and NTML, and support LDAP.

    • JumpCloud: Cloud-based directory services. JumpCloud provides LDAP-as-a-Service and RADIUS-as-a-Service. It authenticates, authorizes, and manages employees, their devices, and IT applications. However, domain name changes are not supported.
    • Apache Directory Studio Pro: Written in Java, it supports LDAP v3–certified directory services. It is certified by Eclipse-based database utilities. It also supports Kerberos, which is critical for legacy Microsoft AD apps authentication.
    • Univention Corporate Server (UCS): Open-source Linux-based solution that has a friendly user interface and gets continuous security and feature updates. It supports Kerberos V5 and LDAP, works with AD, and is easy to sync. It also supports DNS server, DHCP, multifactor authentication and single sign-on, and APIs and REST APIs. However, it has a limited English knowledgebase as it is a German tool.

    What to look for

    If you are embedded in Windows systems but looking for an alternative to AD, you need a similar solution but one that is capable of working in the cloud and on premises.

    Aside from protocols and supporting utilities, also consider additional features that can help you retire your Active Directory while maintaining highly secure access control and a strong security posture.

    These are just a few examples of the many alternatives available.

    Market drivers to modernize your infrastructure

    The business is now driving your Active Directory migration

    What IT must deal with in the modern world of work:

    • Leaner footprint for evolving tech trends
    • Disaster recovery readiness
    • Dynamic compliance requirements
    • Increased security needs
    • The need to future-proof
    • Mergers and acquisitions
    • Security extending the network beyond Windows

    Organizations are making decisions that impact Active Directory, from enabling work-from-anywhere to dealing with malicious threats such as ransomware. Mergers and acquisitions also bring complexity with multiple AD domains.
    The business is putting pressure on IT to become creative with security strategies, alternative authentication and authorization, and migration to SaaS and cloud services.

    Activity

    Build a checklist to migrate off Active Directory.

    Discovery

    Assessment

    Proof of Concept

    Migration

    Cloud Operations

    ☐ Catalog your applications.

    ☐ Define your users, groups and usage.

    ☐ Identify network interdependencies and complexity.

    ☐ Know your security and compliance regulations.

    ☐ Document your disaster recovery plan and recovery point and time objectives (RPO/RTO).

    ☐ Build a methodology for migrating apps to IaaS.

    ☐ Develop a migration team using internal resources and/or outsourcing.

    ☐ Use Microsoft resources for specific skill sets.

    ☐ Map on-premises third-party solutions to determine how easily they will migrate.

    ☐ Create a plan to retire and archive legacy data.

    ☐ Test your workload: Start small and prove value with a phased approach.

    ☐ Estimate cloud costs.

    ☐ Determine the amount and size of your compute and storage requirements.

    ☐ Understand security requirements and the need for network and security controls.

    ☐ Assess network performance.

    ☐ Qualify and test the tools and solutions needed for the migration.

    ☐ Create a blueprint of your desired cloud environment.

    ☐ Establish a rollback plan.

    ☐ Identify tools for automating migration and syncing data.

    ☐ Understand the implications of the production-day data move.

    ☐ Keep up with the pace of innovation.

    ☐ Leverage 24/7 support via skilled Azure resources.

    ☐ Stay on top of system maintenance and upgrades.

    ☐ Consider service-level agreement requirements, governance, security, compliance, performance, and uptime.

    Related Info-Tech Research

    Manage the Active Directory in the Service Desk

    • Build and maintain your Active Directory with good data.
    • Actively maintaining the Active Directory is a difficult task that only gets more difficult with issues like stale accounts and privilege creep.

    SoftwareReviews: Microsoft Azure Active Directory

    • The Azure Active Directory (Azure AD) enterprise identity service provides SSO and multifactor authentication to help protect your users from 99.9% of cybersecurity attacks

    Define Your Cloud Vision

    • Don’t think about the cloud as an inevitable next step for all workloads. The cloud is merely another tool in the toolbox, ready to be used when appropriate and put away when it’s not needed. Cloud-first isn’t always the way to go.

    Bibliography

    “2012 Data Breach Investigations Report.” Verizon, 2012. Web.
    “2022 Data Breach Investigations Report.” Verizon, 2012. Web.
    “22 Best Alternatives to Microsoft Active Directory.” The Geek Page, 16 Feb 2022. Accessed 12 Sept. 2022.
    Altieri, Matt. “Infrastructure Technical Debt.” Device 42, 20 May 2019. Accessed Sept 2022.
    “Are You Ready to Make the Move from ADFS to Azure AD?’” Steeves and Associates, 29 April 2021. Accessed 28 Sept. 2022.
    Blanton, Sean. “Can I Replace Active Directory with Azure AD? No, Here’s Why.” JumpCloud, 9 Mar 2021. Accessed Sept. 2022.
    Chai, Wesley, and Alexander S. Gillis. “What is Active Directory and how does it work?” TechTarget, June 2021. Accessed 10 Sept. 2022.
    Cogan, Sam. “Azure Active Directory is not Active Directory!” SamCogan.com, Oct 2020. Accessed Sept. 2022.
    “Compare Active Directory to Azure Active Directory.” Azure documentation, Microsoft Learn, 18 Aug. 2022. Accessed 12 Sept. 2022.
    "Compare self-managed Active Directory Domain Services, Azure Active Directory, and managed Azure Active Directory Domain Services." Azure documentation, Microsoft Learn, 23 Aug. 2022. Accessed Sept. 2022.
    “Dimensional Research, Active Directory Modernization: A Survey of IT Professionals.” Quest, 2017. Accessed Sept 2022.
    Grillenmeier, Guido. “Now’s the Time to Rethink Active Directory Security.“ Semperis, 4 Aug 2021. Accessed Oct. 2013.
    “How does your Active Directory align to today’s business?” Quest Software, 2017, accessed Sept 2022
    Lewis, Jack “On-Premises Active Directory: Can I remove it and go full cloud?” Softcat, Dec.2020. Accessed 15 Sept 2022.
    Loshin, Peter. “What is Kerberos?” TechTarget, Sept 2021. Accessed Sept 2022.
    Mann, Terry. “Why Cybersecurity Must Include Active Directory.” Lepide, 20 Sept. 2021. Accessed Sept. 2022.
    Roberts, Travis. “Azure AD without on-prem Windows Active Directory?” 4sysops, 25 Oct. 2021. Accessed Sept. 2022.
    “Understanding Active Directory® & its architecture.” ActiveReach, Jan 2022. Accessed Sept. 2022.
    “What is Active Directory Migration?” Quest Software Inc, 2022. Accessed Sept 2022.

    Agile Enterprise Architecture Operating Model

    • Buy Link or Shortcode: {j2store}581|cart{/j2store}
    • member rating overall impact: 9.6/10 Overall Impact
    • member rating average dollars saved: $31,106 Average $ Saved
    • member rating average days saved: 33 Average Days Saved
    • Parent Category Name: Strategy & Operating Model
    • Parent Category Link: /strategy-and-operating-model

    Establish an enterprise architecture practice that:

    • Leverages an operating model that promotes/supports agility within the organization.
    • Embraces business, data, application, and technology architectures in an optimal mix.
    • Is Agile in itself and will be sustainable and reactive to business needs, staying relevant and “profitable” – continuously delivering business value.

    Our Advice

    Critical Insight

    • Use your business and EA strategy and design principles to right-size standardized operating models to fit your EA organization’s needs.
    • You need to define a sound set of design principles before commencing with the design of your EA organization.
    • The EA operating model structure should be rigid but pliable enough to fit the needs of the stakeholders it provides services to.
    • A phased approach and a good communication strategy is key to the success of the new EA organization.
    • Start with one group and work out the hurdles before rolling it out organization-wide.
    • Make sure that you communicate regularly on wins but also on hurdles and how to overcome them.

    Impact and Result

    • The organization design approach proposed will aim to provide twofold agility: the ability to stretch and shrink depending on business requirements and the promotion of agility in architecture delivery.
    • By recognizing that agility comes in different flavors, organizations using more traditional design patterns will also benefit from the approach advocated by this blueprint.

    Agile Enterprise Architecture Operating Model Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out create an Agile EA operating model to execute the EA function, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Design your EA operating model

    You need to define a sound set of design principles before commencing with the design of your EA organization.

    • Agile EA Operating Model Communication Deck
    • Agile EA Operating Model Workbook
    • Business Architect
    • Application Architect
    • Data Architect
    • Enterprise Architect

    2. Define your EA organizational structure

    The EA operating model structure should be rigid but pliable enough to fit the needs of the stakeholders it provide services to.

    • EA Views Taxonomy
    • EA Operating Model Template
    • Architecture Board Charter Template
    • EA Policy Template
    • EA Compliance Waiver Form Template

    3. Implement the EA operating model

    A phased approach and a good communications strategy are key to the success of the new EA organization.

    • EA Roadmap
    • EA Communication Plan Template
    [infographic]

    Workshop: Agile Enterprise Architecture Operating Model

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 EA Function Design

    The Purpose

    Identify how EA looks within the organization and ensure all the necessary skills are accounted for within the function.

    Key Benefits Achieved

    EA is designed to be the most appropriately placed and structured for the organization.

    Activities

    1.1 Place the EA department.

    1.2 Define roles for each team member.

    1.3 Find internal and external talent.

    1.4 Create job descriptions with required proficiencies.

    Outputs

    EA organization design

    Role-based skills and competencies

    Talent acquisition strategy

    Job descriptions

    2 EA Engagement Model

    The Purpose

    Create a thorough engagement model to interact with stakeholders.

    Key Benefits Achieved

    An understanding of each process within the engagement model.

    Create stakeholder interaction cards to plan your conversations.

    Activities

    2.1 Define each engagement process for your organization.

    2.2 Document stakeholder interactions.

    Outputs

    EA Operating Model Template

    EA Stakeholder Engagement Model Template

    3 EA Governance

    The Purpose

    Develop EA boards, alongside a charter and policies to effectively govern the function.

    Key Benefits Achieved

    Governance that aids the EA function instead of being a bureaucratic obstacle.

    Adherence to governace.

    Activities

    3.1 Outline the architecture review process.

    3.2 Position the architecture review board.

    3.3 Create a committee charter.

    3.4 Make effective governance policy.

    Outputs

    Architecture Board Charter Template

    EA Policy Template

    4 Architecture Development Framework

    The Purpose

    Create an operating model that is influenced by universal standards including TOGAF, Zachmans, and DoDAF.

    Key Benefits Achieved

    A thoroughly articulated development framework.

    Understanding of the views that influence each domain.

    Activities

    4.1 Tailor an architecture development framework to your organizational context.

    Outputs

    EA Operating Model Template

    Enterprise Architecture Views Taxonomy

    5 Operational Plan

    The Purpose

    Create a change management and communication plan or roadmap to execute the operating model.

    Key Benefits Achieved

    Build a plan that takes change management and communication into consideration to achieve the wanted benefits of an EA program.

    Effectively execute the roadmap.

    Activities

    5.1 Create a sponsorship action plan.

    5.2 Outline a communication plan.

    5.3 Execute a communication roadmap.

    Outputs

    Sponsorship Action Plan

    EA Communication Plan Template

    EA Roadmap

    Enterprise Architecture Trends

    • Buy Link or Shortcode: {j2store}584|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Strategy & Operating Model
    • Parent Category Link: /strategy-and-operating-model
    • The digital transformation journey brings business and technology increasingly closer.
    • Because the two become more and more intertwined, the role of the enterprise architecture increases in importance, aligning the two in providing additional efficiencies.
    • The current need for an accelerated digital transformation elevates the importance of enterprise architecture.

    Our Advice

    Critical Insight

    • Enterprise architecture is impacted and has an increasing role in the following areas:
      • Business agility
      • Security
      • Innovation
      • Collaborative EA
      • Tools and automation

    Impact and Result

    EA’s role in brokering and negotiating overlapping areas can lead to the creation of additional efficiencies at the enterprise level.

    Enterprise Architecture Trends Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Enterprise Architecture Trends Deck – A trend report to support executives as they digitally transform the enterprise.

    In an accelerated path to digitization, the increasingly important role of enterprise architecture is one of collaboration across siloes, inside and outside the enterprise, in a configurable way that allows for quick adjustment to new threats and conditions, while embracing unprecedented opportunities to scale, stimulating innovation, in order to increase the organization’s competitive advantage.

    • Enterprise Architecture Trends Report

    Infographic

    Further reading

    Enterprise Architecture Trends

    Supporting Executives to Digitally Transform the Enterprise

    Analyst Perspective

    Enterprise architecture, seen as the glue of the organization, aligns business goals with all the other aspects of the organization, providing additional effectiveness and efficiencies while also providing guardrails for safety.

    In an accelerated path to digitization, the increasingly important role of enterprise architecture (EA) is one of collaboration across siloes, inside and outside the enterprise, in a configurable way that allows for quick adjustment to new threats and conditions while embracing unprecedented opportunities to scale, stimulating innovation to increase the organization’s competitive advantage.

    Photo of Milena Litoiu, Principal/Senior Director, Enterprise Architecture, Info-Tech Research Group.

    Milena Litoiu
    Principal/Senior Director, Enterprise Architecture
    Info-Tech Research Group

    Accelerated digital transformation elevates the importance of EA

    The Digital transformation journey brings Business and technology increasingly closer.

    Because the two become more and more intertwined, the role OF Enterprise Architecture increases in importance, aligning the two in providing additional efficiencies.

    THE Current need for an accelerated Digital transformation elevates the importance of Enterprise Architecture.

    More than 70% of organizations revamp their enterprise architecture programs. (Info-Tech Tech Trends 2022 Survey)

    Most organizations still see a significant gap between the business and IT.

    Enterprise Architecture (EA) is impacted and has an increasing role in the following areas

    Accelerated Digital Transformation

    • Business agility Business agility, needed more that ever, increases reliance on enterprise strategies.
      EA creates alignment between business and IT to improve business nimbleness.
    • Security More sophisticated attacks require more EA coordination.
      EA helps adjust to the increasing sophistication of external threats. Partnering with the CISO office to develop strategies to protect the enterprise becomes a prerequisite for survival.
    • Innovation EA's role in an innovation increases synergies at the enterprise level.
      EA plays an increasingly stronger role in innovation, from business endeavors to technology, across business units, etc.
    • Collaborative EA Collaborative EA requires new ways of working.
      Enterprise collaboration gains new meaning, replacing stiff governance.
    • Tools & automation Tools-based automation becomes increasingly common.
      Tools support as well as new artificial intelligence or machine- learning- powered approaches help achieve tools-assisted coordination across viewpoints and teams.

    Info-Tech Insight

    EA's role in brokering and negotiating overlapping areas can lead to the creation of additional efficiencies at the enterprise level.

    EA Enabling Business Agility

    Trend 01 — Business Agility is needed more than ever and THIS increases reliance on enterprise Strategies. to achieve nimbleness, organizations need to adapt timely to changes in the environment.

    Approaches:
    A plethora of approaches are needed (e.g. architecture modularity, data integration, AI/ML) in addition to other Agile/iterative approaches for the entire organization.

    The latest burning platform: Exit Plans in a shifting world

    • Large vertical image:
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A

    The current global situation, marked by significant trade tensions and retaliatory measures between major economic powers, has elevated the importance of more detailed, robust, and executable exit plans for businesses in nearly all industries. The current geopolitical headwinds create an unpredictable environment that can severely impact supply chains, technology partnerships, and overall business operations. What was once a prudent measure is now a critical necessity – a “burning platform” – for ensuring business continuity and resilience.

    Here I will delve deeper into the essential components of an effective exit plan, outline the practical steps for its implementation, and explain the crucial role of testing in validating its readiness.

    exit plan

    Continue reading

    Prepare for Cognitive Service Management

    • Buy Link or Shortcode: {j2store}335|cart{/j2store}
    • member rating overall impact: 9.0/10 Overall Impact
    • member rating average dollars saved: 10 Average Days Saved
    • member rating average days saved: After each Info-Tech experience, we ask our members to quantify the real-time savings, monetary impact, and project improvements our research helped them achieve.
    • Parent Category Name: Strategy and Organizational Design
    • Parent Category Link: /strategy-and-organizational-design
    • The evolution of natural language processing and machine learning applications has led to specialized AI-assisted toolsets that promise to improve the efficiency and timeliness of IT operations.

    Our Advice

    Critical Insight

    • These are early days. These AI-assisted toolsets are generating a considerable amount of media attention, but most of them are relatively untested. Early adopters willing to absorb experimentation costs are in the process of deploying the first use cases. Initial lessons are showing that IT operations in most organizations are not yet mature enough to take advantage of AI-assisted toolsets.
    • Focus on the problem, not the tool. Explicit AI questions should be at the end of the list. Start by asking what business problem you want to solve.
    • Get your house in order. The performance of AI-assisted tools depends on mature IT operations processes and reliable data sets. Standardize service management processes and build a knowledgebase of structured content to prepare for AI-assisted IT operations.

    Impact and Result

    • Don’t fall prey to the AI-bandwagon effect. AI-assisted innovations will support shift-left service support strategies through natural language processing and machine learning applications. However, the return on your AI investment will depend on whether it helps you meet an actual business goal.
    • AI-assisted tools presuppose the existence of mature IT operations functions, including standardized processes, high-quality structured content focused on the incidents and requests that matter, and a well-functioning ITSM web portal.
    • The success of AI ITSM projects hinges on adoption. If your vision is to power end-user interactions with chatbots and deploy intelligent agents on tickets coming through the web portal, be sure to develop a self-service culture that empowers end users to help themselves and experiment with new tools and technologies. Without end-user adoption, the promised benefits of AI projects will not materialize.

    Prepare for Cognitive Service Management Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should prepare for cognitive service management, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Review emerging AI technology

    Get an overview of emerging AI applications to understand how they will strengthen a shift-left service support strategy.

    2. Sort potential IT operations AI use cases

    Review potential use cases for AI applications to prioritize improvement initiatives and align them to organizational goals.

    • Disruptive Technology Shortlisting Tool
    • Disruptive Technology Value-Readiness and SWOT Analysis Tool

    3. Prepare for a cognitive service management project

    Develop an ITSM AI strategy to prepare your organization for the coming of cognitive service management, and build a roadmap for implementation.

    • Customer Journey Map (PDF)
    • Customer Journey Map (Visio)
    • Infrastructure Roadmap Technology Assessment Tool
    • Strategic Infrastructure Roadmap Tool
    [infographic]

    Build Resilience Against Ransomware Attacks

    • Buy Link or Shortcode: {j2store}317|cart{/j2store}
    • member rating overall impact: 9.5/10 Overall Impact
    • member rating average dollars saved: $68,467 Average $ Saved
    • member rating average days saved: 21 Average Days Saved
    • Parent Category Name: Threat Intelligence & Incident Response
    • Parent Category Link: /threat-intelligence-incident-response
    • Sophisticated ransomware attacks are on the rise and evolving quickly.
    • Executives want reassurance but are not ready to write a blank check. We need to provide targeted and justified improvements.
    • Emerging strains can exfiltrate sensitive data, encrypt systems, and destroy backups in hours, which makes recovery a grueling challenge.

    Our Advice

    Critical Insight

    • Malicious agents design progressive, disruptive attacks to pressure organizations to pay a ransom.
    • Organizations misunderstand ransomware risk scenarios, which obscures the likelihood and impact of an attack.
    • Conventional approaches focus on response and recovery, which do nothing to prevent an attack and are often ineffective against sophisticated attacks.

    Impact and Result

    • Conduct a thorough assessment of your current state; identify potential gaps and assess the possible outcomes of an attack.
    • Analyze attack vectors and prioritize controls that prevent ransomware attacks, and implement ransomware protections and detection to reduce your attack surface.
    • Visualize, plan, and practice your response and recovery to reduce the potential impact of an attack.

    Build Resilience Against Ransomware Attacks Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Build Resilience Against Ransomware Attacks

    Use this step-by-step guide to assess your ransomware readiness and implement controls that will improve your ability to prevent incursions and defend against attacks.

    • Build Resilience Against Ransomware Attacks – Phases 1-4

    2. Ransomware Resilience Assessment – Complete the ransomware resilience assessment and establish metrics.

    Use this assessment tool to assess existing protection, detection, response, and recovery capabilities and identify potential improvements.

    • Ransomware Resilience Assessment

    3. Threat Preparedness Workbook – Improve protection and detection capabilities.

    Use this threat preparedness workbook to evaluate the threats and tactics in the ransomware kill chain using the MITRE framework and device appropriate countermeasures.

    • Enterprise Threat Preparedness Workbook

    4. Tabletop Planning Exercise and Example Results – Improve response and recovery capabilities with a tabletop exercise for your internal IT team.

    Adapt this tabletop planning session template to plan and practice the response of your internal IT team to a ransomware scenario.

    • Tabletop Exercise – Internal (Ransomware Template)
    • Ransomware Tabletop Planning Results – Example (Visio)
    • Ransomware Tabletop Planning Results – Example (PDF)

    5. Ransomware Response Runbook and Workflow – Document ransomware response steps and key stakeholders.

    Adapt these workflow and runbook templates to coordinate the actions of different stakeholders through each stage of the ransomware incident response process.

    • Ransomware Response Runbook Template
    • Ransomware Response Workflow Template (Visio)
    • Ransomware Response Workflow Template (PDF)

    6. Extended Tabletop Exercise and Leadership Guide – Run a tabletop test to plan and practice the response of your leadership team.

    Adapt this tabletop planning session template to plan leadership contributions to the ransomware response workflow. This second tabletop planning session will focus on communication strategy, business continuity plan, and deciding whether the organization should pay a ransom.

    • Tabletop Exercise – Extended (Ransomware Template)
    • Leadership Guide for Extended Ransomware

    7. Ransomware Resilience Summary Presentation – Summarize status and next steps in an executive presentation.

    Summarize your current state and present a prioritized project roadmap to improve ransomware resilience over time.

    • Ransomware Resilience Summary Presentation

    Infographic

    Workshop: Build Resilience Against Ransomware Attacks

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Assess Ransomware Resilience

    The Purpose

    Set workshop goals, review ransomware trends and risk scenarios, and assess the organization’s resilience to ransomware attacks.

    Key Benefits Achieved

    Develop a solid understanding of the likelihood and impact of a ransomware attack on your organization.

    Complete a current state assessment of key security controls in a ransomware context.

    Activities

    1.1 Review incidents, challenges, and project drivers.

    1.2 Diagram critical systems and dependencies and build risk scenario.

    1.3 Assess ransomware resilience.

    Outputs

    Workshop goals

    Ransomware Risk Scenario

    Ransomware Resilience Assessment

    2 Protect and Detect

    The Purpose

    Improve your capacity to protect your organization from ransomware and detect attacks along common vectors.

    Key Benefits Achieved

    Identify targeted countermeasures that improve protection and detection capabilities.

    Activities

    2.1 Assess ransomware threat preparedness.

    2.2 Determine the impact of ransomware techniques on your environment.

    2.3 Identify countermeasures to improve protection and detection capabilities.

    Outputs

    Targeted ransomware countermeasures to improve protection and detection capabilities.

    Targeted ransomware countermeasures to improve protection and detection capabilities.

    Targeted ransomware countermeasures to improve protection and detection capabilities.

    3 Respond and Recover

    The Purpose

    · Improve your organization’s capacity to respond to ransomware attacks and recover effectively.

    Key Benefits Achieved

    Build response and recovery capabilities that reduce the potential business disruption of successful ransomware attacks.

    Activities

    3.1 Review the workflow and runbook templates.

    3.2 Update/define your threat escalation protocol.

    3.3 Define scenarios for a range of incidents.

    3.4 Run a tabletop planning exercise (IT).

    3.5 Update your ransomware response runbook.

    Outputs

    Security Incident Response Plan Assessment.

    Tabletop Planning Session (IT)

    Ransomware Workflow and Runbook.

    4 Improve Ransomware Resilience.

    The Purpose

    Identify prioritized initiatives to improve ransomware resilience.

    Key Benefits Achieved

    Identify the role of leadership in ransomware response and recovery.

    Communicate workshop outcomes and recommend initiatives to improve ransomware resilience.

    Activities

    4.1 Run a tabletop planning exercise (Leadership).

    4.2 Identify initiatives to close gaps and improve resilience.

    4.3 Review broader strategies to improve your overall security program.

    4.4 Prioritize initiatives based on factors such as effort, cost, and risk.

    4.5 Review the dashboard to fine tune your roadmap.

    4.6 Summarize status and next steps in an executive presentation.

    Outputs

    Tabletop Planning Session (Leadership)

    Ransomware Resilience Roadmap and Metrics

    Ransomware Workflow and Runbook

    Further reading

    Build Ransomware Resilience

    Prevent ransomware incursions and defend against ransomware attacks

    EXECUTIVE BRIEF

    Executive Summary

    Your Challenge

    Ransomware is a high-profile threat that demands immediate attention:

    • Sophisticated ransomware attacks are on the rise and evolving quickly.
    • Emerging strains can exfiltrate sensitive data, encrypt systems, and destroy backups in only a few hours, which makes recovery a grueling challenge.
    • Executives want reassurance but aren't ready to write a blank check. Improvements must be targeted and justified.

    Common Obstacles

    Ransomware is more complex than other security threats:

    • Malicious agents design progressive, disruptive attacks to pressure organizations to pay a ransom.
    • Organizations misunderstand ransomware risk scenarios, which obscures the likelihood and impact of an attack.
    • Conventional approaches focus on response and recovery, which do nothing to prevent an attack and are often ineffective against sophisticated attacks.

    Info-Tech's Approach

    To prevent a ransomware attack:

    • Conduct a through assessment of your current state, identify potential gaps, and assess the possible outcomes of an attack.
    • Analyze attack vectors and prioritize controls that prevent ransomware attacks, and implement ransomware protection and detection to reduce your attack surface.
    • Visualize, plan, and practice your response and recovery to reduce the potential impact of an attack.

    Info-Tech Insight

    Resilience is not a trampoline, where you're down one moment and up the next. It's more like climbing a mountain. It takes time, planning, and help from people around you to work through challenges. Focus on what is in your organization's control, and cultivate strengths that allow you to protect assets, detect incursions, respond effectively, and recovery quickly.

    Analyst Perspective

    Ransomware is an opportunity and a challenge.

    As I write, the frequency and impact of ransomware attacks continue to increase, with no end in sight. Most organizations will experience ransomware in the next 24 months, some more than once, and business leaders know it. You will never have a better chance to implement best practice security controls as you do now.

    The opportunity comes with important challenges. Hackers need to spend less time in discovery before they deploy an attack, which have become much more effective. You can't afford to rely solely on your ability to respond and recover. You need to build a resilient organization that can withstand a ransomware event and recover quickly.

    Resilient organizations are not impervious to attack, but they have tools to protect assets, detect incursions, and respond effectively. Resilience is not a trampoline, where you're down one moment and up the next. It's more like climbing a mountain. It takes time, planning, and help from people around you to overcome challenges and work through problems. But eventually you reach the top and look back at how far you've come.

    This is an image of Michael Hébert

    Michel Hébert
    Research Director, Security and Privacy
    Info-Tech Research Group

    Ransomware attacks are on the rise and evolving quickly.

    Three factors contribute to the threat:

    • The rise of ransomware-as-a-service, which facilitates attacks.
    • The rise of crypto-currency, which facilitates anonymous payment.
    • State sponsorship of cybercrime.

    Elementus maps ransomware payments made through bitcoin. Since 2019, victims made at least $2B in payments.

    A handful of criminal organizations, many of whom operate out of cybercrime hotbeds in Russia, are responsible for most of the damage. The numbers capture only the ransom paid, not the clean-up cost and economic fallout over attacks during this period.

    Total ransom money collected (2015 – 2021): USD 2,592,889,121

    This image contains a bubble plot graph showing the total ransom money collected between the years 2015 - 2021.

    The frequency and impact of ransomware attacks are increasing

    Emerging strains can exfiltrate sensitive data, encrypt systems and destroy backups in only a few hours, which makes recovery a grueling challenge.

    Sophos commissioned a vendor agnostic study of the real-world experience of 5,600 IT professionals in mid-sized organizations across 31 countries and 15 industries.

    The survey was conducted in Jan – Feb 2022 and asked about the experience of respondents over the previous year.

    66%
    Hit by ransomware in 2021
    (up from 37% in 2020)

    90%
    Ransomware attack affected their ability to operate

    $812,360 USD
    Average ransom payment

    $4.54M
    Average remediation cost (not including ransom)

    ONE MONTH
    Average recovery time

    Meanwhile, organizations continue to put their faith in ineffective ransomware defenses.

    Of the respondents whose organizations weren't hit by ransomware in 2021 and don't expect to be hit in the future, 72% cited either backups or cyberinsurance as reasons why they anticipated an attack.

    While these elements can help recover from an attack, they don't prevent it in the first place.

    Source: Sophos, State of Ransomware (2022)
    IBM, Cost of A Data Breach (2022)

    The 3-step ransomware attack playbook

    • Get in
    • Spread
    • Profit

    At each point of the playbook, malicious agents need to achieve something before they can move to the next step.

    Resilient organizations look for opportunities to:

    • Learn from incursions
    • Disrupt the playbook
    • Measure effectiveness

    Initial access

    Execution

    Privilege Escalation

    Credential Access

    Lateral Movement

    Collection

    Data Exfiltration

    Data encryption

    Deliver phishing email designed to avoid spam filter.

    Launch malware undetected.

    Identify user accounts.

    Target an admin account.

    Use brute force tactics to crack it.

    Move through the network and collect data.

    Infect as many critical systems and backups as possible to limit recovery options.

    Exfiltrate data to gain leverage.

    Encrypt data, which triggers alert.

    Deliver ransom note.

    Ransomware is more complex than other security threats

    Ransomware groups thrive through extortion tactics.

    • Traditionally, ransomware attacks focused on encrypting files as an incentive for organizations to pay up.
    • As organizations improved backup and recovery strategies, gangs began targeting, encrypting, and destroying back ups.
    • Since 2019, gangs have focused on a double-extortion strategy: exfiltrate sensitive or protected data before encrypting systems and threaten to publish them.

    Organizations misunderstand ransomware risk scenarios, which obscures the potential impact of an attack.

    Ransom is only a small part of the equation. Four process-related activities drive ransomware recovery costs:

    • Detection and Response – Activities that enable detection, containment, eradication and recovery.
    • Notification – Activities that enable reporting to data subjects, regulators, law enforcement, and third parties.
    • Lost Business – Activities that attempt to minimize the loss of customers, business disruption, and revenue.
    • Post Breach Response – Redress activities to victims and regulators, and the implementation of additional controls.

    Source: IBM, Cost of a Data Breach (2022)

    Disrupt the attack each stage of the attack workflow.

    An effective response with strong, available backups will reduce the operational impact of an attack, but it won't spare you from its reputational and regulatory impact.

    Put controls in place to disrupt each stage of the attack workflow to protect the organization from intrusion, enhance detection, respond quickly, and recover effectively.

    Shortening dwell time requires better protection and detection

    Ransomware dwell times and average encryption rates are improving dramatically.

    Hackers spend less time in your network before they attack, and their attacks are much more effective.

    Avg dwell time
    3-5 Days

    Avg encryption rate
    70 GB/h

    Avg detection time
    11 Days

    What is dwell time and why does it matter?

    Dwell time is the time between when a malicious agent gains access to your environment and when they are detected. In a ransomware attack, most organizations don't detect malicious agents until they deploy ransomware, encrypt their files, and lock them out until they pay the ransom.

    Effective time is a measure of the effectiveness of the encryption algorithm. Encryption rates vary by ransomware family. Lockbit has the fastest encryption rate, clocking in at 628 GB/h.

    Dwell times are dropping, and encryption rates are increasing.

    It's more critical than ever to build ransomware resilience. Most organizations do not detect ransomware incursions in time to prevent serious business disruption.

    References: Bleeping Computers (2022), VentureBeat, Dark Reading, ZDNet.

    Resilience depends in part on response and recovery capabilities

    This blueprint will focus on improving your ransomware resilience to:

    • Protect against ransomware.
    • Detect incursions.
    • Respond and recovery effectively.

    Response

    Recovery

    This image depicts the pathway for response and recovery from a ransomware event.

    For in-depth assistance with disaster recovery planning, refer to Info-Tech's Create a Right-Sized Disaster Recovery.

    Info-Tech's ransomware resilience framework

    Disrupt the playbooks of ransomware gangs. Put controls in place to protect, detect, respond and recover effectively.

    Prioritize protection

    Put controls in place to harden your environment, train savvy end users, and prevent incursions.

    Support recovery

    Build and test a backup strategy that meets business requirements to accelerate recovery and minimize disruption.

    Protect Detect Respond

    Recover

    Threat preparedness

    Review ransomware threat techniques and prioritize detective and mitigation measures for initial and credential access, privilege escalation, and data exfiltration.

    Awareness and training

    Develop security awareness content and provide cybersecurity and resilience training to employees, contractors and third parties.

    Perimeter security

    Identify and implement network security solutions including analytics, network and email traffic monitoring, and intrusion detection and prevention.

    Respond and recover

    Identify disruption scenarios and develop incident response, business continuity, and disaster recovery strategies.

    Access management

    Review the user access management program, policies and procedures to ensure they are ransomware-ready.

    Vulnerability management

    Develop proactive vulnerability and patch management programs that mitigate ransomware techniques and tactics.

    This image contains the thought map for Info-Tech's Blueprint: Build Resilience Against Ransomware Attacks.

    Info-Tech's ransomware resilience methodology

    Assess resilience Protect and detect Respond and recover Improve resilience
    Phase steps
    1. Build ransomware risk scenario
    2. Conduct resilience assessment
    1. Assess attack vectors
    2. Identify countermeasures
    1. Review Security Incident Management Plan
    2. Run Tabletop Test (IT)
    3. Document Workflow and Runbook
    1. Run Tabletop Test (Leadership)
    2. Prioritize Resilience Initiatives
    Phase outcomes
    • Ransomware Resilience Assessment
    • Risk Scenario
    • Targeted ransomware countermeasures to improve protection and detection capabilities
    • Security Incident Response Plan Assessment
    • Tabletop Test (IT)
    • Ransomware Workflow and Runbook
    • Tabletop Test (Leadership)
    • Ransomware Resilience Roadmap & Metrics

    Insight Summary

    Shift to a ransomware resilience model

    Resilience is not a trampoline, where you're down one moment and up the next. It's more like climbing a mountain. It takes time, planning, and help from people around you to work through challenges.

    Focus on what is in your organization's control, and cultivate strengths that allow you to protect assets, detect incursions, and respond and recover quickly

    Visualize challenges

    Build risk scenarios that describe how a ransomware attack would impact organizational goals.

    Understand possible outcomes to motivate initiatives, protect your organization, plan your response, and practice recovery.

    Prioritize protection

    Dwell times and effective times are dropping dramatically. Malicious agents spend less time in your network before they deploy an attack, and their attacks are much more effective. You can't afford to rely on your ability to respond and recover alone.

    Seize the moment

    The frequency and impact of ransomware attacks continue to increase, and business leaders know it. You will never have a better chance to implement best practice security controls than you do now.

    Measure ransomware resilience

    The anatomy of ransomware attack is relatively simple: malicious agents get in, spread, and profit. Deploy ransomware protection metrics to measure ransomware resilience at each stage.

    Key deliverable

    Ransomware resilience roadmap

    The resilience roadmap captures the key insights your work will generate, including:

    • An assessment of your current state and a list of initiatives you need to improve your ransomware resilience.
    • The lessons learned from building and testing the ransomware response workflow and runbook.
    • The controls you need to implement to measure and improve your ransomware resilience over time.

    Project deliverables

    Info-Tech supports project and workshop activities with deliverables to help you accomplish your goals and accelerate your success.

    Ransomware Resilience Assessment

    Measure ransomware resilience, identify gaps, and draft initiatives.

    Enterprise Threat Preparedness Workbook

    Analyze common ransomware techniques and develop countermeasures.

    Ransomware Response Workflow & Runbook

    Capture key process steps for ransomware response and recovery.

    Ransomware Tabletop Tests

    Run tabletops for your IT team and your leadership team to gather lessons learned.

    Ransomware Resilience Roadmap

    Capture project insights and measure resilience over time.

    Plan now or pay later

    Organizations worldwide spent on average USD 4.62M in 2021 to rectify a ransomware attack. These costs include escalation, notification, lost business and response costs, but did not include the cost of the ransom. Malicious ransomware attacks that destroyed data in destructive wiper-style attacks cost an average of USD 4.69M.

    Building better now is less expensive than incurring the same costs in addition to the clean-up and regulatory and business disruption costs associated with successful ransomware attacks.

    After each Info-Tech experience, we ask our members to quantify the real-time savings, monetary impact, and project improvements our research and advisory services helped them achieve.

    Source: IBM, Cost of a Data Breach (2022)

    See what members have to say about the ransomware resilience blueprint:

    • Overall Impact: 9.8 / 10
    • Average $ Saved: $98,796
    • Average Days Saved: 17

    "Our advisor was well-versed and very polished. While the blueprint alone was a good tool to give us direction, his guidance made it significantly faster and easier to accomplish than if we had tried to tackle it on our own."

    CIO, Global Manufacturing Organization

    Blueprint benefits

    IT benefits

    Business benefits

    • Provide a structured approach for your organization to identify gaps, quantify the risk, and communicate status to drive executive buy-in.
    • Create a practical ransomware incident response plan that combines a high-level workflow with a detailed runbook to coordinate response and recovery.
    • Present an executive-friendly project roadmap with resilience metrics that summarizes your plan to address gaps and improve your security posture.
    • Enable leadership to make risk-based, informed decisions on resourcing and investments to improve ransomware readiness.
    • Quantify the potential impact of a ransomware attack on your organization to drive risk awareness.
    • Identify existing gaps so they can be addressed, whether by policy, response plans, technology, or a combination of these.

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    "Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful."

    Guided Implementation

    "Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track."

    Workshop

    "We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place."

    Consulting

    "Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project."

    Diagnostics and consistent frameworks used throughout all four options

    Executive brief case study

    SOURCE: Interview with CIO of large enterprise

    Organizations who "build back better" after a ransomware attack often wish they had used relevant controls sooner.

    Challenge

    In February 2020, a large organization found a ransomware note on an admin's workstation. They had downloaded a local copy of the organization's identity management database for testing and left a port open on their workstation. Hackers exfiltrated it and encrypted the data on the workstation. They demanded a ransom payment to decrypt the data.

    Complication

    Because private information was breached, the organization informed the state-level regulator. With 250,000 accounts affected, plans were made to require password changes en masse. A public announcement was made two days after the breach to ensure that everyone affected could be reached.

    The organization decided not to pay the ransom because it had a copy on an unaffected server.

    Resolution

    The organization was praised for its timely and transparent response.

    The breach motivated the organization to put more protections in place, including:

    • The implementation of a deny-by-default network.
    • The elimination of remote desktop protocol and secure shell.
    • IT mandating MFA.
    • New endpoint-detection and response systems.

    Executive brief case study

    SOURCE: Info-Tech Workshop Results
    iNDUSTRY: Government

    Regional government runs an Info-Tech workshop to fast-track its ransomware incident response planning

    The organization was in the middle of developing its security program, rolling out security awareness training for end users, and investing in security solutions to protect the environment and detect incursions. Still, the staff knew they still had holes to fill. They had not yet fully configured and deployed security solutions, key security policies were missing, and they had didn't have a documented ransomware incident response plan.

    Workshop results

    Info-Tech advisors helped the organization conduct a systematic review of existing processes, policies, and technology, with an eye to identify key gaps in the organization's ransomware readiness. The impact analysis quantified the potential impact of a ransomware attack on critical systems to improve the organizational awareness ransomware risks and improve buy-in for investment in the security program.

    Info-Tech's tabletop planning exercise provided a foundation for the organization's actual response plan. The organization used the results to build a ransomware response workflow and the framework for a more detailed runbook. The workshop also helped staff identifies ways to improve the backup strategy and bridge further gaps in their ability to recover.

    The net result was a current-state response plan, appropriate capability targets aligned with business requirements, and a project roadmap to achieve the organization's desired state of ransomware readiness.

    Guided implementation

    What kind of analyst experiences do clients have when working through this blueprint?

    Scoping Call Phase 1 Phase 2 Phase 3 Phase 4

    Call #1:

    Discuss context, identify challenges, and scope project requirements.

    Identify ransomware resilience metrics.

    Call #2:

    Build ransomware risk scenario.

    Call #4:

    Review common ransomware attack vectors.

    Identify and assess mitigation controls.

    Call #5:

    Document ransomware workflow and runbook.

    Call #7:

    Run tabletop test with leadership.

    Call #3:

    Assess ransomware resilience.

    Call #6:

    Run tabletop test with IT.

    Call #8:

    Build ransomware roadmap.

    Measure ransomware resilience metrics.

    A guided implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization.

    A typical GI is 6 to 8 calls over the course of 4 to 6 months.

    Workshop overview

    Contact your account representative for more information.
    workshops@infotech.com 1-888-670-8889

    Day 1 Day 2 Day 3 Day 4 Day 5
    Activities

    Assess ransomware resilience

    Protect and detect

    Respond and recover

    Improve ransomware resilience

    Wrap-up (offsite and offline)

    1.1 1 Review incidents, challenges, and project drivers.

    1.1.2 Diagram critical systems and dependencies.

    1.1.3 Build ransomware risk scenario.

    2.1 1. Assess ransomware threat preparedness.

    2.2 2. Determine the impact of ransomware techniques on your environment.

    2.3 3. Identify countermeasures to improve protection and detection capabilities.

    3.1.1 Review the workflow and runbook templates.

    3.1.2 Update/define your threat escalation protocol.

    3.2.1 Define scenarios for a range of incidents.

    3.2.2 Run a tabletop planning exercise (IT).

    3.3.1 Update your ransomware response workflow.

    4.1.1 Run a tabletop planning exercise (leadership).

    4.1.2 Identify initiatives to close gaps and improve resilience.

    4.1.3 Review broader strategies to improve your overall security program.

    4.2.1 Prioritize initiatives based on factors such as effort, cost, and risk.

    4.2.2 Review the dashboard to fine tune your roadmap.

    4.3.1 Summarize status and next steps in an executive presentation.

    5.1 Complete in-progress deliverables from previous four days.

    5.2 Set up review time for workshop deliverables and to discuss next steps.

    5.3 Revisit ransomware resilience metrics in three months.

    Deliverables
    1. Workshop goals
    2. Ransomware Risk Scenario
    3. Ransomware Resilience Assessment
    1. Targeted ransomware countermeasures to improve protection and detection capabilities.
    1. Security Incident Response Plan Assessment
    2. Tabletop Planning Session (IT)
    3. Ransomware Workflow and Runbook
    1. Tabletop Planning Session (Leadership)
    2. Ransomware Resilience Roadmap and Metrics
    3. Ransomware Summary Presentation
    1. Completed Ransomware Resilience Roadmap
    2. Ransomware Resilience Assessment
    3. Ransomware Resilience Summary Presentation

    Phase 1

    Assess ransomware resilience

    Phase 1 Phase 2 Phase 3 Phase 4

    1.1 Build ransomware risk scenario

    1.2 Conduct resilience assessment

    2.1 Assess attack vectors

    2.2 Identify countermeasures

    3.1 Review Security Incident Management Plan

    3.2 Run Tabletop Test (IT)

    3.3 Document Workflow and Runbook

    4.1 Run Tabletop Test (Leadership)

    4.2 Prioritize resilience initiatives

    4.3 Measure resilience metrics

    This phase will walk you through the following activities:

    • Conducting a maturity assessment.
    • Reviewing selected systems and dependencies.
    • Assessing a ransomware risk scenario.

    This phase involves the following participants:

    • Security Incident Response Team (SIRT)
    • System subject-matter experts (SMEs)

    Build Ransomware Resilience

    Step 1.1

    Build ransomware risk scenario

    Activities

    1.1.1 Review incidents, challenges and project drivers

    1.1.2 Diagram critical systems and dependencies

    1.1.3 Build ransomware risk scenario

    Assess ransomware resilience

    This step will guide you through the following activities:

    • Reviewing incidents, challenges, and drivers.
    • Diagraming critical systems and dependencies.
    • Building a ransomware risk scenario.

    This step involves the following participants:

    • Security Incident Response Team (SIRT)
    • Subject-Matter Experts

    Outcomes of this step

    • Establish a repeatable process to evaluate and improve ransomware readiness across your environment.
    • Build a ransomware risk scenario to assess the likelihood and impact of an attack.

    1.1.1 Review incidents, challenges, and project drivers

    1 hour

    Brainstorm the challenges you need to address in the project. Avoid producing solutions at this stage, but certainly record suggestions for later. Use the categories below to get the brainstorming session started.

    Past incidents and other drivers

    • Past incidents (be specific):
      • Past security incidents (ransomware and other)
      • Close calls (e.g. partial breach detected before damage done)
    • Audit findings
    • Events in the news
    • Other?

    Security challenges

    • Absent or weak policies
    • Lack of security awareness
    • Budget limitations
    • Other?

    Input

    • Understanding of existing security capability and past incidents.

    Output

    • Documentation of past incidents and challenges.
    • Level-setting across the team regarding challenges and drivers.

    Materials

    • Whiteboard or flip chart (or a shared screen if staff are remote)

    Participants

    • Security Incident Response Team (SIRT)

    1.1.2 Diagram critical systems and dependencies (1)

    1 hour

    Brainstorm critical systems and their dependencies to build a ransomware risk scenario. The scenario will help you socialize ransomware risks with key stakeholders and discuss the importance of ransomware resilience.

    Focus on a few key critical systems.

    1. On a whiteboard or flip chart paper, make a list of systems to potentially include in scope. Consider:
      1. Key applications that support critical business operations.
      2. Databases that support multiple key applications.
      3. Systems that hold sensitive data (e.g. data with personally identifiable information [PII]).
    2. Select five to ten systems from the list.
      1. Select systems that support different business operations to provide a broader sampling of potential impacts and recovery challenges.
      2. Include one or two non-critical systems to show how the methodology addresses a range of criticality and context.

    Input

    • High-level understanding of critical business operations and data sets.

    Output

    • Clarify context, dependencies, and security and recovery challenges for some critical systems.

    Materials

    • Whiteboard or flip chart (or a shared screen if staff are remote)

    Participants

    • Security Incident Response Team (SIRT)
    • System SMEs (if not covered by SIRT members)

    1.1.2 Diagram critical systems and dependencies (2)

    1 hour

    1. A high-level topology or architectural diagram is an effective way to identify dependencies and communicate risks to stakeholders.

    Start with a WAN diagram, then your production data center, and then each critical
    system. Use the next three slides as your guide.

    Notes:

    • If you have existing diagrams, you can review those instead. However, if they are too detailed, draw a higher-level diagram to provide context. Even a rough sketch is a useful reference tool for participants.
    • Keep the drawings tidy and high level. Visualize the final diagram before you start to draw on the whiteboard to help with spacing and placement.
    • Collaborate with relevant SMEs to identify dependencies.

    Input

    • High-level understanding of critical business operations and data sets.

    Output

    • Clarify context, dependencies, and security and recovery challenges for some critical systems.

    Materials

    • Whiteboard or flip chart (or a shared screen if staff are remote)

    Participants

    • Security Incident Response Team (SIRT)
    • System SMEs (if not covered by SIRT members)

    For your WAN diagram, focus on data center and business locations

    Start with a high-level network diagram like this one, and then dig deeper (see following slides) to provide more context. Below is an example; of course, your sketched diagrams may be rougher.

    This image contains a nexample of a High level Network Diagram.

    Diagram your production data center to provide context for the systems in scope

    Creating a high-level diagram provides context across different IT disciplines involved in creating your DRP. If you have multiple production data centers, focus on the data center(s) relevant to the selected systems. Below is an example.

    This image contains a nexample of a high level diagram which focuses on the data centers relevent to the selected system.

    Diagram each selected system to identify specific dependencies and redundancies

    Diagram the "ecosystem" for each system, identifying server, storage, and network dependencies. There may be overlap with the production data center diagram – but aim to be specific here. Below is an example that illustrates front-end and back-end components.

    When you get to this level of detail, use this opportunity to level-set with the team. Consider the following:

    • Existing security (Are these systems protected by your existing security monitoring and threat detection tools?).
    • Security challenges (e.g. public-facing systems).
    • Recovery challenges (e.g. limited or infrequent backups).
    This is an example of a diagram of a system ecosystem.

    Note the limitations of your security, backup, and DR solutions

    Use the diagrams to assess limitations. Gaps you identify here will often apply to other aspects of your environment.

    1. Security limitations
    • Are there any known security vulnerabilities or risks, such as external access (e.g. for a customer portal)? If so, are those risks mitigated? Are existing security solutions being fully used?
  • Backup limitations
    • What steps are taken to ensure the integrity of your backups (e.g. through inline or post-backup scanning, or the use of immutable backups)? Are there multiple restore points to provide more granularity when determining how far back you need to go for a clean backup?
  • Disaster recovery limitations
    • Does your DR solution account for ransomware attacks or is it designed only for one-way failover (i.e. for a smoking hole scenario)?
  • We will review the gaps we identify through the project in phase 4.

    For now, make a note of these gaps and continue with the next step.

    Draft risk scenarios to illustrate ransomware risk

    Risk scenarios help decision-makers understand how adverse events affect business goals.

    • Risk-scenario building is the process of identifying the critical factors that contribute to an adverse event and crafting a narrative that describes the circumstances and consequences if it were to happen.
    • Risk scenarios set up the risk analysis stage of the risk assessment process. They are narratives that describe in detail:
      • The asset at risk.
      • The threat that can act against the asset.
      • Their intent or motivation.
      • The circumstances and threat actor model associated with the threat event.
      • The potential effect on the organization.
      • When or how often the event might occur.

    Risk scenarios are further distilled into a single sentence or risk statement that communicates the essential elements from the scenario.

    Risk identification → Risk scenario → Risk statement

    Well-crafted risk scenarios have four components

    The slides walk through how to build a ransomware risk scenario

    THREAT Exploits an ASSET Using a METHOD Creating an EFFECT.

    An actor capable of harming an asset

    Anything of value that can be affected and results in loss

    Technique an actor uses to affect an asset

    How loss materializes

    Examples: Malicious or untrained employees, cybercriminal groups, malicious state actors

    Examples: Systems, regulated data, intellectual property, people

    Examples: Credential compromise, privilege escalation, data exfiltration

    Examples: Loss of data confidentiality, integrity, or availability; impact on staff health and safety

    Risk scenarios are concise, four to six sentence narratives that describe the core elements of forecasted adverse events.

    Use them to engage stakeholders with the right questions and guide them to make informed decisions about how to address ransomware risks.

    1.1.3 Build ransomware risk scenario (1)

    2 hours

    In a ransomware risk scenario, the threat, their motivations, and their methods are known. Malicious agents are motivated to compromise critical systems, sabotage recovery, and exfiltrate data for financial gain.

    The purpose of building the risk scenario is to highlight the assets at risk and the potential effect of a ransomware attack.

    As a group, consider critical or mission-essential systems identified in step 1.1.2. On a whiteboard, brainstorm the potential adverse effect of a loss of system availability, confidentiality or integrity.

    Consider the impact on:

    • Information systems.
    • Sensitive or regulated data.
    • Staff health and safety.
    • Critical operations and objectives.
    • Organizational finances.
    • Reputation and brand loyalty.

    Input

    • Understanding of critical systems and dependencies.

    Output

    • Ransomware risk scenario to engage guide stakeholders to make informed decisions about addressing risks.

    Materials

    • Whiteboard or flip chart (or a shared screen if staff are remote)

    Participants

    • Security Incident Response Team (SIRT)

    1.1.3 Build ransomware risk scenario (2)

    2 hours

    1. On a whiteboard, brainstorm how threat agents will exploit vulnerabilities in critical assets to reach their goal. Redefine attack vectors to capture what could result from a successful initial attack.
    2. Bring together the critical risk elements into a single risk scenario.
    3. Distill the risk scenario into a single risk statement that captures the threat, the asset it will exploit, the method it will use, and the impact it will have on the organization.
    4. You can find a sample risk scenario and risk statement on the next slide.

    THREAT Exploits an ASSET Using a METHOD Creating an EFFECT.

    Inputs for risk scenario identification

    Risk analysis

    Critical assets

    ERP, CRM, FMS, LMS

    Operational technology

    Sensitive or regulated data

    Threat agents

    Cybercriminals

    Methods

    Compromise end user devices through social engineering attacks,. Compromise networks through external exposures and software vulnerabilities.

    Identify and crack administrative account. Escalate privileges. Move laterally.

    Collect data, destroy backups, exfiltrate data for leverage, encrypt systems,.

    Threaten to publish exfiltrated data and demand ransom.

    Adverse effect

    Serious business disruption

    Financial damage

    Reputational damage

    Potential litigation

    Average downtime: 30 Days

    Average clean-up costs: USD 1.4M

    Sample ransomware risk scenario

    Likelihood: Medium
    Impact: High

    Risk scenario

    Cyber-criminals penetrate the network, exfiltrate critical or sensitive data, encrypt critical systems, and demand a ransom to restore access.

    They threaten to publish sensitive data online to pressure the organization to pay the ransom, and reach out to partners, staff, and students directly to increase the pressure on the organization.

    Network access likely occurs through a phishing attack, credential compromise, or remote desktop protocol session.

    Risk statement

    Cybercriminals penetrate the network, compromise backups, exfiltrate and encrypt data, and disrupt computer systems for financial gain.

    Threat Actor:

    • Cybercriminals

    Assets:

    • Critical systems (ERP, FMS, CRM, LMS)
    • HRIS and payroll
    • Data warehouse
    • Office 365 ecosystem (email, Teams)

    Effect:

    • Loss of system availability
    • Lost of data confidentiality

    Methods:

    • Phishing
    • Credential compromise
    • Compromised remote desktop protocol
    • Privilege escalation
    • Lateral movement
    • Data collection
    • Data exfiltration
    • Data encryption

    Step 1.2

    Conduct resilience assessment

    Activities

    1.2.1 Complete resilience assessment

    1.2.2 Establish resilience metrics

    This step will guide you through the following activities :

    • Completing a ransomware resilience assessment
    • Establishing baseline metrics to measure ransomware resilience.

    This step involves the following participants:

    • Security Incident Response Team (SIRT)
    • Subject-matter experts

    .Outcomes of this step

    • Current maturity, targets, and initial gap analysis

    Maturity levels in this blueprint draw on the CMMI framework

    The maturity levels are based on the Capability Maturity Model Integration framework. We outline our modifications below.

    CMMI Maturity Level – Default Descriptions:

    CMMI Maturity Level – Modified for This Assessment:

    • Level 1 – Initial: Unpredictable and reactive. Work gets completed but is often delayed and over budget.
    • Level 2 – Managed: Managed on the project level. Projects are planned, performed, measured, and controlled.
    • Level 3 – Defined: Proactive rather than reactive. Organization-wide standards provide guidance across projects, programs, and portfolios.
    • Level 4 – Quantitatively managed: Measured and controlled. Organization is data-driven, with quantitative performance improvement objectives that are predictable and align to meet the needs of internal and external stakeholders.
    • Level 5 – Optimizing: Stable and flexible. Organization is focused on continuous improvement and is built to pivot and respond to opportunity and change. The organization's stability provides a platform for agility and innovation.
    • Level 1 – Initial/ad hoc: Not well defined and ad hoc in nature.
    • Level 2 – Developing: Established but inconsistent and incomplete.
    • Level 3 – Defined: Formally established, documented, and repeatable.
    • Level 4 – Managed and measurable: Managed using qualitative and quantitative data to ensure alignment with business requirements.
    • Level 5 – Optimizing: Qualitative and quantitative data is used to continually improve.

    (Source: CMMI Institute, CMMI Levels of Capability and Performance)

    Info-Tech's ransomware resilience framework

    Disrupt the playbooks of ransomware gangs. Put controls in place to protect, detect, respond and recover effectively.

    Prioritize protection

    Put controls in place to harden your environment, train savvy end users, and prevent incursions.

    Support recovery

    Build and test a backup strategy that meets business requirements to accelerate recovery and minimize disruption.

    Protect Detect Respond

    Recover

    Threat preparedness

    Review ransomware threat techniques and prioritize detective and mitigation measures for initial and credential access, privilege escalation, and data exfiltration.

    Awareness and training

    Develop security awareness content and provide cybersecurity and resilience training to employees, contractors and third parties.

    Perimeter security

    Identify and implement network security solutions including analytics, network and email traffic monitoring, and intrusion detection and prevention.

    Respond and recover

    Identify disruption scenarios and develop incident response, business continuity, and disaster recovery strategies.

    Access management

    Review the user access management program, policies and procedures to ensure they are ransomware-ready.

    Vulnerability management

    Develop proactive vulnerability and patch management programs that mitigate ransomware techniques and tactics.

    1.2.1 Complete the resilience assessment

    2-3 hours

    Use the Ransomware Resilience Assessment Tool to assess maturity of existing controls, establish a target state, and identify an initial set of initiatives to improve ransomware resilience.

    Keep the assessment tool on hand to add gap closure initiatives as you proceed through the project.

    Download the Ransomware Resilience Assessment

    Outcomes:

    • Capture baseline resilience metrics to measure progress over time.
      • Low scores are common. Use them to make the case for security investment.
      • Clarify the breadth of security controls.
      • Security controls intersect with a number of key processes and technologies, each of which are critical to ransomware resilience.
    • Key gaps identified.
      • Allocate more time to subsections with lower scores.
      • Repeat the scorecard at least annually to clarify remaining areas to address.

    Input

    • Understanding of current security controls

    Output

    • Current maturity, targets, and gaps

    Materials

    • Ransomware Resilience Assessment Tool

    Participants

    • Security Incident Response Team (SIRT)

    This is an image of the Ransomeware Resilience Assessment Table from Info-Tech's Ransomware Resilience Assessment Blueprint.

    1.2.2 Establish resilience metrics

    Ransomware resilience metrics track your ability to disrupt a ransomware attack at each stage of its workflow.

    Measure metrics at the start of the project to establish a baseline, as the project nears completion to measure progress.

    Attack workflow Process Metric Target trend Current Goal
    GET IN Vulnerability Management % Critical patches applied Higher is better
    Vulnerability Management # of external exposures Fewer is better
    Security Awareness Training % of users tested for phishing Higher is better
    SPREAD Identity and Access Management Adm accounts / 1000 users Lower is better
    Identity and Access Management % of users enrolled for MFA Higher is better
    Security Incident Management Avg time to detect Lower is better
    PROFIT Security Incident Management Avg time to resolve Lower is better
    Backup and Disaster Recovery % critical assets with recovery test Higher is better
    Backup and Disaster Recovery % backup to immutable storage Higher is better

    Phase 2

    Improve protection and detection capabilities

    Phase 1Phase 2Phase 3Phase 4

    1.1 Build ransomware risk scenario

    1.2 Conduct resilience assessment

    2.1 Assess attack vectors

    2.2 Identify countermeasures

    3.1 Review Security Incident Management Plan

    3.2 Run Tabletop Test (IT)

    3.3 Document Workflow and Runbook

    4.1 Run Tabletop Test (Leadership)

    4.2 Prioritize resilience initiatives

    4.3 Measure resilience metrics

    This phase will walk you through the following activities:

    • Assessing common ransomware attack vectors.
    • Identifying countermeasures to improve protection and detection capabilities.

    This phase involves the following participants:

    • Security Incident Response Team (SIRT)
    • System subject-matter experts (SMEs)

    Build Ransomware Resilience

    Step 2.1

    Assess attack vectors

    Activities

    2.1.1 Assess ransomware threat preparedness

    2.1.2 Determine the impact of ransomware techniques on your environment

    This step involves the following activities:

    • Assessing ransomware threat preparedness.
    • Configuring the threat preparedness tool.

    This step involves the following participants:

    • Security Incident Response Team (SIRT)
    • System subject-matter experts (SMEs)

    Outcomes of this step

    Assess risks associated with common ransomware attack vectors.

    Improve protection and detection capabilities

    Use the MITRE attack framework to prepare

    This phase draws on MITRE to improve ransomware protection and detection capabilities

    • The activities in this phase provide guidance on how to use the MITRE attack framework to protect your organizations against common ransomware techniques and tactics, and detect incursions.
    • You will:
      • Review common ransomware tactics and techniques.
      • Assess their impact on your environment.
      • Identify relevant countermeasures.
    • The Enterprise Threat Preparedness Workbook included with the project blueprint will be set up to deal with common ransomware threats and tactics.

    Download the Enterprise Threat Preparedness Workbook

    Review ransomware tactics and techniques

    Ransomware attack workflow

    Deliver phishing email designed to avoid spam filter.

    Launch malware undetected.

    Identify user accounts.

    Target an admin account.

    Use brute force tactics to crack it.

    Move through the network. Collect data.

    Infect critical systems and backups to limit recovery options.

    Exfiltrate data to gain leverage.

    Encrypt data, which triggers alert.

    Deliver ransom note.

    Associated MITRE tactics and techniques

    • Initial access
    • Execution
    • Privilege escalation
    • Credential access
    • Lateral movement
    • Collection
    • Data Exfiltration
    • Data encryption

    Most common ransomware attack vectors

    • Phishing and social engineering
    • Exploitation of software vulnerabilities
    • Unsecured external exposures
      • e.g. remote desktop protocols
    • Malware infections
      • Email attachments
      • Web pages
      • Pop-ups
      • Removable media

    2.1.1 Assess ransomware threat preparedness

    Estimated Time: 1-4 hours

    1. Read through the instructions in the Enterprise Threat Preparedness Workbook.
    2. Select ransomware attack tactics to analyze. Use the workbook to understand:
      1. Risks associated with each attack vector.
      2. Existing controls that can help you protect the organization and detect an incursion.
    3. This initial analysis is meant to help you understand your risk before you apply additional controls.

    Once you're comfortable, follow the instructions on the following pages to configure the MITRE ransomware analysis and identify how to improve your protection and detection capabilities.

    Download the Enterprise Threat Preparedness Workbook

    Input

    • Knowledge about existing infrastructure.
    • Security protocols.
    • Information about ransomware attack tactics, techniques, and mitigation protocols.

    Output

    • Structured understanding of the risks facing the enterprise based on your current preparedness and security protocols.
    • Protective and detective measures to improve ransomware resilience.

    Materials

    • Enterprise Threat Preparedness Workbook

    Participants

    • Security Incident Response Team (SIRT)
    • System subject-matter experts (SMEs)

    2.1.2 Determine the impact of techniques

    Estimated Time: 1-4 hours

    1. The Enterprise Threat Preparedness Workbook included with the project blueprint is set up to deal with common ransomware use cases.

    If you would like to change the set-up, go through the following steps.

    • Review the enterprise matrix. Select the right level of granularity for your analysis. If you are new to threat preparedness exercises, the Technique Level is a good starting point.
    • As you move through each tactic, align each sheet to your chosen technique domain to ensure the granularity of your analysis is consistent.
    • Read the tactics sheet from left to right. Determine the impact of the technique on your environment. For each control, indicate current mitigation levels using the dropdown list.

    The following slides walk you through the process with screenshots from the workbook.

    Download the Enterprise Threat Preparedness Workbook

    Input

    • Knowledge about existing infrastructure.
    • Security protocols.
    • Information about ransomware attack tactics, techniques, and mitigation protocols.

    Output

    • Structured understanding of the risks facing the enterprise based on your current preparedness and security protocols.
    • Protective and detective measures to improve ransomware resilience.

    Materials

    • Enterprise Threat Preparedness Workbook

    Participants

    • Security Incident Response Team (SIRT)
    • System subject-matter experts (SMEs)

    Select the domain for the analysis

    • The Tactics Dashboard is a live feed of your overall preparedness for the potential attack vectors that your organization may face. These 14 tactics correspond to the Enterprise Matrix used by the MITRE ATT&CK® framework.
    • The technique domain on the right side of the sheet is split in two main groups:
    • The Technique Level
      • - High-level techniques that an attacker may use to gain entry to your network.
      • - The Technique Level is a great starting point if you are new to threat preparedness.
    • The Sub-Technique Level
      • - Individual sub-techniques found throughout the MITRE ATT&CK® Framework.
      • - More mature organizations will find the Sub-Technique Level generates a deeper and more precise understanding of their current preparedness.

    Info-Tech Insight

    Dwell times and effective times are dropping dramatically. Malicious agents spend less time in your network before they deploy an attack, and their attacks are much more effective. You can't afford to rely on your ability to respond and recover alone.

    This is the first screenshot from Info-Tech's Tactic Preparedness Assessment Dashboard.

    Keep an eye on the enterprise matrix

    As you fill out the Tactic tabs with your evaluation, the overall reading will display the average of your overall preparedness for that tactic.

    Choosing the Technique Domain level will increase the accuracy of the reporting at the cost of speed.

    The Technique level is faster but provides less specifics for each control and analyzes them as a group.

    The Sub-Technique level is much more granular, but each tactic and technique has several sub-techniques that you will need to account for.

    Check with the dashboard to see the associated risk level for each of the tactics based on the legend. Tactics that appear white have not yet been assessed or are rated as "N/A" (not applicable).

    This is the second screenshot from Info-Tech's Tactic Preparedness Assessment Dashboard.

    When you select your Technique Domain, you cannot change it again. Changing the domain mid-analysis will introduce inaccuracies in your security preparedness.

    Configure the tactics tabs

    • Each tactic has a corresponding tab at the bottom of the Excel workbook.
      Adjusting the Technique Domain level will change the number of controls shown.
    • Next, align the sheet to the domain you selected on Tab 2 before you continue. As shown in the example to the right,
      • Select "1" for Technique Level.
      • Select "2" for Sub-Technique Level.
    • This will collapse the controls to your chosen level of granularity.

    This is a screenshot showing how you can configure the tactics tab of the Ransomware Threat Preparedness Workbook

    Read tactic sheets from left to right

    This is a screenshot of the tactics tab of the Ransomware Threat Preparedness Workbook

    Technique:

    How an attacker will attempt to achieve their goals through a specific action.

    ID:

    The corresponding ID number on the MITRE ATT&CK® Matrix for quick reference.

    Impact of the Technique(s):

    If an attack of this type is successful on your network, how deep does the damage run?

    Current Mitigations:

    What security protocols do you have in place right now that can help prevent an attacker from successfully executing this attack technique? The rating is based on the CMMI scale.

    Determine the impact of the technique

    • For each control, indicate the current mitigation level using the dropdown list.
    • Only use "N/A" if you are confident that the control is not required in your organization.

    Info-Tech Insight

    We highly recommend that you write comments about your current-state security protocols. First, it's great to have documented your thought processes in the event of a threat modeling session. Second, you can speak to deficits clearly, when asked.

    This is the second screenshot from Info-Tech's Reconnaissance Tactic Analysis

    Review technique preparedness

    • If you have chosen the Technique level, the tool should resemble this image:
      • High-level controls are analyzed, and sub-controls hidden.
      • The sub-techniques under the broader technique show how a successful attack from this vector would impact your network.
    • Each sub-technique has a note for additional context:
      • Under Impact, select the overall impact for the listed controls to represent how damaging you believe the controls to be.
      • Next select your current preparedness maturity in terms of preparedness for the same techniques. Ask yourself "What do I have that contributes to blocking this technique?"

    This is the third screenshot from Info-Tech's Reconnaissance Tactic Analysis

    Info-Tech Insight

    You may discover that you have little to no mitigation actions in place to deal with one or many of these techniques. However, look at this discovery as a positive: You've learned more about the potential vectors and can actively work toward remediating them rather than hoping that a breach never happens through one of these avenues.

    Review sub-technique preparedness

    If you have chosen the Sub-Technique level, the tool should resemble this image.

    • The granular controls are being analyzed. However, the grouped controls will still appear. It is important to not fill the grouped sections, to make sure the calculations run properly.
    • The average of your sub-techniques will be calculated to show your overall preparedness level.
    • Look at the sub-techniques under the broader technique and consider how a successful attack from this vector would impact your network.

    Each sub-technique has a note for additional context and understanding about what the techniques are seeking to do and how they may impact your enterprise.

    • Because of the enhanced granularity, the final risk score is more representative of an enterprise's current mitigation capabilities.
    This is the fourth screenshot from Info-Tech's Reconnaissance Tactic Analysis

    Step 2.2

    Identify countermeasures

    Activities

    2.2.1 Identify countermeasures

    This step involves the following activities:

    • Identifying countermeasures

    This step involves the following participants:

    • Security Incident Response Team (SIRT)
    • System subject-matter experts (SMEs)

    Outcomes of this step

    Identification of countermeasures to common ransomware techniques, and tactics to improve protection and detection capabilities.

    Improve Protection and Detection Capabilities

    Review technique countermeasures

    As you work through the tool, your dashboard will prioritize your threat preparedness for each of the various attack techniques to give you an overall impression of your preparedness.

    For each action, the tool includes detection and remediation actions for you to consider either for implementation or as table stakes for your next threat modeling sessions.

    Note: Some sheets will have the same controls. However, the context of the attack technique may change your answers. Be sure to read the tactic and technique that you are on when responding to the controls.

    This is an image of the Privilege Escalation Tactic Analysis Table

    This is an image of the Defense Evasion Tactic Analysis Table

    Prioritize the analysis of ransomware tactics and sub-techniques identified on slide 45. If your initial analysis in Activity 2.2.1 determined that you have robust security protocols for some of the attack vectors, set these domains aside.

    2.2.1 Identify countermeasures

    Estimated Time: 1-4 hours

    1. Review the output of the Enterprise Threat Preparedness Workbook. Remediation efforts are on the right side of the sheet. These are categorized as either detection actions or mitigation actions.
      1. Detection actions:
      • What can you do before an attack occurs, and how can you block attacks? Detection actions may thwart an attack before it ever occurs.
    2. Mitigation actions:
      • If an attacker is successful through one of the attack methods, how do you lessen the impact of the technique? Mitigation actions address this function to slow and hinder the potential spread or damage of a successful attack.
  • Detection and mitigation measures are associated with each technique and sub-technique. Not all techniques will be able to be detected properly or mitigated. However, understanding their relationships can better prepare your defensive protocols.
  • Add relevant control actions to the initiative list in the Ransomware Resilience Assessment.
  • Input

    • Knowledge about existing infrastructure.
    • Security protocols.
    • Information about ransomware attack tactics, techniques, and mitigation protocols.
    • Outputs from the Threat Preparedness Workbook.

    Output

    • Structured understanding of the risks facing the enterprise based on your current preparedness and security protocols.
    • Protective and detective measures to improve ransomware resilience.

    Materials

    • Enterprise Threat Preparedness Workbook
    • Ransomware Resilience Assessment

    Participants

    • Security Incident Response Team (SIRT)
    • System subject-matter experts (SMEs)

    Phase 3

    Improve response and recovery capabilities

    Phase 1Phase 2Phase 3Phase 4

    1.1 Build ransomware risk scenario

    1.2 Conduct resilience assessment

    2.1 Assess attack vectors

    2.2 Identify countermeasures

    3.1 Review Security Incident Management Plan

    3.2 Run Tabletop Test (IT)

    3.3 Document Workflow and Runbook

    4.1 Run Tabletop Test (Leadership)

    4.2 Prioritize resilience initiatives

    4.3 Measure resilience metrics

    This phase will guide you through the following steps:

    • Documenting your threat escalation protocol.
    • Identify response steps and gaps.
    • Update your response workflow and runbook.

    This phase involves the following participants:

    • Security Incident Response Team (SIRT)

    Build Ransomware Resilience

    Step 3.1

    Review security incident management plan

    Activities

    3.1.1 Review the workflow and runbook templates

    3.1.2 Update/define your threat escalation protocol

    This step will walk you through the following activities:

    • Reviewing the example Workflow and Runbook
    • Updating and defining your threat escalation protocol.

    This step involves the following participants:

    • Security Incident Response Team (SIRT)

    Outcomes of this step

    • Clear escalation path for critical incidents.
    • Common understanding of incident severity that will drive escalation.

    Improve response and recovery capabilities

    3.1.1 Review the workflow and runbook templates

    30 minutes

    This blueprint includes sample information in the Ransomware Response Workflow Template and Ransomware Response Runbook Template to use as a starting points for the steps in Phase 3, including documenting your threat escalation protocol.

    • The Ransomware Response Workflow Template contains an example of a high-level security incident management workflow for a ransomware attack. This provides a structure to follow for the tabletop planning exercise and a starting point for your ransomware response workflow.
      The Workflow is aimed at incident commanders and team leads. It provides an at-a-glance view of the high-level steps and interactions between stakeholders to help leaders coordinate response.
    • The Ransomware Response Runbook Template is an example of a security incident management runbook for a ransomware attack. This includes a section for a threat escalation protocol that you can use as a starting point.
      The Runbook is aimed at the teams executing the response. It provides more specific actions that need to be executed at each phase of the incident response.

    Download the Ransomware Response Workflow Template

    Download the Ransomware Response Runbook Template

    Input

    • No Input Required

    Output

    • Visualize the end goal

    Materials

    • Example workflow and runbook in this blueprint

    Participants

    • Security Incident Response Team (SIRT)

    Two overlapping screenshots are depicted, including the table of contents from the Ransomware Response Runbook.

    3.1.2 Update/define your threat escalation protocol

    1-2 hours

    Document the Threat Escalation Protocol sections in the Ransomware Response Workflow Template or review/update your existing runbook. The threat escalation protocol defines which stakeholders to involve in the incident management process, depending on impact and scope. Specifically, you will need to define the following:

    Impact and scope criteria: Impact considers factors such as the criticality of the system/data, whether PII is at risk, and whether public notification is required. Scope considers how many systems or users are impacted.

    Severity assessment: Define the severity levels based on impact and scope criteria.

    Relevant stakeholders: Identify stakeholders to notify for each severity level, which can include external stakeholders.

    If you need additional guidance, see Info-Tech's Develop and Implement a Security Incident Management Program blueprint, which takes a broader look at security incidents.

    Input

    • Current escalation process (formal or informal).

    Output

    • Define criteria for severity levels and relevant stakeholders.

    Materials

    • Ransomware Response Workflow Template

    Participants

    • Security Incident Response Team (SIRT)

    This is an image of the Threat Escalation Protocol Criteria and Stakeholders.

    Step 3.2

    Run Tabletop Test (IT)

    Activities

    3.2.1 Define scenarios for a range of incidents

    3.2.2 Run a tabletop planning exercise

    This step will guide you through the following activities:

    • Defining scenarios for a range of incidents.
    • Running a tabletop planning exercise.

    This step involves the following participants:

    • Security Incident Response Team (SIRT)
    • Other stakeholders (as relevant)

    Outcomes of this step

    • Current-state incident response workflow, including stakeholders, steps, timeline.
    • Process and technology gaps to be addressed.

    Improve response and recovery capabilities

    3.2.1 Define scenarios for a range of incidents

    30 minutes

    As a group, collaborate to define scenarios that enable you to develop incident response details for a wide range of potential incidents. Below are example scenarios:

    • Scenario 1: An isolated attack on one key system. The database for a critical application is compromised. Assume the attack was not detected until files were encrypted, but that you can carry out a repair-in-place by wiping the server and restoring from backups.
    • Scenario 2: A site-wide impact that warrants broader disaster recovery. Several critical systems are compromised. It would take too long to repair in-place, so you need to failover to your DR environment, in addition to executing security response steps. (Note: If you don't have a DRP, see Info-Tech's Create a Right-Sized Disaster Recovery Plan.)
    • Scenario 3: A critical outsourced service or cloud service is compromised. You need to work with the vendor to determine the scope of impact and execute a response. This includes determining if your on-prem systems were also compromised.
    • Scenario 4: One or multiple end-user devices are compromised. Your response to the above scenarios would include assessing end-user devices as a possible source or secondary attack, but this scenario would provide more focus on the containing an attack on end-user devices.

    Note: The above is too much to execute in one 30-minute session, so plan a series of exercises as outlined on the next slide.

    Input

    • No input required

    Output

    • Determine the scope of your tabletop planning exercises

    Materials

    • Whiteboard or flip chart (or a shared screen if staff are remote)

    Participants

    • Security Incident Response Team (SIRT)

    Optimize the time spent by participants by running a series of focused exercises

    Not all stakeholders need to be present at every tabletop planning exercise. First, run an exercise with IT that focuses on the technical response. Run a second tabletop for non-IT stakeholders that focuses on the non-IT response, such as crisis communications, working with external stakeholders (e.g. law enforcement, cyberinsurance).

    Sample schedule:

    • Q1: Hold two sessions that run Scenarios 1 and 2 with relevant IT participants (see Activity 3.2.1). The focus for these sessions will be primarily on the technical response. For example, include notifying leadership and their role in decision making, but don't expand further on the details of their process. Similarly, don't invite non-IT participants to these sessions so you can focus first on understanding the IT response. Invite executives to the Q2 exercise, where they will have more opportunity to be involved.
    • Q2: Hold one session with the SIRT and non-IT stakeholders. Use the results of the Q1 exercises as a starting point and expand on the non-IT response steps (e.g. notifying external parties, executive decisions on response options).
    • Q3 and Q4: Run other sessions (e.g. for Scenarios 3 and 4) with relevant stakeholders. Ensure your ransomware incident response plan covers a wide range of possible scenarios.
    • Run ongoing exercises at least annually. Once you have a solid ransomware incident response plan, incorporate ransomware-based tabletop planning exercises into your overall security incident management testing and maintenance schedule.

    Info-Tech Insight

    Schedule these sessions well in advance to ensure appropriate resources are available. Document this in an annual test plan summary that outlines the scope, participants, and dates and times for the planned sessions.

    3.2.2 Run a tabletop planning exercise

    1-2 hours

    Remember that the goal is a deeper dive into how you would respond to an attack so you can clarify steps and gaps. This is not meant to just be a read-through of your plan. Follow the guidelines below:

    1. Select your scenario and invite relevant participants (see the previous slides).
    2. Guide participants through the incident and capture the steps and gaps along the way. Focus on one stakeholder at a time through each phase but be sure to get input from everyone. For example, focus on the Service Desk's steps for detection, then do the same as relevant to other stakeholders. Move on to analysis and do the same. (Tip: The distinction between phases is not always clear, and that's okay. Similarly, eradication and recovery might be the same set of steps. Focus on capturing the detail; you can clarify the relevant phase later.)
    3. Record the results (e.g. capture it in Visio) for reference purposes. (Tip: You can run the exercise directly in Visio. However, there's a risk that the tool may become a distraction. Enlist a scribe who is proficient with Visio so you don't need to wait for information to be captured and plan to save the detailed formatting and revising for later. )

    Refer to the Ransomware Tabletop Planning Results – Example as a guide for what to capture. Aim for more detail than found in your Ransomware Response Workflow (but not runbook-level detail).

    Download the Ransomware Tabletop Planning Results – Example

    Input

    • Baseline ransomware response workflow

    Output

    • Clarify your response workflow, capabilities, and gaps

    Materials

    • Whiteboard or sticky notes or index cards, or a shared screen

    Participants

    • Security Incident Response Team (SIRT)

    This is an example of a Ransomware Response Tabletop Planning Results Page.

    Step 3.3

    Document Workflow and Runbook

    Activities

    3.3.1 Update your ransomware response workflow

    3.3.2 Update your ransomware response runbook

    This step will guide you through the following activities:

    • Updating your ransomware response workflow.
    • Updating your ransomware response runbook.

    This step involves the following participants:

    • Security Incident Response Team (SIRT)

    Outcomes of this step

    • An updated incident response workflow and runbook based on current capabilities.

    Improve response and recovery capabilities

    3.3.1 Update your ransomware response workflow

    1 hour

    Use the results from your tabletop planning exercises (Activity 3.2.2) to update and clarify your ransomware response workflow. For example:

    • Update stakeholder swim-lanes: Clarify which stakeholders need a swim lane (e.g. where interactions between groups needs to be clarified). For example, consider an SIRT swim-lane that combines the relevant technical response roles, but have separate swim-lanes for other groups that the SIRT interacts with (e.g. Service Desk, the Executive Team).
    • Update workflow steps: Use the detail from the tabletop exercises to clarify and/or add steps, as well as further define the interactions between swim-lanes.(Tip: Your workflow needs to account for a range of scenarios. It typically won't be as specific as the tabletop planning results, which focus on only one scenario.)
    • Clarify the overall the workflow: Look for and correct any remaining areas of confusion and clutter. For example, consider adding "Go To" connectors to minimize lines crossing each other, adding color-coding to highlight key related steps (e.g. any communication steps), and/or resizing swim-lanes to reduce the overall size of the workflow to make it easier to read.
    • Repeat the above after each exercise: Continue to refine the workflow as needed until you reach the stage where you just need to validate that your workflow is still accurate.

    Input

    • Results from tabletop planning exercises (Activity 3.2.2)

    Output

    • Clarify your response workflow

    Materials

    • Ransomware Response Workflow

    Participants

    • Security Incident Response Team (SIRT)

    This is a screenshot from the ransomeware response tabletop planning

    3.3.2 Update your ransomware response runbook

    1 hour

    Use the results from your tabletop planning exercises (Activity 3.2.2) to update your ransomware response runbook. For example:

    • Align stakeholder sections with the workflow: Each stakeholder swim-lane in the workflow needs its own section in the runbook.
    • Update incident response steps: Use the detail from the tabletop exercise to clarify instructions for each stakeholder. This can include outlining specific actions, defining which stakeholders to work with, and referencing relevant documentation (e.g. vendor documentation, step-by-step restore procedures). (Tip: As with the workflow, the runbook needs to account for a range of scenarios, so it will include a list of actions that might need to be taken depending on the incident, as illustrated in the example runbook.)
    • Review and update your threat escalation protocol: It's best to define your threat escalation protocol before the tabletop planning exercise to help identify participants and avoid confusion. Now use the exercise results to validate or update that documentation.
    • Repeat the above after each exercise. Continue to refine your runbook as needed until you reach the stage where you just need to validate that your runbook is still accurate.

    Input

    • Results from tabletop planning exercises (Activity 3.2.2)

    Output

    • Clarified response runbook

    Materials

    • Ransomware Response Workflow

    Participants

    • Security Incident Response Team (SIRT)

    This is a screenshot of the Ransomware Response Runbook

    Phase 4

    Improve ransomware resilience

    Phase 1Phase 2Phase 3Phase 4

    1.1 Build ransomware risk scenario

    1.2 Conduct resilience assessment

    2.1 Assess attack vectors

    2.2 Identify countermeasures

    3.1 Review Security Incident Management Plan

    3.2 Run Tabletop Test (IT)

    3.3 Document Workflow and Runbook

    4.1 Run Tabletop Test (Leadership)

    4.2 Prioritize resilience initiatives

    4.3 Measure resilience metrics

    This phase will guide you through the following steps:

    • Identifying initiatives to improve ransomware resilience.
    • Prioritizing initiatives in a project roadmap.
    • Communicating status and recommendations.

    This phase involves the following participants:

    • Security Incident Response Team (SIRT)

    Build Ransomware Resilience

    Step 4.1

    Run Tabletop Test (leadership)

    Activities

    • 4.1.1 Identify initiatives to close gaps and improve resilience
    • 4.1.2 Review broader strategies to improve your overall security program

    This step will walk you through the following activities:

    • Identifying initiatives to close gaps and improve resilience.
    • Reviewing broader strategies to improve your overall security program.

    This step involves the following participants:

    • Security Incident Response Team (SIRT)

    Outcomes of this step

    • Specific potential initiatives based on a review of the gaps.
    • Broader potential initiatives to improve your overall security program.

    Improve ransomware resilience

    4.1.1 Identify initiatives to close gaps and improve resilience

    1 hour

    1. Use the results from the activities you have completed to identify initiatives to improve your ransomware readiness.
    2. Set up a blank spreadsheet with two columns and label them "Gaps" and "Initiatives." (It will be easier to copy the gaps and initiatives from this spreadsheet to you project roadmap, rather than use the Gap Initiative column in the Ransomware Readiness Maturity Assessment Tool.)
    3. Review your tabletop planning results:
      1. Summarize the gaps in the "Gaps" column in your spreadsheet created for this activity.
      2. For each gap, write down potential initiatives to address the gap.
      3. Where possible, combine similar gaps and initiatives. Similarly, the same initiative might address multiple gaps, so you don't need to identify a distinct initiative for every gap.
    4. Review the results of your maturity assessment completed in Phase 1 to identify additional gaps and initiatives in the spreadsheet created for this activity.

    Input

    • Tabletop planning results
    • Maturity assessment

    Output

    • Identify initiatives to improve ransomware readiness

    Materials

    • Blank spreadsheet

    Participants

    • Security Incident Response Team (SIRT)

    4.1.2 Review broader strategies to improve your overall security program

    1 hour

    1. Review the following considerations as outlined on the next few slides:
      • Implement core elements of an effective security program – strategy, operations, and policies. Leverage the work completed in this blueprint to provide context and address your immediate gaps while developing an overarching security strategy based on business requirements, risk tolerance, and overall security considerations. Security operations and policies are key to executing your overall security strategy and day to day incident management.
      • Update your backup strategy to account for ransomware attacks. Consider what your options would be today if your primary backups were infected? If those options aren't very good, your backup strategy needs a refresh.
      • Consider a zero-trust strategy. Zero trust reduces your reliance on perimeter security and moves controls to where the user accesses resources. However, it takes time to implement. Evaluate your readiness for this approach.
    2. As a team, discuss the merits of these strategies in your organization and identify potential initiatives. Depending on what you already have in place, the project may be to evaluate options (e.g. if you have not already initiated zero trust, assign a project to evaluate your options and readiness).

    Input

    • An understanding of your existing security practices and backup strategy.

    Output

    • Broader initiatives to improve ransomware readiness.

    Materials

    • Whiteboard or flip chart (or a shared screen if staff are remote)

    Participants

    • Security Incident Response Team (SIRT)

    Implement core elements of an effective security program

    There is no silver bullet. Ransomware readiness depends on foundational security best practices. Where budget allows, support that foundation with more advanced AI-based tools that identify abnormal behavior to detect an attack in progress.

    Leverage the following blueprints to implement the foundational elements of an effective security program:

    • Build an Information Security Strategy: Consider the full spectrum of information security, including people, processes, and technologies. Then base your security strategy on the risks facing your organization – not just on best practices – to ensure alignment with business goals and requirements.
    • Develop a Security Operations Strategy: Establish unified security operations that actively monitor security events and threat information, and turn that into appropriate security prevention, detection, analysis, and response processes.
    • Develop and Deploy Security Policies: Improve cybersecurity through effective policies, from acceptable use policies aimed at your end users to system configuration management policies aimed at your IT operations.

    Supplement foundational best practices with AI-based tools to counteract more sophisticated security attacks:

    • The evolution of ransomware gangs and ransomware as a service means the most sophisticated tools designed to bypass perimeter security and endpoint protection are available to a growing number of hackers.
    • Rather than activate the ransomware virus immediately, attackers will traverse the network using legitimate commands to infect as many systems as possible and exfiltrate data without generating alerts, then finally encrypt infected systems.
    • AI-based tools learn what is normal behavior and therefore can recognize unusual traffic (which could be an attack in progress) before it's too late. For example, a "user" accessing a server they've never accessed before.
    • Engage an Info-Tech analyst or consult SoftwareReviews to review products that will add this extra layer of AI-based security.

    Update your backup strategy to account for ransomware attacks

    Apply a defense-in-depth strategy. A daily disk backup that goes offsite once a week isn't good enough.

    In addition to applying your existing security practices to your backup solution (e.g. anti-malware, restricted access), consider:

    • Creating multiple restore points. Your most recent backup might be infected. Frequent backups allow you to be more granular when determining how far you need to roll back.
    • Having offsite backups and using different storage media. Reduce the risk of infected backups by using different storage media (e.g. disk, NAS, tape) and backup locations (e.g. offsite). If you can make the attackers jump through more hoops, you have a greater chance of detecting the attack before all backups are infected.
    • Investing in immutable backups. Most leading backup solutions offer options to ensure backups are immutable (cannot be altered after they are written).
    • Using the BIA you completed in Phase 2 to help decide where to prioritize investments. All the above strategies add to your backup costs and might not be feasible for all data. Use your BIA results to decide which data sets require higher levels of protection.

    This example strategy combines multiple restore points, offsite backup, different storage media, and immutable backups.

    This is an example of a backup strategy to account for ransomware attacks.

    Refer to Info-Tech's Establish an Effective Data Protection Plan blueprint for additional guidance.

    Explore zero-trust initiatives

    Zero trust is a set of principles, not a set of controls.

    Reduces reliance on perimeter security.

    Zero trust is a strategy that reduces reliance on perimeter security and moves controls to where your user accesses resources. It often consolidates security solutions, reduces operating costs, and enables business mobility.

    Zero trust must benefit the business first.

    IT security needs to determine how zero trust initiatives will affect core business processes. It's not a one-size-fits-all approach to IT security. Zero trust is the goal – but some organizations can only get so close to that ideal.

    For more information, see Build a Zero-Trust Roadmap.

    Info-Tech Insight

    A successful zero-trust strategy should evolve. Use an iterative and repeatable process to assess available zero-trust technologies and principles and secure the most relevant protect surfaces. Collaborate with stakeholders to develop a roadmap with targeted solutions and enforceable policies.

    Step 4.2

    Prioritize resilience initiatives

    Activities

    • 4.2.1 Prioritize initiatives based on factors such as effort, cost, and risk
    • 4.2.2 Review the dashboard to fine tune your roadmap

    This step will guide you through the following activities:

    • Prioritizing initiatives based on factors such as effort, cost, and risk.
    • Reviewing the dashboard to fine-tune your roadmap.

    This step involves the following participants:

    • Security Incident Response Team (SIRT)

    Outcomes of this step

    • An executive-friendly project roadmap dashboard summarizing your initiatives.
    • A visual representation of the priority, effort, and timeline required for suggested initiatives.

    Review the Ransomware Resilience Assessment

    Tabs 2 and 3 list initiatives relevant to your ransomware readiness improvement efforts.

    • At this point in the project, the Ransomware Resilience Assessment should contain a number of initiatives to improve ransomware resilience.
    • Tab 2 is prepopulated with examples of gap closure actions to consider, which are categorized into initiatives listed on Tab 3.
    • Follow the instructions in the Ransomware Resilience Assessment to:
      • Categorize gap control actions into initiatives.
      • Prioritize initiatives based on cost, effort, and benefit.
      • Construct a roadmap for consideration.

    Download the Ransomware Resilience Assessment

    4.2.1 Prioritize initiatives based on factors such as effort, cost, and risk

    1 hour

    Prioritize initiatives in the Ransomware Resilience Assessment.

    1. The initiatives listed on Tab 3 Initiative List will be copied automatically on Tab 5 Prioritization.
    2. On Tab 1 Setup:
      1. Review the weight you want to assign to the cost and effort criteria.
      2. Update the default values for FTE and Roadmap Start as needed.
    3. Go back to Tab 5 Prioritization:
      1. Fill in the cost, effort, and benefit evaluation criteria for each initiative. Hide optional columns you don't plan to use, to avoid confusion.
      2. Use the cost and benefit scores to prioritize waves and schedule initiatives on Tab 6 Gantt Chart.

    Input

    • Gaps and initiatives identified in Step 4.1

    Output

    • Project roadmap dashboard

    Materials

    • Ransomware Resilience Assessment

    Participants

    • Security Incident Response Team (SIRT)

    4.2.2 Review the dashboard to fine-tune the roadmap

    1 hour

    Review and update the roadmap dashboard in your Ransomware Resilience Assessment.

    1. Review the Gantt chart to ensure:
      1. The timeline is realistic. Avoid scheduling many high-effort projects at the same time.
      2. Higher-priority items are scheduled sooner than low-priority items.
      3. Short-term projects include quick wins (e.g. high-priority, low-effort items).
      4. It supports the story you wish to communicate (e.g. a plan to address gaps, along with the required effort and timeline).
    2. Update the values on the 5 Prioritization and 6 Gantt Chart tabs based on your review.

    Input

    • Gaps and initiatives identified in Step 4.1

    Output

    • Project roadmap dashboard

    Materials

    • Ransomware Resilience Assessment

    Participants

    • Security Incident Response Team (SIRT)

    This is an image of a sample roadmap for the years 2022-2023

    Step 4.3

    Measure resilience metrics

    Activities

    4.3.1 Summarize status and next steps in an executive presentation

    This step will guide you through the following activities:

    • Summarizing status and next steps in an executive presentation.

    This step involves the following participants:

    • Security Incident Response Team (SIRT)

    Outcomes of this step

    • Gain stakeholder buy-in by communicating the risk of the status quo and achievable next steps to improve your organization's ransomware readiness.

    Improve ransomware resilience

    4.3.1 Summarize status and next steps in an executive presentation

    1 hour

    Gain stakeholder buy-in by communicating the risk of the status quo and recommendations to reduce that risk. Specifically, capture and present the following from this blueprint:

    • Phase 1: Maturity assessment results, indicating your organization's overall readiness as well as specific areas that need to improve.
    • Phase 2: Business impact results, which objectively quantify the potential impact of downtime and data loss.
    • Phase 3: Current incident response capabilities including steps, timeline, and gaps.
    • Phase 4: Recommended projects to close specific gaps and improve overall ransomware readiness.

    Overall key findings and next steps.

    Download the Ransomware Readiness Summary Presentation Template

    Input

    • Results of all activities in Phases 1-4

    Output

    • Executive presentation

    Materials

    • Ransomware Readiness Summary Presentation Template

    Participants

    • Security Incident Response Team (SIRT)

    This is a screenshot of level 2 of the ransomware readiness maturity tool.

    Revisit metrics

    Ransomware resilience metrics track your ability to disrupt a ransomware attack at each stage of its workflow.

    Revisit metrics as the project nears completion and compare them against your baseline to measure progress.

    Attack workflow Process Metric Target trend Current Goal
    GET IN Vulnerability Management % Critical patches applied Higher is better
    Vulnerability Management # of external exposures Fewer is better
    Security Awareness Training % of users tested for phishing Higher is better
    SPREAD Identity and Access Management Adm accounts / 1000 users Lower is better
    Identity and Access Management % of users enrolled for MFA Higher is better
    Security Incident Management Avg time to detect Lower is better
    PROFIT Security Incident Management Avg time to resolve Lower is better
    Backup and Disaster Recovery % critical assets with recovery test Higher is better
    Backup and Disaster Recovery % backup to immutable storage Higher is better

    Summary of accomplishments

    Project overview

    Project deliverables

    This blueprint helped you create a ransomware incident response plan for your organization, as well as identify ransomware prevention strategies and ransomware prevention best practices.

    • Ransomware Resilience Assessment: Measure your current readiness, then identify people, policy, and technology gaps to address.
    • Ransomware Response Workflow: An at-a-glance summary of the key incident response steps across all relevant stakeholders through each phase of incident management.
    • Ransomware Response Runbook: Includes your threat escalation protocol and detailed response steps to be executed by each stakeholder.
    • Ransomware Tabletop Planning : This deep dive into a ransomware scenario will help you develop a more accurate incident management workflow and runbook, as well as identify gaps to address.
    • Ransomware Project Roadmap: This prioritized list of initiatives will address specific gaps and improve overall ransomware readiness.
    • Ransomware Readiness Summary Presentation: Your executive presentation will communicate the risk of the status quo, present recommended next steps, and drive stakeholder buy-in.

    Project phases

    Phase 1: Assess ransomware resilience

    Phase 2: Protect and detect

    Phase 3: Respond and recover

    Phase 4: Improve ransomware resilience

    Related Info-Tech Research

    Tab 3. Initiative List in the Ransomware Resilience Assessment identifies relevant Info-Tech Research to support common ransomware resilience initiatives.

    Related security blueprints:

    Related disaster recovery blueprints:

    Research Contributors and Experts

    This is an image of Jimmy Tom

    Jimmy Tom
    AVP of Information Technology and Infrastructure
    Financial Horizons

    This is an image of Dan Reisig

    Dan Reisig
    Vice President of Technology
    UV&S

    This is an image of Samuel Sutto

    Samuel Sutton
    Computer Scientist (Retired)
    FBI

    This is an image of Ali Dehghantanha

    Ali Dehghantanha
    Canada Research Chair in Cybersecurity and Threat Intelligence,
    University of Guelph

    This is an image of Gary Rietz

    Gary Rietz
    CIO
    Blommer Chocolate Company

    This is an image of Mark Roman

    Mark Roman
    CIO
    Simon Fraser University

    This is an image of Derrick Whalen

    Derrick Whalen
    Director, IT Services
    Halifax Port Authority

    This is an image of Stuart Gaslonde

    Stuart Gaslonde
    Director of IT & Digital Services
    Falmouth-Exeter Plus

    This is an image of Deborah Curtis

    Deborah Curtis
    CISO
    Placer County

    This is an image of Deuce Sapp

    Deuce Sapp
    VP of IT
    ISCO Industries

    This is an image of Trevor Ward

    Trevor Ward
    Information Security Assurance Manager
    Falmouth-Exeter Plus

    This is an image of Brian Murphy

    Brian Murphy
    IT Manager
    Placer County

    This is an image of Arturo Montalvo

    Arturo Montalvo
    CISO
    Texas General Land Office and Veterans Land Board

    No Image Available

    Mduduzi Dlamini
    IT Systems Manager
    Eswatini Railway

    No Image Available

    Mike Hare
    System Administrator
    18th Circuit Florida Courts

    No Image Available

    Linda Barratt
    Director of Enterprise architecture, IT Security, and Data Analytics, Toronto Community Housing Corporation

    This is an image of Josh Lazar

    Josh Lazar
    CIO
    18th Circuit Florida Courts

    This is an image of Douglas Williamson

    Douglas Williamson
    Director of IT
    Jamaica Civil Aviation Authority

    This is an image of Ira Goldstein

    Ira Goldstein
    Chief Operating Officer
    Herjavec Group

    This is an image of Celine Gravelines

    Celine Gravelines
    Senior Cybersecurity Analyst
    Encryptics

    This is an image of Dan Mathieson

    Dan Mathieson
    Mayor
    City of Stratford

    This is an image of Jacopo Fumagalli

    Jacopo Fumagalli
    CISO
    Omya

    This is an image of Matthew Parker

    Matthew Parker
    Program Manager
    Utah Transit Authority

    Two Additional Anonymous Contributors

    Bibliography

    2019-Data-Breach-Investigations-Report.-Verizon,-May-2019.
    2019-Midyear-Security-Roundup:-Evasive-Threats,-Persistent-Effects.-Trend-Micro,-2019.
    Abrams,-Lawrence.-"Ryuk-Ransomware-Uses-Wake-on-Lan-to-Encrypt-Offline-Devices."-Bleeping-Computer,-14-Jan.-2020.
    Abrams,-Lawrence.-"Sodinokibi-Ransomware-Publishes-Stolen-Data-for-the-First-Time."-Bleeping-Computer,-11-Jan.-2020.
    Canadian-Center-for-Cyber-Security,-"Ransomware-Playbook,"-30-November-2021.-Accessed-21-May-2022.-
    Carnegie-Endowment-for-International-Peace.-"Ransomware:-Prevention-and-Protection."-Accessed-May-2022.-
    Cawthra,-Jennifer,-Michael-Ekstrom,-Lauren-Lusty,-Julian-Sexton,-John-Sweetnam.-Special-Publication-1800-26-Data-Integrity:-Detecting-and-Responding-to-Ransomware-and-Other-Destructive-Events.-NIST,-Jan.-2020.
    Cawthra,-Jennifer,-Michael-Ekstrom,-Lauren-Lusty,-Julian-Sexton,-John-Sweetnam.-Special-Publication-1800-25-Data-Integrity:-Identifying-and-Protecting-Assets-Against-Ransomware-and-Other-Destructive-Events.-NIST,-Jan.-2020.-
    Cichonski,-P.,-T.-Millar,-T.-Grance,-and-K.-Scarfone.-"Computer-Security-Incident-Handling-Guide."-SP-800-61-Rev.-2.-NIST,-Aug.-2012.
    Cimpanu,-Catalin.-"Company-shuts-down-because-of-ransomware,-leaves-300-without-jobs-just-before-holidays."-ZDNet,-3-Jan.-2020.
    Cimpanu,-Catalin.-"Ransomware-attack-hits-major-US-data-center-provider."-ZDNet,-5-Dec.-2019.
    CISA,-"Stop-Ransomware,"-Accessed-12-May-2022.
    "CMMI-Levels-of-Capability-and-Performance."-CMMI-Institute.-Accessed-May-2022.-
    Connolly,-Lena-Yuryna,-"An-empirical-study-of-ransomware-attacks-on-organizations:-an-assessment-of-severity-and-salient-factors-affecting-vulnerability."-Journal-of-Cybersecurity,-2020,.-1-18.
    "Definitions:-Backup-vs.-Disaster-Recovery-vs.-High-Availability."-CVM-IT-&-Cloud-Services,-12-Jan.-2017.
    "Don't-Become-a-Ransomware-Target-–-Secure-Your-RDP-Access-Responsibly."-Coveware,-2019.-
    Elementus,-"Rise-of-the-Ransomware-Cartels-"(2022).-YouTube.-Accessed-May-2022.-
    Global-Security-Attitude-Survey.-CrowdStrike,-2019.
    Graham,-Andrew.-"September-Cyberattack-cost-Woodstock-nearly-$670,00:-report."-
    Global-News,-10-Dec.-2019.
    Harris,-K.-"California-2016-Data-Breach-Report."-California-Department-of-Justice,-Feb.-2016.
    Hiscox-Cyber-Readiness-Report-2019.-Hiscox-UK,-2019.
    Cost-of-A-Data-Breach-(2022).-IBM.-Accessed-June-2022.--
    Ikeda,-Scott.-"LifeLabs-Data-Breach,-the-Largest-Ever-in-Canada,-May-Cost-the-Company-Over-$1-Billion-in-Class-Action-Lawsuit."-CPO-Magazine,-2020.
    Kessem,-Limor-and-Mitch-Mayne.-"Definitive-Guide-to-Ransomware."-IBM,-May-2022.
    Krebs,-Brian.-"Ransomware-Gangs-Now-Outing-Victim-Businesses-That-Don't-Pay-Up."-Krebson-Security,-16-Dec.-2019.
    Jaquith,-Andrew-and-Barnaby-Clarke,-"Security-metrics-to-help-protect-against-ransomware."-Panaseer,-July-29,-2021,-Accessed-3-June-2022.
    "LifeLabs-pays-ransom-after-cyberattack-exposes-information-of-15-million-customers-in-B.C.-and-Ontario."-CBC-News,-17-Dec.-2019.
    Matthews,-Lee.-"Louisiana-Suffers-Another-Major-Ransomware-Attack."-Forbes,-20-Nov.-2019.
    NISTIR-8374,-"Ransomware-Risk-Management:-A-Cybersecurity-Framework-Profile."-NIST-Computer-Security-Resource-Center.-February-2022.-Accessed-May-2022.-
    "Ransomware-attack-hits-school-district-twice-in-4-months."-Associated-Press,-10-Sept.-2019.
    "Ransomware-Costs-Double-in-Q4-as-Ryuk,-Sodinokibi-Proliferate."-Coveware,-2019.
    Ransomware-Payments-Rise-as-Public-Sector-is-Targeted,-New-Variants-Enter-the-Market."-Coveware,-2019.
    Rector,-Kevin.-"Baltimore-to-purchase-$20M-in-cyber-insurance-as-it-pays-off-contractors-who-helped-city-recover-from-ransomware."-The-Baltimore-Sun,-16-Oct.-2019.
    "Report:-Average-time-to-detect-and-contain-a-breach-is-287-days."-VentureBeat,-May-25,-2022.-Accessed-June-2022.-
    "Five-Lessons-Learned-from-over-600-Ransomware-Attacks."-Riskrecon.-Mar-2022.-Accessed-May-2022.-
    Rosenberg,-Matthew,-Nicole-Perlroth,-and-David-E.-Sanger.-"-'Chaos-is-the-Point':-Russian-Hackers-and-Trolls-Grow-Stealthier-in-2020."-The-New-York-Times,-10-Jan.-2020.
    Rouse,-Margaret.-"Data-Archiving."-TechTarget,-2018.
    Siegel,-Rachel.-"Florida-city-will-pay-hackers-$600,000-to-get-its-computer-systems-back."-The-Washington-Post,-20-June-2019.
    Sheridan,-Kelly.-"Global-Dwell-Time-Drops-as-Ransomware-Attacks-Accelerate."-DarkReading,-13-April-2021.-Accessed-May-2022.-
    Smith,-Elliot.-"British-Banks-hit-by-hacking-of-foreign-exchange-firm-Travelex."-CNBC,-9-Jan.-2020.
    "The-State-of-Ransomware-2022."-Sophos.-Feb-2022.-Accessed-May-2022.-
    "The-State-of-Ransomware-in-the-U.S.:-2019-Report-for-Q1-to-Q3."-Emsisoft-Malware-Lab,-1-Oct.2019.
    "The-State-of-Ransomware-in-the-U.S.:-Report-and-Statistics-2019."-Emsisoft-Lab,-12-Dec.-2019.
    "The-State-of-Ransomware-in-2020."-Black-Fog,-Dec.-2020.
    Toulas,-Bill.-"Ten-notorious-ransomware-strains-put-to-the-encryption-speed-test."-Bleeping-Computers,-23-Mar-2022.-Accessed-May-2022.
    Tung,-Liam-"This-is-how-long-hackers-will-hide-in-your-network-before-deploying-ransomware-or-being-spotted."-zdnet.-May-19,-2021.-Accessed-June-2022.-

    Gain Real Insights with a Social Analytics Program

    • Buy Link or Shortcode: {j2store}561|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Marketing Solutions
    • Parent Category Link: /marketing-solutions
    • Social media is wildly popular with consumers and as a result, many businesses are starting to develop a presence on social media services like Facebook and Twitter. However, many businesses still struggle with understanding how to leverage consumer insights from these services to drive business decisions. They’re intimidated by the sheer volume of social data, and aren’t sure what to do about it.
    • Companies that do have an analytics program are often operating it on an ad-hoc basis rather than making an effort to integrate social insights with existing sourcing of consumer data. In doing this, they’re failing to make holistic decisions and missing out on valuable consumer and competitive insights.

    Our Advice

    Critical Insight

    • Social analytics are indispensable in gaining real-time insights across marketing, sales, and customer service. SMBs can use social analytics to gain valuable consumer insights at a significantly lower expense than traditional forms of market research.
    • The greatest value from social analytics comes when organizations marry social data sources with other forms of customer information, such as point-of-sale data, customer surveys, focus groups, and psychographic profiles.
    • Social analytics must be integrated with your broader BI program for maximum effect. Consider creating a Customer Insights Center of Excellence (CICOE) to serve as a one-stop shop for both traditional and social customer analytics.
    • IT has an invaluable role to play in helping to govern and manage the analytics program. A best-of-breed Social Media Management Platform is the key enabling technology for conducting analytics, and IT must assist with selection, implementation and operation of this solution.
    • Internal social analytics is an emerging field that allows you to gauge the sentiment of your employees, while turbocharging ideation and feedback processes. Social networking analysis is particularly valuable for internal analysis.

    Impact and Result

    • Understand the value of a social analytics program and the various departmental use cases – how social analytics improves decision making and boosts critical KPIs like revenue attainment and customer satisfaction.
    • Determine the different social metrics (such as sentiment and frequency analysis) your business should be tracking and how to turn metrics into deep consumer insights.
    • Follow a step-by-step guide for successfully executing a social analytics program across your organization.
    • Roll out an internal analytics program to gauge the sentiment of your employees, improve engagement, and understand informal influencer networks.

    Gain Real Insights with a Social Analytics Program Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Determine the organization’s use cases

    Decide which functional areas in the organization will benefit the most from using social data, and create use cases accordingly.

    • Storyboard: Gain Real Insights with a Social Analytics Program

    2. Define and interpret metrics

    Identify and evaluate key social analytics metrics and understand the importance of combining multiple metrics to get the most out of the analytics program.

    • Social Analytics Maturity Assessment

    3. Execute the social analytics program

    Leverage a cross-departmental Social Media Steering Committee and evaluate SMMPs and other social analytics tools.

    • Social Analytics Specialist
    • Social Analytics Business Plan

    4. Leverage internal social analytics

    Identify specific uses of internal social analytics: crowd-sourcing ideation, harvesting employee feedback, and rewarding internal brand advocates.

    [infographic]

    Modernize Your Applications

    • Buy Link or Shortcode: {j2store}178|cart{/j2store}
    • member rating overall impact: 10.0/10 Overall Impact
    • member rating average dollars saved: After each Info-Tech experience, we ask our members to quantify the real-time savings, monetary impact, and project improvements our research helped them achieve.
    • member rating average days saved: Read what our members are saying
    • Parent Category Name: Architecture & Strategy
    • Parent Category Link: /architecture-and-strategy
    • Application modernization is essential to stay competitive and productive in today’s digital environment. Your stakeholders have outlined their digital business goals that IT is expected to meet.
    • Your application portfolio cannot sufficiently support the flexibility and efficiency the business needs because of legacy challenges.
    • Your teams do not have a framework to illustrate, communicate, and justify the modernization effort and organizational changes in the language your stakeholders understand.

    Our Advice

    Critical Insight

    • Build your digital applications around continuous modernization. End-user needs, technology, business direction, and regulations rapidly change in today’s competitive and fast-paced industry. This reality will quickly turn your modern applications into shelfware. Build continuous modernization at the center of your digital application vision to keep up with evolving business, end-user, and IT needs.
    • Application modernization is organizational change management. If you build and modernize it, they may not come. The crux of successful application modernization is centered on the strategic, well-informed, and onboarded adoption of changes in key business areas, capabilities, and processes. Organizational change management must be front and center so that applications are fit for purpose and are something that end users want and need to use.
    • Business-IT collaboration is not optional. Application modernization will not be successful if your lines of business (LOBs) and IT are not working together. IT must empathize how LOBs operate and proactively support the underlying operational systems. LOBs must be accountable for all products leveraging modern technologies and be able to rationalize the technical feasibility of their digital application vision.

    Impact and Result

    • Establish the digital application vision. Gain a grounded understanding of the digital application construct and prioritize these attributes against your digital business goals.
    • Define your modernization approach. Obtain a thorough view of your business and technical complexities, risks, and impacts. Employ the right modernization techniques based on your organization’s change tolerance.
    • Build your roadmap. Clarify the organizational changes needed to support modernization and adoption of your digital applications.

    Modernize Your Applications Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should strategically modernize your applications, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Set your vision

    Describe your application vision and set the right modernization expectations with your stakeholders.

    • Modernize Your Applications – Phase 1: Set Your Vision

    2. Identify your modernization opportunities

    Focus your modernization efforts on the business opportunities that your stakeholders care about.

    • Modernize Your Applications – Phase 2: Identify Your Modernization Opportunities

    3. Plan your modernization

    Describe your modernization initiatives and build your modernization tactical roadmap.

    • Modernize Your Applications – Phase 3: Plan Your Modernization
    [infographic]

    Workshop: Modernize Your Applications

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Set Your Vision

    The Purpose

    Discuss the goals of your application modernization initiatives

    Define your digital application vision and priorities

    List your modernization principles

    Key Benefits Achieved

    Clear application modernization objectives and high priority value items

    Your digital application vision and attributes

    Key principles that will guide your application modernization initiatives

    Activities

    1.1 State Your Objectives

    1.2 Characterize Your Digital Application

    1.3 Define Your Modernization Principles

    Outputs

    Application modernization objectives

    Digital application vision and attributes definitions

    List of application modernization principles and guidelines

    2 Identify Your Modernization Opportunities

    The Purpose

    Identify the value streams and business capabilities that will benefit the most from application modernization

    Conduct a change tolerance assessment

    Build your modernization strategic roadmap

    Key Benefits Achieved

    Understanding of the value delivery improvements modernization can bring

    Recognizing the flexibility and tolerance of your organization to adopt changes

    Select an approach that best fits your organization’s goals and capacity

    Activities

    2.1 Identify the Opportunities

    2.2 Define Your Modernization Approach

    Outputs

    Value streams and business capabilities that are ideal modernization opportunities

    Your modernization strategic roadmap based on your change tolerance and modernization approach

    3 Plan Your Modernization

    The Purpose

    Identify the most appropriate modernization technique and the scope of changes to implement your techniques

    Develop an actionable tactical roadmap to complete your modernization initiatives

    Key Benefits Achieved

    Clear understanding of what must be changed to the organization and application considering your change tolerance

    An achievable modernization plan

    Activities

    3.1 Shortlist Your Modernization Techniques

    3.2 Roadmap Your Modernization Initiatives

    Outputs

    Scope of your application modernization initiatives

    Your modernization tactical roadmap

    Switching Software Vendors Overwhelmingly Drives Increased Satisfaction

    • Buy Link or Shortcode: {j2store}612|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Selection & Implementation
    • Parent Category Link: /selection-and-implementation

    Organizations risk being locked in a circular trap of inertia from auto-renewing their software. With inertia comes complacency, leading to a decrease in overall satisfaction. Indeed, organizations are uniformly choosing to renew their software – even if they don’t like the vendor!

    Our Advice

    Critical Insight

    Renewal is an opportunity cost. Switching poorly performing software substantially drives increased satisfaction, and it potentially lowers vendor costs in the process. To realize maximum gains, it’s essential to have a repeatable process in place.

    Impact and Result

    Realize the benefits of switching by using Info-Tech’s five action steps to optimize your vendor switching processes:

    1. Identify switch opportunities.
    2. Evaluate your software.
    3. Build the business case.
    4. Optimize selection method.
    5. Plan implementation.

    Switching Software Vendors Overwhelmingly Drives Increased Satisfaction Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Why you should consider switching software vendors

    Use this outline of key statistics to help make the business case for switching poorly performing software.

    • Switching Existing Software Vendors Overwhelmingly Drives Increased Satisfaction Storyboard

    2. How to optimize your software vendor switching process

    Optimize your software vendor switching processes with five action steps.

    [infographic]

    Next-Generation InfraOps

    • Buy Link or Shortcode: {j2store}457|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Operations Management
    • Parent Category Link: /i-and-o-process-management
    • Traditional IT capabilities, activities, organizational structures, and culture need to adjust to leverage the value of cloud, optimize spend, and manage risk.
    • Different stakeholders across previously separate teams rely on one another more than ever, but rules of engagement do not yet exist.

    Our Advice

    Critical Insight

    • By defining your end goals and framing solutions based on the type of visibility and features you need, you can enable speed and reliability without losing control of the work.

    Impact and Result

    • Understand the xOps spectrum and what approaches benefit your organization.
    • Make sense of the architectural approaches and enablement tools available to you.
    • Evolve from just improving your current operations to a continuous virtuous cycle of development and deployment.

    Next-Generation InfraOps Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Next-Generation InfraOps Storyboard – A deck that will help you use Ops methodologies to build a virtuous cycle.

    This storyboard will help you understand the spectrum of different Agile xOps working modes and how best to leverage them and build an architecture and toolset that support rapid continuous IT operations

    • Next-Generation InfraOps Storyboard
    [infographic]

    Further reading

    Next-Generation InfraOps

    Embrace the spectrum of Ops methodologies to build a virtuous cycle.

    Executive summary

    Your Challenge

    IT Operations continue to be challenged by increasing needs for scale and speed, often in the face of constrained resources and time. For most, Agile methodologies have become a foundational part of tackling this problem. Since then, we've seen Agile evolve into DevOps, which started a trend into different categories of "xOps" that are too many to count. How does one make sense of the xOps spectrum? What is InfraOps and where does it fit in?

    Common Obstacles

    Ultimately, all these methodologies and approaches are there to serve the same purpose: increase effectiveness through automation and improve governance through visibility. The key is to understand what tools and methodologies will deliver actual benefits to your IT operation and to the organization as a whole.

    Info-Tech's Approach

    By defining your end goals and framing solutions based on the type of visibility and features you need, you can enable speed and reliability without losing control of the work.

    1. Understand the xOps spectrum and what approaches will benefit your organization.
    2. Make sense of the architectural approaches and enablement tools available to you.
    3. Evolve from just improving your current operations to a continuous virtuous cycle of development and deployment.

    Info-Tech Insight

    InfraOps, when applied well, should be the embodiment of the governance policies as expressed by standards in architecture and automation.

    Project overview

    Understand the xOps spectrum

    There are as many different types of "xOps" as there are business models and IT teams. To pick the approaches that deliver the best value to your organization and that align to your way of operating, it's important to understand the different major categories in the spectrum and how they do or don't apply to your IT approach.

    How to optimize the Ops in DevOps

    InfraOps is one of the major methodologies to address a key problem in IT at cloud scale: eliminating friction and error from your deliveries and outputs. The good news is there are architectures, tools, and frameworks you can easily leverage to make adopting this approach easier.

    Evolve to integration and build a virtuous cycle

    Ultimately your DevOps and InfraOps approaches should embody your governance needs via architecture and process. As time goes on, however, both your IT footprint and your business environment will shift. Build your tools, telemetry, and governance to anticipate and adapt to change and build a virtuous cycle between development needs and IT Operations tools and governance.

    The xOps spectrum

    This is an image of the xOps spectrum. The three main parts are: Code Acceleration (left), Governance(middle), and Infrastructure Acceleration (right)

    xOps categories

    There is no definitive list of x's in the xOps spectrum. Different organizations and teams will divide and define these in different ways. In many cases, the definitions and domains of various xOps will overlap.

    Some of the commonly adopted and defined xOps models are listed here.

    Shift left? Shift right?

    Cutting through the jargon

    • Shifting left is about focusing on the code and development aspects of a delivery cycle.
    • Shifting right is about remembering that infrastructure and tools still do matter.

    Info-Tech Insight

    Shifting left or right isn't an either/or choice. They're more like opposite sides of the same coin. Like the different xOps approaches, usually more than one shift approach will apply to your IT Operations.

    IT Operations in the left-right spectrum

    Shifting from executing and deploying to defining the guardrails and standards

    This is an image of the left-right spectrum for your XOps position

    Take a middle-out approach

    InfraOps and DevOps aren't enemies; they're opposite sides of the same coin.

    • InfraOps is about the automation and standardization of execution. It's an essential element in any fully automated CI/CD pipeline.
    • Like DevOps, InfraOps is built on similar values (the pillars of DevOps).
    • It builds on the principle of Lean to focus on removing friction, or turn-and-type activities, from the pipeline/process.
    • In InfraOps, one of the key methods for removing friction is through automation of the interstitia between different phases of a DevOps or CI/CD cycle.

    Optimize the Ops in DevOps

    Focus on eliminating friction

    This is an image of an approach to optimizing the ops in DevOps.

    With the shift from execution to governing and validating, the role of deployment falls downstream of IT Operations.

    IT Operations needs to move to a mindset that focuses on creating the guardrails, enforced standards, and compliance rules that need to be used downstream, then apply those standards using automation and tooling to remove friction and error from the interstitia (the white spaces between chevrons) of the various phases.

    InfraOps tools

    Four quadrants in the shape of a human head, in the boxes are the following: Hyperconverged Infrastructure; Composable Infrastructure; Infrastructure as code and; Automation and Orchestration

    Info-Tech Insight

    Your tools can be broken into two categories:

    • Infrastructure Architecture
      • HCI vs. CI
    • Automation Tooling
      • IaC and A&O

    Keep in mind that while your infrastructure architecture is usually an either/or choice, your automation approach should use any and all tooling that helps.

    Infrastructure approach

    • Hyperconverged

    • Composable

    Hyperconverged Infrastructure (HCI)

    Hyperconvergence is the next phase of convergence, virtualizing servers, networks, and storage on a single server/storage appliance. Capacity scales as more appliances are added to a cluster or stack.
    The disruptive departure:

    • Even though servers, networks, and storage were each on their own convergence paths, the three remained separate management domains (or silos). Even single-SKU converged infrastructures like VCE Vblocks are still composed of distinct server, network, and storage devices.
    • In hyperconvergence, the silos collapse into single-software managed devices. This has been disruptive for both the vendors of technology solutions (especially storage) and for infrastructure management.
    • Large storage array vendors are challenged by hyperconvergence alternatives. IT departments need to adapt IT skills and roles away from individual management silos and to more holistic service management.

    A comparison between converged and hyperconverged systems.

    Info-Tech Insight

    HCI follows convergence trends of the past ten years but is also a departure from how IT infrastructure has traditionally been provisioned and managed.

    HCI is at the same time a logical progression of infrastructure convergence and a disruptive departure.

    Hyperconverged (HCI) – SWOT

    HCI can be the foundation block for a fully software defined data center, a prerequisite for private cloud.

    Strengths

    • Potentially lower TCO through further infrastructure consolidation, reducing CapEx and OpEx expenditures through facilities optimization and cost consolidation.
    • Operations in particular can be streamlined, since storage, network connections, and processors/memory are all managed as abstractions via a single control pane.
    • HCI comes with built-in automation and analytics that lead to quicker issue resolution.

    Opportunities

    • Increased business agility by paving the way for a fully software defined infrastructure stack and cloud automation.
    • Shift IT human assets from hardware asset maintainers and controllers to service delivery managers.
    • Better able to compete with external IT service alternatives.
    • Move toward a hybrid cloud service offering where the service catalog contains both internal and external offerings.

    Key attributes of a cloud are automation, resource elasticity, and self-service. This kind of agility is impossible if physical infrastructure needs intervention.

    Info-Tech Insight

    Virtualization alone does not a private cloud make, but complete stack virtualization (software defined) running on a hands-off preconfigured HCI appliance (or group of appliances) provides a solid foundation for building cloud services.

    Hyperconverged (HCI) – SWOT

    Silo-busting and private cloud sound great, but are your people and processes able to manage the change?

    Weaknesses

    • HCI typically scales out linearly (CPU & storage). This does not suit traditional scale-up applications such as high-performance databases and large-capacity data warehouses.
    • Infrastructure stacks are perceived as more flexible for variable growth across segments. For example, if storage is growing but processing is not, storage can scale separately from processing.

    Threats

    • HCI will be disruptive to roles within IT. Internal pushback is a real threat if necessary changes in skills and roles are not addressed.
    • HCI is not a simple component replacement but an adoption of a different kind of infrastructure. Different places in the lifecycles for each of storage, network, and processing devices could make HCI a solution where there is no immediate problem.

    In traditional infrastructure, performance and capacity are managed as distinct though complementary jobs. An all-in-one approach may not work.

    Composable Infrastructure (CI)

    • Composable infrastructure in many ways represents the opposite of an HCI approach. Its focus is on further disaggregating resources and components used to build systems.
      • Unlike traditional cloud virtual systems, composable infrastructure provides virtual bare metal resources, allowing tightly coupled resources like CPU, RAM, and GPU – or any device/card/module – to be released back and forth into the resource pool as required by a given workload.
      • This is enabled by the use of high-speed, low-latency PCI Express (PCI-e) and Compute Express Link (CXL) fabrics that allow these resources to be decoupled.
      • It also supports the ability to present other fabric types critical for building out enterprise systems (e.g. Ethernet, InfiniBand).
    • Accordingly, CI systems are also based on next-generation network architecture that supports moving critical functions to the network layer, which enables more efficient use of the application-layer resources.

    Composable Infrastructure (CI)

    • CI may also leverage network-resident data/infrastructure processing units (DPUs/IPUs), which offload many network, security, and storage functions.
      • As new devices and functions become available, they can be added into the catalog of resources/functions available in a CI pool.

    Use Case Example: Composable AI flow

    Data Ingestion > Data Cleaning/Tagging > Training > Conclusion

    • At each phase of the process, resources, including specialized hardware like memory and GPU cores, can be dynamically allocated and reallocated to the workload on demand

    Composable Infrastructure (CI)

    Use cases and considerations

    Where it's useful

    • Enable even more efficient allocation/utilization of resources for workloads.
    • Very large memory or shared memory requirements can benefit greatly.
    • Decouple purchasing decisions for underlying resources.
    • Leverage the fabric to make it easier to incrementally upgrade underlying resources as required.
    • Build "the Impossible Server."

    Considerations

    • Requires significant footprint/scale to justify in many cases
    • Not necessarily good value for environments that aren't very volatile and heterogeneous in terms of deployment requirements
    • May not be best value for environments where resource-stranding is not a significant issue

    Info-Tech Insight

    Many organizations using a traditional approach report resource stranding as having an impact of 20% or more on efficiency. When focusing specifically on the stranding of memory in workloads, the number can often approach 40%.

    The CI ecosystem

    This is an image of the CI ecosystem.

    • The CI ecosystem has many players, large and small!
    • Note that the CI ecosystem is dependent on a large ecosystem of underlying enablers and component builders to support the required technologies.

    Understanding the differences

    This image shows the similarities and differences between traditional, cloud, hyperconverged, and composable.

    Automation approach

    • Infrastructure as Code
    • Automation & Orchestration
    • Metaorchestration

    Infrastructure as Code (IaC)

    Infrastructure as code (IaC) is the process of managing and provisioning computer data centers through machine-readable definition files rather than physical hardware configuration or interactive configuration tools.

    Before IaC, IT personnel would have to manually change configurations to manage their infrastructure. Maybe they would use throwaway scripts to automate some tasks, but that was the extent of it.

    With IaC, your infrastructure's configuration takes the form of a code file, making it easy to edit, copy, and distribute.

    Info-Tech Insight
    IaC is a critical tool in enabling key benefits!

    • Reduced costs
    • Increased scalability, flexibility, and speed
    • Better consistency and version control
    • Reduced deployment errors

    Infrastructure as Code (IaC)

    1. IaC uses a high-level descriptive coding language to automate the provisioning of IT infrastructure. This eliminates the need to manually provision and manage servers, OS, database connections, storage, and other elements every time we want to develop, test, or deploy an application.
    2. IaC allows us to define the computer systems on which code needs to run. Most commonly, we use a framework like Chef, Ansible, Puppet, etc., to define their infrastructure. These automation and orchestration tools focus on the provisioning and configuring of base compute infrastructure.
    3. IaC is also an essential DevOps practice. It enables teams to rapidly create and version infrastructure in the same way they version source code and to track these versions so as to avoid inconsistency among IT environments that can lead to serious issues during deployment.
    • Idempotence is a principle of IaC. This means a deployment command always sets the target environment into the same configuration, regardless of the environment's starting state.
      • Idempotency is achieved by either automatically configuring an existing target or discarding the existing target and recreating a fresh environment.

    Automation/Orchestration

    Orchestration describes the automated arrangement, coordination, and management of complex computer systems, middleware, and services.

    This usage of orchestration is often discussed in the context of service-oriented architecture, virtualization, provisioning, converged infrastructure, and dynamic data center topics. Orchestration in this sense is about aligning the business request with the applications, data, and infrastructure.

    It defines the policies and service levels through automated workflows,
    provisioning, and change management. This creates an application-aligned infrastructure that can be scaled up or down based on the needs of each application.

    As the requirement for more resources or a new application is triggered, automated tools now can perform tasks that previously could only be done by multiple administrators operating on their individual pieces of the physical stack.

    Orchestration also provides centralized management of the resource pool, including billing, metering, and chargeback for consumption. For example, orchestration reduces the time and effort for deploying multiple instances of a single application.

    Info-Tech Insight

    Automation and orchestration tools can be key components of an effective governance toolkit too! Remember to understand what data can be pulled from your various tools and leveraged for other purposes such as cost management and portfolio roadmapping.

    Automation/Orchestration

    There are a wide variety of orchestration and automation tools and technologies.

    Configuration Management

    Configuration Management

    The logos for companies which fall in each of the categories in the column to the left of the image.

    CI/CD
    Orchestration

    Container
    Orchestration

    Cloud-Specific
    Orchestration

    PaaS
    Orchestration

    Info-Tech Insight

    Automation and orchestration tools and software offerings are plentiful, and many of them have a different focus on where in the application delivery ecosystem they provide automation functionality.

    Often there are different tools for different deployment and service models as well as for different functional phases for each service model.

    Automation/Orchestration

    Every tool focuses on different aspects or functions of the deployment of resources and applications.

    • Resources
      • Compute
      • Storage
      • Network
    • Extended Services
      • Platforms
      • Infrastructure Services
      • Web Services
    • Application Assets
      • Images
      • Templates
      • Containers
      • Code

    Info-Tech Insight

    Let the large ecosystem of tools be your ally. Leverage the right tools where needed and then address the complexity of tools using a master orchestration scheme.

    Metaorchestration

    A Flow chart for the approach to metaorchestration.

    Additionally, most tools do not cover all aspects required for most automation implementations, especially in hybrid cloud scenarios.

    As such, often multiple tools must be deployed, which can lead to fragmentation and loss of unified controls.

    Many enterprises address this fragmentation using a cloud management platform approach.

    One method of achieving this is to establish a higher layer of orchestration – an "orchestrator of orchestrators," or metaorchestration.

    In complex scenarios, this can be a challenge that requires customization and development.

    InfraOps tools ecosystem

    Toolkit Pros Cons Tips
    HCI Easy scale out Shift in skills required Good for enabling automation and hybridization with current-gen public cloud services
    CI Maximal workload resource efficiency Investment in new fabrics and technologies Useful for very dynamic or highly scalable workloads like AI
    IaC Error reduction and standardization Managing drift in standards and requirements Leverage a standards and exception process to keep track of drift
    A&O Key enabler of DevOps automation within phases Usually requires multiple toolsets/frameworks Use the right tools and stitch together at the metaorchestration layer
    Metaorchestration Reduces the complexity of a diverse A&O and IaC toolkit Requires understanding of the entire ecosystems of tools used Key layer of visibility and control for governance

    Build a virtuous cycle

    Remember, the goal is to increase speed AND reliability. That's why we focus on removing friction from our delivery pipelines.

    • The first step is to identify the points of friction in your cycle and understand the intensity and frequency of these friction points.
    • Depending on your delivery and project management methodology, you'll have a different posture of the different tools that make sense for your pipeline.
    • For example, if you are focused on delivering raw resources for sysadmins and/or you're in a Waterfall methodology where the friction points are large but infrequent, hyperconverged is likely to delivery good value, whereas tools like IaC and orchestration may not be as necessary.

    Info-Tech Insight

    Remember that, especially in modern and rapid methodologies, your IT footprint can drift unexpectedly. This means you need a real feedback mechanism on where the friction moves to next.

    This is particularly important in more Agile methodologies.

    Activity: Map your IT operations delivery

    Identify your high-friction interstitial points

    • Using the table below, or a table modified to your delivery phases, map out the activities and tasks that are not standardized and automated.
    • For the incoming and outgoing sections, think about what resources and activities need to be (or could be) created, destroyed, or repurposed to efficiently manage each cycle and the spaces between cycles.
    Plan Code Test Deploy Monitor
    Incoming Friction
    In-Cycle Friction
    Outgoing Friction

    Info-Tech Insight

    Map your ops groups to the delivery cycles in your pipeline. How many delivery cycles do you have or need?

    Good InfraOps is a reflection of governance policies, expressed by standards in architecture and automation.

    Related Info-Tech Research

    Evaluate Hyperconverged Infrastructure for Your Infrastructure Roadmap

    • This Info-Tech note covers evaluation of HCI platforms.

    Design Your Cloud Operations

    • This Info-Tech blueprint covers organization of operations teams for various deployment and Agile modes.

    Bibliography

    Banks, Ethan, host. "Choosing Your Next Infrastructure." Datanauts, episode 094, Packet Pushers, 26 July 2017. Podcast.
    "Composable Infrastructure Solutions." Hewlett Packard Canada, n.d. Web.
    "Composable Infrastructure Technology." Liqid Inc., n.d. Web.
    "DataOps architecture design." Azure Architecture Center, Microsoft Learn, n.d. Web.
    Tan, Pei Send. "Differences: DevOps, ITOps, MLOps, DataOps, ModelOps, AIOps, SecOps, DevSecOps." Medium, 5 July 2021. Web.

    Identify and Build the Data & Analytics Skills Your Organization Needs

    • Buy Link or Shortcode: {j2store}301|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Data Management
    • Parent Category Link: /data-management

    The rapid technological evolution in platforms, processes, and applications is leading to gaps in the skills needed to manage and use data. Some common obstacles that could prevent you from identifying and building the data & analytics skills your organization needs include:

    • Lack of resources and knowledge to secure professionals with the right mix of D&A skills and right level of experience/skills
    • Lack of well-formulated and robust data strategy
    • Underestimation of the value of soft skills

    Our Advice

    Critical Insight

    Skill deficiency is frequently stated as a roadblock to realizing corporate goals for data & analytics. Soft skills and technical skills are complementary, and data & analytics teams need a combination of both to perform effectively. Identify the essential skills and the gap with current skills that fit your organization’s data strategy to ensure the right skills are available at the right time and minimize pertinent risks.

    Impact and Result

    Follow Info-Tech's advice on the roles and skills needed to support your data & analytics strategic growth objectives and how to execute an actionable plan:

    • Define the skills required for each essential data & analytics role.
    • Identify the roles and skills gaps in alignment with your current data strategy.
    • Establish an action plan to close the gaps and reduce risks.

    Identify and Build the Data & Analytics Skills Your Organization Needs Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Identify and Build the Data & Analytics Skills Your Organization Needs Deck – Use this research to assist you in identifying and building roles and skills that are aligned with the organization’s data strategy.

    To generate business value from data, data leaders must first understand what skills are required to achieve these goals, identify the current skill gaps, and then develop skills development programs to enhance the relevant skills. Use Info-Tech's approach to identify and fill skill gaps to ensure you have the right skills at the right time.

    • Identify and Build the Data & Analytics Skills Your Organization Needs Storyboard

    2. Data & Analytics Skills Assessment and Planning Tool – Use this tool to help you identify the current and required level of competency for data & analytics skills, analyze gaps, and create an actionable plan.

    Start with skills and roles identified as the highest priority through a high-level maturity assessment. From there, use this tool to determine whether the organization’s data & analytics team has the key role, the right combination of skill sets, and the right level competency for each skill. Create an actionable plan to develop skills and fill gaps.

    • Data & Analytics Skills Assessment and Planning Tool
    [infographic]

    Further reading

    Identify and Build the Data & Analytics Skills Your Organization Needs

    Blending soft skills with deep technical expertise is essential for building successful data & analytics teams.

    Analyst Perspective

    Blending soft skills with deep technical expertise is essential for building successful data & analytics teams.

    In today's changing environment, data & analytics (D&A) teams have become an essential component, and it is critical for organizations to understand the skill and talent makeup of their D&A workforce. Chief data & analytics officers (CDAOs) or other equivalent data leaders can train current data employees or hire proven talent and quickly address skills gaps.

    While developing technical skills is critical, soft skills are often left underdeveloped, yet lack of such skills is most likely why the data team would face difficulty moving beyond managing technology and into delivering business value.

    Follow Info-Tech's methodology to identify and address skills gaps in today's data workplace. Align D&A skills with your organization's data strategy to ensure that you always have the right skills at the right time.

    Ruyi Sun
    Research Specialist,
    Data & Analytics, and Enterprise Architecture
    Info-Tech Research Group

    Executive Summary

    Your Challenge

    The rapid technological evolution in platforms, processes, and applications is leading to gaps in the skills needed to manage and use data. Some critical challenges organizations with skills deficiencies might face include:

    • Time loss due to delayed progress and reworking of initiatives
    • Poor implementation quality and low productivity
    • Reduced credibility of data leader and data initiatives

    Common Obstacles

    Some common obstacles that could prevent you from identifying and building the data and analytics (D&A) skills your organization needs are:

    • Lack of resources and knowledge to secure professionals with the right mixed D&A skills and the right experience/skill level
    • Lack of well-formulated and robust data strategy
    • Neglecting the value of soft skills and placing all your attention on technical skills

    Info-Tech's Approach

    Follow Info-Tech's guidance on the roles and skills required to support your D&A strategic growth objectives and how to execute an actionable plan:

    • Define skills required for each essential data and analytics role
    • Identify roles and skills gap in alignment with your current data strategy
    • Establish action plan to close the gaps and reduce risks

    Info-Tech Insight

    Skills gaps are a frequently named obstacle to realizing corporate goals for D&A. Soft skills and technical skills are complementary, and a D&A team needs both to perform effectively. Identify the essential skills and the gap with current skills required by your organization's data strategy to ensure the right skill is available at the right time and to minimize applicable risks.

    The rapidly changing environment is impacting the nature of work

    Scarcity of data & analytics (D&A) skills

    • Data is one of the most valuable organizational assets, and regardless of your industry, data remains the key to informed decision making. More than 75% of businesses are looking to adopt technologies like big data, cloud computing, and artificial intelligence (AI) in the next five years (World Economic Forum, 2023). As organizations pivot in response to industry disruptions and technological advancements, the nature of work is changing, and the demand for data expertise has grown.
    • Despite an increasing need for data expertise, organizations still have trouble securing D&A roles due to inadequate upskilling programs, limited understanding of the skills required, and more (EY, 2022). Notably, scarce D&A skills have been critical. More workers will need at least a base level of D&A skills to adequately perform their jobs.

    Stock image of a data storage center.

    Organizations struggle to remain competitive when skills gaps aren't addressed

    Organizations identify skills gaps as the key barriers preventing industry transformation:

    60% of organizations identify skills gaps as the key barriers preventing business transformation (World Economic Forum, 2023)

    43% of respondents agree the business area with the greatest need to address potential skills gaps is data analytics (McKinsey & Company, 2020)

    Most organizations are not ready to address potential role disruptions and close skills gaps:

    87% of surveyed companies say they currently experience skills gaps or expect them within a few years (McKinsey & Company, 2020)

    28% say their organizations make effective decisions on how to close skills gaps (McKinsey & Company, 2020)

    Neglecting soft skills development impedes CDOs/CDAOs from delivering value

    According to BearingPoint's CDO survey, cultural challenges and limited data literacy are the main roadblocks to a CDO's success. To drill further into the problem and understand the root causes of the two main challenges, conduct a root cause analysis (RCA) using the Five Whys technique.

    Bar Chart of 'Major Roadblocks to the Success of a CDO' with 'Limited data literacy' at the top.
    (Source: BearingPoint, 2020)

    Five Whys RCA

    Problem: Poor data literacy is the top challenge CDOs face when increasing the value of D&A. Why?

    • People that lack data literacy find it difficult to embrace and trust the organization's data insights. Why?
    • Data workers and the business team don't speak the same language. Why?
    • No shared data definition or knowledge is established. Over-extensive data facts do not drive business outcomes. Why?
    • Leaders fail to understand that data literacy is more than technical training, it is about encompassing all aspects of business, IT, and data. Why?
    • A lack of leadership skills prevents leaders from recognizing these connections and the data team needing to develop soft skills.

    Problem: Cultural challenge is one of the biggest obstacles to a CDO's success. Why?

    • Decisions are made from gut instinct instead of data-driven insights, thus affecting business performance. Why?
    • People within the organization do not believe that data drives operational excellence, so they resist change. Why?
    • Companies overestimate the organization's level of data literacy and data maturity. Why?
    • A lack of strategies in change management, continuous improvement & data literacy for data initiatives. Why?
    • A lack of expertise/leaders possessing these relevant soft skills (e.g. change management, etc.).

    As organizations strive to become more data-driven, most conversations around D&A emphasize hard skills. Soft skills like leadership and change management are equally crucial, and deficits there could be the root cause of the data team's inability to demonstrate improved business performance.

    Data cannot be fully leveraged without a cohesive data strategy

    Business strategy and data strategy are no longer separate entities.

    • For any chief data & analytics officer (CDAO) or equivalent data leader, a robust and comprehensive data strategy is the number one tool for generating measurable business value from data. Data leaders should understand what skills are required to achieve these goals, consider the current skills gap, and build development programs to help employees improve those skills.
    • Begin your skills development programs by ensuring you have a data strategy plan prepared. A data strategy should never be formulated independently from the business. Organizations with high data maturity will align such efforts to the needs of the business, making data a major part of the business strategy to achieve data centricity.
    • Refer to Info-Tech's Build a Robust and Comprehensive Data Strategy blueprint to ensure data can be leveraged as a strategic asset of the organization.

    Diagram of 'Data Strategy Maturity' with two arrangements of 'Data Strategy' and 'Business Strategy'. One is 'Aligned', the other is 'Data Centric.'

    Info-Tech Insight

    The process of achieving data centricity requires alignment between the data and business teams, and that requires soft skills.

    Follow Info-Tech's methodology to identify the roles and skills needed to execute a data strategy

    1. Define Key Roles and Skills

      Digital Leadership Skills, Soft Skills, Technical Skills
      Key Output
      • Defined essential competencies, responsibilities for some common data roles
    2. Uncover the Skills Gap

      Data Strategy Alignment, High-Level Data Maturity Assessment, Skills Gap Analysis
      Key Output
      • Data roles and skills aligned with your current data strategy
      • Identified current and target state of data skill sets
    3. Build an Actionable Plan

      Initiative Priority, Skills Growth Feasibility, Hiring Feasibility
      Key Output
      • Identified action plan to address the risk of data skills deficiency

    Info-Tech Insight

    Skills gaps are a frequently named obstacle to realizing corporate goals for D&A. Soft skills and technical skills are complementary, and a D&A team needs both to perform effectively. Identify the essential skills and the gap with current skills that fit your organization's data strategy to ensure the right skill is available at the right time and to minimize applicable risks.

    Research benefits

    Member benefits

    • Reduce time spent defining the target state of skill sets.
    • Gain ability to reassess the feasibility of execution on your data strategy, including resources and timeline.
    • Increase confidence in the data leader's ability to implement a successful skills development program that is aligned with the organization's data strategy, which correlates directly to successful business outcomes.

    Business benefits

    • Reduce time and cost spent hiring key data roles.
    • Increase chance of retaining high-quality data professionals.
    • Reduce time loss for delayed progress and rework of initiatives.
    • Optimize quality of data initiative implementation.
    • Improve data team productivity.

    Insight summary

    Overarching insight

    Skills gaps are a frequently named obstacle to realizing corporate goals for D&A. Soft skills and technical skills are complementary, and a D&A team needs both to perform effectively. Identify the essential skills and the gap with current skills that fit your organization's data strategy to ensure the right skill is available at the right time and to minimize applicable risks.

    Phase 1 insight

    Technological advancements will inevitably require new technical skills, but the most in-demand skills go beyond mastering the newest technologies. Soft skills are essential to data roles as the global workforce navigates the changes of the last few years.

    Phase 2 insight

    Understanding and knowing your organization's data maturity level is a prerequisite to assessing your current skill and determining where you must align in the future.

    Phase 3 insight

    One of the misconceptions that organizations have includes viewing skills development as a one-time effort. This leads to underinvestment in data team skills, risk of falling behind on technological changes, and failure to connect with business partners. Employees must learn to continuously adapt to the changing circumstances of D&A.

    While the program must be agile and dynamic to reflect technological improvements in the development of technical skills, the program should always be anchored in soft skills because data management is fundamentally about interaction, collaboration, and people.

    Tactical insight

    Seeking input and support across your business units can align stakeholders to focus on the right data analytics skills and build a data learning culture.

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    Guided Implementation

    Workshop

    Consulting

    "Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful." "Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track." "We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place." "Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project."

    Diagnostics and consistent frameworks used throughout all four options

    Guided Implementation

    A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization.

    A typical GI is four to six calls over the course of two to three months.

    What does a typical GI on this topic look like?

    Phase 1

    Phase 2

    Phase 3

    Call #1: Understand common data & analytics roles and skills, and your specific objectives and challenges. Call #2: Assess the current data maturity level and competency of skills set. Identify the skills gap. Call #3: Identify the relationship between current initiatives and capabilities. Initialize the corresponding roadmap for the data skills development program.

    Call #4: (follow-up call) Touching base to follow through and ensure that benefits have received.

    Identify and Build the Data & Analytics Skills Your Organization Needs

    Phase 1

    Define Key Roles and Skills

    Define Key Roles and Skills Uncover the Skills Gap Build an Actionable Plan

    This phase will walk you through the following activities:

    • 1.1 Review D&A Skill & Role List in Data & Analytics Assessment and Planning Tool

    This phase involves the following participants:

    • Data leads

    Key resources for your data strategy: People

    Having the right role is a key component for executing effective data strategy.

    D&A Common Roles

    • Data Steward
    • Data Custodian
    • Data Owner
    • Data Architect
    • Data Modeler
    • Artificial Intelligence (AI) and Machine Learning (ML) Specialist
    • Database Administrator
    • Data Quality Analyst
    • Security Architect
    • Information Architect
    • System Architect
    • MDM Administrator
    • Data Scientist
    • Data Engineer
    • Data Pipeline Developer
    • Data Integration Architect
    • Business Intelligence Architect
    • Business Intelligence Analyst
    • ML Validator

    AI and ML Specialist is projected to be the fastest-growing occupation in the next five years (World Economic Forum, 2023).

    While tech roles take an average of 62 days to fill, hiring a senior data scientist takes 70.5 days (Workable, 2019). Start your recruitment cycle early for this demand.

    D&A Leader Roles

    • Chief Data Officer (CDO)/Chief Data & Analytics Officer (CDAO)
    • Data Governance Lead
    • Data Management Lead
    • Information Security Lead
    • Data Quality Lead
    • Data Product Manager
    • Master Data Manager
    • Content and Record Manager
    • Data Literacy Manager

    CDOs act as impactful change agents ensuring that the organization's data management disciplines are running effectively and meeting the business' data needs. Only 12.0% of the surveyed organizations reported having a CDO as of 2012. By 2022, this percentage had increased to 73.7% (NewVantage Partners, 2022).

    Sixty-five percent of respondents said lack of data literacy is the top challenge CDOs face today (BearingPoint, 2020). It has become imperative for companies to consider building a data literacy program which will require a dedicated data literacy team.

    Key resources for your data strategy: Skill sets

    Distinguish between the three skills categories.

    • Soft Skills

      Soft skills are described as power skills regarding how you work, such as teamwork, communication, and critical thinking.
    • Digital Leadership Skills

      Not everyone working in the D&A field is expected to perform advanced analytical tasks. To thrive in increasingly data-rich environments, however, every data worker, including leaders, requires a basic technological understanding and skill sets such as AI, data literacy, and data ethics. These are digital leadership skills.
    • Technical Skills

      Technical skills are the practical skills required to complete a specific task. For example, data scientists and data engineers require programming skills to handle and manage vast amounts of data.

    Info-Tech Insight

    Technological advancements will inevitably require new technical skills, but the most in-demand skills go beyond mastering the newest technologies. Soft skills are essential to data roles as the global workforce navigates the changes of the last few years.

    Soft skills aren't just nice to have

    They're a top asset in today's data workplace.

    Leadership

    • Data leaders with strong leadership abilities can influence the organization's strategic execution and direction, support data initiatives, and foster data cultures. Organizations that build and develop leadership potential are 4.2 times more likely to financially outperform those that do not (Udemy, 2022).

    Business Acumen

    • The process of deriving conclusions and insights from data is ultimately utilized to improve business decisions and solve business problems. Possessing business acumen helps provide the business context and perspectives for work within data analytics fields.

    Critical Thinking

    • Critical thinking allows data leaders at every level to objectively assess a problem before making judgment, consider all perspectives and opinions, and be able to make decisions knowing the ultimate impact on results.

    Analytical Thinking

    • Analytical thinking remains the most important skill for workers in 2023 (World Economic Forum, 2023). Data analytics expertise relies heavily on analytical thinking, which is the process of breaking information into basic principles to analyze and understand the logic and concepts.

    Design Thinking & Empathy

    • Design thinking skills help D&A professionals understand and prioritize the end-user experience to better inform results and assist the decision-making process. Organizations with high proficiency in design thinking are twice as likely to be high performing (McLean & Company, 2022).

    Learning Focused

    • The business and data analytics fields continue to evolve rapidly, and the skills, especially technical skills, must keep pace. Learning-focused D&A professionals continuously learn, expanding their knowledge and enhancing their techniques.

    Change Management

    • Change management is essential, especially for data leaders who act as change agents developing and enabling processes and who assist others with adjusting to changes with cultural and procedural factors. Organizations with high change management proficiency are 2.2 times more likely to be high performing (McLean & Company, 2022).

    Resilience

    • Being motivated and adaptable is essential when facing challenges and high-pressure situations. Organizations highly proficient in resilience are 1.8 times more likely to be high performing (McLean & Company, 2022).

    Managing Risk & Governance Mindset

    • Risk management ability is not limited to highly regulated institutions. All data workers must understand risks from the larger organizational perspective and have a holistic governance mindset while achieving their individual goals and making decisions.

    Continuous Improvement

    • Continuously collecting feedback and reflecting on it is the foundation of continuous improvement. To uncover and track the lessons learned and treat them as opportunities, data workers must be able to discover patterns and connections.

    Teamwork & Collaboration

    • Value delivery in a data-centric environment is a team effort, requiring collaboration across the business, IT, and data teams. D&A experts with strong collaborative abilities can successfully work with other teams to achieve shared objectives.

    Communication & Active Listening

    • This includes communicating with relevant stakeholders about timelines and expectations of data projects and associated technology and challenges, paying attention to data consumers, understanding their requirements and needs, and other areas of interest to the organization.

    Technical skills for everyday excellence

    Digital Leadership Skills

    • Technological Literacy
    • Data and AI Literacy
    • Cloud Computing Literacy
    • Data Ethics
    • Data Translation

    Data & Analytics Technical Competencies

    • Data Mining
    • Programming Languages (Python, SQL, R, etc.)
    • Data Analysis and Statistics
    • Computational and Algorithmic Thinking
    • AI/ML Skills (Deep Learning, Computer Vision, Natural Language Processing, etc.)
    • Data Visualization and Storytelling
    • Data Profiling
    • Data Modeling & Design
    • Data Pipeline (ETL/ELT) Design & Management
    • Database Design & Management
    • Data Warehouse/Data Lake Design & Management

    1.1 Review D&A Skill & Role List in the Data & Analytics Assessment and Planning Tool

    Sample of Tab 2 in the Data & Analytics Assessment and Planning Tool.

    Tab 2. Skill & Role List

    Objective: Review the library of skills and roles and customize them as needed to align with your organization's language and specific needs.

    Download the Data & Analytics Assessment and Planning Tool

    Identify and Build the Data & Analytics Skills Your Organization Needs

    Phase 2

    Uncover the Skills Gap

    Define Key Roles and Skills Uncover the Skills Gap Build an Actionable Plan

    This phase will walk you through the following activities:

    • 2.1 High-level assessment of your present data management maturity
    • 2.2 Interview business and data leaders to clarify current skills availability
    • 2.3 Use the Data & Analytics Assessment and Planning Tool to Identify your skills gaps

    This phase involves the following participants:

    • Data leads
    • Business leads and subject matter experts (SMEs)
    • Key business stakeholders

    Identify skills gaps across the organization

    Gaps are not just about assigning people to a role, but whether people have the right skill sets to carry out tasks.

    • Now that you have identified the essential skills and roles in the data workplace, move to Phase 2. This phase will help you understand the required level of competency, assess where the organization stands today, and identify gaps to close.
    • Using the Data & Analytics Assessment and Planning Tool, start with areas that are given the highest priority through a high-level maturity assessment. From there, three levels of gaps will be found: whether people are assigned to a particular position, the right combination of D&A skill sets, and the right competency level for each skill.
    • Lack of talent assigned to a position

    • Lack of the right combination of D&A skill sets

    • Lack of appropriate competency level

    Info-Tech Insight

    Understanding your organization's data maturity level is a prerequisite to assessing the skill sets you have today and determining where you need to align in the future.

    2.1 High-level assessment of your present data management maturity

    Identifying and fixing skills gaps takes time, money, and effort. Focus on bridging the gap in high-priority areas.

    Input: Current state capabilities, Use cases (if applicable), Data culture diagnostic survey results (if applicable)
    Output: High-level maturity assessment, Prioritized list of data management focused area
    Materials: Data Management Assessment and Planning Tool (optional), Data & Analytics Assessment and Planning Tool
    Participants: Data leads, Business leads and subject matter experts (SMEs), Key business stakeholders

    Objectives:

    Prioritize these skills and roles based on your current maturity levels and what you intend to accomplish with your data strategy.

    Steps:

    1. (Optional Step) Refer to the Build a Robust and Comprehensive Data Strategy blueprint. You can assess your data maturity level using the following frameworks and methods:
      • Review current data strategy and craft use cases that represent high-value areas that must be addressed for their teams or functions.
      • Use the data culture assessment survey to determine your organization's data maturity level.
    2. (Optional Step) Refer to the Create a Data Management Roadmap blueprint and Data Management Assessment and Planning Tool to dive deep into understanding and assessing capabilities and maturity levels of your organization's data management enablers and understanding your priority areas and specific gaps.
    3. If you have completed Data Management Assessment and Planning Tool, fill out your maturity level scores for each of the data management practices within it - Tab 3 (Current-State Assessment). Skip Tab 4 (High-Level Maturity Assessment).
    4. If you have not yet completed Data Management Assessment and Planning Tool, skip Tab 3 and continue with Tab 4. Assign values 1 to 3 for each capability and enabler.
    5. You can examine your current-state data maturity from a high level in terms of low/mid/high maturity using either Tabs 3 or 4.
    6. Suggested focus areas along the data journey:
      • Low Maturity = Data Strategy, Data Governance, Data Architecture
      • Mid Maturity = Data Literacy, Information Management, BI and Reporting, Data Operations Management, Data Quality Management, Data Security/Risk Management
      • High Maturity = MDM, Data Integration, Data Product and Services, Advanced Analytics (ML & AI Management).

    Download the Data & Analytics Assessment and Planning Tool

    2.2 Interview business and data leaders to clarify current skills availability

    1-2 hours per interview

    Input: Sample questions targeting the activities, challenges, and opportunities of each unit
    Output: Identified skills availability
    Materials: Whiteboard/Flip charts, Data & Analytics Assessment and Planning Tool
    Participants: Data leads, Business leads and subject matter experts (SMEs), Key business stakeholders

    Instruction:

    1. Conduct a deep-dive interview with each key data initiative stakeholder (data owners, SMEs, and relevant IT/Business department leads) who can provide insights on the skill sets of their team members, soliciting feedback from business and data leaders about skills and observations of employees as they perform their daily tasks.
    2. Populate a current level of competency for each skill in the Data & Analytics Assessment and Planning Tool in Tabs 5 and 6. Having determined your data maturity level, start with the prioritized data management components (e.g. if your organization sits at low data maturity level, start with identifying relevant positions and skills under data governance, data architecture, and data architecture elements).
    3. More detailed instructions on how to utilize the workbook are at the next activity.

    Key interview questions that will help you :

    1. Do you have personnel assigned to the role? What are their primary activities? Do the personnel possess the soft and technical skills noted in the workbook? Are you satisfied with their performance? How would you evaluate their degree of competency on a scale of "vital, important, nice to have, or none"? The following aspects should be considered when making the evaluation:
      • Key Performance Indicators (KPIs): Business unit data will show where the organization is challenged and will help identify potential areas for development.
      • Project Management Office: Look at successful and failed projects for trends in team traits and competencies.
      • Performance Reviews: Look for common themes where employees excel or need to improve.
      • Focus Groups: Speak with a cross section of employees to understand their challenges.
    2. What technology is currently used? Are there requirements for new technology to be bought and/or optimized in the future? Will the workforce need to increase their skill level to carry out these activities with the new technology in place?

    Download the Data & Analytics Assessment and Planning Tool

    2.3 Use the Data & Analytics Assessment and Planning Tool to identify skills gaps

    1-3 hours — Not everyone needs the same skill levels.

    Input: Current skills competency, Stakeholder interview results and findings
    Output: Gap identification and analysis
    Materials: Data & Analytics Assessment and Planning Tool
    Participants: Data leads

    Instruction:

    1. Select your organization's data maturity level in terms of Low/Mid/High in cell A6 for both Tab 5 (Soft Skills Assessment) and Tab 6 (Technical Skills Assessment) to reduce irrelevant rows.
    2. Bring together key business stakeholders (data owners, SMEs, and relevant IT custodians) to determine whether the data role exists in the organization. If yes, assign a current-state value from “vital, important, nice to have, or none” for each skill in the assessment tool. Info-Tech has specified the desired/required target state of each skill set.
    3. Once you've assigned the current-state values, the tool will automatically determine whether there is a gap in skill set.

    Download the Data & Analytics Assessment and Planning Tool

    Identify and Build the Data & Analytics Skills Your Organization Needs

    Phase 3

    Build an Actionable Plan

    Define Key Roles and Skills Uncover the Skills Gap Build an Actionable Plan

    This phase will walk you through the following activities:

    • 3.1 Use the Data & Analytics Assessment and Planning Tool to build your actionable roadmap

    This phase involves the following participants:

    • Data leads
    • Business leads and subject matter experts (SMEs)
    • Key business stakeholders

    Determine next steps and decision points

    There are three types of internal skills development strategies

    • There are three types of internal skills development strategies organizations can use to ensure the right people with the right abilities are placed in the right roles: reskill, upskill, and new hire.
    1. Reskill

      Reskilling involves learning new skills for a different or newly defined position.
    2. Upskill

      Upskilling involves building a higher level of competency in skills to improve the worker's performance in their current role.
    3. New hire

      New hire involves hiring workers who have the essential skills to fill the open position.

    Info-Tech Insight

    One of the misconceptions that organizations have includes viewing skills development as a one-time effort. This leads to underinvestment in data team skills, risk of falling behind on technological changes, and failure to connect with business partners. Employees must learn to continuously adapt to the changing circumstances of D&A. While the program must be agile and dynamic to reflect technological improvements in the development of technical skills, the program should always be anchored in soft skills because data management is fundamentally about interaction, collaboration, and people.

    How to determine when to upskill, reskill, or hire to meet your skills needs

    Reskill

    Reskilling often indicates a change in someone's career path, so this decision requires a goal aligned with both individuals and the organization to establish a mutually beneficial situation.

    When making reskilling decisions, organizations should also consider the relevance of the skill for different positions. For example, data administrators and data architects have similar skill sets, so reskilling is appropriate for these employees.

    Upskill

    Upskilling tends to focus more on the soft skills necessary for more advanced positions. A data strategy lead, for example, might require design thinking training, which enables leaders to think from different perspectives.

    Skill growth feasibility must also be considered. Some technical skills, particularly those involving cutting-edge technologies, require continual learning to maintain operational excellence. For example, a data scientist may require AI/ML skills training to incorporate use of modern automation technology.

    New Hire

    For open positions and skills that are too resource-intensive to reskill or upskill, it makes sense to recruit new employees. Consider, however, time and cost feasibility of hiring. Some positions (e.g. senior data scientist) take longer to fill. To minimize risks, coordinate with your HR department and begin recruiting early.

    Data & Analytics skills training

    There are various learning methods that help employees develop priority competencies to achieve reskilling or upskilling.

    Specific training

    The data team can collaborate with the human resources department to plan and develop internal training sessions aimed at specific skill sets.

    This can also be accomplished through external training providers such as DCAM, which provides training courses on data management and analytics topics.

    Formal education program

    Colleges and universities can equip students with data analytics skills through formal education programs such as MBAs and undergraduate or graduate degrees in Data Science, Machine Learning, and other fields.

    Certification

    Investing time and effort to obtain certifications in the data & analytics field allows data workers to develop skills and gain recognition for continuous learning and self-improvement.

    AWS Data Analytics and Tableau Data Scientist Certification are two popular data analytics certifications.

    Online learning from general providers

    Some companies offer online courses in various subjects. Coursera and DataCamp are two examples of popular providers.

    Partner with a vendor

    The organization can partner with a vendor who brings skills and talents that are not yet available within the organization. Employees can benefit from the collaboration process by familiarizing themselves with the project and enhancing their own skills.

    Support from within your business

    The data team can engage with other departments that have previously done skills development programs, such as Finance and Change & Communications, who may have relevant resources to help you improve your business acumen and change management skills.

    Info-Tech Insight

    Seeking input and support across your business units can align stakeholders to focus on the right data analytics skills and build a data learning culture.

    Data & Analytics skills reinforcement

    Don't assume learners will immediately comprehend new knowledge. Use different methods and approaches to reinforce their development.

    Innovation Space

    • Skills development is not a one-time event, but a continuous process during which innovation should be encouraged. A key aspect of being innovative is having a “fail fast” mentality, which means collecting feedback, recognizing when something isn't working, encouraging experimentation, and taking a different approach with the goal of achieving operational excellence.
    • Human-centered design (HCD) also yields innovative outcomes with a people-first focus. When creating skills development programs for various target groups, organizations should integrate a human-centered approach.

    Commercial Lens

    • Exposing people to a commercial way of thinking can add long-term value by educating people to act in the business' best interest and raising awareness of what other business functions contribute. This includes concepts such as project management, return on investment (ROI), budget alignment, etc.

    Checklists/Rubrics

    • Employees should record what they learn so they can take the time to reflect. A checklist is an effective technique for establishing objectives, allowing measurement of skills development and progress.

    Buddy Program

    • A buddy program helps employees gain and reinforce knowledge and skills they have learned through mutual support and information exchange.

    Align HR programs to support skills integration and talent recruitment

    With a clear idea of skills needs and an executable strategy for training and reinforcing of concepts, HR programs and processes can help the data team foster a learning environment and establish a recruitment plan. The links below will direct you to blueprints produced by McLean & Company, a division of Info-Tech Research Group.

    Workforce Planning

    When integrating the skills of the future into workforce planning, determine the best approach for addressing the identified talent gaps – whether to build, buy, or borrow.

    Integrate the future skills identified into the organization's workforce plan.

    Talent Acquisition

    In cases where employee development is not feasible, the organization's talent acquisition strategy must focus more on buying or borrowing talent. This will impact the TA process. For example, sourcing and screening must be updated to reflect new approaches and skills.

    If you have a talent acquisition strategy, assess how to integrate the new roles/skills into recruiting.

    Competencies/Succession Planning

    Review current organizational core competencies to determine if they need to be modified. New skills will help inform critical roles and competencies required in succession talent pools.

    If no competency framework exists, use McLean & Company's Develop a Comprehensive Competency Framework blueprint.

    Compensation

    Evaluate modified and new roles against the organization's compensation structure. Adjust them as necessary. Look at market data to understand compensation for new roles and skills.

    Reassess your base pay structure according to market data for new roles and skills.

    Learning and Development

    L&D plays a huge role in closing the skills gap. Build L&D opportunities to support development of new skills in employees.

    Design an Impactful Employee Development Program to build the skills employees need in the future.

    3.1 Use the Data & Analytics Assessment and Planning Tool to build an actionable plan

    1-3 hours

    Input: Roles and skills required, Key decision points
    Output: Actionable plan
    Materials: Data & Analytics Assessment and Planning Tool
    Participants: Data leads, Business leads and subject matter experts (SMEs), Key business stakeholders

    Instruction:

    1. On Tab 7 (Next Steps & Decision Points), you will find a list of tasks that correspond to roles that where there is a skills gap.
    2. Customize this list of tasks initiatives according to your needs.
    3. The Gantt chart, which will be generated automatically after assigning start and finish dates for each activity, can be used to structure your plan and guarantee that all the main components of skills development are addressed.

    Sample of Tab 7 in the Data & Analytics Assessment and Planning Tool.

    Download the Data & Analytics Assessment and Planning Tool

    Related Info-Tech Research

    Sample of the Create a Data Management Roadmap blueprint.

    Create a Data Management Roadmap

    • This blueprint will help you design a data management practice that will allow your organization to use data as a strategic enabler.

    Stock image of a person looking at data dashboards on a tablet.

    Build a Robust and Comprehensive Data Strategy

    • Put a strategy in place to ensure data is available, accessible, well-integrated, secured, of acceptable quality, and suitably visualized to fuel organization-wide decision making. Start treating data as strategic and corporate asset.

    Sample of the Foster Data-Driven Culture With Data Literacy blueprint.

    Foster Data-Driven Culture With Data Literacy

    • By thoughtfully designing a data literacy training program appropriate to the audience's experience, maturity level, and learning style, organizations build a data-driven and engaged culture that helps them unlock their data's full potential and outperform other organizations.

    Research Authors and Contributors

    Authors:

    Name Position Company
    Ruyi Sun Research Specialist Info-Tech Research Group

    Contributors:

    Name Position Company
    Steve Wills Practice Lead Info-Tech Research Group
    Andrea Malick Advisory Director Info-Tech Research Group
    Annabel Lui Principal Advisory Director Info-Tech Research Group
    Sherwick Min Technical Counselor Info-Tech Research Group

    Bibliography

    2022 Workplace Learning Trends Report.” Udemy, 2022. Accessed 20 June 2023.

    Agrawal, Sapana, et al. “Beyond hiring: How companies are reskilling to address talent gaps.” McKinsey & Company, 12 Feb. 2020. Accessed 20 June 2023.

    Bika, Nikoletta. “Key hiring metrics: Useful benchmarks for tech roles.” Workable, 2019. Accessed 20 June 2023.

    Chroust, Tomas. “Chief Data Officer – Leaders of data-driven enterprises.” BearingPoint, 2020. Accessed 20 June 2023.

    “Data and AI Leadership Executive Survey 2022.” NewVantage Partners, Jan 2022. Accessed 20 June 2023.

    Dondi, Marco, et al. “Defining the skills citizens will need in the future world of work.” McKinsey & Company, June 2021. Accessed 20 June 2023.

    Futschek, Gerald. “Algorithmic Thinking: The Key for Understanding Computer Science.” Lecture Notes in Computer Science, vol. 4226, 2006.

    Howard, William, et al. “2022 HR Trends Report.” McLean & Company, 2022. Accessed 20 June 2023.

    “Future of Jobs Report 2023.” World Economic Forum, May 2023. Accessed 20 June 2023.

    Knight, Michelle. “What is Data Ethics?” Dataversity, 19 May 2021. Accessed 20 June 2023.

    Little, Jim, et al. “The CIO Imperative: Is your technology moving fast enough to realize your ambitions?” EY, 22 Apr. 2022. Accessed 20 June 2023.

    “MDM Roles and Responsibilities.” Profisee, April 2019. Accessed 20 June 2023.

    “Reskilling and Upskilling: A Strategic Response to Changing Skill Demands.” TalentGuard, Oct. 2019. Accessed 20 June 2023.

    Southekal, Prashanth. “The Five C's: Soft Skills That Every Data Analytics Professional Should Have.” Forbes, 17 Oct. 2022. Accessed 20 June 2023.

    Business Intelligence and Reporting

    • Buy Link or Shortcode: {j2store}6|cart{/j2store}
    • Related Products: {j2store}6|crosssells{/j2store}
    • member rating overall impact: 8.9/10
    • member rating average dollars saved: $45,792
    • member rating average days saved: 29
    • Parent Category Name: Data and Business Intelligence
    • Parent Category Link: /improve-your-core-processes/data-and-business-intelligence

    The challenge

    • Your business partners need an environment that facilitates flexible data delivery.
    • Your data and BI strategy must continuously adapt to new business realities and data sources to stay relevant.
    • The pressure to go directly to the solution design is high.  

    Our advice

    Insight

    • A BI initiative is not static. It must be treated as a living platform to adhere to changing business goals and objectives. Only then will it support effective decision-making.
    • Hear the voice of the business; that is the "B" in BI.
    • Boys and their toys... The solution to better intelligence often lies not in the tool but the BI practices.
    • Build a roadmap that starts with quick-wins to establish base support for your initiative.

    Impact and results 

    • Use the business goals and objectives to drive your BI initiatives.
    • Focus first on what you already have in your company's business intelligence landscape before investing in a new tool that will only complicate things.
    • Understand the core of what your users need by leveraging different approaches to pinpointing BI capabilities.
    • Create a roadmap that details the iterative deliveries of your business intelligence initiative. Show both the short and long term.

    The roadmap

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    Get started

    Our concise executive brief shows why you should create or refresh your business intelligence (BI) strategy. We'll show you our methodology and the ways we can help you in handling this.

    Upon ordering you receive the complete guide with all files zipped.

    Understand your business context and BI landscape

    Understand critical business information and analyze your current business intelligence landscape.

    • Build a Next-Generation BI with a Game-Changing BI Strategy – Phase 1: Understand the Business Context and BI Landscape (ppt)
    • BI Strategy and Roadmap Template (doc)
    • BI End-User Satisfaction Survey Framework (ppt)

    Evaluate your current business intelligence practices

    Assess your current maturity level and define the future state.

    • Build a Next-Generation BI with a Game-Changing BI Strategy – Phase 2: Evaluate the Current BI Practice (ppt)
    • BI Practice Assessment Tool – Example 1 (xls)
    • BI Practice Assessment Tool – Example 2 (xls)

    Create your BI roadmap

    Create business intelligence focused initiatives for continuous improvement.

    • Build a Next-Generation BI with a Game-Changing BI Strategy – Phase 3: Create a BI Roadmap for Continuous Improvement (ppt)
    • BI Initiatives and Roadmap Tool (xls)
    • BI Strategy and Roadmap Executive Presentation Template (ppt)

     

    Optimize Your SQA Practice Using a Full Lifecycle Approach

    • Buy Link or Shortcode: {j2store}405|cart{/j2store}
    • member rating overall impact: 10.0/10 Overall Impact
    • member rating average dollars saved: After each Info-Tech experience, we ask our members to quantify the real-time savings, monetary impact, and project improvements our research helped them achieve.
    • member rating average days saved: Read what our members are saying
    • Parent Category Name: Testing, Deployment & QA
    • Parent Category Link: /testing-deployment-and-qa
    • Your software quality assurance (SQA) program is using the wrong set of metrics to measure how process improvements influence product quality improvements.
    • Roles & responsibilities and quality assurance initiatives are not well defined and need to be allocated to individuals that can be held responsible for quality-related issues.
    • You are finding it hard to determine a causation between SQA process improvements and an improvement in product quality.

    Our Advice

    Critical Insight

    • Your product is only as good as your process. A robust development and SQA process creates artifacts that are highly testable, easily maintained, and strongly traceable across the development lifecycle, ensuring that the product delivered meets expectations set out by the business.
    • A small issue within your development process can have a ripple effect on the level of product quality. Discover what you don’t know and identify areas within your SQA practice that require attention.

    Impact and Result

    • SQA must be viewed as more than defect analysis and testing. Instead, place greater emphasis on preventative measures to ensure application quality across the entire development lifecycle.
    • IT must create a comprehensive SQA plan that delineates roles and responsibilities as they relate to quality assurance. Ensure tasks and procedures improve process efficiency and quality, and formalize metrics that help to implement a continuous improvement cycle for SQA.
    • Our methodology provides simple-to-follow steps to develop an SQA plan that provides clear insight into your current quality assurance practices.
    • Establish a synchronous relationship between the business and IT to help stakeholders understand the importance and relative value of quality assurance tasks to current costs.

    Optimize Your SQA Practice Using a Full Lifecycle Approach Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should optimize your SQA practice using a full lifecycle approach, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Assess your current SQA capabilities

    Evaluate and understand your current SQA capabilities, as well as the degree to which metric objectives are being met.

    • Optimize Your SQA Practice Using a Full Lifecycle Approach – Phase 1: Assess Your Current SQA Capabilities
    • Software Quality Assurance Current State Assessment Tool
    • Software Quality Assurance Assessment Workbook

    2. Define SQA target state processes

    Identify and define SQA processes and metrics needed to meet quality objectives set by development teams and the business.

    • Optimize Your SQA Practice Using a Full Lifecycle Approach – Phase 2: Define SQA Target State Processes

    3. Determine optimization initiatives for improving your SQA practice

    Build your SQA plan and optimization roadmap.

    • Optimize Your SQA Practice Using a Full Lifecycle Approach – Phase 3: Determine Optimization Initiatives
    • Software Quality Assurance Plan Template
    • Software Quality Assurance Optimization Roadmap Tool
    • Software Quality Assurance Communication Template
    [infographic]

    Workshop: Optimize Your SQA Practice Using a Full Lifecycle Approach

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Assess Your Current SQA Capabilities

    The Purpose

    To help you assess and understand your current SQA capabilities as well as the degree to which metric objectives are being met.

    Key Benefits Achieved

    An analysis of current SQA practices to provide insight into potential inefficiencies, opportunities, and to provide the business with sufficient rationale for improving current quality assurance initiatives.

    Activities

    1.1 Conduct a high-level assessment of where to focus your current state analysis.

    1.2 Document your high-level development process.

    1.3 Create a RACI chart to understand roles and responsibilities.

    1.4 Perform a SIPOC-MC analysis for problem areas identified in your SDLC.

    1.5 Identify the individual control points involved with passing software artifacts through SDLC stages being assessed.

    1.6 Identify problem areas within your SDLC as they relate to SQA.

    Outputs

    Understanding of current overall development process and where it is most weak in the context of quality assurance

    Understanding of assigned roles and responsibilities across development teams, including individuals who are involved with making quality-related decisions for artifact hand-off

    Identification of problem areas within SQA process for further analysis

    2 Define SQA Target State Processes

    The Purpose

    To help you identify and define SQA processes and metrics needed to meet quality objectives set out by development teams and the business.

    Key Benefits Achieved

    A revised list of key SQA tasks along with metrics and associated tolerance limits used universally for all development projects.

    Activities

    2.1 Establish SQA metrics and tolerance limits across your SDLC.

    2.2 Determine your target state for SQA processes within the define/design stage of the SDLC.

    2.3 Determine your target state for SQA processes within the development stage of the SDLC.

    2.4 Determine your target state for SQA processes within the testing stage of the SDLC.

    2.5 Determine your target state for SQA processes within the deploy/release stage of the SDLC.

    Outputs

    Identification of the appropriate metrics and their associated tolerance limits to provide insights into meeting quality goals and objectives during process execution

    Identification of target state SQA processes that are required for ensuring quality across all development projects

    3 Prioritize SQA Optimization Initiatives and Develop Optimization Roadmap

    The Purpose

    Based on discovered inefficiencies, define optimization initiatives required to improve your SQA practice.

    Key Benefits Achieved

    Optimization initiatives and associated tasks required to address gaps and improve SQA capabilities.

    Activities

    3.1 Determine optimization initiatives for improving your SQA process.

    3.2 Gain the full scope of effort required to implement your SQA optimization initiatives.

    3.3 Identify the enablers and blockers of your SQA optimization.

    3.4 Define your SQA optimization roadmap.

    Outputs

    Prioritized list of optimization initiatives for SQA

    Assessment of level of effort for each SQA optimization initiative

    Identification of enablers and blockers for optimization initiatives

    Identification of roadmap timeline for implementing optimization initiatives

    Select a Security Outsourcing Partner

    • Buy Link or Shortcode: {j2store}246|cart{/j2store}
    • member rating overall impact: 8.8/10 Overall Impact
    • member rating average dollars saved: $13,739 Average $ Saved
    • member rating average days saved: 8 Average Days Saved
    • Parent Category Name: Security Processes & Operations
    • Parent Category Link: /security-processes-and-operations
    • Most organizations do not have a clear understanding of their current security posture, their security goals, and the specific security services they require. Without a clear understanding of their needs, organizations may struggle to identify a partner that can meet their requirements.
    • Breakdowns and lack of communication can be a significant obstacle, especially when clear lines of communication with partners, including regular check-ins, reporting, and incident response protocols, have not been clearly established.
    • Ensuring that security partners’ systems and processes integrate seamlessly with existing systems can be a challenge for most organizations in addition to making sure that security partners have the necessary access and permissions to perform their services effectively.
    • Adhering to security policies is rarely a priority to users as compliance often feels like an interference to daily workflow. For a lot of organizations, security policies are not having the desired effect.

    Our Advice

    Critical Insight

    • You can outsource your responsibilities but not your accountability.
    • Be aware that in most cases, the traditional approach is more profitable to MSSPs, and they may push you toward one, so make sure you get the service you want, not what they prescribe.

    Impact and Result

    • Determine which security responsibilities can be outsourced and which should be insourced and the right procedure to outsourcing to gain cost savings, improve resource allocation, and boost your overall security posture.

    Select a Security Outsourcing Partner Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Select a Security Outsourcing Partner Storyboard – A guide to help you determine your requirements and select and manage your security outsourcing partner.

    Our systematic approach will ensure that the correct procedure for selecting a security outsourcing partner is implemented. This blueprint will help you build and implement your security policy program by following our three-phase methodology: determine what to outsource, select the right MSSP, and manage your MSSP.

    • Select a Security Outsourcing Partner – Phases 1-3

    2. MSSP RFP Template – A customizable template to help you choose the right security service provider.

    This modifiable template is designed to introduce consistency and outline key requirements during the request for proposal phase of selecting an MSSP.

    • MSSP RFP Template

    Infographic

    Further reading

    Select a Security Outsourcing Partner

    Outsource the right functions to secure your business.

    Analyst Perspective

    Understanding your security needs and remaining accountable is the key to selecting the right partner.

    The need for specialized security services is fast becoming a necessity to most organizations. However, resource challenges will always mean that organizations will still have to take practical measures to ensure that the time, quality, and service that they require from outsourcing partners have been carefully crafted and packaged to elicit the right services that cover all their needs and requirements.

    Organizations must ensure that security partners are aligned not only with their needs and requirements, but also with the corporate culture. Rather than introducing hindrances to daily operations, security partners must support business goals and protect the organization’s interests at all times.

    And as always, outsource only your responsibilities and do not outsource your accountability, as that will cost you in the long run.

    Photo of Danny Hammond
    Danny Hammond
    Research Analyst
    Security, Risk, Privacy & Compliance Practice
    Info-Tech Research Group

    Executive Summary

    Your Challenge

    A lack of high-skill labor increases the cost of internal security, making outsourcing more appealing.

    A lack of time and resources prevents your organization from being able to enable security internally.

    Due to a lack of key information on the subject, you are unsure which functions should be outsourced versus which functions should remain in-house.

    Having 24/7/365 monitoring in-house is not feasible for most firms.

    There is difficulty measuring the effectiveness of managed security service providers (MSSPs).

    Common Obstacles

    InfoSec leaders will struggle to select the right outsourcing partner without knowing what the organization needs, such as:

    • How to start the process to select the right service provider that will cover your security needs. With so many service providers and technology tools in this field, who is the right partner?
    • Where to obtain guidance on externalization of resources or maintaining internal posture to enable to you confidently select an outsourcing partner.

    InfoSec leaders must understand the business environment and their own internal security needs before they can select an outsourcing partner that fits.

    Info-Tech’s Approach

    Info-Tech’s Select a Security Outsourcing Partner takes a multi-faceted approach to the problem that incorporates foundational technical elements, compliance considerations, and supporting processes:

    • Determine which security responsibilities can be insourced and which should be outsourced, and the right procedure to outsourcing in order to gain cost savings, improve resource allocation, and boost your overall security posture.
    • Understand the current landscape of MSSPs that are available today and the features they offer.
    • Highlight the future financial obligations of outsourcing vs. insourcing to explain which method is the most cost-effective.

    Info-Tech Insight

    Mitigate security risks by developing an end-to-end process that ensures you are outsourcing your responsibilities and not your accountability.

    Your Challenge

    This research is designed to help organizations select an effective security outsourcing partner.

    • A security outsourcing partner is a third-party service provider that offers security services on a contractual basis depending on client needs and requirements.
    • An effective outsourcing partner can help an organization improve its security posture by providing access to more specialized security experts, tools, and technologies.
    • One of the main challenges with selecting a security outsourcing partner is finding a partner that is a good fit for the organization's unique security needs and requirements.
    • Security outsourcing partners typically have access to sensitive information and systems, so proper controls and safeguards must be in place to protect all sensitive assets.
    • Without careful evaluation and due diligence to ensure that the partner is a good fit for the organization's security needs and requirements, it can be challenging to select an outsourcing partner.

    Outsourcing is effective, but only if done right

    • 83% of decision makers with in-house cybersecurity teams are considering outsourcing to an MSP (Syntax, 2021).
    • 77% of IT leaders said cyberattacks were more frequent (Syntax, 2021).
    • 51% of businesses suffered a data breach caused by a third party (Ponemon, 2021).

    Common Obstacles

    The problem with selecting an outsourcing partner isn’t a lack of qualified partners, it’s the lack of clarity about an organization's specific security needs.

    • Most organizations do not have a clear understanding of their current security posture, their security goals, and the specific security services they require. Without a clear understanding of their needs, organizations may struggle to identify a partner that can meet their requirements.
    • Breakdowns and lack of communication can be a significant obstacle, especially when clear lines of communication with partners, including regular check-ins, reporting, and incident response protocols, have not been clearly established.
    • Ensuring that security partner's systems and processes integrate seamlessly with existing systems can be a challenge for most organizations. This is in addition to making sure that security partners have the necessary access and permissions to perform their services effectively.
    • Adhering to security policies is rarely a priority to users, as compliance often feels like an interference to daily workflow. For a lot of organizations, security policies are not having the desired effect.

    A diagram that shows Average cost of a data breach from 2019 to 2022.
    Source: IBM, 2022 Cost of a Data Breach; N=537.


    Reaching an all-time high, the cost of a data breach averaged US$4.35 million in 2022. This figure represents a 2.6% increase from 2021, when the average cost of a breach was US$4.24 million. The average cost has climbed 12.7% since 2020.

    Info-Tech’s methodology for selecting a security outsourcing partner

    Determine your responsibilities

    Determine what responsibilities you can outsource to a service partner. Analyze which responsibilities you should outsource versus keep in-house? Do you require a service partner based on identified responsibilities?

    Scope your requirements

    Refine the list of role-based requirements, variables, and features you will require. Use a well-known list of critical security controls as a framework to determine these activities and send out RFPs to pick the best candidate for your organization.

    Manage your outsourcing program

    Adopt a program to manage your third-party service security outsourcing. Trust your managed security service providers (MSSP) but verify their results to ensure you get the service level you were promised.

    Select a Security Outsourcing Partner

    A diagram that shows your organization responsibilities & accountabilities, framework for selecting a security outsourcing partner, and benefits.

    Blueprint benefits

    IT/InfoSec Benefits

    Reduces complexity within the MSSP selection process by highlighting all the key steps to a successful selection program.

    Introduces a roadmap to clearly educate about the do’s and don’ts of MSSP selection.

    Reduces costs and efforts related to managing MSSPs and other security partners.

    Business Benefits

    Assists with selecting outsourcing partners that are essential to your organization’s objectives.

    Integrates outsourcing into corporate culture, leveraging organizational requirements while maximizing value of outsourcing.

    Reduces security outsourcing risk.

    Insight summary

    Overarching insight: You can outsource your responsibilities but not your accountability.

    Determine what to outsource: Assess your responsibilities to determine which ones you can outsource. It is vital that an understanding of how outsourcing will affect the organization, and what cost savings, if any, to expect from outsourcing is clear in order to generate a list of responsibilities that can/should be outsourced.

    Select the right partner: Create a list of variables to evaluate the MSSPs and determine which features are important to you. Evaluate all potential MSSPs and determine which one is right for your organization

    Manage your MSSP: Align the MSSP to your organization. Adopt a program to monitor the MSSP which includes a long-term strategy to manage the MSSP.

    Identifying security needs and requirements = Effective outsourcing program: Understanding your own security needs and requirements is key. Ensure your RFP covers the entire scope of your requirements; work with your identified partner on updates and adaptation, where necessary; and always monitor alignment to business objectives.

    Measure the value of this blueprint

    Phase

    Purpose

    Measured Value

    Determine what to outsource Understand the value in outsourcing and determining what responsibilities can be outsourced. Cost of determining what you can/should outsource:
    • 120 FTE hours at $90K per year = $5,400
    Cost of determining the savings from outsourcing vs. insourcing:
    • 120 FTE hours at $90K per year = $5,400
    Select the right partner Select an outsourcing partner that will have the right skill set and solution to identified requirements. Cost of ranking and selecting your MSSPs:
    • 160 FTE hours at $90K per year = $7,200
    Cost of creating and distributing RFPs:
    • 200 FTE hours at $90K per year = $9,000
    Manage your third-party service security outsourcing Use Info-Tech’s methodology and best practices to manage the MSSP to get the best value. Cost of creating and implementing a metrics program to manage the MSSP:
    • 80 FTE hours at $90K per year = $3,600

    After each Info-Tech experience, we ask our members to quantify the real-time savings, monetary impact, and project improvements our research helped them achieve.

    Overall Impact: 8.9 /10

    Overall Average Cost Saved: $22,950

    Overall Average Days Saved: 9

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit
    "Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful."

    Guided Implementation
    "Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track."

    Workshop
    "We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place."

    Consulting
    "Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project."

    Diagnostics and consistent frameworks are used throughout all four options.

    Prepare for Post-Quantum Cryptography

    • Buy Link or Shortcode: {j2store}268|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Security Processes & Operations
    • Parent Category Link: /security-processes-and-operations
    • Fault-tolerant quantum computers, capable of breaking existing encryption algorithms and cryptographic systems, are widely expected to be available sooner than originally projected.
    • Data considered secure today may already be at risk due to the threat of harvest-now-decrypt-later schemes.
    • Many current security controls will be completely useless, including today's strongest encryption techniques.

    Our Advice

    Critical Insight

    The advent of quantum computing is closer than you think: some nations have already demonstrated capability with the potential to break current asymmetric-key encryption. Traditional encryption methods will no longer provide sufficient protection. You need to act now to begin your transformation to quantum-resistant encryption.

    Impact and Result

    • Developing quantum-resistant cryptography capabilities is crucial to maintaining data security and integrity for critical applications.
    • Organizations need to act now to begin their transformation to quantum-resistant encryption.
    • Data security (especially for sensitive data) should be an organization’s top priority. Organizations with particularly critical information need to be on top of this quantum movement.

    Prepare for Post-Quantum Cryptography Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Prepare for Post-Quantum Cryptography Storyboard – Research to help organizations to prepare and implement quantum-resistance cryptography solutions.

    Developing quantum-resistant cryptography capabilities is crucial to maintaining data security and integrity for critical applications. Organizations need to act now to begin their transformation to quantum-resistant encryption.

    • Prepare for Post-Quantum Cryptography Storyboard
    [infographic]

    Further reading

    Prepare for Post-Quantum Cryptography

    It is closer than you think, and you need to act now.

    Analyst Perspective

    It is closer than you think, and you need to act now.

    The quantum realm presents itself as a peculiar and captivating domain, shedding light on enigmas within our world while pushing the boundaries of computational capabilities. The widespread availability of quantum computers is expected to occur sooner than anticipated. This emerging technology holds the potential to tackle valuable problems that even the most powerful classical supercomputers will never be able to solve. Quantum computers possess the ability to operate millions of times faster than their current counterparts.

    As we venture further into the era of quantum mechanics, organizations relying on encryption must contemplate a future where these methods no longer suffice as effective safeguards. The astounding speed and power of quantum machines have the potential to render many existing security measures utterly ineffective, including the most robust encryption techniques used today. To illustrate, a task that currently takes ten years to crack through a brute force attack could be accomplished by a quantum computer in under five minutes.

    Amid this transition into a quantum future, the utmost priority for organizations remains data security, particularly safeguarding sensitive information. Organizations must proactively prepare for the development of countermeasures and essential resilience measures to attain a state of being "quantum safe."

    This is a picture of Alan Tang

    Alan Tang
    Principal Research Director, Security and Privacy
    Info-Tech Research Group

    Executive Summary

    Your Challenge

    • Anticipated advancements in fault-tolerant quantum computers, surpassing existing encryption algorithms and cryptographic systems, are expected to materialize sooner than previously projected. The timeframe for their availability is diminishing daily.
    • Data that is presently deemed secure faces potential vulnerability due to the emergence of harvest-now-decrypt-later strategies.
    • Numerous contemporary security controls, including the most robust encryption techniques, have become obsolete and offer little efficacy.

    Common Obstacles

    • The complexity involved makes it challenging for organizations to incorporate quantum-resistant cryptography into their current IT infrastructure.
    • The endeavor of transitioning to quantum-resilient cryptography demands significant effort and time, with the specific requirements varying for each organization.
    • A lack of comprehensive understanding regarding the cryptographic technologies employed in existing IT systems poses difficulties in identifying and prioritizing systems for upgrading to post-quantum cryptography.

    Info-Tech's Approach

    • The development of quantum-resistant cryptography capabilities is essential for safeguarding the security and integrity of critical applications.
    • Organizations must proactively initiate their transition toward quantum-resistant encryption to ensure data protection.
    • Ensuring the security of corporate data assets should be of utmost importance for organizations, with special emphasis on those possessing highly critical information in light of the advancements in quantum technology.

    Info-Tech Insight

    The advent of quantum computing (QC) is closer than you think: some nations have demonstrated capability with the potential to break current asymmetric-key encryption. Traditional encryption methods will no longer be sufficient as a means of protection. You need to act now to begin your transformation to quantum-resistant encryption.

    Evolvement of QC theory and technologies

    1900-1975

    1976-1997

    1998-2018

    2019-Now

    1. 1900: Max Planck – The energy of a particle is proportional to its frequency: E = hv, where h is a relational constant.
    2. 1926: Erwin Schrödinger – Since electrons can affect each other's states, their energies change in both time and space. The total energy of a particle is expressed as a probability function.
    1. 1976: Physicist Roman Stanisław Ingarden publishes the paper "Quantum Information Theory."
    2. 1980: Paul Benioff describes the first quantum mechanical model of a computer.
    3. 1994: Peter Shor publishes Shor's algorithm.
    1. 1998: A working 2-qubit NMR quantum computer is used to solve Deutsch's problem by Jonathan A. Jones and Michele Mosca at Oxford University.
    2. 2003: DARPA Quantum Network becomes fully operational.
    3. 2011: D-Wave claims to have developed the first commercially available quantum computer, D-Wave One.
    4. 2018: the National Quantum Initiative Act was signed into law by President Donald Trump.
    1. 2019: A paper by Google's quantum computer research team was briefly available, claiming the project has reached quantum supremacy.
    2. 2020: Chinese researchers claim to have achieved quantum supremacy, using a photonic peak 76-qubit system known as Jiuzhang.
    3. 2021: Chinese researchers reported that they have built the world's largest integrated quantum communication network.
    4. 2022: The Quantinuum System Model H1-2 doubled its performance claiming to be the first commercial quantum computer to pass quantum volume 4096.

    Info-Tech Insight

    The advent of QC will significantly change our perception of computing and have a crucial impact on the way we protect our digital economy using encryption. The technology's applicability is no longer a theory but a reality to be understood, strategized about, and planned for.

    Fundamental physical principles and business use cases

    Unlike conventional computers that rely on bits, quantum computers use quantum bits or qubits. QC technology surpasses the limitations of current processing powers. By leveraging the properties of superposition, interference, and entanglement, quantum computers have the capacity to simultaneously process millions of operations, thereby surpassing the capabilities of today's most advanced supercomputers.

    A 2021 Hyperion Research survey of over 400 key decision makers in North America, Europe, South Korea, and Japan showed nearly 70% of companies have some form of in-house QC program.

    Three fundamental QC physical principles

    1. Superposition
    2. Interference
    3. Entanglement

    This is an image of two headings, Optimization; and Simulation. there are five points under each heading, with an arrow above pointing left to right, labeled Qbit Count.

    Info-Tech Insight

    Organizations need to reap the substantial benefits of QC's power, while simultaneously shielding against the same technologies when used by cyber adversaries.

    Percentage of Surveyed Companies That Have QC Programs

    • 31% Have some form of in-house QC program
    • 69% Have no QC program

    Early adopters and business value

    QC early adopters see the promise of QC for a wide range of computational workloads, including machine learning applications, finance-oriented optimization, and logistics/supply chain management.

    This is an image of the Early Adopters, and the business value drivers.

    Info-Tech Insight

    Experienced attackers are likely to be the early adopters of quantum-enabled cryptographic solutions, harnessing the power of QC to exploit vulnerabilities in today's encryption methods. The risks are particularly high for industries that rely on critical infrastructure.

    The need of quantum-safe solution is immediate

    Critical components of classical cryptography will be at risk, potentially leading to the exposure of confidential and sensitive information to the general public. Business, technology, and security leaders are confronted with an immediate imperative to formulate a quantum-safe strategy and establish a roadmap without delay.

    Case Study – Google, 2019

    In 2019, Google claimed that "Our Sycamore processor takes about 200 seconds to sample one instance of a quantum circuit a million times—our benchmarks currently indicate that the equivalent task for a state-of-the-art classical supercomputer would take approximately 10,000 years."
    Source: Nature, 2019

    Why You Should Start Preparation Now

    • The complexity with integrating QC technology into existing IT infrastructure.
    • The effort to upgrade to quantum-resilient cryptography will be significant.
    • The amount of time remaining will decrease every day.

    Case Study – Development in China, 2020

    On December 3, 2020, a team of Chinese researchers claim to have achieved quantum supremacy, using a photonic peak 76-qubit system (43 average) known as Jiuzhang, which performed calculations at 100 trillion times the speed of classical supercomputers.
    Source: science.org, 2020

    Info-Tech Insight

    The emergence of QC brings forth cybersecurity threats. It is an opportunity to regroup, reassess, and revamp our approaches to cybersecurity.

    Security threats posed by QC

    Quantum computers have reached a level of advancement where even highly intricate calculations, such as factoring large numbers into their primes, which serve as the foundation for RSA encryption and other algorithms, can be solved within minutes.

    Threat to data confidentiality

    QC could lead to unauthorized decryption of confidential data in the future. Data confidentiality breaches also impact improperly disposed encrypted storage media.

    Threat to authentication protocols and digital governance

    A recovered private key, which is derived from a public key, can be used through remote control to fraudulently authenticate a critical system.

    Threat to data integrity

    Cybercriminals can use QC technology to recover private keys and manipulate digital documents and their digital signatures.

    Example:

    Consider RSA-2048, a widely used public-key cryptosystem that facilitates secure data transmission. In a 2021 survey, a majority of leading authorities believed that RSA-2048 could be cracked by quantum computers within a mere 24 hours.
    Source: Quantum-Readiness Working Group, 2022

    Info-Tech Insight

    The development of quantum-safe cryptography capabilities is of utmost importance in ensuring the security and integrity of critical applications' data.

    US Quantum Computing Cybersecurity Preparedness Act

    The US Congress considers cryptography essential for the national security of the US and the functioning of the US economy. The Quantum Computing Cybersecurity Preparedness Act was introduced on April 18, 2022, and became a public law (No: 117-260) on December 21, 2022.

    Purpose

    The purpose of this Act is to encourage the migration of Federal Government information technology systems to quantum-resistant cryptography, and for other purposes.

    Scope and Exemption

    • Scope: Systems of government agencies.
    • Exemption: This Act shall not apply to any national security system.

    Main Obligations

    Responsibilities

    Requirements
    Inventory Establishment Not later than 180 days after the date of enactment of this Act, the Director of OMB, shall issue guidance on the migration of information technology to post-quantum cryptography.
    Agency Reports "Not later than 1 year after the date of enactment of this Act, and on an ongoing basis thereafter, the head of each agency shall provide to the Director of OMB, the Director of CISA, and the National Cyber Director— (1) the inventory described in subsection (a)(1); and (2) any other information required to be reported under subsection (a)(1)(C)."
    Migration and Assessment "Not later than 1 year after the date on which the Director of NIST has issued post-quantum cryptography standards, the Director of OMB shall issue guidance requiring each agency to— (1) prioritize information technology described under subsection (a)(2)(A) for migration to post-quantum cryptography; and (2) develop a plan to migrate information technology of the agency to post-quantum cryptography consistent with the prioritization under paragraph (1)."

    "It is the sense of Congress that (1) a strategy for the migration of information technology of the Federal Government to post-quantum cryptography is needed; and (2) the government wide and industry-wide approach to post- quantum cryptography should prioritize developing applications, hardware intellectual property, and software that can be easily updated to support cryptographic agility." – Quantum Computing Cybersecurity Preparedness Act

    The development of post-quantum encryption

    Since 2016, the National Institute of Standards and Technology (NIST) has been actively engaged in the development of post-quantum encryption standards. The objective is to identify and establish standardized cryptographic algorithms that can withstand attacks from quantum computers.

    NIST QC Initiative Key Milestones

    Date Development
    Dec. 20, 2016 Round 1 call for proposals: Announcing request for nominations for public-key post-quantum cryptographic algorithms
    Nov. 30, 2017 Deadline for submissions – 82 submissions received
    Dec. 21, 2017 Round 1 algorithms announced (69 submissions accepted as "complete and proper")
    Jan. 30, 2019 Second round candidates announced (26 algorithms)

    July 22, 2020

    Third round candidates announced (7 finalists and 8 alternates)

    July 5, 2022

    Announcement of candidates to be standardized and fourth round candidates
    2022/2024 (Plan) Draft standards available

    Four Selected Candidates to be Standardized

    CRYSTALS – Kyber

    CRYSTALS – Dilithium

    FALCON

    SPHINCS+

    NIST recommends two primary algorithms to be implemented for most use cases: CRYSTALS-KYBER (key-establishment) and CRYSTALS-Dilithium (digital signatures). In addition, the signature schemes FALCON and SPHINCS+ will also be standardized.

    Info-Tech Insight

    There is no need to wait for formal NIST PQC standards selection to begin your post-quantum mitigation project. It is advisable to undertake the necessary steps and allocate resources in phases that can be accomplished prior to the finalization of the standards.

    Prepare for post-quantum cryptography

    The advent of QC is closer than you think: some nations have demonstrated capability with the potential to break current asymmetric-key encryption. Traditional encryption methods will no longer be sufficient as a means of protection. You need to act now to begin your transformation to quantum-resistant encryption.

    This is an infographic showing the three steps: Threat is Imminent; Risks are Profound; and Take Acton Now.

    Insight summary

    Overarching Insight

    The advent of QC is closer than you think as some nations have demonstrated capability with the potential to break current asymmetric-key encryption. Traditional encryption methods will no longer be sufficient as a means of protection. You need to act now to begin your transformation to quantum-resistant encryption.

    Business Impact Is High

    The advent of QC will significantly change our perception of computing and have a crucial impact on the way we protect our digital economy using encryption. The technology's applicability is no longer a theory but a reality to be understood, strategized about, and planned for.

    It's a Collaborative Effort

    Embedding quantum resistance into systems during the process of modernization requires collaboration beyond the scope of a Chief Information Security Officer (CISO) alone. It is a strategic endeavor shaped by leaders throughout the organization, as well as external partners. This comprehensive approach involves the collective input and collaboration of stakeholders from various areas of expertise within and outside the organization.

    Leverage Industry Standards

    There is no need to wait for formal NIST PQC standards selection to begin your post-quantum mitigation project. It is advisable to undertake the necessary steps and allocate resources in phases that can be accomplished prior to the finalization of the standards.

    Take a Holistic Approach

    The advent of QC poses threats to cybersecurity. It's a time to regroup, reassess, and revamp.

    Blueprint benefits

    IT Benefits

    Business Benefits

    • This blueprint will help organizations to discover and then prioritize the systems to be upgraded to post-quantum cryptography.
    • This blueprint will enable organizations to integrate quantum-resistant cryptography into existing IT infrastructure.
    • Developing quantum-resistant cryptography capabilities is crucial to maintaining data security and integrity for critical applications.
    • This blueprint will help organizations to save effort and time needed upgrade to quantum-resilient cryptography.
    • Organizations will reap the substantial benefits of QC's power, while simultaneously shielding against the same technologies when used by cyber adversaries.
    • Avoid reputation and brand image by preventing data breach and leakage.
    • This blueprint will empower organizations to protect corporate data assets in the post-quantum era.
    • Be compliant with various security and privacy laws and regulations.

    Info-Tech Project Value

    Time, value, and resources saved to obtain buy-in from senior leadership team using our research material:

    1 FTEs*10 days*$100,000/year = $6,000

    Time, value, and resources saved to implement quantum-resistant cryptography using our research guidance:

    2 FTEs* 30 days*$100,000/year = $24,000

    Estimated cost and time savings from this blueprint:

    $6,000 + $24,000 =$30,000

    Get prepared for a post-quantum world

    The advent of sufficiently powerful quantum computers poses a risk of compromising or weakening traditional forms of asymmetric and symmetric cryptography. To safeguard data security and integrity for critical applications, it is imperative to undertake substantial efforts in migrating an organization's cryptographic systems to post-quantum encryption. The development of quantum-safe cryptography capabilities is crucial in this regard.

    Phase 1 - Prepare

    • Obtain buy-in from leadership team.
    • Educate your workforce about the upcoming transition.
    • Create defined projects to reduce risks and improve crypto-agility.

    Phase 2 - Discover

    • Determine the extent of your exposed data, systems, and applications.
    • Establish an inventory of classical cryptographic use cases.

    Phase 3 - Assess

    • Assess the security and data protection risks posed by QC.
    • Assess the readiness of transforming existing classical cryptography to quantum-resilience solutions.

    Phase 4 - Prioritize

    • Prioritize transformation plan based on criteria such as business impact, near-term technical feasibility, and effort, etc.
    • Establish a roadmap.

    Phase 5 - Mitigate

    • Implement post-quantum mitigations.
    • Decommissioning old technology that will become unsupported upon publication of the new standard.
    • Validating and testing products that incorporate the new standard.

    Phase 1 – Prepare: Protect data assets in the post-quantum era

    The rise of sufficiently powerful quantum computers has the potential to compromise or weaken conventional asymmetric and symmetric cryptography methods. In anticipation of a quantum-safe future, it is essential to prioritize crypto-agility. Consequently, organizations should undertake specific tasks both presently and in the future to adequately prepare for forthcoming quantum threats and the accompanying transformations.

    Quantum-resistance preparations must address two different needs:

    Reinforce digital transformation initiatives

    To thrive in the digital landscape, organizations must strengthen their digital transformation initiatives by embracing emerging technologies and novel business practices. The transition to quantum-safe encryption presents a unique opportunity for transformation, allowing the integration of these capabilities to evolve business transactions and relationships in innovative ways.

    Protect data assets in the post-quantum era

    Organizations should prioritize supporting remediation efforts aimed at ensuring the quantum safety of existing data assets and services. The implementation of crypto-agility enables organizations to respond promptly to cryptographic vulnerabilities and adapt to future changes in cryptographic standards. This proactive approach is crucial, as the need for quantum-safe measures existed even before the complexities posed by QC emerged.

    Preparation for the post-quantum world has been recommended by the US government and other national bodies since 2016.

    In 2016, NIST, the National Security Agency (NSA), and Central Security Service stated in their Commercial National Security Algorithm Suite and QC FAQ: "NSA believes the time is now right [to start preparing for the post-quantum world] — consistent with advances in quantum computing."
    Source: Cloud Security Alliance, 2021

    Phase 1 – Prepare: Key tasks

    Preparing for quantum-resistant cryptography goes beyond simply acquiring knowledge and conducting experiments in QC. It is vital for senior management to receive comprehensive guidance on the challenges, risks, and potential mitigations associated with the post-quantum landscape. Quantum and post-quantum education should be tailored to individuals based on their specific roles and the impact of post-quantum mitigations on their responsibilities. This customized approach ensures that individuals are equipped with the necessary knowledge and skills relevant to their respective roles.

    Leadership Buy-In

    • Get senior management commitment to post-quantum project.
    • Determine the extent of exposed data, systems, and applications.
    • Identify near-term, achievable cryptographic maturity goals, creating defined projects to reduce risks and improve crypto-agility.

    Roles and Responsibilities

    • The ownership should be clearly defined regarding the quantum-resistant cryptography program.
    • This should be a cross-functional team within which members represent various business units.

    Awareness and Education

    • Senior management needs to understand the strategic threat to the organization and needs to adequately address the cybersecurity risk in a timely fashion.
    • Educate your workforce about the upcoming transition. All training and education should seek to achieve awareness of the following items with the appropriate stakeholders.

    Info-Tech Insight

    Embedding quantum resistance into systems during the process of modernization requires collaboration beyond the scope of a CISO alone. It is a strategic endeavor shaped by leaders throughout the organization, as well as external partners. This comprehensive approach involves the collective input and collaboration of stakeholders from various areas of expertise within and outside the organization.

    Phase 2 – Discover: Establish a data protection inventory

    During the discovery phase, it is crucial to locate and identify any critical data and devices that may require post-quantum protection. This step enables organizations to understand the algorithms in use and their specific locations. By conducting this thorough assessment, organizations gain valuable insights into their existing infrastructure and cryptographic systems, facilitating the implementation of appropriate post-quantum security measures.

    Inventory Core Components

    1. Description of devices and/or data
    2. Location of all sensitive data and devices
    3. Criticality of the data
    4. How long the data or devices need to be protected
    5. Effective cryptography in use and cryptographic type
    6. Data protection systems currently in place
    7. Current key size and maximum key size
    8. Vendor support timeline
    9. Post-quantum protection readiness

    Key Things to Consider

    • The accuracy and thoroughness of the discovery phase are critical factors that contribute to the success of a post-quantum project.
    • It is advisable to conduct this discovery phase comprehensively across all aspects, not solely limited to public-key algorithms.
    • Performing a data protection inventory can be a time-consuming and challenging phase of the project. Breaking it down into smaller subtasks can help facilitate the process.
    • Identifying all information can be particularly challenging since data is typically scattered throughout an organization. One approach to begin this identification process is by determining the inputs and outputs of data for each department and team within the organization.
    • To ensure accountability and effectiveness, it is recommended to assign a designated individual as the ultimate owner of the data protection inventory task. This person should have the necessary responsibilities and authority to successfully accomplish the task.

    Phase 3 – Assess: The workflow

    Quantum risk assessment entails evaluating the potential consequences of QC on existing security measures and devising strategies to mitigate these risks. This process involves analyzing the susceptibility of current systems to attacks by quantum computers and identifying robust security measures that can withstand QC threats.

    Risk Assessment Workflow

    This is an image of the Risk Assessment Workflow

    By identifying the security gaps that will arise with the advent of QC, organizations can gain insight into the substantial vulnerabilities that core business operations will face when QC becomes a prevalent reality. This proactive understanding enables organizations to prepare and implement appropriate measures to address these vulnerabilities in a timely manner.

    Phase 4 – Prioritize: Balance business value, security risks, and effort

    Organizations need to prioritize the mitigation initiatives based on various factors such as business value, level of security risk, and the effort needed to implement the mitigation controls. In the diagram below, the size of the circle reflects the degree of effort. The bigger the size, the more effort is needed.

    This is an image of a chart where the X axis represents Security Risk level, and the Y axis is Business Value.

    QC Adopters Anticipated Annual Budgets

    This is an image of a bar graph showing the Anticipated Annual Budgets for QC Adopters.
    Source: Hyperion Research, 2022

    Hyperion's survey found that the range of expected budget varies widely.

    • The most selected option, albeit by only 38% of respondents, was US$5 million to US$15 million.
    • About one-third of respondents foresaw annual budgets that exceeded US$15 million, and one-fifth expected budgets to exceed US$25 million.

    Build your risk mitigation roadmap

    2 hours

    1. Review the quantum-resistance initiatives generated in Phase 3 – Assessment.
    2. With input from all stakeholders, prioritize the initiatives based on business value, security risks, and effort using the 2x2 grid.
    3. Review the position of all initiatives and adjust accordingly considering other factors such as dependency, etc.
    4. Place prioritized initiatives to a wave chart.
    5. Assign ownership and target timeline for each initiative.

    This is an image the Security Risk Vs. Business value graph, above an image showing Initiatives Numbered 1-7, divided into Wave 1; Wave 2; and Wave 3.

    Input

    • Data protection inventory created in phase 2
    • Risk assessment produced in phase 3
    • Business unit leaders' and champions' understanding (high-level) of challenges posed by QC

    Output

    • Prioritization of quantum-resistance initiatives

    Materials

    • Whiteboard/flip charts
    • Sticky notes
    • Pen/whiteboard markers

    Participants

    • Quantum-resistance program owner
    • Senior leadership team
    • Business unit heads
    • Chief security officer
    • Chief privacy officer
    • Chief information officer
    • Representatives from legal, risk, and governance

    Phase 5 – Mitigate: Implement quantum-resistant encryption solutions

    To safeguard against cybersecurity risks and threats posed by powerful quantum computers, organizations need to adopt a robust defense-in-depth approach. This entails implementing a combination of well-defined policies, effective technical defenses, and comprehensive education initiatives. Organizations may need to consider implementing new cryptographic algorithms or upgrading existing protocols to incorporate post-quantum encryption methods. The selection and deployment of these measures should be cost-justified and tailored to meet the specific needs and risk profiles of each organization.

    Governance

    Implement solid governance mechanisms to promote visibility and to help ensure consistency

    • Update policies and documents
    • Update existing acceptable cryptography standards
    • Update security and privacy audit programs

    Industry Standards

    • Stay up to date with newly approved standards
    • Leverage industry standards (i.e. NIST's post-quantum cryptography) and test the new quantum-safe cryptographic algorithms

    Technical Mitigations

    Each type of quantum threat can be mitigated using one or more known defenses.

    • Physical isolation
    • Replacing quantum-susceptible cryptography with quantum-resistant cryptography
    • Using QKD
    • Using quantum random number generators
    • Increasing symmetric key sizes
    • Using hybrid solutions
    • Using quantum-enabled defenses

    Vendor Management

    • Work with key vendors on a common approach to quantum-safe governance
    • Assess vendors for possible inclusion in your organization's roadmap
    • Create acquisition policies regarding quantum-safe cryptography

    Research Contributors and Experts

    This is a picture of Adib Ghubril

    Adib Ghubril
    Executive Advisor, Executive Services
    Info-Tech Research Group

    This is a picture of Erik Avakian

    Erik Avakian
    Technical Counselor
    Info-Tech Research Group

    This is a picture of Alaisdar Graham

    Alaisdar Graham
    Executive Counselor
    Info-Tech Research Group

    This is a picture of Carlos Rivera

    Carlos Rivera
    Principal Research Advisor
    Info-Tech Research Group

    This is a picture of Hendra Hendrawan

    Hendra Hendrawan
    Technical Counselor
    Info-Tech Research Group

    This is a picture of Fritz Jean-Louis

    Fritz Jean-Louis
    Principal Cybersecurity Advisor
    Info-Tech Research Group

    Bibliography

    117th Congress (2021-2022). H.R.7535 - Quantum Computing Cybersecurity Preparedness Act. congress.gov, 21 Dec 2022.
    Arute, Frank, et al. Quantum supremacy using a programmable superconducting processor. Nature, 23 Oct 2019.
    Bernhardt, Chris. Quantum Computing for Everyone. The MIT Press, 2019.
    Bob Sorensen. Quantum Computing Early Adopters: Strong Prospects For Future QC Use Case Impact. Hyperion Research, Nov 2022.
    Candelon, François, et al. The U.S., China, and Europe are ramping up a quantum computing arms race. Here's what they'll need to do to win. Fortune, 2 Sept 2022.
    Curioni, Alessandro. How quantum-safe cryptography will ensure a secure computing future. World Economic Forum, 6 July 2022.
    Davis, Mel. Toxic Substance Exposure Requires Record Retention for 30 Years. Alert presented by CalChamber, 18 Feb 2022.
    Eddins, Andrew, et al. Doubling the size of quantum simulators by entanglement forging. arXiv, 22 April 2021.
    Gambetta, Jay. Expanding the IBM Quantum roadmap to anticipate the future of quantum-centric supercomputing. IBM Research Blog, 10 May 2022.
    Golden, Deborah, et al. Solutions for navigating uncertainty and achieving resilience in the quantum era. Deloitte, 2023.
    Grimes, Roger, et al. Practical Preparations for the Post-Quantum World. Cloud Security Alliance, 19 Oct 2021.
    Harishankar, Ray, et al. Security in the quantum computing era. IBM Institute for Business Value, 2023.
    Hayat, Zia. Digital trust: How to unleash the trillion-dollar opportunity for our global economy. World Economic Forum, 17 Aug 2022.
    Mateen, Abdul. What is post-quantum cryptography? Educative, 2023.
    Moody, Dustin. Let's Get Ready to Rumble—The NIST PQC 'Competition.' NIST, 11 Oct 2022.
    Mosca, Michele, Dr. and Dr. Marco Piani. 2021 Quantum Threat Timeline Report. Global Risk Institute, 24 Jan 2022.
    Muppidi, Sridhar and Walid Rjaibi. Transitioning to Quantum-Safe Encryption. Security Intelligence, 8 Dec 2022.
    Payraudeau, Jean-Stéphane, et al. Digital acceleration: Top technologies driving growth in a time of crisis. IBM Institute for Business Value, Nov 2020.
    Quantum-Readiness Working Group (QRWG). Canadian National Quantum-Readiness- Best Practices and Guidelines. Canadian Forum for Digital Infrastructure Resilience (CFDIR), 17 June 2022.
    Rotman, David. We're not prepared for the end of Moore's Law. MIT Technology Review, 24 Feb 2020.
    Saidi, Susan. Calculating a computing revolution. Roland Berger, 2018.
    Shorter., Ted. Why Companies Must Act Now To Prepare For Post-Quantum Cryptography. Forbes.com, 11 Feb 2022.
    Sieger, Lucy, et al. The Quantum Decade, Third edition. IBM, 2022.
    Sorensen, Bob. Broad Interest in Quantum Computing as a Driver of Commercial Success. Hyperion Research, 17 Nov 2021.
    Wise, Jason. How Much Data is Created Every Day in 2022? Earthweb, 22 Sept 2022.
    Wright, Lawrence. The Plague Year. The New Yorker, 28 Dec 2020.
    Yan, Bao, et al. Factoring integers with sublinear resources on a superconducting quantum processor. arXiv, 23 Dec 2022.
    Zhong, Han-Sen, et al. Quantum computational advantage using photons. science.org, 3 Dec 2020.

    Right-Size the Service Desk for Small Enterprise

    • Buy Link or Shortcode: {j2store}487|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Service Desk
    • Parent Category Link: /service-desk

    The service desk is a major function within IT. Small enterprises with constrained resources need to look at designing a service desk that enables consistency in supporting the business and finds the right balance of documentation.

    Determining the right level of documentation to provide backup and getting the right level of data for good reporting may seem like a waste of time when the team is small, but this is key to knowing when to invest in more people, upgraded technology, and whether your efforts to improve service are successful.

    Our Advice

    Critical Insight

    It’s easy to lose sight of the client experience when working as a small team supporting a variety of end users. Changing from a help desk to a service desk requires a focus on what it means to be a customer centric service desk and a change to the way the technicians think about providing support.

    • Make the best use of the team. Clearly define roles and responsibilities and monitor those wearing multiple hats to make sure they don’t burn out.
    • Build cross training and documentation into your culture to preserve service levels while giving team members time off to recharge.
    • Don’t discount the benefit of good tools. As volume increases, so does the likelihood of issues and requests getting missed. Look for tools that will help to keep a customer focus.

    Impact and Result

    • Improved workload distribution for technicians and enable prioritization based on work type, urgency, and impact.
    • Improved communications methods and messaging will help the technicians to set expectations appropriately and reduce friction between each other and their supported end users.
    • Best practices and use of industry standard tools will reduce administrative overhead while improving workload management.

    Right-Size the Service Desk for Small Enterprise Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Right-Size the Service Desk for Small Enterprise Storyboard – A step-by-step guide to help you identify and prioritize initiatives to become more customer centric.

    This blueprint provides a framework to quickly identify a plan for service desk improvements. It also provides references to build out additional skills and functionality as a continual improvement initiative.

    • Right-Size the Service Desk for Small Enterprise Storyboard

    2. Maturity Assessment – An assessment to determine baseline maturity.

    The maturity assessment will provide a baseline and identify areas of focus based on level of current and target maturity.

    • IT Service Desk Maturity Assessment for Small Enterprise

    3. Standard Operating Procedure – A template to build out a clear, concise SOP right-sized for a small enterprise.

    The SOP provides an excellent guide to quickly inform new team members or contractors of your support approach.

    • Incident Management and Service Desk SOP for Small Enterprise

    4. Categorization Scheme – A template to build out an effective categorization scheme.

    The categorization scheme template provides examples of asset-based categories, resolution codes and status.

    • Service Desk Asset-Based Categories Template

    5. Improvement Plan – A template to present the improvement plan to stakeholders.

    This template provides a starting point for building your communications on planned improvements.

    • Service Desk Improvement Initiative
    [infographic]

    Further reading

    Right-Size the Service Desk for Small Enterprise

    Turn your help desk into a customer-centric service desk.

    Analyst Perspective

    Small enterprises have many of the same issues as large ones, but with far fewer resources. Focus on the most important aspects to improve customer service.

    The service desk is a major function within IT. Small enterprises with constrained resources need to look at designing a service desk that enables consistency in supporting the business and finds the right balance of documentation.

    Evaluate documentation to ensure there is always redundancy built in to cover absences. Determining coverage will be an important factor, especially if vendors will be brought into the organization to assist during shortages. They will not have the same level of knowledge as teammates and may have different requirements for documentation.

    It is important to be customer centric, thinking about how services are delivered and communicated with a focus on providing self-serve at the appropriate level for your users and determining what information the business needs for expectation-setting and service level agreements, as well as communications on incidents and changes.

    And finally, don’t discount the value of good reporting. There are many reasons to document issues besides just knowing the volume of workload and may become more important as the organization evolves or grows. Stakeholder reporting, regulatory reporting, trend spotting, and staff increases are all good reasons to ensure minimum documentation standards are defined and in use.

    Photo of Sandi Conrad, Principal Research Director, Info-Tech Research Group. Sandi Conrad
    Principal Research Director
    Info-Tech Research Group

    Table of Contents

    Title Page Title Page
    Blueprint benefits 6 Incident management 25
    Start / Stop / Continue exercise 10 Prioritization scheme 27
    Complete a maturity assessment 11 Define SLAs 29
    Select an ITSM tool 13 Communications 30
    Define roles & responsibilities 15 Reporting 32
    Queue management 17 What can you do to improve? 33
    Ticket handling best practices 18 Staffing 34
    Customer satisfaction surveys 19 Knowledge base & self-serve 35
    Categorization 20 Customer service 36
    Separate ticket types 22 Ticket analysis 37
    Service requests 23 Problem management 38
    Roadmap 39

    Insight summary

    Help desk to service desk

    It’s easy to lose sight of the client experience when working as a small team supporting a variety of end users. Changing from a help desk to a service desk requires a focus on what it means to be a customer-centric service desk and a change to the way the technicians think about providing support.

    Make the best use of the team

    • Clearly define primary roles and responsibilities, and identify when and where escalations should occur.
    • Divide the work in a way that makes the most sense based on intake patterns and categories of incidents or service requests.
    • Recognize who is wearing multiple hats, and monitor to make sure they don’t burn out or struggle to keep up.
    • Determine the most appropriate areas to outsource based on work type and skills required.

    Build cross-training into your culture

    • Primary role holders need time off and need to know the day-to-day work won’t be waiting for them when they come back.
    • The knowledge base is your first line of defense to make sure incidents don’t have to wait for resolution and to avoid having technicians remote in on their day off.
    • When volumes spike for incidents and service requests, everyone needs to be prepared to pitch in. Train the team to recognize and step up to the call to action.

    Don’t discount the benefit of good tools

    • When volume increases, so does the likelihood of missing issues and requests.
    • Designate a single solution to manage the workload, so there is one place to go for work orders, incident reporting, asset data, and more.
    • Set up self-serve for users so they have access to how-to articles and can check the status of tickets themselves.
    • Create a service catalog to make it easy for them to request the most frequent items easily.

    Blueprint deliverables

    Each step of this blueprint is accompanied by supporting deliverables to help you accomplish your goals:

    Standard Operating Procedures

    Sample of the Standard Operating Procedures deliverable.

    Maturity Assessment

    Sample of the Maturity Assessment deliverable.

    Categorization scheme

    Sample of the Categorization scheme deliverable.

    Improvement Initiative

    Sample of the Improvement Initiative deliverable.
    Create a standard operating procedure to ensure the support team has a consistent understanding of how they need to engage with the business.

    Blueprint benefits

    IT benefits

    • Improve workload distribution for technicians and enable prioritization based on work type, urgency, and impact.
    • Improved communications methods and messaging will help the technicians set expectations appropriately and reduce friction between each other and their supported end users.
    • Best practices and use of industry-standard tools will reduce administrative overhead while improving workload management.

    Business benefits

    • IT taking a customer-centric approach will improve access to support and reduce interruptions to the way they do business.
    • Expectation setting and improved communications will allow the business to better plan their work around new requests and will have a better understanding of service level agreements.

    Guided Implementation

    A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization.

    A typical GI is six to ten calls over the course of three to four months.

    The current state discussion will determine the path.

    What does a typical GI on this topic look like?

    Current State & Vision

    Best Practices

    Service Requests & Incidents

    Communications

    Next Steps & Roadmap

    Call #1: Discuss current state & create a vision

    Call #2: Document roles & responsibilities

    Call #3:Review and define best practices for ticket handling Call #4: Review categorization

    Call #5: Discuss service requests & self-serve

    Call #6: Assess incident management processes
    Call #7: Assess and document reporting and metrics

    Call #8: Discuss communications methods

    Call #9: Review next steps

    Call #10: Build roadmap for updates

    For a workshop on this topic, see the blueprint Standardize the Service Desk

    Executive Brief Case Study

    Southwest CARE Center
    Logo for Southwest Care.
    INDUSTRY
    Healthcare

    Service Desk Project

    After relying on a managed service provider (MSP) for a number of years, the business hired Kevin to repatriate IT. As part of that mandate, his first strategic initiative was to build a service desk. SCC engaged Info-Tech Research Group to select and build a structure; assign roles and responsibilities; implement incident management, request fulfilment, and knowledge management processes; and integrate a recently purchased ITSM tool.

    Over the course of a four-day onsite engagement, SCC’s IT team worked with two Info-Tech analysts to create and document workflows, establish ticket handling guidelines, and review their technological requirements.

    Results

    The team developed a service desk standard operating procedure and an implementation roadmap with clear service level agreements.

    Southwest CARE Center (SCC) is a leading specialty healthcare provider in New Mexico. They offer a variety of high-quality services with a focus on compassionate, patient-centered healthcare.

    “Info-Tech helped me to successfully rebrand from an MSP help desk to an IT service desk. Sandi and Michel provided me with a customized service desk framework and SOP that quickly built trust within the organization. By not having to tweak and recalibrate my service desk processes through trial and error, I was able to save a year’s worth of work, resulting in cost savings of $30,000 to $40,000.” (Kevin Vigil, Director of Information Technology, Southwest CARE Center)

    The service desk is the cornerstone for customer satisfaction

    Bar charts comparing 'Dissatisfied' vs 'Satisfied End Users' in both 'Service Desk Effectiveness' and 'Timeliness'.
    N=63, small enterprise organizations from the End-User Satisfaction Diagnostic, at December 2021
    Dissatisfied was classified as those organizations with an average score less than 7.
    Satisfied was classified as those organizations with an average score greater or equal to 8.
    • End users who were satisfied with service desk effectiveness rated all other IT processes 36% higher than dissatisfied end users.
    • End users who were satisfied with service desk timeliness rated all other IT processes 34% higher than dissatisfied end-users.

    Improve the service desk with a Start, Stop, Continue assessment

    Use this exercise as an opportunity to discuss what’s working and what isn’t with your current help desk. Use this to define your goals for the improvement project, with a plan to return to the results and rerun the exercise on a regular basis.

    STOP

    • What service desk processes are counterproductive?
    • What service blockers exist that consistently undermine good results?
    • Are end-user relationships with individual team members negatively impacting satisfaction?
    • Make notes on initial ideas for improvement.

    START

    • What service process improvements could be implemented immediately?
    • What technical qualifications do individual staff members need to improve?
    • What opportunities exist to improve service desk communications with end users?
    • How can escalation and triage be more efficient?

    CONTINUE

    • What aspects of your current service desk are positive?
    • What processes are efficient and can be emulated elsewhere?
    • Where can you identify high levels of end-user satisfaction?

    Complete a maturity assessment to create a baseline and areas of focus

    The Service Desk Maturity Assessment tool helps organizations assess their service desk process maturity and focus the project on the activities that matter most.

    The tool will help guide improvement efforts and measure your progress.

    • The second tab of the tool walks through a qualitative assessment of your service desk practices. Questions will prompt you to evaluate how you are executing key activities. Select the answer in the drop-down menus that most closely aligns with your current state.
    • The third tab displays your rate of process completeness and maturity. You will receive a score for each phase, an overall score, and advice based on your performance.
    • Document the results of the efficiency assessment in the Service Desk Improvement Initiative.
    • The tool is intended for periodic use. Review your answers each year and devise initiatives to improve the process performance where you need it most.
    Sample of the Service Desk Maturity Assessment.

    Define your vision for the support structure

    Use this vision for communicating with the business and your IT team

    Consider service improvements and how those changes can be perceived by the organization. For example, offering multiple platforms, such as adding Macs to end-user devices, could translate to “Providing the right IT solutions for the way our employees want to work.”

    To support new platforms, you might need to look at the following steps to get there:
    • Evaluate skills needed – can you upskill generalists quickly, or will specialists be required? Determine training needs for support staff on new platforms.
    • Estimate uptake of the new platform and adjusting budgets – will these mostly be role-based decisions?
    • Determine what applications will work on the new platform and which will have a parity offering, which will require a solution like Parallels or VirtualBox, and which might need substitute applications.
    • What utilities will be needed to secure your solutions such as for encryption, antivirus, and firewalls?
    • What changes in the way you deploy and patch machines?
    • What level of support do you need to provide – just platform, or applications as well? What self-serve training can be made available?
    If you need to change the way you deploy equipment, you may want to review the blueprint Simplify Remote Deployment With Zero-Touch Provisioning

    Info-Tech Insight

    Identify some high-level opportunities and plan out how these changes will impact the way you provide support today. Document steps you’ll need to follow to make it happen. This may include new offerings and product sourcing, training, and research.

    Facilitate service desk operations with an ITSM tool

    You don’t need to spend a fortune. Many solutions are free or low-cost for a small number of users, and you don’t necessarily have to give up functionality to save money.

    Encourage users to submit requests through email or self-serve to keep organized. Ensure that reporting will provide you with the basics without effort, but ensure report creation is easy enough if you need to add more.

    Consider tools that do more than just store tickets. ITSM tools for small enterprises can also assist with:
    • Equipment and software license management
    • Self-serve for password reset and improving the experience for end users to submit tickets
    • Software deployment
    • Onboarding and offboarding workflows
    • Integration with monitoring tools
    Info-Tech Insight Buying rather than building allows you the greatest flexibility and can provide enterprise-level functionality at small-enterprise pricing. Use Info-Tech’s IT Service Management Selection Guide to create a business case and list of requirements for your ITSM purchase.
    Logo for Spiceworks.
    Logo for ZenDesk. Logo for SysAid.
    Logo for ManageEngine.
    Logo for Vector Networks.
    Logo for Freshworks.
    Logo for Squadcast.
    Logo for Jira Software.
    Logos contain links

    ITSM implementations are the perfect time to fix processes

    Consider engaging a partner for the installation and setup as they will have the expertise to troubleshoot and get you to value quickly.

    Even with a partner, don’t rely on them to set up categories, prioritizations, and workflows. If you have unique requirements, you will need to bring your design work to the table to avoid getting a “standard install” that will need to be modified later.

    When we look at what makes a strong and happy product launch, it boils down to a few key elements:
    • Improving customer service, or at least avoiding a decline
    • Improving access to information for technical team and end users
    • Successfully taking advantage of workflows, templates, and other features designed to improve the technician and user experience
    • Using existing processes with the new tools, without having to completely reengineer how things are done
    For a complete installation guide, visit the blueprint Build an ITSM Implementation Plan
    To prepare for a quick time to value in setting up the new ITSM tool, prioritize in this order:
    1. Categorization and status codes
    2. Prioritization
    3. Divide tickets into incidents and service requests
    4. Create workflows for onboarding and offboarding (automate where you can)
    5. Track escalations to vendors
    6. Reporting
    7. Self-serve
    8. Equipment inventory (leading to hardware asset management)

    Define roles looking to balance between customer service and getting things done

    The team will need to provide backfill for each other with high volume, vacations, and leave, but also need to proactively manage interruptions appropriately as they work on projects.
    Icon of a bullseye. First contact – customer service, general knowledge
    Answers phones, chats, responds to email, troubleshooting, creates knowledge articles for end users.
    Icon of a pie chart. Analyst – experienced troubleshooter, general knowledge
    Answers phone when FC isn’t available, responds to email, troubleshooting, creates knowledge articles for first contact, escalates to other technicians or vendors.
    Icon of a lightbulb. Analyst – experienced troubleshooter, specialist
    Answers phones only when necessary, troubleshooting, creates knowledge articles for anyone in IT, consults with peers, escalates to vendors.
    Icon of gear on a folder. Engineer – deep expertise, specialist
    Answers phones only when necessary, troubleshooting, creates knowledge articles for anyone in IT, consults with peers, escalates to vendors.
    Icon of a handshake. Vendor, Managed Service Providers
    Escalation point per contract terms, must meet SLAs, communicate regularly with analysts and management as appropriate. Who escalates and who manages them?
    Row of colorful people.

    Note roles in the Incident Management and Service Desk – Standard Operating Procedure Template

    Keep customers happy and technicians calm by properly managing your queue

    If ticket volume is too high or too dispersed to effectively have teams self-select tickets, assign a queue manager to review tickets throughout the day to ensure they’re assigned and on the technician’s schedule. This is particularly important for technicians who don’t regularly work out of the ticketing system. Follow up on approaching or missed SLAs.

    • Separate incidents (break fix) and service requests: Prioritize incidents over service requests to focus on getting users doing business as soon as possible. Schedule service requests for slower times or assign to technicians who are not working the front lines.
    • First in/first out…mostly: We typically look to prioritize incidents over service requests and only prioritize incidents if there are multiple people or VIPs affected. Where everything is equal, deal with the oldest first. Pause occasionally to deal with quick wins such as password resets.
    • Update ticket status and notes: Knowing what tickets are in progress and which ones are waiting on information or parts is important for anyone looking to pick up the next ticket. Make sure everyone is aware of the benefits of keeping this information up to date, so technicians know what to work on next without duplicating each other’s work.
    • Implement solutions quickly by using knowledge articles: Continue to build out the knowledge base to be able to resolve end-user issues quickly, check to see if additional information is needed before escalating tickets to other technicians.
    • Encourage end users to create tickets through the portal: Issues called in are automatically moved to the front of the queue, regardless of urgency. Make it easy for users to report issues using the portal and save the phone for urgent issues to allow appropriate prioritization of tickets.
    • Create a process to add additional resources on a regular basis to keep control of the backlog: A few extra hours once a week may be enough if the team is focused without interruptions.
    • Determine what backlog is acceptable to your users: Set that as a maximum time to resolve. Ideally, set up automated escalations for tickets that are approaching target SLAs, and build flexibility into schedules to have an “all hands on deck” option if the volume gets too high.

    Info-Tech Insight

    Make sure your queue manager has an accurate escalation list and has the authority to assign tickets and engage with the technical team to manage SLAs; otherwise, SLAs will never be consistently managed.

    Best practices for ticket handling

    Accurate data leads to good decisions. If working toward adding staff members, reducing recurring incidents, gaining access to better tools, or demonstrating value to the business, tickets will enable reporting and dashboards to manage your day-to-day business and provide reports to stakeholders.
    • Provide an easy way for end users to electronically submit tickets and encourage them to do so. This doesn’t mean you shouldn’t still accept phone calls, but that should be encouraged for time sensitive issues.
    • Create and update tickets, but not at the expense of good customer service. Agents can start the ticket but shouldn’t spend five minutes creating the ticket when they should be troubleshooting the problem.
    • Update the ticket when the issue is resolved or needs to be escalated. If agents are escalating, they should make sure all relevant information is passed along to the next technician.
    • Update user of ETA if issue cannot be resolved quickly.
    • Update categories to reflect the actual issue and resolution.
    • Reference or link to the knowledge base article as the documented steps taken to resolve the incident.
    • Validate incident is resolved with client. Automate this process with ticket closure after a certain time.
    • Close or resolve the ticket on time.
    Ticket templates (or quick tickets) for common incidents can lead to fast creation, data input, and categorizations. Templates can reduce the time it takes to create tickets from two minutes to 30 seconds.
    Sample ticket template.

    Create a right-sized self-service portal

    Review tickets and talk to the team to find out the most frequent requests and the most frequent incidents that could be solved by the end user if there were clear instructions. Check with your user community to see what they would like to see in the portal.

    A portal is only as attractive as it is useful. Enabling ticket creation and review is the bare minimum and may not entice users to the portal if email is just as easy to use for ticket creation.

    Consider opening the portal to groups other than IT. HR, finance, and others may have information they want to share or forms to fill in or download where an employee portal rather than an IT portal could be helpful. Work with other departments to see if they would find value. Make sure your solution is easy to use when adding content. Low-code options are useful for this.

    Portals could be built in the ITSM solution or SharePoint/Teams and should include:

    • Easy ways to create and see status on all tickets
    • Manuals, how-to articles, links to training
    • Answers to common questions, could be a wiki or Q&A for users to help each other as well as IT
    • Could have a chatbot to help people find documents or to create a ticket

    Info-Tech Insight

    Consider using video capture software to create short how-to videos for common questions. Vendors such as TechSmith Snagit , Vimeo Screen Recorder, Screencast-O-Matic Video Recording, and Movavi Screen Recording may be quick and easy to learn.

    49%

    49% of employees have trouble finding information at work

    35%

    Employees can cut time spent looking for information by 35% with quality intranet

    (Source: Liferay)

    Use customer satisfaction surveys to monitor service levels

    Transactional surveys are tied to specific interactions and provide a means of communication to help users communicate satisfaction or dissatisfaction with single interactions.
    • Keep it simple: One question to rate the service with opportunity to add a comment is enough to understand the sentiment and potential issues, and it will be more likely that the user will fill it out.
    • Follow up: Feedback will only be provided if customers think it’s being read and actioned. Set an alert to receive notification of any negative feedback and follow up within one or two business days to show you’re listening.

    A simple customer feedback form with smiley face scale.

    Relationship surveys can be run annually to obtain feedback on the overall customer experience.

    Inform yourself of how well you are doing or where you need improvement in the broad services provided.

    Provide a high-level perspective on the relationship between the business and IT.

    Help with strategic improvement decisions.

    Should be sent over a duration of time and to the entire customer base after they’ve had time to experience all the services provided by the service desk. This can be done on an annual basis.

    For example: Info-Tech’s End User Satisfaction Diagnostic. Included in your membership.

    Keep categorizations simple

    Asset categorization provides reports that are straightforward and useful for IT and that are typically used where the business isn’t demanding complex reports.

    Too many options can cause confusion; too few options provide little value. Try to avoid using “miscellaneous” – it’s not useful information. Test your tickets against your new scheme to make sure it works for you. Effective classification schemes are concise, easy to use correctly, and easy to maintain.

    Build out the categories with these questions:
    • What kind of asset am I working on? (type)
    • What general asset group am I working on? (category)
    • What particular asset am I working on? (sub-category)

    Create resolution codes to further modify the data for deeper reporting. This is typically a separate field, as you could use the same code for many categories. Keep it simple, but make sure it’s descriptive enough to understand the type of work happening in IT.

    Create and define simple status fields to quickly review tickets and know what needs to be actioned. Don’t stop the clock for any status changes unless you’re waiting on users. The elapsed time is important to measure from a customer satisfaction perspective.

    Info-Tech Insight

    Think about how you will use the data to determine which components need to be included in reports. If components won’t be used for reporting, routing, or warranty, reporting down to the component level adds little value.

    Example table of categorizations.


    Need to make quick progress? Use Info-Tech Research Group’s Service Desk Asset-Based Categories template.

    1.1 Build or review your categories

    1-3 hours

    Input: Existing tickets

    Output: Categorization scheme

    Materials: Whiteboard/Flip charts, Markers, Sample categorization scheme

    Participants: CIO, Service desk manager, Technicians

    Discuss:

    • How can you use categories and resolution information to enhance reporting?
    • What level of detail do you need to be able to understand the data and take action? What level of detail is too much?
    • Are current status fields allowing you to accurately assess pending work at a glance?

    Draft:

    1. Start with existing categories and review, identifying duplicates and areas of inconsistency.
    2. Write out proposed resolution codes and status fields and critically assess their value.
    3. Test categories and resolution codes against a few recent tickets.
    4. Record the ticket categorization scheme in the Incident Management and Service Desk – Standard Operating Procedure.

    Download the Incident Management and Service Desk – Standard Operating Procedure Template

    Separate tickets into service requests and incidents

    Tickets should be separated into different ticket types to be able to see briefly what needs to be prioritized. This may seem like a non-issue if you have a small team, but if you ever need to report how quickly you’re solving break-fix issues or whether you’re doing root cause analysis, this will save on future efforts. Separating ticket types may make it easier to route tickets automatically or to a new provider in the future.

    INCIDENTS

    SERVICE REQUESTS

    Icon of a bullseye.

    PRIORITIZATION

    Incidents will be prioritized based on urgency and impact to the organization. Service requests will be scheduled and only increase in prioritization if there is an issue with the request process (e.g. new hire start).
    Icon of a handshake.

    SLAs

    Did incidents get resolved according to prioritization rules? REPONSE & RESOLUTION Did service requests get completed on time? SCHEDULING & FULFILMENT
    Icon of a lightbulb.

    TRIAGE & ROOT CAUSE ANALYSIS

    Incidents will typically need triage at the service desk unless something is set up to go directly to a specialist. Service requests don’t need triage and can be routed automatically for approvals and fulfillment.

    “For me, the first key question is, is this keeping you from doing business? Is this a service request? Is it actually something that's broken? Well, okay. Now let's have the conversation about what's broken and keeping you from doing business.” (Anonymous CIO)

    Determine how service requests will be fulfilled

    Process steps for service requests: 'Request, Approve, Schedule, Fulfill, Notify requester, Close ticket'.

    • Identify standard requests, meaning any product approved for use and deployment in the organization.
    • Determine whether this should be published and how. Consider a service catalog with the ability to create tickets right from the request page. If there is an opportunity to automate fulfillment, build that into your workflow and project plans.
    • Create workflows for complicated requests such as onboarding, and build them into a template in the service desk tool. This will allow you to reduce the administrative work to deploy tasks.
    • Who will fulfill requests? There may be a need for more than one technician to be able to fulfill if volume dictates, but it’s important to determine what will be done by each level to quickly assign those tickets for scheduling. Define what will be done by each group of technicians.
    • Determine reasonable SLAs for most service requests. Identify which ones will not meet “normal” SLAs. As you build out a service catalog or automate fulfillment, SLAs can be refined.

    Info-Tech Insight

    Service requests are not as urgent as incidents and should be scheduled.

    Set the SLA based on time to fulfill, plus a buffer to schedule around more urgent service requests.

    1.2 Identify service requests and routing needs

    2-3 hours

    Input: Ticket data, Existing workflow diagrams

    Output: Workflow diagrams

    Materials: Whiteboard/Flip charts, Markers, Visio

    Participants: CIO, Service desk manager, Technicians

    Identify:

    1. Create your list of typical service requests and identify the best person to fulfill, based on complexity, documentation, specialty, access rights.
    2. Review service requests which include multiple people or departments, such as onboarding and offboarding
    3. Draw existing processes.
    4. Discuss challenges and critique existing process.
    5. Document proposed changes and steps that will need to be taken to improve the process.

    Download the Incident Management and Service Desk – Standard Operating Procedure Template

    Incident management

    Critical incidents and normal incidents

    Even with a small team, it’s important to define a priority for response and resolution time for SLA and uptime reporting and extracting insights for continual improvement efforts.

    • Mission-critical systems or problems that affect many people should always come first (i.e. Severity Level 1).
    • The bulk of reported problems, however, are often individual problems with desktop PCs (i.e. Severity Level 3 or 4).
    • Some questions to consider when deciding on problem severity include:
      • How is productivity affected?
      • How many users are affected?
      • How many systems are affected?
      • How critical are the affected systems to the organization?
    • Decide how many severity levels the organization needs the service desk to have. Four levels of severity is ideal for most organizations.
    Go to incident management for SE

    Super-specialization of knowledge is also a common factor in smaller teams and is caused by complex architectures. While helpful, if that knowledge isn’t documented, it can walk out the door with the resource and the rest of the team is left scrambling.

    Lessons learned may be gathered for critical incidents but often are not propagated, which impacts the ability to solve recurring incidents.

    Over time, repeated incidents can have a negative impact on the customer’s perception that the service desk is a credible and essential service to the business.

    Cover image for 'Incident Management for Small Enterprise'.
    Click picture for a link to the blueprint

    1.3 Activity: Identify critical systems

    1 hour

    Input: Ticket data, Business continuity plan

    Output: Service desk SOP

    Materials: Whiteboard/Flip charts, Markers

    Participants: CIO, Service desk manager, Technicians

    Discuss and document:

    1. Create a list of the most critical systems, and identify and document the escalation path.
    2. Review inventory of support documents for critical systems and identify any that require runbooks to ensure quick resolution in the event of an outage or major performance issue. Refer to the blueprint Incident Management for Small Enterprise to prioritize and document runbooks as needed.
    3. Review vendor agreements to determine if SLAs are appropriate to support needs. If there is a need for adjustments, determine options for modifying or renegotiating SLAs.

    Download the Incident Runbook Prioritization Tool

    Prioritization scheme

    Keep the priority scheme simple and meaningful, using this framework to communicate and report to stakeholders and set SLAs for response and resolution.
    1. Focus primarily on incidents. Service requests should always be medium urgency, unless there is a valid reason to move one to high level.
    2. Separate major outages from all other tickets as these are a major factor in business impact.
    3. Decide how many levels of severity are appropriate for your organization.
    4. Build a prioritization matrix, breaking down priority levels by impact and urgency.
    5. Build out the definitions of “impact” and “urgency” to complete the prioritization matrix.
    6. Run through examples of each priority level to make sure everyone is on the same page.
    A matrix of prioritization with rows as levels of 'IMPACT' and columns as levels of 'URGENCY'. Ratings range from 'Critical' at 'Extensive/Critical' to 'Low' at 'Low Impact/Low'.

    Document escalation rules and contacts

    Depending on the size of the team, escalations may be mostly to internal technical colleagues or could be primarily to vendors.

    • Ensure the list of escalation rules and contacts is accurate and available, adding expected SLAs for quick reference
    • If tickets are being escalated but shouldn’t be, ensure knowledge articles and training materials are up to date
    • Follow up on all external escalations, ensuring SLAs are respected
    • Publish an escalation path for clients if service is not meeting their needs (for internal and external providers) and automate escalations for tickets breaching SLAs
    Escalation rules strung together.
    User doesn’t know who will fix the issue but expects to see it done in a reasonable time. If issue cannot be resolved right away, set expectations for resolution time.
    • Document information so next technician doesn’t need to ask the same questions.
    • Escalate to the right technician the first time.
    • Check notes to catch up on the issue.
    • Run tests if necessary.
    • Contact user to troubleshoot and fix.
    • Meet SLAs or update client on new ETA.
    • Provide complete information to vendor.
    • Monitor resolution.
    • Follow up with vendor if delays.
    • Update client as needed.
    • Vendor will provide support according to agreement.
    • Encourage vendor to provide regular updates to IT.
    • Review vendor performance regularly.
    • IT will validate issue is resolved and close ticket.
    Validate user is happy with the experience

    Define, measure, and report on service level agreements

    Improving communications is the most effective way to improve customer service
    1. Set goals for time to respond and time to resolve for different incident levels, communicate to the technical team, and test ability to meet these goals.
    2. Set goals for time to fulfil for most service requests, document exceptions (e.g. onboarding).
    3. Create reports to measure against goals and determine what information will be most effective for reporting to the business.
    4. Management: Communicate expectations to the business leaders and end users.
    5. Management: Set regular cadence to meet with stakeholders to discuss expectations and review relevant metrics.
    6. Management: Determine how metrics will be tracked and reviewed to manage technical partners.
    Keep messaging simple
    • Be prepared with detailed reporting if needed, but focus on a few key metrics to inform stakeholders of progress against goals.
    • Use trending to tell a story, especially when presenting success stories.
    • Use appropriate media for each type of message. For example: SLAs can be listed on automated ticket responses or in a banner on the portal.

    Determine what communications are most important and who will do them

    Icon of a bperson ascending a staircase.

    PROACTIVE, PLANNED CHANGES

    From: Service Desk

    Messaging provided by engineer or director, sent to all employees; proactive planning with business unit leaders.

    Icon of a bullseye.

    OUTAGES & UPDATES

    From: Service Desk

    Use templates to send out concise messaging and updates hourly, with input from technical team working on restoring services to all; director to liaise with business stakeholders.

    Icon of a lightbulb.

    UPDATES TO SERVICES, SELF-SERVE

    From: Director

    Send announcements no more than monthly about new services and processes.

    Icon of a handshake.

    REGULAR STAKEHOLDER COMMUNICATIONS

    From: Director

    Monthly reporting to business and IT stakeholders on strategic and project goals, manage escalations.

    1.4 Create communications plan

    2 hours

    Input: Sample past communications

    Output: Communications templates

    Materials: Whiteboard/flip charts, Markers

    Participants: CIO, Service desk manager, Technicians

    Determine where templates are needed to ensure quick and consistent communications. Review sample templates and modify to suit your needs:

    1. Proactive, planned changes
    2. Outages and updates
    3. Updates to services, self-serve
    4. Regular stakeholder communications

    Download the communications templates

    Create reports that are useful and actionable

    Reporting serves two purposes:

    1. Accountability to stakeholders
    2. Identification of items that need action

    To determine what reports are needed, ask yourself:

    • What are your goals?
    • What story are you trying to tell?
    • What do you need to manage day to day?
    • What do you need to report to get funding?
    • What do you need to report to your stakeholders for service updates?

    Determine which metrics will be most useful to suit your strategic and operational goals

    STRATEGIC GOAL (stakeholders): Improve customer service evidenced by:

    TIME

    • Aged backlog
    • Service requests solved within SLA (could also look for quick ones, e.g. tickets solved in one day, % solved within one hour)
    • Volume of incidents and time to solve each type
    • Critical incidents solved in 4 hours
    • Incidents solved same day

    QUALITY

    • Percentage of tickets solved at first contact
    • SLAs missed
    • Percentage of services available to request through catalog
    • Percentage of tickets created through portal (speaks to quality of experience)
    • Customer satisfaction survey results – transactional and annual

    RESOURCES

    • Knowledge articles used by technicians
    • Knowledge articles used by end users
    • Tickets resolved at each technician level (volume)
    • Non-standard requests evaluated and fulfilled by volume & time served
    • Volume of recurring incidents
    OPERATIONAL GOALS: Report to director & technicians

    What else can you do to improve service?

    Review the next few pages to see if you need additional blueprints to help you:
    • Evaluate staffing and training needs to ensure the right number of resources are available and they have the skills they need for your environment.
    • Create self-service for end users to get quick answers and create tickets.
    • Create a knowledge base to ensure backup for technical expertise.
    • Develop customer service skills through training.
    • Perform ticket analysis to better understand your technical environment.

    Be agile in your approach to service

    It’s easy for small teams to get overwhelmed when covering for vacations, illness, or leave. Determine where priorities may be adjusted during busy or short-staffed times.

    • Have a plan to cross-train technicians and create comprehensive knowledge articles for coverage during vacations and unexpected absences.
    • Know where it makes sense to bring in vendors, such as for managed print services, or to cover for extended absences.
    • Look for opportunities to automate functions or reduce administrative overhead through workflows.
    • Identify any risks and determine how to mitigate, such as managing or changing administrative passwords.
    • Create self-serve to enable ticket creation and self-solve for those users who wish to use it.

    Staff the service desk to meet demand

    • With increasing complexity of support and demand on service desks, staff are often left feeling overwhelmed and struggling to keep up with ticket volume, resulting in long resolution times and frustrated end users.
    • However, it’s not as simple as hiring more staff to keep up with ticket volume. IT managers must have the data to support their case for increasing resources or even maintaining their current resources in an environment where many executives are looking to reduce headcount.
    • Without changing resources to match demand, IT managers will need to determine how to maximize the use of their resources to deliver better service.

    Cover image for 'Staff the Service Desk to Meet Demand'.
    Click picture for a link to the blueprint

    Create and manage a knowledge base

    With a small team, it may seem redundant to create a knowledge base, but without key system and process workflows and runbooks, an organization is still at risk of bottlenecks and knowledge failure.

    • Use a knowledge base to document pre-escalation troubleshooting steps, known errors and workarounds, and runbook solutions.
    • Where incidents may have many root causes, document which are the most frequent solutions and where variations are typically used.
    • Start with an inventory of personal documents, compare and consolidate into the knowledge base, and ensure they are accurate and up to date.
    • Assign someone to review articles on a regular basis and flag for editing and archiving as the technical environment changes.
    • Supplement with vendor-provided or purchased content. Two options for purchased content include RightAnswers or Netformx.

    Info-Tech Insight

    Appeal to a broad audience. Use non-technical language whenever possible to help less technical readers. Identify error messages and use screenshots where it makes sense. Take advantage of social features like voting buttons to increase use.

    Optimize the service desk with a shift-left strategy

    • “Shift left” is a strategy which moves appropriate technical work to users through knowledge articles, automation and service catalogs, freeing up time for technicians to work on more complex issues.
    • Many organizations have built a great knowledge base but fail to see the value of it over time as it becomes overburdened with overlapping and out-of-date information. Knowledge capture, updating, and review must be embedded into your processes if you want to keep the knowledge base useful.
    • Similarly, the self-service portal is often deployed out of the box with little input from end users and fails to deliver its intended benefits. The portal needs to be designed from the end user’s point of view with the goal of self-resolution if it will serve its purpose of deflecting tickets.

    Cover image for 'Optimize the Service Desk With a Shift-Left Strategy'.
    Click picture for a link to the blueprint

    Customer service isn’t just about friendliness

    Your team will all need to deal with end users at some point, and that may occur in times of high stress. Ensure the team has the skills they need to actively listen, stay positive, and de-escalate.

    Info-Tech’s customer service program is a modular approach to improve skills one area at a time. Delivering good customer service means being effective in these areas:
    • Customer focus – Focus on the customer and use a positive, caring, and helpful attitude.
    • Listening and verbal communication skills – Demonstrate empathy and patience, actively listen, and speak in user-friendly ways to help get your point across.
    • Written communication skills – Use appropriate tone, language, and terms in writing (whether via chat, email, or other).
    • Manage difficult situations – Remain calm and in control when dealing with difficult customers and situations.
    • Go the extra mile – Go beyond simply resolving the request to make each interaction positive and memorable.

    Deliver a customer service training program to your IT department

    • There’s a common misconception that customer service skills can’t be taught, so no effort is made to improve those skills.
    • Even when there is a desire to improve customer service, it’s hard for IT teams to make time for training and improvement when they’re too busy trying to keep up with tickets.
    • A talented service desk agent with both great technical and customer service skills doesn’t have to be a rare unicorn, and an agent without innate customer service skills isn’t a lost cause. Relevant and impactful customer service habits, techniques, and skills can be taught through practical, role-based training.
    • IT leaders can make time for this training through targeted, short modules along with continual on-the-job coaching and development.

    Cover image for 'Deliver Customer Service Training Program to Your IT Department'.
    Click picture for a link to the blueprint

    Improve your ticket analysis

    Once you’ve got great data coming into the ticketing system, it’s important to rethink your metrics and determine if there are more insights to be found.

    Analyzing ticket data involves:
    • Collecting ticket data and keeping it clean. Based on the metrics you’re analyzing, define ticket expectations and keep the data up to date.
    • Showing the value of the service desk. SLAs are meaningless if they are not met consistently. The prerequisite to implementing proper SLAs is fully understanding the proper workload of the service desk.
    • Understanding – and improving – the user experience. You cannot improve the user experience without meaningful metrics that allow you to understand the user experience. Different user groups will have different needs and different expectations of the level of service. Your metrics should reflect those needs and expectations.

    Analyze your service desk ticket data

    Properly analyzing ticket data is challenging for the following reasons:
    • Poor ticket hygiene and unclear ticket handling
    • Service desk personnel are not sure where to start with analysis
    • Too many metrics are tracked to parse actionable data from the noise
    Ticket data won’t give you a silver bullet, but it can help point you in the right direction.

    Cover image for 'Analyze Your Service Desk Ticket Data'.
    Click picture for a link to the blueprint

    Start doing problem management

    Proactively focusing on root cause analysis will reduce the most disruptive incidents to the organization.

    • A focus on elimination of critical incidents and the more disruptive recurring incidents will reduce future workloads for the team and improve customer satisfaction.
    • This can be challenging when the team is already struggling with workload; however, setting a regular cadence to review tickets, looking for trends, and identifying at least one focus area a month can be a positive outcome for everyone.
    • Focus on the most impactful ticket or service first. The initial goal should be to reduce or eliminate critical and high-impact incidents. Once the high-stress situations are reduced, proactively scheduling the smaller but still time-consuming repeatable incidents can be done.
    • Where you have vendors involved, work with them to determine when root cause analysis must happen and where they’ll need to coordinate with your team or other supporting vendors.

    Problem management

    Problem management can be challenging because it requires skills and knowledge to go deep into a problem and troubleshoot the root cause of an issue, but it also requires uninterrupted time.
    • Problem management, however, can be taught, and the issue isn’t always hard to spot if you have time to look.
    • Using tried and true methods for walking through an issue step by step will enable the team to improve their investigative and troubleshooting skills.
    • Reduction of one or two major incidents and recurring incidents per month will pay off quickly in reducing reactive ticket volume and improve customer satisfaction.

    Cover image for 'Problem Management'.
    Click picture for a link to the blueprint

    Create your roadmap with high-level requirements

    Determine what tasks and projects need to be completed to meet your improvement goals. Create a high-level project plan and balance with existing resources.

    Roadmap of high-level requirements with 'Goals' as row headers and their timelines mapped out across fiscal quarters.

    Bibliography

    Taylor, Sharon and Ivor Macfarlane. ITIL Small Scale Implementation. Office of Government Commerce, 2005.

    “Share, Collaborate, and Communicate on One Consistent Platform.” Liferay, n.d. Accessed 19 July 2022.

    Rodela, Jimmy. “A Beginner’s Guide to Customer Self-Service.” The Ascent, 18 May 2022. Web.

    Kick-Start IT-Led Business Innovation

    • Buy Link or Shortcode: {j2store}87|cart{/j2store}
    • member rating overall impact: 9.2/10 Overall Impact
    • member rating average dollars saved: $38,844 Average $ Saved
    • member rating average days saved: 8 Average Days Saved
    • Parent Category Name: Innovation
    • Parent Category Link: /innovation
    • The CIO is not considered a strategic partner. The business may be satisfied with IT services, but no one is looking to IT to solve business problems or drive the enterprise forward.
    • Even if IT staff do generate ideas that will improve operational efficiency or enable the business, few are ever assessed or executed upon.

    Our Advice

    Critical Insight

    • Business demand for new technology is creating added pressure to innovate and executive stakeholders expect more from IT. If IT is not viewed as a source of innovation, its perceived value will decrease and the threat of shadow IT will grow. Do not wait to start finding and capitalizing on opportunities for IT-led innovation.

    Impact and Result

    • Start innovating right away. All you need are business pains and people willing to ideate around them.
    • Assemble a small team and arm them with proven techniques for identifying unique opportunities for innovation, developing impactful solutions, and prototyping quickly and effectively. Incubate a reservoir of ideas, both big and small, so that you are ready to execute on innovative projects when the timing is right.
    • Once you have demonstrated IT’s ability to innovate, mature your capability with a permanent innovation process and program.

    Kick-Start IT-Led Business Innovation Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief to find out why you should create innovation processes, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Launch innovation

    Sponsor a mandate for innovation and assemble a small team to start sourcing ideas with IT staff.

    • Kick-Start IT-Led Business Innovation – Phase 1: Launch Innovation
    • Innovation Working Group Charter

    2. Ideate

    Identify critical opportunities for innovation and brainstorm effective solutions.

    • Kick-Start IT-Led Business Innovation – Phase 2: Ideate
    • Idea Document
    • Idea Reservoir Tool

    3. Prototype

    Prototype ideas rapidly to gain user feedback, refine solutions, and make a compelling case for project investment.

    • Kick-Start IT-Led Business Innovation – Phase 3: Prototype
    • Prototyping Workbook
    • Prototype Assessment

    4. Mature innovation capability

    Formalize the innovation process and implement a program to create a strong culture of innovation in IT.

    • Kick-Start IT-Led Business Innovation – Phase 4: Mature Innovation Capability

    Infographic

    Workshop: Kick-Start IT-Led Business Innovation

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Launch Innovation

    The Purpose

    Introduce innovation.

    Assess overall IT maturity to understand what you want to achieve with innovation.

    Define the innovation mandate.

    Introduce ideation.

    Key Benefits Achieved

    A set of shared objectives for innovation will be defined.

    A mandate will be created to help focus innovation efforts on what is most critical to the advancement of IT's maturity.

    The group will be introduced to ideation and prepared to begin addressing critical IT or business pains.

    Activities

    1.1 Define workshop goals and objectives.

    1.2 Introduce innovation.

    1.3 Assess IT maturity.

    1.4 Define the innovation mandate.

    1.5 Introduce ideation.

    Outputs

    Workshop goals and objectives.

    An understanding of innovation.

    IT maturity assessment.

    Sponsored innovation mandate.

    An understanding of ideation.

    2 Ideate, Part I

    The Purpose

    Identify and prioritize opportunities for IT-led innovation.

    Map critical processes to identify the pains that should be ideated around.

    Brainstorm potential solutions.

    Assess, pitch, and prioritize ideas that should be investigated further.

    Key Benefits Achieved

    The team will learn best practices for ideation.

    Critical pain points that might be addressed through innovation will be identified and well understood.

    A number of ideas will be generated that can solve identified pains and potentially feed the project pipeline.

    The team will prioritize the ideas that should be investigated further and prototyped after the workshop.

    Activities

    2.1 Identify processes that present opportunities for IT-led innovation.

    2.2 Map selected processes.

    2.3 Finalize problem statements.

    2.4 Generate ideas.

    2.5 Assess ideas.

    2.6 Pitch and prioritize ideas.

    Outputs

    A list of processes with high opportunity for IT-enablement.

    Detailed process maps that highlight pain points and stakeholder needs.

    Problem statements to ideate around.

    A long list of ideas to address pain points.

    Detailed idea documents.

    A shortlist of prioritized ideas to investigate further.

    3 Ideate, Part II

    The Purpose

    Ideate around a more complex problem that presents opportunity for IT-led innovation.

    Map the associated process to define pain points and stakeholder needs in detail.

    Brainstorm potential solutions.

    Assess, pitch, and prioritize ideas that should be investigated further.

    Introduce prototyping.

    Map the user journey for prioritized ideas.

    Key Benefits Achieved

    The team will be ready to facilitate ideation independently with other staff after the workshop.

    A critical problem that might be addressed through innovation will be defined and well understood.

    A number of innovative ideas will be generated that can solve this problem and help IT position itself as a source of innovative projects.

    Ideas will be assessed and prioritized for further investigation and prototyping after the workshop.

    The team will learn best practices for prototyping.

    The team will identify the assumptions that need to be tested when top ideas are prototyped.

    Activities

    3.1 Select an urgent opportunity for IT-led innovation.

    3.2 Map the associated process.

    3.3 Finalize the problem statement.

    3.4 Generate ideas.

    3.5 Assess ideas.

    3.6 Pitch and prioritize ideas.

    3.7 Introduce prototyping.

    3.8 Map the user journey for top ideas.

    Outputs

    Selection of a process which presents a critical opportunity for IT-enablement.

    Detailed process map that highlights pain points and stakeholder needs.

    Problem statement to ideate around.

    A long list of ideas to solve the problem.

    Detailed idea documents.

    A shortlist of prioritized ideas to investigate further.

    An understanding of effective prototyping techniques.

    A user journey for at least one of the top ideas.

    4 Implement an Innovation Process and Program

    The Purpose

    Establish a process for generating, managing, prototyping, prioritizing, and approving new ideas.

    Create an action plan to operationalize your new process.

    Develop a program to help support the innovation process and nurture your innovators.

    Create an action plan to implement your innovation program.

    Decide how innovation success will be measured.

    Key Benefits Achieved

    The team will learn best practices for managing innovation.

    The team will be ready to operationalize an effective process for IT-led innovation. You can start scheduling ideation sessions as soon as the workshop is complete.

    The team will understand the current innovation ecosystem: drivers, barriers, and enablers.

    The team will be ready to roll out an innovation program that will help generate wider engagement with IT-led innovation.

    You will be ready to measure and report on the success of your program.

    Activities

    4.1 Design an IT-led innovation process.

    4.2 Assign roles and responsibilities.

    4.3 Generate an action plan to roll out the process.

    4.4 Determine critical process metrics to track.

    4.5 Identify innovation drivers, enablers, and barriers.

    4.6 Develop a program to nurture a culture of innovation.

    4.7 Create an action plan to jumpstart each of your program components.

    4.8 Determine critical metrics to track.

    4.9 Summarize findings and gather feedback.

    Outputs

    A process for IT-led innovation.

    Defined process roles and responsibilities.

    An action plan for operationalizing the process.

    Critical process metrics to measure success.

    A list of innovation drivers, enablers, and barriers.

    A program for innovation that will leverage enablers and minimize barriers.

    An action plan to roll out your innovation program.

    Critical program metrics to track.

    Overview of workshop results and feedback.

    Master the Art of Stakeholder Management in Small Enterprise Environments

    • Buy Link or Shortcode: {j2store}572|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Stakeholder Management
    • Parent Category Link: /stakeholder-management
    • IT hasn’t taken into account critical stakeholders and their concerns and preferences as they plan projects or operate on daily business.
    • It is difficult to tailor communication and messaging to all of the different personal and professional styles and motivations of stakeholders.
    • Access to stakeholders and getting an accurate understanding of their needs and concerns regarding IT can be difficult to obtain.

    Our Advice

    Critical Insight

    • Small enterprises have an advantage in stakeholder management. Less people and fewer barriers create opportunities for more productive interactions and stronger relationships.
    • The guiding principles for effective stakeholder management are common concepts, but unfortunately not common practice.
    • By stepping back and taking the time to thoughtfully consider the dynamics and needs of important IT stakeholders, you will be better able to position yourself and your department.

    Impact and Result

    • Info-Tech’s guiding principles provide clear and feasible recommendations for how to incorporate stakeholder management into daily interactions.
    • This blueprint’s guidance will enable IT leaders to tailor communication and interactions that will enable them to build stronger and more meaningful relationships with stakeholders.
    • Following this approach and its guiding principles will make IT projects be more successful by reducing their risk of failure due to issues of buy-in, misunderstanding of priorities, or a lack of support from critical stakeholders.

    Master the Art of Stakeholder Management in Small Enterprise Environments Research & Tools

    Executive Overview

    Use Info-Tech’s approach to stakeholder management to guide you in building stronger and more beneficial relationships, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    • Master the Art of Stakeholder Management in Small Enterprise Environments Storyboard
    • None
    • None

    1. Identify stakeholders

    Determine the stakeholders for an IT department of a singular initiative.

    • Stakeholder Management Analysis Tool

    2. Analyze stakeholders

    Use the guidance of this section to analyze stakeholders on both a professional and personal level.

    3. Manage stakeholders

    Use Info-Tech’s guiding principles of stakeholder management to direct how to best engage key stakeholders.

    4. Review case studies

    Use real-life experiences from Info-Tech’s analysts to understand how to use and apply stakeholder management techniques.

    [infographic]

    Portfolio Management

    • Buy Link or Shortcode: {j2store}47|cart{/j2store}
    • Related Products: {j2store}47|crosssells{/j2store}
    • member rating overall impact: 9.6/10
    • member rating average dollars saved: $40,234
    • member rating average days saved: 30
    • Parent Category Name: Applications
    • Parent Category Link: /applications

    The challenge

    • Typically your business wants much more than your IT development organization can deliver with the available resources at the requested quality levels.
    • Over-damnd has a negative influence on delivery throughput. IT starts many projects (or features) but has trouble delivering most of them within the set parameters of scope, time, budget, and quality. Some requested deliverables may even be of questionable value to the business.
    • You may not have the right project portfolio management (PPM) strategy to bring order in IT's delivery activities and to maximize business value.

    Our advice

    Insight

    • Many in IT mix PPM and project management. Your project management playbook does not equate to the holistic view a real PPM practice gives you.
    • Some organizations also mistake PPM for a set of processes. Processes are needed, but a real strategy works towards tangible goals.
    • PPM works at the strategic level of the company; hence executive buy-in is critical. Without executive support, any effort to reconcile supply and demand will be tough to achieve.

    Impact and results 

    • PPM is a coherent business-aligned strategy that maximizes business value creation across the entire portfolio, rather than in each project.
    • Our methodology tackles the most pressing challenge upfront: get executive buy-in before you start defining your goals. With senior management behind the plan, implementation will become easier.
    • Create PPM processes that are a cultural fit for your company. Define your short and long-term goals for your strategy and support them with fully embedded portfolio management processes.

    The roadmap

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    Get started.

    Read our executive brief to understand why you should develop a PPM strategy and understand how our methodology can help you. We show you how we can support you.

    Obtain executive buy-in for your strategy

    Ensure your strategy is a cultural fit or cultural-add for your company.

    • Develop a Project Portfolio Management Strategy – Phase 1: Get Executive Buy-In for Your PPM Strategy (ppt)
    • PPM High-Level Supply-Demand Calculator (xls)
    • PPM Strategic Plan Template (ppt)
    • PPM Strategy-Process Goals Translation Matrix Template (xls)

    Align the PPM processes to your company's strategic goals

    Use the advice and tools in this stage to align the PPM processes.

    • Develop a Project Portfolio Management Strategy – Phase 2: Align PPM Processes to Your Strategic Goals (ppt)
    • PPM Strategy Development Tool (xls)

    Refine and complete your plan

    Use the inputs from the previous stages and add a cost-benefit analysis and tool recommendation.

    • Streamline Application Maintenance – Phase 3: Optimize Maintenance Capabilities (ppt)

    Streamline your maintenance delivery

    Define quality standards in maintenance practices. Enforce these in alignment with the governance you have set up. Show a high degree of transparency and open discussions on development challenges.

    • Develop a Project Portfolio Management Strategy – Phase 3: Complete Your PPM Strategic Plan (ppt)
    • Project Portfolio Analyst / PMO Analyst (doc)

     

     

    Streamline Application Maintenance

    • Buy Link or Shortcode: {j2store}402|cart{/j2store}
    • member rating overall impact: 9.5/10 Overall Impact
    • member rating average dollars saved: 20 Average Days Saved
    • member rating average days saved: After each Info-Tech experience, we ask our members to quantify the real-time savings, monetary impact, and project improvements our research helped them achieve.
    • Parent Category Name: Maintenance
    • Parent Category Link: /maintenance
    • Application maintenance teams are accountable for the various requests and incidents coming from a variety business and technical sources. The sheer volume and variety of requests create unmanageable backlogs.
    • The increasing complexity and reliance on technology within the business has set unrealistic expectations on maintenance teams. Stakeholders expect teams to accommodate maintenance without impact on project schedules.

    Our Advice

    Critical Insight

    • Improving maintenance’s focus and attention may mean doing less but more valuable work. Teams need to be realistic about what can be committed and be prepared to justify why certain requests have to be pushed down the backlog (e.g. lack of business value, high risks).
    • Maintenance must be treated like any other development activity. The same intake and prioritization practices and quality standards must be upheld, and best practices followed.

    Impact and Result

    • Justify the necessity of streamlined maintenance. Gain a grounded understanding of stakeholder objectives and concerns, and validate their achievability against the current state of the people, process, and technologies involved in application maintenance.
    • Strengthen triaging and prioritization practices. Obtain a holistic picture of the business and technical impacts, risks, and urgencies of each accepted maintenance requests in order to justify its prioritization and relevance within your backlog. Identify opportunities to bundle requests together or integrate them within project commitments to ensure completion.
    • Establish and govern a repeatable process. Develop a maintenance process with well-defined stage gates, quality controls, and roles and responsibilities, and instill development best practices to improve the success of delivery.

    Streamline Application Maintenance Research & Tools

    Start here – read the Executive Brief

    Read our Executive Brief to understand the common struggles found in application maintenance, their root causes, and the Info-Tech methodology to overcoming these hurdles.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Understand your maintenance priorities

    Understand the stakeholder priorities driving changes in your application maintenance practice.

    • Streamline Application Maintenance – Phase 1: Assess the Current Maintenance Landscape
    • Application Maintenance Operating Model Template
    • Application Maintenance Resource Capacity Assessment
    • Application Maintenance Maturity Assessment

    2. Instill maintenance governance

    Identify the appropriate level of governance and enforcement to ensure accountability and quality standards are upheld across maintenance practices.

    • Streamline Application Maintenance – Phase 2: Develop a Maintenance Release Schedule

    3. Enhance triaging and prioritization practices

    Build a maintenance triage and prioritization scheme that accommodates business and IT risks and urgencies.

    • Streamline Application Maintenance – Phase 3: Optimize Maintenance Capabilities

    4. Streamline maintenance delivery

    Define and enforce quality standards in maintenance activities and build a high degree of transparency to readily address delivery challenges.

    • Streamline Application Maintenance – Phase 4: Streamline Maintenance Delivery
    • Application Maintenance Business Case Presentation Document
    [infographic]

    Workshop: Streamline Application Maintenance

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Understand Your Maintenance Priorities

    The Purpose

    Understand the business and IT stakeholder priorities driving the success of your application maintenance practice.

    Understand any current issues that are affecting your maintenance practice.

    Key Benefits Achieved

    Awareness of business and IT priorities.

    An understanding of the maturity of your maintenance practices and identification of issues to alleviate.

    Activities

    1.1 Define priorities for enhanced maintenance practices.

    1.2 Conduct a current state assessment of your application maintenance practices.

    Outputs

    List of business and technical priorities

    List of the root-cause issues, constraints, and opportunities of current maintenance practice

    2 Instill Maintenance Governance

    The Purpose

    Define the processes, roles, and points of communication across all maintenance activities.

    Key Benefits Achieved

    An in-depth understanding of all maintenance activities and what they require to function effectively.

    Activities

    2.1 Modify your maintenance process.

    2.2 Define your maintenance roles and responsibilities.

    Outputs

    Application maintenance process flow

    List of metrics to gauge success

    Maintenance roles and responsibilities

    Maintenance communication flow

    3 Enhance Triaging and Prioritization Practices

    The Purpose

    Understand in greater detail the process and people involved in receiving and triaging a request.

    Define your criteria for value, impact, and urgency, and understand how these fit into a prioritization scheme.

    Understand backlog management and release planning tactics to accommodate maintenance.

    Key Benefits Achieved

    An understanding of the stakeholders needed to assess and approve requests.

    The criteria used to build a tailored prioritization scheme.

    Tactics for efficient use of resources and ideal timing of the delivery of changes.

    A process that ensures maintenance teams are always working on tasks that are valuable to the business.

    Activities

    3.1 Review your maintenance intake process.

    3.2 Define a request prioritization scheme.

    3.3 Create a set of practices to manage your backlog and release plans.

    Outputs

    Understanding of the maintenance request intake process

    Approach to assess the impact, urgency, and severity of requests for prioritization

    List of backlog management grooming and release planning practices

    4 Streamline Maintenance Delivery

    The Purpose

    Understand how to apply development best practices and quality standards to application maintenance.

    Learn the methods for monitoring and visualizing maintenance work.

    Key Benefits Achieved

    An understanding of quality standards and the scenarios for where they apply.

    The tactics to monitor and visualize maintenance work.

    Streamlined maintenance delivery process with best practices.

    Activities

    4.1 Define approach to monitor maintenance work.

    4.2 Define application quality attributes.

    4.3 Discuss best practices to enhance maintenance development and deployment.

    Outputs

    Taskboard structure and rules

    Definition of application quality attributes with user scenarios

    List of best practices to streamline maintenance development and deployment

    5 Finalize Your Maintenance Practice

    The Purpose

    Create a target state built from appropriate metrics and attainable goals.

    Consider the required items and steps for the implementation of your optimization initiatives.

    Key Benefits Achieved

    A realistic target state for your optimized application maintenance practice.

    A well-defined and structured roadmap for the implementation of your optimization initiatives.

    Activities

    5.1 Refine your target state maintenance practices.

    5.2 Develop a roadmap to achieve your target state.

    Outputs

    Finalized application maintenance process document

    Roadmap of initiatives to achieve your target state

    Service Desk

    • Buy Link or Shortcode: {j2store}11|cart{/j2store}
    • Related Products: {j2store}11|crosssells{/j2store}
    • Up-Sell: {j2store}11|upsells{/j2store}
    • member rating overall impact: 9.4/10
    • member rating average dollars saved: $22,900
    • member rating average days saved: 20
    • Parent Category Name: Infra and Operations
    • Parent Category Link: /infra-and-operations
    The service desk is typically the first point of contact for clients and staff who need something. Make sure your team is engaged, involved, knowledgeable, and gives excellent customer service.

    Take Advantage of Big Tech Layoffs

    • Buy Link or Shortcode: {j2store}573|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Attract & Select
    • Parent Category Link: /attract-and-select

    Tech layoffs have been making the news over the past year, with thousands of Big Tech employees having been laid off. After years of record low unemployment in IT, many leaders are looking to take advantage of these layoffs to fill their talent gaps.

    However, IT leaders need to determine their response – wait and see the impact of the recession on budgets and candidate expectations, or dive in and secure great talent to execute today on strategic needs. This research is designed to help those IT leaders who are looking to take advantage employee effective talents to secure talent.

    • With the impact of the economic slowdown still unknown, the first question IT leaders need to ask is whether now is the time to act.
    • Even with these layoffs, IT unemployment rates are at record lows, with many organizations continuing to struggle to attract talent. While these layoffs have opened a window, IT leaders need to act quickly to secure great talent.

    Our Advice

    Critical Insight

    The “where has the talent gone?” puzzle has been solved. Many tech firms over-hired and were able to outcompete everyone, but it wasn’t sustainable. This correction won’t impact unemployment numbers in the short term – the job force is just in flux right now.

    Impact and Result

    This research is designed to help IT leaders understand the talent market and to provide winning tactics to those looking to take advantage of the layoffs to fill their hiring needs.

    Take Advantage of Big Tech Layoffs Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Take Advantage of Big Tech Layoffs Storyboard – A snapshot of the current talent market in IT and quick tactics IT leaders can employ to improve their hiring process to find and attract tech talent.

    Straightforward tactics you can execute to successfully recruit IT staff impacted by layoffs.

    • Take Advantage of Big Tech Layoffs Storyboard

    2. IT Talent Acquisition Optimization Tool – Use this tool to document the current and future talent acquisition process.

    To hire efficiently, create a clear, consistent talent acquisition process. The IT Talent Acquisition Process Optimization Tool will help to:

  • Map out the current talent acquisition workflow
  • Identify areas of opportunity and potential gaps in the current process
    • IT Talent Acquisition Optimization Tool
    [infographic]

    Further reading

    Take Advantage of Big Tech Layoffs

    Simple tactics to secure the right talent in times of economic uncertainty.

    Why are the layoffs making the news?

    After three years of record low unemployment rates in IT and organizations struggling to hire IT talent into their organization, the window appears to be opening with tens of thousands layoffs from Big Tech employers.

    Big brand organizations such as Microsoft, Alphabet, Amazon, Twitter, Netflix, and Meta have been hitting major newswires, but these layoffs aren't exclusive to the big names. We've also seen smaller high-growth tech organizations following suit. In fact, in 2022, it's estimated that there were more than 160,997 layoffs across over 1,045 tech organizations. This trend has continued into 2023. By mid-February 2023, there were already 108,754 employees laid off at 385 tech companies (Layoffs.fyi).(1)

    While some of these layoffs have been openly connected to economic slowdown, others are pointing to the layoffs being a correction for over-hiring during the pandemic. It is also important to note that many of these workers were not IT employees, as these organizations also saw cuts across other areas of the business such as sales, marketing, recruitment, and operations.

    (1)This global database is constantly being updated, and these numbers are changing on an ongoing basis. For up-to-date statistics, see https://layoffs.fyi

    While tech layoffs have been making the news, so far many of these layoffs have been a correction to over-hiring, with most employees laid off finding work, if they want it, within three months.

    IT leaders need to determine their response – wait and see the impact of the recession on budgets and candidate expectations or dive in and secure great talent to execute today on strategic needs.

    This research is designed to help IT leaders understand the talent market and provide winning strategies to those looking to take advantage of the layoffs to fill their hiring needs.

    Three key drivers for Big Tech layoffs

    Economic uncertainty

    Globally, economists are predicting an economic slowdown, though there is not a consistent prediction on the impact. We have seen an increase in interest rates and inflation, as well as reduced investment budgets.

    Over-hiring during the pandemic

    High growth and demand for digital technologies and services during the early pandemic led to over-hiring in the tech industry. Many organizations overestimated the future demand and had to rebalance staffing as a result.

    New automation investments

    Many tech organizations that have conducted layoffs are still in a growth mindset. This is demonstrated though new tech investments by these companies in products like chatbots and RPA to semi-automate processes to reduce the need for certain roles.

    Despite layoffs, the labor market remains competitive

    There were at least 160,997 layoffs from more than 1,045 tech companies last year (2022). (Layoffs.fyi reported as of Feb 21/2023)

    But just because Big Tech is laying people off doesn't mean the IT job market has cooled.

    Between January and October 2022 technology- focused job postings rose 25% compared to the same period in 2021, and there were more than 375,000 tech jobs posted in October of 2022.
    (Dice: Tech Jobs Report.)

    Info-Tech Insight

    The "where has the talent gone?" puzzle has been solved. Many tech firms over-hired and were able to outcompete everyone, but it wasn't sustainable. This correction won't impact unemployment numbers in the short term – the job force is just in flux right now.

    So far, many of the layoffs have been a market correction

    Tech Layoffs Since COVID-19

    This is an image of a combo line graph plotting the number of tech layoffs from Q1 2020 to Q4 2022.

    Source: Layoffs.fyi - Tech Layoff Tracker and Startup Layoff Lists

    Tech Companies Layoffs vs. Early Pandemic Hiring # of People

    This is an image of a bar graph plotting Tech Companies Layoffs vs. Early Pandemic Hiring # of People

    Source: Yahoo Finance. Q4 '19 to Q3 '22

    Tech Layoffs between 2020 Q3- 2022 Q1 remained very low across the sector. In fact, outside of the initial increase at the start of the pandemic, layoffs have remained at historic low levels of around 1% (HBR, 2023). While the layoffs look significant in isolation, when you compare these numbers to pandemic hiring and growth for these organizations, the figures are relatively small.

    The first question IT leaders need to ask is whether now is the time to act

    The big gamble many CIOs face is whether to strike now to secure talent or to wait to better understand the impact of the recession. While two-thirds of IT professionals are still expecting their budgets to increase in 2023, CIOs must account for the impact of inflation and the recession on their IT budgets and staffing decisions (see Info-Tech's CEO-CIO Alignment Program).

    Ultimately, while unemployment is low today, it's common to see unemployment numbers drop right before a recession. If that is the case, then we will see more talent entering the market, possibly at more competitive salaries. But organizations that wait to hire risk not having the staff they need to execute on their strategy and finding themselves in a hiring freeze. CIOs need to decide on how to approach the economic uncertainty and where to place their bets.

    Looking ahead to 2023, how do you anticipate your IT spending will change compared to spending in 2022?

    This is an image of anticipated changes to IT spending compared to 2022 for the following categories: Decrease of more than 30%; Decrease between 16-30%; Decrease between 6-15%; Decrease between 1-5%; No Change; Increase between 1-5%; Increase between 6-15%; Increase between 16-30%; Increase of more than 30%

    Info-Tech's CEO-CIO Alignment Program

    Organizations ready to take advantage will need to act fast when layoffs happen

    Organizations looking to fill hiring needs or grow their IT/digital organization will need to be strategic and efficient when it comes to recruitment. Regardless of the number of layoffs, it continues to be an employee market when it comes to IT roles.

    While it is likely that the recession will impact unemployment rates, so far, the market remains hot, and the number of open roles continues to grow. This means that organizations that want to take advantage need to act quickly when news hits.

    Leaders not only need to compete with other organizations for talent, but the other challenge hiring organizations will need to compete with is that many in tech received generous severance packages and will be considering taking time off. To take advantage, leaders need to establish a plan and a clear employee value proposition to entice these highly skilled workers to get off the bench.

    Why you need to act fast:

    • Unemployment rates remain low:
      • Tech unemployment's rates in the US dropped to 1.5% in January 2023 (CompTIA), compared to overall unemployment which is at 3.4% in the US as of January 2023 (Yahoo Finance). While the layoffs look significant, we can see that many workers have been rehired into the labor market.
    • Long time-to-hire results in lost candidates:
      • According to Info-Tech's IT Talent Trend Report, 58% of IT leaders report time-to-hire is longer than two months. This timing increases for tech roles which require unique skills or higher seniority. IT leaders who can increase the timeline for their requirement process are much more likely to be able to take advantage of tech layoffs.

    IT must take a leading role in IT recruitment to take advantage of layoffs

    A personal connection is the differentiator when it comes to talent acquisition

    There is a statistically significant relationship between IT leadership involvement in talent acquisition and the effectiveness of this process in the IT department. The more involved they are, the higher the effectiveness.(1)

    More IT leadership involvement

    An image of two upward facing arrows. The left arrow is faded purple, and the right arrow is dark purple.

    Higher recruitment effectiveness

    Involved leaders see shorter times to hire

    There is a statistically significant relationship between IT leadership involvement in the talent acquisition process and time to fill vacant positions. The more involved they are, the shorter the time to hire.(2)

    Involved leaders are an integral part of effective IT departments

    There is a statistically significant relationship between IT leadership involvement in talent acquisition and overall IT department effectiveness. Those that are more involved have higher levels of effectiveness.(3)

    Increased IT Leadership in Recruitment Is Directly Correlated to Recruitment Effectiveness.

    This is an image of a combo bar graph plotting Overall Effectiveness for IT leadership involvement in recruitment.

    Focus your layoff recruitment strategy on critical and strategic roles

    If you are ready to take advantage of tech layoffs, focus hiring on critical and strategic roles, rather than your operational backfills. Roles related to security, cloud migration, data and analytics, and digital transformation are more likely to be shielded from budget cuts and are logical areas to focus on when looking to recruit from Big Tech organizations.

    Additionally, within the IT talent market, scarcity is focused in areas with specialized skill sets, such as security and architecture, which are dynamic and evolving faster than other skill sets. When looking to recruit in these areas, it's critical that you have a targeted recruitment approach; this is why tech layoffs represent a strong opportunity to secure talent in these specialized areas.

    ROLES DIFFICULT TO FILL

    An image of a bar graph plotting roles by difficulty to fill.

    Info-Tech Talent Trends 2022 Survey

    Four quick tactics to take advantage of Big Tech layoffs

    TALENT ACQUISITION PROCESS TO TAKE ADVANTAGE OF LAYOFFS

    This is an image of the talent acquisition process to take advantage of layoffs. It involves the following four steps: 1 Prepare organization and job ads for recruitment.  2 Actively track and scan for layoff activity.  3 Prioritize and screen candidates using salary benchmarks and keywords.  4 Eliminate all unnecessary hiring process steps.

    Guided Implementation

    What does a typical GI on this topic look like?

    Step 1 Step 2 Step 3 Step 4

    Call #1: Scope requirements, objectives, and your specific challenges.

    Call #2: IT job ad review.

    Call #4: Identify screening and sourcing opportunities.

    Call #5: Review your IT talent acquisition process.

    Call #3: Employee value proposition review.

    Call #7: Refine your talent acquisition process.

    A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization.

    A typical GI is 8 to 12 calls over the course of 4 to 6 months.

    Tactics to take advantage of tech layoffs

    Activities

    1.1 Spot check your employee value proposition
    1.2 Update job advertisements
    1.3 Document your talent acquisition process
    1.4 Refine your talent acquisition process

    This step involves the following participants:

    • IT executive leadership
    • IT hiring manager
    • Human resources
    • Marketing/public relations

    Outcomes of this step

    Streamlined talent acquisition process tailored to take advantage of tech layoffs.

    This is an image of the talent acquisition process to take advantage of layoffs. It involves the following fo steps: 1 Prepare organization and job ads for recrtment.  2 Actively track and scan for layoff aivity.  3 Prioritize and screen candidates using salary benchmarks and kwords.  4 Eliminate all unnecessary hiring process steps.

    Requisition: update job ads and secure approval to hire

    Critical steps:

    1. Ensure you have secured budget and hiring approval.
    2. Identify an IT recruitment partner within the IT organization who will be accountable for working with HR throughout the process and who will actively track and scan for recruitment opportunities.
    3. Update your IT job descriptions.
    4. Spot check your employee value proposition (EVP) to appeal to targeted candidates (Exercise 1.1).
    5. Write employee job ads for relevant skills and minimum viable experience (Exercise 1.2).
    6. Work with HR to develop your candidate outreach messages – ensure that your outreach is empathetic, aligns with your EVP, and focuses on welcoming them to apply to a role.

    The approval process to activate a requisition can be one of the longest stages in the talent acquisition process. Ensure all your roles are up to date and approved so you can trigger outreach as soon as news hits; otherwise, you'll be late before you've even begun.

    Your employee value proposition (EVP) is a key tool for attracting and retaining talent

    Any updates to your EVP need to be a genuine reflection of the employee experience at your organization – and should resonate internally and externally.

    Internal (retention) perspective: These characteristics help to retain new and existing talent by ensuring that new hires' expectations are met and that the EVP is experienced throughout the organization.

    External (attraction) perspective: These characteristics help to attract talent and are targeted so the right candidates are motivated to join, while those who aren't a good fit will self-select out.

    McLean & Company's Employee Value Proposition Framework

    This is an image of McLean & Company's Employee Value Proposition Framework.  It is divided into Retain and Attract.  under Retain, are the following three headings: Aligned; Accurate; Aspirational.  Under Attract are: Compelling; Clear; Comprehensive.

    Source: McLean & Company

    1.1 Spot check your EVP

    1-3 hours

    1. Review your existing IT employee value proposition. If you do not have an EVP, see Info-Tech's comprehensive research Improve the IT Recruitment Process to draft a new EVP.
    2. Invite a representative group of employees to participate in a working group to improve your employee value proposition. Ask each participant to brainstorm the top five things they value most about working at the organization.
    3. Consider the following categories: work environment, career advancement, benefits, and ESG and diversity impact. Brainstorm as a group if there is anything unique your organization offers with regard to these categories.
    4. Compare your notes to your existing EVP, identify up to four key statements to focus on for the EVP, ensuring that your EVP speaks to at least one of the categories above. Remove any statements that no longer speak to who you are as an organization or what you offer.

    Input

    • Existing employee value proposition
    • Employee Engagement Surveys (If Available)

    Output

    • Updated employee value proposition

    Materials

    • Whiteboard/flip charts
    • Job ad template

    Participants

    • Representative group of internal employees.
    • HR
    • Marketing/PR (if possible)

    Four critical factors considered by today's job seeker

    1. Be specific about remote work policies: Include verbiage about whether there is an option to work hybrid or remote. 81% of job seekers stated that whether a job is remote, hybrid, or in-person was a top factor in whether they'd accept an offer (Benefits Canada, 2022).
    2. Career advancement and stability: "37% of Gen Z employees and 25% of millennial employees are currently looking for a job that offers career progression transparency — or, in other words, a job with clear opportunities for growth. This is significantly higher than our findings for older generations Gen X (18%) and baby boomers (7%)," (Lattice, 2021).
    3. Unique benefits: Consider your unique benefits – it's not the Big Tech "fun perks" like slides and ping pong that drive interest. Employees are increasingly looking for roles with long-term benefits programs. 90% of job seekers consider higher pension contributions to be a key factor, and 85% are considering bonuses/profit sharing" (Benefits Canada, 2022). Candidates may accept lower total compensation in exchange for flexibility, culture, work/life balance that was lacking in the start-up scene or the mega-vendors' fast-paced world.
    4. ESG and diversity impact: Include details of how the candidate will make a societal impact through their role, and how the company is acting on climate and sustainability. "Nearly two in five [Gen Z's and millennials] say they have rejected a job or assignment because it did not align with their values," (Deloitte Global, 2022).

    Update or establish job ads for candidate outreach

    Take the time up front to update your IT job descriptions and to write effective job advertisements. A job advertisement is an external-facing document that advertises a position with the intent of attracting job applicants. It contains key elements from the job description as well as information on the organization and its EVP. A job description informs a job ad, it doesn't replace it.
    When updating job descriptions and job ads, it's critical that your requirements are an accurate representation of what you need in the position. For the job ads especially, focus on the minimum requirements for the role, highlight your employee value proposition, and ensure that they are using inclusive language.
    Don't be lulled into using a job description as a posting when there's a time crunch to fill a position – use your preparation time to complete this key step.

    Three tips to consider when building a job ad

    Include the minimum desired requirements

    Include the required skills, responsibilities, and certifications required. Instead of looking for a unicorn, look for what you need and a demonstrated ability to learn. 70% of business executives say they are getting creative about sourcing for skills rather than just considering job experience (Deloitte Insights, 2022).

    Strategically include certifications

    When including certifications, ensure you have validated the process to be certified – i.e. if you are hiring for a role with 3-5 years' experience, ensure that the certification does not take 5-10 years of experience be eligible.

    Use inclusive language

    Consider having a review group within your IT organization to ensure the language is inclusive, that the responsibilities don't read as overly complex, and that it is an accurate representation of the organization's culture.

    1.2 Update or build job ads

    1-3 hours

    1. Begin with a copy of the job ad you are looking to fill, if you haven't begun to draft the role, start with Info-Tech's Job Description Library and Info-Tech's Job Ad Template.
    2. Review the job accountabilities, rank each responsibility based on its importance and volume of work. Determine if there are any responsibilities that are uncommon to be executed by the role and remove unnecessary responsibilities.
    3. For each of the job accountabilities, identify if there is a level of experience, knowledge or competency that would be the minimum bar for a candidate. Remove technical skills, specific technologies, and competencies that aren't directly relevant to the role, responsibilities or values.
    4. Review the education and requirements, and ensure that any certification or educational background is truly needed or suggested.
    5. Use the checklist on the following tab to review and update your job ad.

    Input

    • Job description
    • Employee value proposition
    • Job ad template

    Output

    • Completed job ad

    Materials

    • Whiteboard/flip charts
    • Web share

    Participants

    • Representative group of internal employees.
    • HR
    • Marketing/PR (if possible)

    1.2 Job ad checklist:

    A job ad needs to be two things: effective and inclusive.

    Effective

    The job ad does include:

    The organization's logo.
    Description of the organization.
    Information about benefits.
    A link to the organization's website and social media platforms.
    Steps in the application process and what candidates can expect.

    The job ad:

    Paints an accurate picture of key aspects of the role.
    Tells a story to show potential candidates how the role and organization will fit into their career path (outlines potential career paths, growth opportunities, training, etc.).
    Does not contain too many details and tasks that would overwhelm applicants.
    Highlights the employer brand in a manner that conveys the EVP and markets the organization to attract potential applicants.
    Includes creative design or formatting to make the ad stand out.
    The job ad speaks to the audience by using targeted language (e.g. using creative language when recruiting for a creative role).
    The job ad has been reviewed by HR, Marketing, PR.

    Inclusive

    The job ad does NOT include:

    Industry jargon or abbreviations that are not spelled out.
    Personality characteristics and unnecessary adjectives that would deter qualified candidates (e.g. extroverted, aggressive, competitive).
    A list of specific academic disciplines or schools, GPA requirements, or inflated degree requirements.

    The job ad:

    Uses gender-neutral language and does not contain terms that indicate traits that are typically associated with a specific gender.
    Can be viewed and applications can be completed on mobile devices.
    Focuses on results, day-to-day requirements, competencies, and transferrable skills.
    Includes design that is accessible (e.g. alternative text is provided for images, clear posting structure with headings, color is not used to convey information).

    Sourcing: Set up news trackers and review layoff source lists

    • Set up news and social media trackers to track layoff updates, and ensure you have an IT staff member on standby to complete a more detailed opportunity analysis when layoffs happen.
    • Use layoff source lists such as Layoffs.fyi to actively track organizations that have laid people off, noting the industry, location, and numbers in order to identify potential candidates. Limit your future analysis to locations that would be geographically possible to hire from.
    • Review open-source lists of laid-off employees to quickly identify potential candidates for your organization.
    • Many organizations that have completed layoffs have established outplacement programs to help laid-off staff find new roles. Set a plan in motion with HR to reach out to organizations once a layoff has occurred to understand their layoff support program.

    The key to successful sourcing is for IT to take an active role in identifying which organizations impacted by layoffs would be a good fit, and to quickly respond by searching open-source lists and LinkedIn to reach out potential candidates.

    Consider leveraging open-source lists

    Layoffs.fyi has been tracking and reporting on layoffs since the start of COVID-19. While they are not an official source of information, the site has more than a million views per month and is a strong starting point for IT leaders looking to source candidates from tech layoffs beyond the big organizations that are making the news.

    The site offers a view of companies with layoffs by location, industry, and the source of the info. Additionally, it often lists the names and contact information of laid-off employees, which you can leverage to start your deeper LinkedIn outreach or candidate screening.

    This is an image of two screenshots of open source lists from Layoffs.fyi

    Screenshots from Layoffs.fyi.

    Screening: Prioritize by considering salary benchmarks and keywords

    • Determine a set of consistent pre-screening questions to leverage while screening candidates, which every candidate must answer, including knockout questions.
    • Prioritize by going for salary ranges you can afford: It is important to be aware of what companies are paying within the tech arena, so you know if your salary bands are within a competitive range.
    • Pre-screen resumes using appropriate keywords that are critical for the role, and widen the terms if you do not have enough candidates. Given the pool you are looking to recruit from, consider removing criteria specifically related to education or certifications; instead, prioritize skills and on-the-job experience.

    Screening is one of the most time-consuming stages of the TA process. For each open position, it can take 23 hours to screen resumes (Toolbox, 2021). In fact, 52% of TA leaders believe that screening candidates from a large pool of applicants is the hardest part of recruitment (Ideal, 2021).

    Compensation comparison reports

    Keep in mind that the market may be shifting rapidly as layoffs proliferate, so what the data shows, particularly on free-to-use sites with little data-checking, may not be current and may be overstated. Info-Tech does not provide salary analysis; however, there are publicly available reports and online websites with self-reported data.

    This list contains several market data sources for the tech industry, which may be a good starting point for comparison. Info-Tech is not affiliated with or endorsing any of these market data sources.

    Aon Global Cyber Security Compensation and Talent Survey
    Aon – Radford Surveys Radford Global Technology Survey
    Culpepper Comprehensive Compensation Survey Solution for Technology-Focused Companies
    Modis 2022 IT Compensation Guide
    Motion Recruitment 2023 Tech Salary Guide
    Mondo 2022 Salary Guide for roles & jobs across the technology, creative & digital marketing industries.
    Willis Towers Watson Willis Towers Watson Data Services - Artificial Intelligence and Digital Talent
    Willis Towers Watson 2022 Artificial Intelligence and Digital Talent Survey Report - Canada
    Willis Towers Watson 2022 Artificial Intelligence and Digital Talent Survey Report - U.S.
    Michael Page Salary Guide 2022 for the Greater Toronto Area Technology Industry
    Willis Towers Watson Willis Towers Watson Data Services - Tech, Media, and Gaming
    Willis Towers Watson 2022 Tech, Media and Gaming Executive Survey Report - Canada
    Willis Towers Watson 2022 Tech, Media and Gaming Middle Management, Professional and Support Survey Report - Canada
    Willis Towers Watson 2022 Tech, Media and Gaming Executive Survey Report - U.S.
    Willis Towers Watson 2022 Tech, Media and Gaming Middle Management, Professional and Support Survey Report - U.S.

    Work with your HR partner to streamline your talent acquisition process

    A slow talent acquisition process presents multiple risks to your ability to recruit. Candidates are likely having multiple hiring conversations, and you could lose a good candidate just by being slower than another organization. Additionally, long hiring processes are also an indicator of a high level of bureaucracy in an organization, which may turn off tech candidates who are used to faster-paced decision making.

    Reducing your time-to-hire needs to be a strategic priority, and companies that manage to do this are reaping the benefits: There is a statistically significant relationship between time to fill vacant positions and overall IT department effectiveness. The shorter the time to fill a position, the higher the effectiveness (Bika, 2019).

    Key Considerations for Optimizing your Talent Acquisition Process

    Key Considerations for Optimizing your Talent Acquisition Process

    Review the end-to-end experience

    50%

    of job seekers surveyed had "declined a job offer due to poor [candidate] experience," (Echevarria, 2020).

    Reduce the time to hire

    55%

    "of candidates believe that it should take one to two weeks from the first interview to being offered the job," (Duszyński, 2021).

    Be clear on Timelines

    83%

    "of candidates say it would greatly improve the overall experience if employers provided a clear timeline of the hiring process," (Miller, n.d.).

    Time to hire: Identify solutions to drive efficient hiring

    1. Document all steps between screening and hiring and remove any unnecessary steps.
    2. Create clearly defined interview guides to ensure consistent questioning by interviewers.
    3. Enable hiring managers to schedule their own interviews.
    4. Determine who needs to approve an offer. Streamline the number of approvals, if possible.
    5. Eliminate unnecessary background checks. Many companies have eliminated reference checks, for example, after determining that it was it was not adding value to their decision.
    6. Identify and track key metrics across your talent acquisition process.

    It is critical to partner with your HR department on optimizing this process, as they are typically the process owners and will have deep knowledge of the rationale for decisions. Together, you can identify some opportunities to streamline the process and improve the time to hire.

    4.1 Document your TA process

    1-3 hours

    1. If you have a documented talent acquisition process, begin with that; if not, open the IT Talent Acquisition Process Optimization Tool and map the stages of the talent acquisition process with your HR leader. Stages are the top level in the process (e.g. requisition, sourcing, screening).
    2. Identify all the stakeholders involved in IT talent acquisition and document these in the tool.
    3. Next, identify the steps required for each stage. These are more detailed actions that together will complete the stage (e.g. enter requisition into ATS, intake meeting). Ask subject matter experts to add steps to their portion of the process and document these in the cells.
    4. For each step in the stage, record the time required and the number of people who are involved.

    Input

    • Existing talent acquisition (TA) process document
    • Any TA process metrics
    • Info-Tech's Talent Acquisition Process Optimization Tool

    Output

    • Documented TA process

    Materials

    • Info-Tech's Talent Acquisition Process Optimization Tool
    • Whiteboard/flip charts
    • Sticky notes

    Participants

    • HR
    • IT leaders
    • Hiring manager

    Download the IT Talent Acquisition Process Optimization Tool

    Example of steps in each stage of the TA process

    Activities

    Requisition

    Source

    Screen

    Interview & Assess

    Offer

    Background Check

    Vacancy identified Posted on website Resumes screened in system Interviews scheduled Offer letter drafted Reference checks conducted
    Requisition submitted Posted on job boards Resume screened by recruited First round interviews Offer letter sent Medical checks conducted
    Requisition approved Identification of layoff sources Resumed reviewed by hiring manager Assessment Negotiations Other background checks conducted
    Job description updated Review layoff source lists Screening calls Second round interview First date confirmed
    Job ad updated Screening questions developed Candidates selected
    Intake meeting

    4.2 Refine your TA process

    1-3 hours

    1. Collectively identify any:
      1. Inconsistent applications: Activities that are done differently by different participants.
      2. Bottlenecks: A place in the process where activity is constrained and holds up next steps.
      3. Errors: When a mistake occurs requiring extra time, resources, or rework.
      4. Lack of value: An activity that adds little to no value (often a legacy activity).
    2. Work with HR to identify any proposed solutions to improve consistency, reduce bottlenecks, errors, or eliminate steps that lack value. Document your proposed solutions in tab 3 of the IT Talent Acquisition Optimization Tool.
    3. Identify any new steps needed that would drive greater efficiency, including the tactics suggested in this research. Document any proposed solutions in tab 3.
    4. For each proposed solution, evaluate the general level of effort and impact required to move forward with that solution and select the appropriate classification from the drop-down.
    5. Determine if you will move forward with the proposed solution at this time. Update the TA workflow with your decisions.

    Input

    • Existing talent acquisition (TA) process document
    • Any TA process metrics
    • Info-Tech's Talent Acquisition Process Optimization Tool

    Output

    • Documented TA process

    Materials

    • Info-Tech's Talent Acquisition Process Optimization Tool
    • Whiteboard/flip charts
    • Sticky notes

    Participants

    • HR
    • IT leaders
    • Hiring manager

    Use Info-Tech's IT Talent Acquisition Optimization Tool to document current challenges & target solutions.

    Map your process and identify opportunities to streamline

    This is an image of the talent aquisitions workflow page from Info-Tech's Map your process and identify opportunities to streamline

    Brainstorm and select solutions to improve your process

    This is an image of the Effort Analysis page from Info-Tech's Brainstorm and select solutions to improve your process

    Key considerations when optimizing your process

    • Put yourself in each stakeholder's shoes (candidate, HR, hiring manager). Think through what they need from the process.
    • Challenge assumptions and norms. It can be tempting to get caught up in "how we do it today." Think beyond how it is today.
    • Question timing of activities and events. Identify if they are occurring when they need to.
    • Rebalance work to align with priorities. Identify if work can be redistributed or condensed to use time more efficiently.
    • Distinguish when consistency will add value and when there should be process flexibility.
    • Question the value. For each activity, ask "What value does this activity add?"

    Select metrics to measure Talent Acquisition process improvement

    METRICS INFORMATION
    Metric Definition Calculation
    Average applicants per posting The average number of applicants received per post. Number of applications / Number of postings
    Average number of interviews for open job positions Average number of interviews for open job positions. Total number of interviews / Total number of open job positions
    Average external time to fill Average number of calendar days from when the requisition is issued to when a candidate accepts the position from outside the organization. External days to fill / External candidates
    Pipeline throughput Percentage of candidates advancing through to the next stage. (Number of candidates in chosen stage / Number of candidates in preceding stage) * 100
    External offer acceptance rate Percentage of job offers extended to external candidates that were accepted. (Number of job offers that are accepted / Number of job offers extended) * 100
    Percentage of target group hired The percentage of a target group that was hired. Number of FTE hired / Target number of FTE to be hired
    Average time to hire Average number of calendar days between first contact with the candidate and when they accept the offer. Sum of number of days between first contact and offer acceptance / External candidates
    Quality of hire Percentage of new hires achieving a satisfactory appraisal at their first assessment. New hires who achieve a satisfactory rating at their first appraisal / Total number of new hires
    Vacancy rate Percentage of positions being actively recruited for at the end of the reporting period. Count of vacant positions / (Headcount + Vacant positions)

    Bibliography

    "81% of Employees Factoring Hybrid Work Into Job Search: Survey." BenefitsCanada.com, 16 June 2022.
    Andre, Louie. "40 Notable Candidate Experience Statistics: 2023 Job Application Trends & Challenges." Financesonline.Com, 15 Mar. 2023.
    Bika, Nikoletta. "Key Hiring Metrics: Useful Benchmarks for Tech Roles." Recruiting Resources: How to Recruit and Hire Better, 10 Jan. 2019.
    "Bureau of Labor Statistics Labor Market Revisions Contribute to Conflicting Signals in Latest Tech Employment Data, CompTIA Analysis Finds." CompTIA, 3 Feb. 2023. Press release.
    Byrnes, Amy. "ICIMS Insights Workforce Report: Time to Press the Reset Button?" ICIMS | The Leading Cloud Recruiting Software, 1 Dec. 2022.
    Cantrell, Sue, et al. "The Skills-Based Organization: A New Operating Model for Work and the Workforce." Deloitte Insights, 8 Sept. 2022.
    deBara, Deanna. "Top Findings from Lattice's Career Progression Survey." Lattice, 13 Sept. 2021. Accessed 16 Feb. 2023.
    Duszyński, Maciej. "Candidate Experience Statistics (Survey of 1,000+ Americans)." Zety, 14 Oct. 2019.
    Duszyński, Maciej. "Candidate Experience Statistics." Zety, 2021.
    Echevarria, Desiree. "2020 Candidate Experience Report." Career Plug, 17 Mar. 2021.
    Ghosh, Prarthana. "Candidate Screening and Selection Process: The Complete Guide for 2021." Spiceworks, 26 Feb. 2021. Accessed 22 Jun. 2021
    "Introduction - Dice Tech Job Report: Tech Hiring Trends by Location, Industry, Role and Skill." Accessed 16 Feb. 2023.
    Lee, Roger. "Tech Layoff Tracker and Startup Layoff Lists." Layoffs.fyi. Accessed 16 Feb. 2023.
    Miller, Kandace. "Candidate Experience And Engagement Metrics You Should Be Tracking." ConveyIQ, n.d. Accessed 16 Feb. 2023.
    Min, Ji-A. "Resume Screening: A How-To Guide for Recruiters." Ideal, 15 Mar. 2021. Web.
    Palmeri, Shelby. "2023 Candidate Experience Research: Strategies for Recruiting." CareerPlug, 6 Feb. 2023.
    Semenova, Alexandra. "Jobs Report: U.S. Economy Adds 517,000 Jobs in January, Unemployment Rate Falls to 3.4% as Labor Market Stuns." Yahoo!Finance, 3 Feb. 2023.
    Sozzi, Brian. "Big Tech Layoffs: What Companies Such as Amazon and Meta Have in Common." Yahoo!News, 6 Feb. 2023.
    Tarki, Atta. "Despite Layoffs, It's Still a Workers' Labor Market." Harvard Business Review, 30 Jan. 2023.
    The Deloitte Global 2022 Gen Z and Millennial Survey. Deloitte Global, 2022. Accessed 16 Feb. 2023.
    "Uncover the Employee Value Proposition." McLean & Company, 21 Jun. 2022. Accessed 22 Feb. 2023.

    Change Management's Role in Incident Prevention: standard changes

    • Large vertical image:
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A

    During peak business hours, I witnessed a straightforward database field addition bring down a whole e-commerce platform. It was meant to be standard procedure, the type of “standard change” that is automatically approved because we have performed it innumerable times.

    Adding a field to the end of a table and having applications retrieve data by field name instead of position made the change itself textbook low-impact. There is no need to alter the application or the functional flow. This could have been problematic in the past if you added a field in the middle of the list and it affected the values of other fields, but adding it at the end? That ought to have been impenetrable.

    However, it wasn't.

    Before I tell you what went wrong, let me explain why this is important to all of the IT professionals who are reading this.

    Over the past three decades, industry data has repeatedly supported what this incident taught me: our presumptions about “safe” changes are frequently our greatest weakness. Upon reviewing the ITIL research, I was not surprised to learn that failed changes, many of which were categorized as “standard” or “low-risk,” are responsible for about 80% of unplanned outages.

    When you look more closely, the numbers become even more concerning. Since I've been following the Ponemon Institute's work for years, I wasn't surprised to learn that companies with well-established change management procedures have 65% fewer unscheduled outages. The paradox surprised me: many of these “mature” procedures still operate under the premise that safety correlates with repetition.

    What I had been observing in the field for decades was confirmed when Gartner released their research showing that standard changes are responsible for almost 40% of change-related incidents. The very changes we consider safe enough to avoid thorough review subtly create some of our greatest risks. IBM's analysis supports the pattern I've seen in innumerable organizations: standard changes cause three times as much business disruption due to their volume and our decreased vigilance around them, whereas emergency changes receive all the attention and scrutiny.

    Aberdeen Group data indicates that the average cost of an unplanned outage has increased to $300,000 per hour, with change-related failures accounting for the largest category of preventable incidents. This data makes the financial reality stark.

    What precisely went wrong with the addition of that database field that caused our e-commerce platform to crash?

    We were unaware that the addition of this one field would cause the database to surpass an internal threshold, necessitating a thorough examination of its execution strategy. In its algorithmic wisdom, the database engine determined that the table structure had changed enough to necessitate rebuilding its access and retrieval mechanisms. Our applications relied on high-speed requests, and the new execution plan was terribly unoptimized for them.

    Instead of completing quotes or purchases, customers were spending minutes viewing error pages. All applications began to time out while they awaited data that just wasn't showing up in the anticipated amounts of time. Thousands of transactions were impacted by a single extra field that should have been invisible to the application layer.

    The field addition itself was not the primary cause. We assumed that since we had made similar adjustments dozens of times previously, this one would also act in the same way. Without taking into account the hidden complexities of database optimization thresholds, we had categorized it as a standard change based on superficial similarities.

    My approach to standard changes was completely altered by this experience, and it is now even more applicable in DevOps-driven environments. Many organizations use pipeline deployments, which produce a standard change at runtime. It's great for speed and reliability, but it can easily fall into the same trap.

    However, I have witnessed pipeline deployments result in significant incidents for non-code-related reasons. Due to timing, resource contention, or environmental differences that weren't noticeable in earlier runs, a deployment that performed flawlessly in development and staging abruptly fails in production. Although the automation boosts our confidence, it may also reveal blind spots.

    Over the course of thirty years, I have come to the unsettling realization that there is no such thing as a truly routine change in complex systems. Every modification takes place in a slightly different setting, with varying environmental factors, data states, and system loads. What we refer to as “standard changes” are actually merely modifications with comparable processes rather than risk profiles.

    For this reason, I support contextual change management. We must consider the system state, timing, dependencies, and cumulative effect of recent changes rather than just categorizing them based on their technical features. After three other changes have changed the system's behavior patterns, a change made at two in the morning on a Sunday with little system load is actually different from the same change made during peak business hours.

    Effective change advisory boards must therefore go beyond assessing individual changes separately. I've worked with organizations where the change board carefully considered and approved each modification on its own merits, only to find that the cumulative effect of seemingly unrelated changes led to unexpected interactions and stress on the system. The most developed change management procedures I've come across mandate that their advisory boards take a step back and look at the whole change portfolio over a specified period of time. They inquire whether we are altering the database too frequently during a single maintenance window. Could there be unanticipated interactions between these three different application updates? What is the total resource impact of this week's approved changes?

    It's the distinction between forest management and tree management. While each change may seem logical individually, when combined, they can create situations beyond the scope of any single change assessment.

    Having worked in this field for thirty years, I've come to the conclusion that our greatest confidences frequently conceal our greatest vulnerabilities. Our primary blind spots frequently arise from the changes we've made a hundred times before, the procedures we've automated and standardized, and the adjustments we've labeled as “routine.”

    Whether we should slow down our deployment pipelines or stop using standard changes is not the question. In the current competitive environment, speed and efficiency are crucial. The issue is whether we are posing the appropriate queries before carrying them out. Are we taking into account not only what the change accomplishes but also when it occurs, what else is changing at the same time, and how our systems actually look right now?

    I've discovered that the phrase “we've done this before” is more dangerous in IT operations than “what could go wrong?” Because, despite what we may believe, we never actually perform the same action twice in complex systems.

    Here is what I would like you to think about: which everyday modifications are subtly putting your surroundings at risk? Which procedures have you standardized or automated to the extent that you no longer challenge their presumptions? Most importantly, when was the last time your change advisory board examined your changes as a cohesive portfolio of system modifications rather than as discrete items on a checklist?

    Remember that simple addition to a database field the next time you're tempted to accept a standard change. The most unexpected outcomes can occasionally result from the most routine adjustments.

    I'm always up for a conversation if you want to talk about your difficulties with change management.

    Build Your BizDevOps Playbook

    • Buy Link or Shortcode: {j2store}177|cart{/j2store}
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A
    • Parent Category Name: Architecture & Strategy
    • Parent Category Link: /architecture-and-strategy
    • Today’s rapidly scaling and increasingly complex products create mounting pressure on delivery teams to release new features and changes quickly and with sufficient quality.
    • Many organizations see BizDevOps as a solution to help meet this demand. However, they often lack the critical cross-functional collaboration and team-sport culture that are critical for success.
    • The industry provides little consensus and guidance on how to prepare for the transition to BizDevOps.

    Our Advice

    Critical Insight

    • BizDevOps is cultural, not driven by tools. It is about delivering high-quality and valuable releases to stakeholders through collective ownership, continuous collaboration, and team-first behaviors supported by tools.
    • BizDevOps begins with a strong foundation in five key areas. The crux of successful BizDevOps is centered on the strategic adoption and optimization of building great requirements, collaborative practices, iterative delivery, application management, and high-fidelity environments.
    • Teams take STOCK of what it takes to collaborate effectively. Teams and stakeholders must show up, trust the delivery method and people, orchestrate facilitated activities, clearly communicate and knowledge share every time they collaborate.

    Impact and Result

    • Bring the right people to the table. BizDevOps brings significant organizational, process and technology changes to improve delivery effectiveness. Include the key roles in the definition and validation of your BizDevOps vision and practices.
    • Focus on the areas that matter. Review your current circumstances and incorporate the right practices that addresses your key challenges and blockers to becoming BizDevOps.
    • Build your BizDevOps playbook. Gain a broad understanding of the key plays and practices that makes a successful BizDevOps organization. Verify and validate these practices in order to tailor them to your context. Keep your playbook live.

    Build Your BizDevOps Playbook Research & Tools

    Start here – read the Executive Brief

    Find out why you should implement BizDevOps, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Get started with BizDevOps

    Set the right expectations with your stakeholders and define the context of your BizDevOps implementation.

    • Build Your BizDevOps Playbook – Phase 1: Get Started With BizDevOps
    • BizDevOps Playbook

    2. Tailor your BizDevOps playbook

    Tailor the plays in your BizDevOps playbook to your circumstances and vision.

    • Build Your BizDevOps Playbook – Phase 2: Tailor Your BizDevOps Playbook
    [infographic]

    Workshop: Build Your BizDevOps Playbook

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Set Your Expectations

    The Purpose

    Discuss the goals of your BizDevOps playbook.

    Identify the various perspectives who should be included in the BizDevOps discussion.

    Level set expectations of your BizDevOps implementation.

    Key Benefits Achieved

    Identification of the key roles who should be included in the BizDevOps discussion.

    Learning of key practices to support your BizDevOps vision and goals.

    Your vision of BizDevOps in your organization.

    Activities

    1.1 Define BizDevOps.

    1.2 Understand your key stakeholders.

    1.3 Define your objectives.

    Outputs

    Your BizDevOps definition

    List of BizDevOps stakeholders

    BizDevOps vision and objectives

    2 Set the Context

    The Purpose

    Understand the various methods to initiate the structuring of facilitated collaboration.

    Share a common way of thinking and behaving with a set of principles.

    Focus BizDevOps adoption on key areas of software product delivery.

    Key Benefits Achieved

    A chosen collaboration method (Scrum, Kanban, Scrumban) to facilitate collaboration

    A mutually understanding and beneficial set of guiding principles

    Areas where BizDevOps will see the most benefit

    Activities

    2.1 Select your foundation method.

    2.2 Define your guiding principles.

    2.3 Focus on the areas that matter.

    Outputs

    Chosen collaboration model

    List of guiding principles

    High-level assessment of delivery practices and its fit for BizDevOps

    3 Tailor Your BizDevOps Playbook

    The Purpose

    Review the good practices within Info-Tech’s BizDevOps Playbook.

    Tailor your playbook to reflect your circumstances.

    Key Benefits Achieved

    Understanding of the key plays involved in product delivery

    Product delivery plays that reflect the challenges and opportunities of your organization and support your BizDevOps vision

    Activities

    3.1 Review and tailor the plays in your playbook

    Outputs

    High-level discussion of key product delivery plays and its optimization to support BizDevOps

    Foster Data-Driven Culture With Data Literacy

    • Buy Link or Shortcode: {j2store}132|cart{/j2store}
    • member rating overall impact: 10.0/10 Overall Impact
    • member rating average dollars saved: $12,999 Average $ Saved
    • member rating average days saved: 115 Average Days Saved
    • Parent Category Name: Data Management
    • Parent Category Link: /data-management

    Organizations are joining the wave and adopting machine learning and artificial intelligence (AI) to unlock the value in their data and power their competitive advantage. But to succeed with these complex analytics programs, they need to begin by looking at their data – empowering their people to realize and embrace the valuable insights within the organization’s data.

    The key to achieve becoming a data-driven organization is to foster a strong data culture and equip employees with data skills through an organization-wide data literacy program.

    Our Advice

    Critical Insight

    • Start with real business problems in a hands-on format to demonstrate the value of data.
    • Use a formalized organization-wide approach to data literacy program to bridge the data skills gap.
    • Provide relevant and practical training programs tailored to different learning styles and tenures (e.g. onboarding, development plan).

    Impact and Result

    Data literacy is critical to the success of digital transformation and AI analytics. Info-Tech’s approach to creating a sustainable and effective data literacy program is recognizing it is:

    • More than just technical training. A data literacy program isn’t just about data; it encompasses aspects of business, IT, and data.
    • More than a one-off exercise. To keep the literacy skills alive the program must be regular, sustainable, and tailored to different needs across all levels of the organization.
    • More than one delivery format. Different delivery methods need to be considered to suit various learning styles to ensure an effective delivery.

    Foster Data-Driven Culture With Data Literacy Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Foster Data-Driven Culture With Data Literacy Storyboard – A step-by-step guide to help organizations build an effective and sustainable data literacy program that benefits all employees who work with data.

    Data literacy as part of the data governance strategic program should be launched to all levels of employees that will help your organization bridge the data knowledge gap at all levels of the organization. This research recommends approaches to different learning styles to address data skill needs and helps members create a practical and sustainable data literacy program.

    • Foster Data-Driven Culture With Data Literacy Storyboard

    2. Fundamental Data Literacy Program Template – A document that provides an example of a fundamental data literacy program.

    Kick off a data awareness program that explains the fundamental understanding of data and its lifecycle. Explore ways to create or mature the data literacy program with smaller amounts of information on a more frequent basis.

    • Fundamental Data Literacy Program Template
    [infographic]

    Further reading

    Foster Data-Driven Culture With Data Literacy

    Data literacy is an essential part of a data-driven culture, bridging the data knowledge gaps across all levels of the organization.

    Analyst Perspective

    Data literacy is the missing link to becoming a data-driven organization.

    “Digital transformation” and “data driven” are two terms that are inseparable. With organizations accelerating in their digital transformation roadmap implementation, organizations need to invest in developing data skills with their people. Talent is scarce and the demand for data skills is huge, with 70% of employees expected to work heavily with data by 2025. There is no time like the present to launch an organization-wide data literacy program to bridge the data knowledge gap and foster a data-driven culture.

    Data literacy training is as important as your cybersecurity training. It impacts all levels of the organization. Data literacy is critical to success with digital transformation and AI analytics.

    Annabel Lui

    Principal Advisory Director, Data & Analytics Practice
    Info-Tech Research Group

    Executive Summary

    Your Challenge

    Organizations are joining the wave and adopting machine learning (ML) and artificial intelligence (AI) to unlock the value in their data and power their competitive advantage. But to succeed with these complex analytics programs, they need to begin by empowering their people to realize and embrace the valuable insights within the organization’s data.

    The key to becoming a data-driven organization is to foster a strong data culture and equip people with data skills through an organization-wide data literacy program.

    Common Obstacles

    Challenges the data leadership is likely to face as digital transformation initiatives drive intensified competition:

    • Resistance to change
    • Technological distractions
    • “Shadow data”
    • Difficulty securing resources and skilled data professionals
    • Inability to appreciate the value of data and its meaning for users – even fear of it

    Info-Tech's Approach

    We interviewed data leaders and instructors to gather insights about investing in data:

    • Start with real business problems in a hands-on format to demonstrate the value of data.
    • Implement a formalized organization-wide approach to data literacy program to bridge the data skill gap.
    • Provide relevant and practical training programs tailored to different learning styles and tenures (e.g. onboarding,development plan).

    Info-Tech Insight

    By thoughtfully designing a data literacy training program for the audience's own experience, maturity level, and learning style, organizations build the data-driven and engaged culture that helps them to unlock their data's full potential and outperform other organizations.

    Your Challenge

    Data literacy is the missing link to drive business outcomes from data.

    • Having a data-driven culture as an organization’s mission statement without implementing a data literacy program is like making an empty promise and leaving the value unrealized and unattainable.
    • A study conducted by the Data Literacy Project clearly indicates that organizations with aggressive data literacy programs will outperform those who do not have such programs. By 2030, data literacy will be one of the most sought-after skill sets. All employees require data literacy skills.
    • Everyone has a role in data. From employees who are actively involved in data collection to operational teams who create reports with analytics tools and finally to executives who use data to make business decisions – they all require continuous data literacy training in a data-driven organization. Because of differences in maturity, data literacy strategies cannot be one-size-fits-all.

    “Data literacy is the ability to read, work with, analyze, and communicate with data. It's a skill that empowers all levels of workers to ask the right questions of data and machines, build knowledge, make decisions, and communicate meaning to others.” – Qlik, n.d.

    75% of organizational employees have access to data tools – only 21% demonstrated confidence in their data skills.

    Source: Accenture, 2020.

    89% of C-level executives expect team members to explain how data has informed their decisions, but only 11% employees are fully confident in their ability to read, analyze, work with, and communicate with data

    Source: Qlik, 2022.

    Data debt or data asset?

    Manage your data as strategic assets.

    “[Data debt is] when you have undocumented, unused, incomplete, and inconsistent data,” according to Secoda (2023). “When … data debt is not solved, data teams could risk wasting time managing reports no one uses and producing data that no one understands.”

    Signs of data debt when considering investing in data literacy:

    • Lack of definition and understanding of data terms, therefore they don’t speak the same language. Without data literacy, an organization will not succeed in becoming a data-driven organization.
    • Putting data literacy as a low priority. Organization sees this as “another” training to put on the list and keeps it on the back burner.
    • Data literacy is not seen as the number one skill set needed in the organization. However, anyone who works with data requires data skills.
    • End users are not trained on self-serve features and tools.
    • Focusing on a minority group of people rather than everyone in the organization or seeing it as a one-off exercise.
    • Delays or failure to deliver digital transformation projects due to lack of data skills and data access issues.

    66%

    of organizations say a backlog of data debt is impacting new data management initiatives.

    40%

    of organizations say individuals within the business do not trust data insights.

    30%

    of organizations are unable to become data-driven.

    Source: Experian, 2020

    Info-Tech’s Approach

    Data literacy is critical to success with digital transformation and AI analytics.

    Diagram showing components of Data literacy: 1 - Data: understand your data, 2 - Business: define the purpose, 3 - IT: Introduce new ways of working

    The Info-Tech difference:

    1. More than just technical training. Data literacy program isn’t just about data but rather encompasses aspects of business, IT, and data.
    2. More than a one-off exercise. To keep literacy skills alive, the program must be routine and sustainable, tailored to different needs across all levels of the organization.
    3. More than one delivery format. Different delivery methods need to be considered to suit various learning styles.

    Data needs to be processed

    Data – facts – are organized, processed, and given meaning to become insights.

    Data, information, knowledge, insight, wisdom

    Image source: Welocalize, 2020.

    Data represents a discrete fact or event without relation to other things (e.g. it is raining). Data is unorganized and not useful on its own.

    Information organizes and structures data so that it is meaningful and valuable for a specific purpose (i.e. it answers questions). Information is a refined form of data.

    When information is combined with experience and intuition, it results in knowledge. It is our personal map/model of the world.

    Knowledge set with context generates insight. We become knowledgeable as a result of reading, researching, and memorizing (i.e. accumulating information).

    Wisdom means the ability to make sound judgments. Wisdom synthesizes knowledge and experiences into insights.

    Investment in data literacy is a game changer.

    Data literacy is the ability to collect, manage, evaluate, and apply data in a critical manner.

    A data-driven culture is “an operating environment that seeks to leverage data whenever and wherever possible to enhance business efficiency and effectiveness” (Forbes).

    Info-Tech Insight

    Data-driven culture refers to a workplace where decisions are made based on data evidence, not on gut instinct.

    Info-Tech’s methodology for building a data literacy program

    Phase Steps

    1. Define Data Literacy Objectives

    1.1 Understand organization’s needs

    1.2 Create vision and objective for data literacy program

    2. Assess Learning Style and Align to Program Design

    2.1 Create persona and identify audience

    2.2 Assess learning style and align to program design

    2.3 Determine the right delivery method

    3. Socialize Roadmap and Milestones

    3.1 Establish a roadmap

    3.2 Set key performance metrics and milestones

    Phase Outcomes

    Identify key objectives to establish and grow the data literacy program by articulating the problem and solutions proposed.

    Assess each audience’s learning style and adapt the program to their unique needs.

    Show a roadmap with key performance indicators to track each milestone and tell a data story.

    Insight Summary

    “In a world of more data, the companies with more data-literate people are the ones that are going to win.”

    – Miro Kazakoff, senior lecturer, MIT Sloan, in MIT Sloan School of Management, 2021

    Overarching insight

    By thoughtfully designing a data literacy training program personalized to each audience's maturity level, learning style, and experience, organizations can develop and grow a data-driven culture that unlocks the data's full potential for competitive differentiation.

    Module 1 insight

    We can learn a lot from each other. Literacy works both ways – business data stewards learn to “speak data” while IT data custodians understand the business context and value. Everyone should strive to exchange knowledge.

    Module 2 insight

    Avoid traditional classroom teaching – create a data literacy program that is learner-centric to allow participants to learn and experiment with data.

    Aligning program design to those learning styles will make participants more likely to be receptive to learning a new skill.

    Module 3 insight

    A data literacy program isn’t just about data but rather encompasses aspects of business, IT, and data. With executive support and partnership with business, running a data literacy program means that it won’t end up being just another technical training. The program needs to address why, what, how questions.

    Tactical insight

    A lot of programs don’t include the fundamentals. To get data concepts to stick, focus on socializing the data/information/knowledge/wisdom foundation.

    Tactical insight

    Many programs speak in abstract terms. We present case studies and tangible use cases to personalize training to the audience’s world and showcase opportunities enabled through data.

    Key performance indicators (KPIs) for your data literacy program

    How do you know if your data literacy program is successful? Here are some useful KPIs:

    Program Adoption Metrics

    • Percentage of employees attending data literacy training
    • Percentage of participants who report gains in data management knowledge after training sessions
    • Maturity assessment result
    • Survey and diagnostic feedback before and after training
    • Trend analysis of overall data literacy program

    Operational Metrics

    • Number of requests for analytics/reporting services
    • Number of reports created by users
    • Speed and quality of business decisions
    • User satisfaction with reports and analytics services
    • Improved business performance (customer satisfaction)
    • Improved valuation of organization data

    A data-driven culture builds tools and skills, builds users’ trust in the quality of data across sources, and raises the skills and understanding among the frontlines by encouraging everyone to leverage data for critical thinking and innovation.

    Info-Tech offers various levels of support to best suit your needs

    DIY Toolkit

    "Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful."

    Guided Implementation

    "Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track."

    Workshop

    "We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place."

    Consulting

    "Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of the project."

    Diagnostics and consistent frameworks are used throughout all four options.

    Workshop Overview

    Contact your account representative for more information.
    workshops@infotech.com 1-888-670-8889

    Session 1

    Session 2

    Session 3

    Session 4

    Activities

    Define Data Literacy Objectives

    1.1 Review Data Culture Diagnostic results

    1.2 Identify business context: business goals, initiatives

    1.3 Create vision and objective for data literacy program

    Assess Learning Style and Align to Program Design

    2.1 Identify audience

    2.2 Assess learning style and align to program design

    2.3 Determine the right delivery method

    Build a Data Literacy Roadmap and Milestones

    3.1 Identify program initiatives and topics

    3.2 Determine delivery methods

    3.3 Build the data literacy roadmap

    Operational Strategy to implement Data Literacy

    4.1 Identify key performance metrics

    4.2 Identify owners and document RACI matrix

    4.3 Discuss next steps and wrap up.

    Deliverables

    1. Diagnostics reports (data culture survey)
    2. Vision and value statement
    1. Assessment of audience covering all levels of organization
    1. List of key program initiatives and topics
    2. Allocation of delivery methods
    3. Roadmap
    1. Data literacy metrics
    2. List of owners and roles and responsibilities
    3. Next step and implementation schedule

    Phase 1

    Define Data Literacy Objectives

    Phase 1: step 1 - Understand organization's needs, step 2 - Create vision and objective for data literacy program.

    Foster Data-Driven Culture With Data Literacy

    This phase will walk you through the following activities:

    • Understand the organization’s needs.
    • Create vision and objective for data literacy program.

    This phase involves the following participants:

    • Data governance sponsor
    • Data owners
    • Data stewards
    • Data custodians

    1.1 Gauge your organization’s current data culture

    Conduct data culture survey or diagnostic.

    1. Identify members of the data user base, data consumers, and other key stakeholders for surveying.
    2. Conduct an information session to introduce Info-Tech’s Data Culture Diagnostic survey. Explain the objective and importance of the survey and its role in helping to understand the organization’s current data culture and inform the improvement of that culture.
    3. Roll out the Info-Tech Data Culture Diagnostic survey to the identified users and stakeholders.
    4. Debrief and document the results and scorecard in the Data Strategy Stakeholder Interview Guide and Findings document.

    Input

    • Email addresses of participants in your organization who should receive the survey

    Output

    • Your organization’s Data Culture Scorecard for understanding current data culture as it relates to the use and consumption of data
    • An understanding of whether data is currently perceived to be an asset to the organization

    Materials

    • Info-Tech’s Data Culture Diagnostic service

    Participants

    • Participants include those at the senior leadership level through to middle management, as well as other business stakeholders at varying levels across the organization
    • Data owners, stewards, and custodians
    • Core data users and consumers

    Contact your Info-Tech Account Representative for details on launching a Data Culture Diagnostic.

    1.2 Define data literacy objectives

    1. Understand the organization’s needs by identifying opportunities and challenges relating to data. Document the described real-life examples.
    2. Categorize the list and identify areas where data literacy can address the business problem.
    3. Create a vision statement for the data literacy program, ensuring that it covers all levels of the organization.
    4. Articulate the intended targets and goals in planning for a data literacy program.

    Input

    • List of opportunities and challenges relating to data
    • Relevant business real-life examples

    Output

    • Categorized list of data literacy needs
    • Vision for literacy program
    • Targets and goals

    Materials

    • Whiteboard/flip charts
    • Sticky notes

    Participants

    • CDO or sponsor
    • Key business stakeholders
    • Data stewards
    • Data custodians
    • Data governance working group

    Quick wins for improving data literacy

    Data collected through Info-Tech’s Data Culture Diagnostic suggests three ways to improve data literacy:

    87%

    think more can be done to define and document commonly used terms with methods such as a business data glossary.

    68%

    think they can have a better understanding of the meaning of all data elements that are being captured or managed.

    86%

    feel that they can have more training in terms of tools as well as on what data is available at the organization.

    Source: Info-Tech Research Group's Data Culture Diagnostic, 2022; N=2,652

    Quick Wins

    • Create a business data glossary to document and define common terms.
    • Provide easy access to the business data glossary and procedures on how data is captured and managed.
    • Launch an organization-wide data literacy program.

    Delivering value is a means and the goal

    Start with real business problems in a hands-on format to demonstrate the value of data.

    Identify business problem:

    • Business decisions without facts are just guesses.
    • Management spends a lot of time finding and fixing data.
    • Unknown challenges on data assets and risk.
    • Incomplete view of customer/client and industry.
    • Not ready for modern data opportunities (e.g. artificial intelligence).

    Create an objective

    Treat data as a strategic asset to gain insight into our customers for all levels of organization.

    The solution: Data-driven culture powered by people who speak data.

    • Data dictionary
    • Data literacy
    • Trusted single source
    • Access to analytics tools
    • Decision making

    "According to Forrester, 91% of organizations find it challenging to improve the use of data insights for decision-making – even though 90% see it as a priority. Why the disconnect? A lack of data literacy."

    – Alation, 2020

    Fundamental data literacy

    Data literacy is more than just a technical training or a one-off exercise.

    Info-Tech provides various topics suited for a data literacy program that can accommodate different data skill requirements and encompasses relevant aspects of business, IT, and data.

    Info-Tech Research Group’s Data Literacy Program

    Use discovery and diagnostics to understand users’ comfort level and maturity with data.

    Data lunch 'n' learn

    • The power and value of data
    • Everyone is a data steward
    • Becoming data literate
    • Data 101
    • The future is data
    1 hour
    For: General audience, senior leadership, data leads, change management

    Speak data

    • What is data
    • Meet the data team
    • Day in the life of a steward
    • How data impacts you
    • Tools of the trade
    1/2 day
    For: New stewards, data owners, pre-data strategy workshop

    Your data story

    • Ask the right questions
    • Find the top five data elements
    • Understand your data
    • Present your data story
    • Lessons from COVID-19
    1/2 day
    For: New stewards, business data owners, pre-BI/analytics workshop

    Phase 2

    Assess Learning Style and Align to Program Design

    Phase 2: step 1 - Identify audience, step 2 - Access learning style and align to program design, step 3 - Determine the right delivery method.

    Foster Data-Driven Culture With Data Literacy

    This phase will walk you through the following activities:

    • Identify your audience.
    • Assess learning styles and align them to the data program design.
    • Determine the right delivery method.

    This phase involves the following participants:

    • Data governance sponsor
    • Data owners
    • Data stewards
    • Data custodians

    Avoid common pitfalls

    75%

    feel that training was too long to remember or to apply in their day-to-day work.

    21%

    find training had insufficient follow-up to help them apply on the job.

    Source: Grovo, 2018.

    1. Information Overload

      Trying to cover too much useful information results in overwhelm and does not deliver on key training objectives.
    2. Limited Implementation

      Learning is only the beginning. The real results are obtained when learning is followed by practice, which turns new knowledge into reliable habits.
    3. Lack of Organizational Alignment

      Implementing training without a clear link to organizational objectives leaves you unable to clearly communicate its value, undermines your ability to secure buy-in from attendees and executives, and leaves you unable to verify that the training is actually improving effectiveness.

    2.1 Understand learning style

    1. Create persona and identify the audiences and their roles in data across all levels of the organization.
    2. Identify the data program initiatives and assign the best delivery method to each initiative.
    3. Assign participants to each program initiative based on their skill gap and learning style.

    Input

    • List of audiences, their roles, and tenures
    • Data skill gap assessment
    • List of literacy program initiatives/topics

    Output

    • Target audience grouping
    • List of program initiatives with assigned groups

    Materials

    • Whiteboard/flip charts
    • Sticky notes

    Participants

    • CDO or sponsor
    • Key business stakeholders
    • Data stewards
    • Data custodians
    • Data governance working group

    You and data

    Is data an integral part of your work?

    Do you feel comfortable finding and using data in your organization?

    • Many people feel intimidated by data and therefore miss out on what data can do for them.
    • Often the obstacle is language. If you don’t understand the semantics around data, you will not feel confident to contribute to discussions around data.
    • You use data every day but need additional vocabulary to understand how to handle it properly.
    • Data literacy is the ability to “speak data” and to understand what data means (i.e. how to read charts and graphs, draw valid conclusions, and recognize when data is misinterpreted or used inappropriately to be misleading).
    • The business often doesn’t understand its role in data governance and how it informs and assists IT in responsible data management.

    Info-Tech Insight

    IT and data professionals need to understand the business as much as business needs to talk about data. Bidirectional learning and feedback improves the synergy between business and IT.

    Create personas

    Persona creation is a way to brainstorm ideas for the data literacy program.

    Choose a data role (e.g. data steward, data owner, data scientist).

    Describe the persona based on goals, priorities, tenures, preferred learning style, type of work with data.

    Identify data skill and level of skills required.

    Persona 1: Denise - Manager, People and Culture. Goals, priorities, tenure, data role, learning style, skill level

    Consider these other ways to brainstorm:

    • Review current in-flight projects.
    • Analyze types of data requests.
    • Understand needs by department.
    • Share learnings in a community of practice.

    Program design

    Categorize into six data skill areas

    Not everyone needs the same level of skill sets

    Bullseye board with skill levels (Innermost going outward): Expert, advanced, intermediate and Basic. The six data skill areas: 1. Understanding Data, 2. Find and Obtain Data, 3. Read, Interpret and Evaluate Data, 4. Manage Data, 5. Create and Use Data, 6. Tell a Story and Share Data are placed equally around in sections.

    Map the personas to the program

    Bridging the data knowledge gap.

    • Each component will promote the value of data to all levels of employees when demonstrating the right way for data to be understood, managed, and consumed in the organization.
    • Categorizing the data literacy program into six areas and levels of skill sets will provide clarity into which areas to focus on.
    • The program is intended to be implemented in stages, allowing the audience to learn and adopt the new skills. Leveraging in-flight projects for rolling out training will have a higher success because the need is already built into the project.
    Personas are placed at different points in the data skill area and skill level.

    Align program design to learning styles

    The four methods (Discussion, Information, Coaching, and Self-Discovery) are based on learner-centered model design rather than the traditional teacher-centered model.

    Info-Tech Insight

    Tailor your data literacy program to meet your organization’s needs, filling your range of knowledge gaps and catering to different levels of users.

    When it comes to rolling out a data literacy program, there is no one-size-fits-all solution. Your data literacy program is intended to spread knowledge throughout your organization. It should target everyone from executive leadership to management to subject matter experts across all functions of the business.

    Discussion method

    Delivery Method

    • Interactive format between instructor and learner
    • Instructor empowers and motivates learner through dialogues and exercises

    The imaginative learner

    The imaginative learner group likes to engage in feelings and spend time on reflection. This type of learner desires personal meaning and involvement. They focus on personal values for themselves and others and make connections quickly.

    For this group of learners, their question is: why should I learn this?

    Learning characteristics

    • Seek meaning
    • Need to be personally involved
    • Learn by listening and sharing ideas
    • Function through social interaction

    Information method

    Delivery Method

    • Instructor does most of the talking in the training
    • Instructor is teaching the content, delivering the training content, and demonstrating

    Analytical learner

    The analytical learner group likes to listen, to think about information, and to come up with ideas. They are interested in acquiring facts and delving into concepts and processes. They can learn effectively and enjoy doing independent research.

    For this group of learners, their question is: what should I learn?

    Learning characteristics

    • Seek and examine the facts
    • Need to know what experts think
    • Interested in ideas and concepts
    • Critique information and collect data
    • Function by adapting to experts

    Coaching method

    Delivery Method

    • Learning has on-the-job training or learning through role-play exercises
    • Instructor is coaching and facilitating learner

    Common sense learner

    The common sense learner group likes thinking and doing. They are satisfied when they can carry out experiments, build and design, and create usability. They like tinkering and applying useful ideas.

    For this group of learners, their question is: how should I learn?

    Learning characteristics

    • Seek usability
    • Need to know how things work
    • Learn by testing theories using practical methods
    • Use factual data to build concepts
    • Enjoy hands-on experience

    Self-discovery method

    Delivery Method

    • Interactive format between instructor and learner
    • Instructor provides evaluation and remedial instruction

    Common sense learner

    The dynamic learner group learns through doing and experiencing. They are continually looking for hidden possibilities and researching ideas to make original adjustments. They learn through trial and error and self-discovery.

    For this group of learners, their question is: what if I learn this?

    Learning characteristics

    • Seek hidden possibilities
    • Need to know what can be done with things
    • Learn by trial and error
    • Enjoy variety and excel in being flexible

    Delivery method considerations

    There are four common ways to learn a new skill: by watching, conceptualizing, doing, and experiencing. The following are some suggestions on ways to implement your data literacy program through different delivery methods.

    There are four common ways to learn a new skill: by watching, conceptualizing, doing, and experiencing. The following are some suggestions on ways to implement your data literacy program through different delivery methods.

    Phase 3

    Map Out Data Literacy Roadmap and Milestones

    Phase 3: step 1 - Roadmap exercise, step 2 - Set key performance metrics and milestones.

    Foster Data-Driven Culture With Data Literacy

    This phase will walk you through the following activities:

    • Complete a roadmap exercise.
    • Set key performance metrics and milestones.

    This phase involves the following participants:

    • Data governance sponsor
    • Data owners
    • Data stewards
    • Data custodians

    3.1 Build the data literacy roadmap and milestones

    1-3 hours
    1. Gather the data literacy objectives and list of program initiatives with their assigned groups.
    2. Discuss each program initiative with the data literacy creation team, assigning content owners and estimating effort required to build the content.

    For the Gantt chart:

    • Input the roadmap start year.
    • List each data literacy topic and delivery method.
    • Populate the planned start and end dates for the prepopulated list of program initiatives.

    Input

    • List of data literacy topics with assigned groups
    • Vision statement of data literacy program
    • Data literacy objectives

    Output

    • Roadmap Gantt chart
    • List of program initiatives with start and end date
    • Content owner assignment

    Materials

    • Whiteboard/flip charts
    • Sticky notes
    • MS Projects/Excel

    Participants

    • CDO or sponsor
    • Key business stakeholders
    • Data stewards
    • Data custodians
    • Data governance working group

    Data literacy journey mapping

    Making it sustainable

    • Deliver the literacy program in stages to make it easier for the audience to consume the content.
    • Allow opportunities to apply the learnings at work.
    • Map out the data literacy trainings as they get delivered and identify gaps, if any. Continue to refine and adjust the program and delivery method for better outcome.
    • Set clear goals and KPIs measurement up front.
    • Conduct Info-Tech Research Group’s Data Culture Diagnostics to set the baseline and repeat the assessment in 12 to 18 months.
    • Assign champions to lead change and influence end users to adopt better processes.
    Data Literacy journey mapping. Different departments need different skills in data literacy.

    Research contributors

    Name

    Position

    Andrea Malick Advisory Director, Info-Tech Research Group
    Andy Neill AVP, Data and Analytics, Chief Enterprise Architect, Info-Tech Research Group
    Crystal Singh Research Director, Info-Tech Research Group
    Imad Jawadi Senior Manager, Consulting Advisory, Info-Tech Research Group
    Irina Sedenko Research Director, Info-Tech Research Group
    Reddy Doddipalli Senior Workshop Director, Info-Tech Research Group
    Sherwick Min Technical Counselor, Info-Tech Research Group
    Wayne Cain Principal Advisory Director, Info-Tech Research Group

    Info-Tech’s Data Literacy Program

    Contact your account representative for more information.
    workshops@infotech.com 1-888-670-8889

    Session 1

    Session 2

    Session 3

    Session 4

    Activities

    Understand the WHY and Value of Data

    1.1 Business context, business objectives, and goals

    1.2 You and data

    1.3 Data journey from data to insights

    1.4 Speak data – common terminology

    Learn about the WHAT Through Data Flow

    2.1 Data creation

    2.2 Data ingestion

    2.3 Data accumulation

    2.4 Data augmentation

    2.5 Data delivery

    2.6 Data consumption

    Explore the HOW Through Data Visualization Training

    3.1 Ask the right questions

    3.2 Find the top five data elements

    3.3 Understand your data

    3.4 Present your data story

    3.5 Sharing of lessons learned

    Put Them All Together Through Data Governance Awareness

    4.1 Data governance framework

    4.2 Data roles and responsibilities

    4.3 Data domain and owners

    Deliverables

    1. Learning material for understanding the data fundamental and its terminology
    1. Learning material for data flow elements
    1. Learning material for data visualization
    1. Learning material for data governance awareness program

    Related Info-Tech Research

    Establish Data Governance

    Deliver measurable business value.

    Build a Robust and Comprehensive Data Strategy

    Key to building and fostering a data-driven culture.

    Create a Data Management Roadmap

    Streamline your data management program with our simplified framework.

    Bibliography

    About Learning. “4MAT overview.” About Learning., 16 Aug. 2001. Web.

    Accenture. “The Human Impact of Data Literacy,” Accenture, 2020. Web.

    Anand, Shivani. “IDC Reveals India Data and Content Technologies Predictions for 2022 and onwards; Focus on Data Literacy for an Elevated data Culture.” IDC, 14 Mar. 2022. Web.

    Belissent, Jennifer, and Aaron Kalb. “Data Literacy: The Key to Data-Driven Decision Making.” Alation, April 2020. Web.

    Brown, Sara. “How to build data literacy in your company.” MIT Sloan School of Management, 9 Feb 2021. Web.

    ---. “How to build a data-driven company.” MIT Sloan School of Management, 24 Sept. 2020. Web.

    Domo. “Data Never Sleeps 9.0.” Domo, 2021. Web.

    Dykes, Brent. “Creating A Data-Driven Culture: Why Leading By Example Is Essential.” Forbes, 26 Oct. 2017. Web.

    Experian. “10 signs you are sitting on a pile of data debt.” Experian, 2020. Accessed 25 June 2021. Web.

    Experian. “2019 Global Data Management Research.” Experian, 2019. Web.

    Knight, Michelle. “Data Literacy Trends in 2023: Formalizing Programs.” Dataversity, 3 Jan. 2023. Web.

    Ghosh, Paramita. “Data Literacy Skills Every Organization Should Build.” Dataversity, 2 Nov. 2022. Web.

    Johnson, A., et al., “How to Build a Strategy in a Digital World,” Compact, 2018, vol. 2. Web.

    LifeTrain. “Learning Style Quiz.” EMTrain, Web.

    Lambers, E., et al. “How to become data literate and support a data-drive culture.” Compact, 2018, vol. 4. Web.

    Marr, Benard. “Why is data literacy important for any business?” Bernard Marr & Co., 16 Aug. 2022. Web.

    Marr, Benard. “8 simple ways to enhance your data literacy skills.” Bernard Marr & Co., 16 Aug. 2022. Web/

    Mendoza, N.F. “Data literacy: Time to cure data phobia” Tech Republic, 27 Sept. 2022. Web.

    Mizrahi, Etai. “How to stay ahead of data debt and downtime?” Secoda, 17 April 2023. Web.

    Needham, Mass., “IDC FutureScape: Top 10 Predictions for the Future of Intelligence.” IDC, 5 Dec. 2022. Web.

    Paton, J., and M.A.P. op het Veld. “Trusted Analytics.” Compact, 2017, vol. 2. Web.

    Qlik. “Data Literacy to be Most In-Demand Skill by 2030 as AI Transforms Global Workplaces.” Qlik., 16 Mar 2022. Web.

    Qlik. “What is data literacy?” Qlik, n.d. Web.

    Reed, David. Becoming Data Literate. Harriman House Publishing, 1 Sept. 2021. Print.

    Salomonsen, Summer. “Grovo’s First-Time Manager Microlearning® Program Will Help Your New Managers Thrive in 2018.” Grovos Blog, 5 Dec. 2018. Web.

    Webb, Ryan. “More Than Just Reporting: Uncovering Actionable Insights From Data.” Welocalize, 1 Sept. 2020. Web.

    Your Company is an Economy: Why This is Your Secret Weapon for Resilience

    • Large vertical image:
    • member rating overall impact: N/A
    • member rating average dollars saved: N/A
    • member rating average days saved: N/A

    IT specialists often instinctively focus on technical issues, such as server failures or network problems, because they are trained to address the broken parts. However, it's important to consider the context in which these occur. But what if the real problem isn't just the part but the entire system it operates in?

    I want you to take a step back and to stop thinking about your company as a collection of departments and IT systems. Start seeing it for what it truly is: a complex, living, breathing economic system. This isn't some academic analogy. It’s a powerful model that will change how you approach resilience.

    An economic system involves production, resource allocation, and distribution of goods and services, which parallels how a company operates internally. It includes the combination of various departments, the people doing things, the business units, and even the decision-making steps that make up the economic structure of your company. Once you see this, you can never unsee it.

    What is an economic system?

    Let’s quickly demystify this. Forget textbooks and complex theories for a moment. Think about a national economy. It does three basic things:

    1. Production: It makes things. Factories build cars, farms grow food, and programmers write software. This is the creation of value.

    2. Resource Allocation: This process decides who gets what to make those things. Who gets the steel for the cars? The land for the farms? The funding for the software developers? These are all decisions about how to use scarce resources. 

    3. Distribution: This process gets the finished products to the people who need them. Cars go to importers, then dealerships then the customers, food goes to grocery stores, and software gets deployed to servers and then used by clients (in the general sense).

    That's it. Production, allocation, distribution. Every economy, from a simple bartering tribe to the global financial market, operates on these principles. And so does your company.

    So, how is your company an economy?

    Your company doesn't just “do work.” It produces, allocates, and distributes services in its own internal market (and eventually sells outside, otherwise… trouble).

    The production is everywhere. The human resources department produces a “payroll service.” The sales department produces “revenue contracts.” And the IT department? It produces a vast array of services: “compute cycles,” “data storage,” “network connectivity,” and “application uptime.” These are the goods and services that every other part of the company consumes to do their jobs.

    Resource allocation is the lifeblood of your corporate economy. It's the annual budgeting process, the project prioritization meetings, and the daily decisions managers make about where to assign their people. In IT, you are equally part of the allocation process. Most people get to decide at least what they will give priority to that day. Perhaps via the daily scrum or stand-up meetings. Perhaps during the review process. As a manager, when you approve a request for a new high-powered virtual machine for one team, you are making an economic choice. You are allocating a scarce resource that another team can no longer use. As a developer, when you decide that task X is now a higher priority than task Y, you make an economic decision to allocate yourself to task X. It's important to understand that there is an opportunity cost to every decision, whether you label it that way or not. 

    And distribution? That's how these services get to their “consumers.” It’s the internal platforms, the APIs that connect applications, the service desk that fulfills requests, the operations teams that update data via forms into databases, and even the reporting dashboards that deliver information. These are the supply chains and logistics networks of your company’s economy. The consumers are your clients, of course, but also every department that uses a service provided by another department.

    The IT department plays a central role in the company's economy, akin to a central bank and infrastructure provider, by managing essential digital resources like compute, storage, and bandwidth. You control its supply and, through your decisions, influence its value. You also build and maintain the “roads” and “power grid”—the networks and platforms—that the entire corporate economy depends on to function.

    Why This Perspective Is Important for Resilience

    This is where I feel it gets fascinating. When you start seeing your company as an economic system, your understanding of resilience deepens dramatically. You move beyond simply fixing broken things and start thinking about stabilizing a complex, interconnected market.

    It helps you understand true systemic risk.

    When a core database goes down, an engineer sees a technical failure. An economist sees a supply chain collapse. That database isn't just a box with blinking lights; it's a critical supplier of a raw material, namely data. Every single business process, application, and team that creates, updates or consumes that data is now starved of a resource they need to produce their own services. The failure cascades not just through technical dependencies but through economic dependencies. Seeing it this way forces you to ask better questions: Who are the biggest “consumers” of this data supplier? What is the total economic impact of this outage, not just the technical impact? This changes the incident's priority and your response strategy.

    You move beyond simple redundancy.

    The traditional engineering approach to resilience is redundancy. If one server is important, have two. This is like a town having two power plants. It's a good start, but it's not true economic resilience. An economist would ask different questions. Can we diversify our suppliers? Can we re-route via another path? If our primary database provider fails, can we switch to a secondary one, even if it's slower or pricier for a short time? This is the principle of substitution. Can a business process continue to function in a degraded mode, producing a lower-quality “good” for a while instead of stopping completely? This is about economic adaptability, not just technical duplication.

    You could take this even further and move into the realm of business continuity. Can your process work when your primary resource (the database) is not available? How would you redesign your process to work with an alternative solution? This thinking is at the heart of modern operational resilience regulations worldwide. Authorities are no longer just asking if your backups work; they're asking if your firm can fulfill its economic function in the face of severe adversity. They demand a clear grasp of your entire supply chain and a testable exit plan for critical suppliers, including cloud providers.

    You see that this goes way beyond a failing-part view. It goes to the heart of the economic function of your company.

    Incident response becomes economic intervention.

    During a major incident, the incident commander is now no longer just a technical coordinator. You are the head of the “central bank” during a "market crash". Your job is to prevent a localized failure from causing a full-blown corporate recession. Think about your actions:

    • You allocate scarce capital (your top engineers' time) to the most critical problem. The economic cost is the non-delivery of any other product by those people.

    • You implement fiscal policy by prioritizing certain fixes over others to stimulate the quickest “economic” recovery.

    • You manage market confidence through clear, calm, and regular communication to stakeholders, preventing panic from spreading.

    Each decision is an economic intervention designed to restore stability to the system. (If that is not the job description of a central banker, then I eat my hat.)

    Side Note: I often see teams who are obsessed with their own service's uptime, their own local metrics. They proudly report “five nines” of availability, but they do not report on how their service is actually consumed or how critical it is to the company's overall economic output. They've optimized their own factory but don't disclose their output's need level to the company or that their occasional one-hour outage brings the entire company's main assembly line to a halt. Resilience is not about local optimization; it is about the stability of the entire economic system. A dashboard that lists teams in order of availability or whatever other metric is fine, but these numbers must be mapped against their economic relevance. Without the economic relevance weighting, you may be misallocating resources in areas that are not critical or sufficiently important.

    How to Start Thinking Like an Economist in Your Resilience Practice

    This isn't just a theoretical exercise. You can apply this model today to make your organization stronger and yourself more effective to any employer or client.

    First, map your economic flows. Go beyond standard architecture diagrams. Create maps that show how value and services are produced, distributed, and consumed across departments. Identify your most important “supply chains.” Ask business units what IT services are essential for their “production lines” and what the financial impact is when those services are unavailable. This gives you a heat map of economic risk.

    Second, identify your single points of economic failure. In every economy, there are institutions that are “too big to fail.” What are yours? Is it a single authentication service? A legacy mainframe? A specific team of two people who know how a critical system works? These are the areas where a failure will cause a systemic crisis. They require more than just technical redundancy; they need deep, thoughtful resilience planning, including succession plans for people and substitution options for technology.

    Finally, reframe your post-incident reviews. Stop just asking, “What broke and why?” Start asking, “Which economic activity was disrupted?” and “How did the disruption flow through the system?” This shifts the conversation from blaming a component or a team to understanding systemic weaknesses in your company's economy. The goal is not to find a guilty party but to identify where your internal market is fragile and how you can strengthen it with better “monetary policy” (resource allocation) or “infrastructure” (more robust platforms).

    The vicious cycle of a failing economy

    In another article, I mentioned that resilience is a mindset.
     Resilience mindset graphic 

    So what happens when this economic system becomes unstable?

    These issues are typically considered failures and they manifest as irritations, perceived slowness and bugs, all the way to (regular) failures of a process or whole system.

    If this broken economic system is allowed to remain unstable, people will adopt negative behaviors.

    When “the government” (IT) fails to deliver, business teams take matters into their hands and start shadow IT. They may even purchase their own subscriptions.

    In a stable economy, participants trust that resources will be available when needed, but in a broken system, that trust is gone and leads to the hoarding of assets. This may be visible in the requested need for time or even budget allocation. And that leads into protectionism where teams build walls around their data and systems.

    When failures are common, the focus shifts from resolving the systemic problems to assigning blame for the specific symptom. This is akin to the breakdown of trade relations. The applications team blames the infrastructure team for slow servers. The infrastructure team blames the network team for latency. The network team blames the applications team for inefficient code. And around we go.

    Taking it just that little step further: If people live in a failing state long enough, they lose hope. This is learned helplessness. Your most valuable “citizens”—your engineers and business users—become disengaged. They stop reporting bugs because they assume they will never be fixed. They stop suggesting process improvements because they believe their voice doesn't matter.

    And lastly: In a functional system, there are clear processes for requesting services. In your broken economy, these official channels are considered worthless. The only way to get anything done is to generate a crisis. Escalation becomes the primary currency. People learn to bypass the ticketing system and send direct messages to senior leaders because they perceive that's the only way to get a response.

    How to Break the Cycle: Start Small

    To break this cycle, you need to start small and use mechanisms that turn the negative effects of problems into positive effects, like seeing opportunities.

    • Opportunities to correct irritations
    • Opportunities to enhance processes
    • Opportunities to perhaps redesign a service

    Proposing a grand vision will get you polite nods and zero action. I recommend you pick one irritation and fix it. Repeat multiple times until staff starts to perceive a change. Don't try to move the mountain. Remove the first obstacle and make your way up from there. This can be solving an issue, reducing an uncertainty, or actually spotting a way forward. 

    It will go easier as you continue this. Accept that on day one, your credibility is zero. It doesn’t matter whether you're a new manager or a seasoned expert. Trust is earned on the factory floor. Fix one small, nagging irritation for one person. Then another. This is how you build the political and social capital needed to tackle the mountain. It takes time.

    But what will happen next is crucial. There will be a reduction of the negative behaviors. And when you work it efficiently with enough time, you will eliminate those behaviors. And yes, there will be many ifs and buts, and each of the broken elements of a larger chain may require their own solutions. But it is this act of seeing the bigger picture through the constituent parts that will allow you to assign priorities and move closer to the solution in a structural way.
    Seeing step by step results feeds positivism and higher stability. Which in turn again feeds more positivism. 

     

    When you view your company through the lens of an economic system, it elevates the practice of resilience from a purely technical discipline to a value function. It gives you a language to communicate impact and risk to leadership in terms they understand: production, supply, and cost.

    It forces you to see the interconnectedness of everything you do and to appreciate that the failure of a single, seemingly minor component can have large, cascading effects across the entire organization. By thinking like an economist, you stop being just a firefighter, putting out isolated blazes. You become the architect of a more stable, more robust, and ultimately more resilient economy.

    You become the architect of a more stable, more robust, and ultimately more resilient economy. Now, go manage it.

    Always ready for a chat.

    Reduce Shadow IT With a Service Request Catalog

    • Buy Link or Shortcode: {j2store}302|cart{/j2store}
    • member rating overall impact: 10.0/10 Overall Impact
    • member rating average dollars saved: $129,999 Average $ Saved
    • member rating average days saved: 35 Average Days Saved
    • Parent Category Name: Asset Management
    • Parent Category Link: /asset-management
    • Shadow IT: The IT team is regularly surprised to discover new products within the organization, often when following up on help desk tickets or requests for renewals from business users or vendors.
    • Renewal Management: The contracts and asset teams need to be aware of upcoming renewals and have adequate time to review renewals.
    • Over-purchasing: Contracts may be renewed without a clear picture of usage, potentially renewing unused applications.

    Our Advice

    Critical Insight

    There is a direct correlation between service delivery dissatisfaction and increases in shadow IT. Whether the goal is to reduce shadow IT or gain control, improved customer service and fast delivery are key to making lasting changes.

    Impact and Result

    Our blueprint will help you design a service that draws the business to use it. If it is easier for them to buy from IT than it is to find their own supplier, they will use IT.

    A heavy focus on customer service, design optimization, and automation will provide a means for the business to get what they need, when they need it, and provide visibility to IT and security to protect organizational interests.

    This blueprint will help you:

    • Design the request service
    • Design the request catalog
    • Build the request catalog
    • Market the service

    Reduce Shadow IT With a Service Request Catalog Research & Tools

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Reduce Shadow IT With a Service Request Catalog – A step-by-step document that walks you through creation of a request service management program.

    Use this blueprint to create a service request management program that provides immediate value.

    • Reduce Shadow IT With a Service Request Catalog Storyboard

    2. Nonstandard Request Assessment – A template for documenting requirements for vetting and onboarding new applications.

    Use this template to define what information is needed to vet and onboard applications into the IT environment.

    • Nonstandard Request Assessment

    3. Service Request Workflows – A library of workflows used as a starting point for creating and fulfilling requests for applications and equipment.

    Use this library of workflows as a starting point for creating and fulfilling requests for applications and equipment in a service catalog.

    • Service Request Workflows

    4. Application Portfolio – A template to organize applications requested by the business and identify which items are published in the catalog.

    Use this template as a starting point to create an application portfolio and request catalog.

    • Application Portfolio

    5. Reduce Shadow IT With a Service Request Catalog Communications Template – A presentation and communications plan to announce changes to the service and introduce a catalog.

    Use this template to create a presentation and communications plan for launching the new service and service request catalog.

    • Reduce Shadow IT with a Service Request Catalog Communications Template
    [infographic]

    Workshop: Reduce Shadow IT With a Service Request Catalog

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Design the Service

    The Purpose

    Collaborate with the business to determine service model.

    Collaborate with IT teams to build non-standard assessment process.

    Key Benefits Achieved

    Designed a service for service requests, including new product intake.

    Activities

    1.1 Identify challenges and obstacles.

    1.2 Complete customer journey map.

    1.3 Design process for nonstandard assessments.

    Outputs

    Nonstandard process.

    2 Design the Catalog

    The Purpose

    Design the service request catalog management process.

    Key Benefits Achieved

    Ensure the catalog is kept current and is integrated with IT service catalog if applicable.

    Activities

    2.1 Determine what will be listed in the catalog.

    2.2 Determine process to build and maintain the catalog, including roles, responsibilities, and workflows.

    2.3 Define success and determine metrics.

    Outputs

    Catalog scope.

    Catalog design and maintenance plan.

    Defined success metrics

    3 Build and Market the Catalog

    The Purpose

    Determine catalog contents and how requests will be fulfilled.

    Key Benefits Achieved

    Catalog framework and service level agreements will be defined.

    Create communications documents.

    Activities

    3.1 Determine how catalog items will be displayed.

    3.2 Complete application categories for catalog.

    3.3 Create deployment categories and SLAs.

    3.4 Design catalog forms and deployment workflows.

    3.5 Create roadmap.

    3.6 Create communications plan.

    Outputs

    Catalog workflows and SLAs.

    Roadmap.

    Communications deck.

    4 Breakout Groups – Working Sessions

    The Purpose

    Create an applications portfolio.

    Prepare to populate the catalog.

    Key Benefits Achieved

    Portfolio and catalog contents created.

    Activities

    4.1 Using existing application inventory, add applications to portfolio and categorize.

    4.2 Determine which applications should be in the catalog.

    4.3 Determine which applications are packaged and can be easily deployed.

    Outputs

    Application Portfolio.

    List of catalog items.

    Further reading

    Reduce Shadow IT With a Service Request Catalog

    Foster business partnerships with sourcing-as-a-service.

    Analyst Perspective

    Improve the request management process to reduce shadow IT.

    In July 2022, Ivanti conducted a study on the state of the digital employee experience, surveying 10,000 office workers, IT professionals, and C-suite executives. Results of this study indicated that 49% of employees are frustrated by their tools, and 26% of employees were considering quitting their jobs due to unsuitable tech. 42% spent their own money to gain technology to improve their productivity. Despite this, only 21% of IT leaders prioritized user experience when selecting new tools.

    Any organization’s workers are expected to be productive and contribute to operational improvements or customer experience. Yet those workers don’t always have the tools needed to do the job. One option is to give the business greater control, allowing them to choose and acquire the solutions that will make them more productive. Info-Tech's blueprint Embrace Business-Managed Applications takes you down this path.

    However, if the business doesn’t want to manage applications, but just wants have access to better ones, IT is positioned to provide services for application and equipment sourcing that will improve the employee experience while ensuring applications and equipment are fully managed by the asset, service, and security teams.

    Improving the request management and deployment practice can give the business what they need without forcing them to manage license agreements, renewals, and warranties.

    Photo of Sandi Conrad

    Sandi Conrad
    ITIL Managing Professional
    Principal Research Director, IT Infrastructure & Operations,
    Info-Tech Research Group

    Your challenge

    This research is designed to help organizations that are looking to improve request management processes and reduce shadow IT.

    Shadow IT: The IT team is regularly surprised to discover new products within the organization, often when following up on help desk tickets or requests for renewals from business users or vendors.

    Renewal management: The contracts and asset teams need to be aware of upcoming renewals and have adequate time to review renewals.

    Over-purchasing and over-spending: Contracts may be renewed without a clear picture of utilization, potentially renewing unused applications. Applications or equipment may be purchased at retail price where corporate, government, or educational discounts exist.

    Info-Tech Insight

    To increase the visibility of the IT environment, IT needs to transform the request management process to create a service that makes it easier for the business to access the tools they need rather than seeking them outside of the organization.

    609
    Average number of SaaS applications in large enterprises

    40%
    On average, only 60% of provisioned SaaS licenses are used, with the remaining 40% unused.

    — Source: Zylo, SaaS Trends for IT Leaders, 2022

    Common obstacles

    Too many layers of approvals and a lack of IT workers makes it difficult to rethink service request fulfillment.

    Delays: The business may not be getting the applications they need from IT to do their jobs or must wait too long to get the applications approved.

    Denials: Without IT’s support, the business is finding alternative options, including SaaS applications, as they can be bought and used without IT’s input or knowledge.

    Threats: Applications that have not been vetted by security or installed without their knowledge may present additional threats to the organization.

    Access: Self-serve isn’t mature enough to support an applications catalog.

    A diagram that shows the number of SaaS applications being acquired outside of IT is increasing year over year, and that business units are driving the majority of SaaS spend.

    8: average number of applications entering the organization every 30 days

    — Source: Zylo, SaaS Trends for Procurement, 2022

    Info-Tech’s approach

    Improve the request management process to create sourcing-as-a-service for the business.

    • Improve customer service
    • Reduce shadow IT
    • Gain control in a way that keeps the business happy

    1. Design the service

    Collaborate with the business

    Identify the challenges and obstacles

    Gain consensus on priorities

    Design the service

    2. Design the catalog

    Determine catalog scope

    Create a process to build and maintain the catalog

    Define metrics for the request management process

    3. Build the catalog

    Determine descriptions for catalog items

    Create definitions for license types, workflows, and SLAs

    Create application portfolio

    Design catalog forms and workflows

    4. Market the service

    Create a roadmap

    Determine messaging

    Build a communications plan

    Blueprint deliverables

    Each step of this blueprint is accompanied by supporting deliverables to help you accomplish your goals:

    Communications Presentation

    Photo of Communications Presentation

    Application Portfolio

    Photo of Application Portfolio

    Visio Library

    Photo of Visio Library

    Nonstandard Request Assessment

    Photo of Nonstandard Request Assessment

    Create a request management process and service catalog to improve delivery of technology to the business

    Establish an Analytics Operating Model

    • Buy Link or Shortcode: {j2store}339|cart{/j2store}
    • member rating overall impact: 9.0/10 Overall Impact
    • member rating average dollars saved: $8,449 Average $ Saved
    • member rating average days saved: 6 Average Days Saved
    • Parent Category Name: Data Management
    • Parent Category Link: /data-management
    • Organizations are struggling to understand what's involved in the analytics developer lifecycle to generate reusable insights faster.
    • Discover what it takes to become a citizen analytics developer. Identify the proper way to enable self-serve analytics.
    • Self-serve business intelligence/analytics is misunderstood and confusing to the business, especially with regards to the roles and responsibilities of IT and the business.
    • End users are dissatisfied due to a lack of access to the data and the absence of a single source of truth.

    Our Advice

    Critical Insight

    Organizations that take data seriously should:

    • Decouple processes in which data is separated from business processes and elevate the visibility of the organization's data assets.
    • Leverage a secure platform where data can be easily exchanged for insights generation.
    • Create density for analytics where resources are mobilized around analytics ideas to generate value.

    Analytics is a journey, not a destination. This journey can eventually result in some level of sophisticated AI/machine learning in your organization. Every organization needs to mobilize its resources and enhance its analytics capabilities to quickly and incrementally add value to data products and services. However, most organizations fail to mobilize their resources in this way.

    Impact and Result

    • Firms become more agile when they realize efficiencies in their analytics operating models and can quickly implement reusable analytics.
    • IT becomes more flexible and efficient in understanding the business' data needs and eliminates redundant processes.
    • Trust in data-driven decision making goes up with collaboration, engagement, and transparency.
    • There is a clear path to continuous improvement in analytics.

    Establish an Analytics Operating Model Research & Tools

    Start here – read the Executive Brief

    Read our concise Executive Brief that outlines Info-Tech’s methodology for assessing the business' analytics needs and aligning your data governance, capabilities, and organizational structure to deliver analytics faster.

    Besides the small introduction, subscribers and consulting clients within this management domain have access to:

    1. Define your analytics needs

    This phase helps you understand your organization's data landscape and current analytics environment so you gain a deeper understanding of your future analytics needs.

    • Establish an Analytics Operating Model – Phase 1: Define Your Analytics Needs

    2. Establish an analytics operating model

    This phase introduces you to data operating model frameworks and provides a step-by-step guide on how to capture the right analytics operating model for your organization.

    • Establish an Analytics Operating Model – Phase 2: Establish an Analytics Operating Model
    • Analytics Operating Model Building Tool

    3. Implement your operating model

    This phase helps you implement your chosen analytics operating model, as well as establish an engagement model and communications plan.

    • Establish an Analytics Operating Model – Phase 3: Implement Your Analytics Operating Model
    [infographic]

    Workshop: Establish an Analytics Operating Model

    Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.

    1 Define Your Analytics Needs

    The Purpose

    Achieve a clear understanding and case for data analytics.

    Key Benefits Achieved

    A successful analytics operating model starts with a good understanding of your analytical needs.

    Activities

    1.1 Review the business context.

    1.2 Understand your analytics needs.

    1.3 Draft analytics ideas and use cases.

    1.4 Capture minimum viable analytics.

    Outputs

    Documentation of analytics products and services

    2 Perform an Analytics Capability Assessment

    The Purpose

    Achieve a clear understanding of your organization's analytics capability and mapping across organizational functions.

    Key Benefits Achieved

    Understand your organization's data landscape and current analytics environment to gain a deeper understanding of your future analytics needs.

    Activities

    2.1 Capture your analytics capabilities.

    2.2 Map capabilities to a hub-and-spoke model.

    2.3 Document operating model results.

    Outputs

    Capability assessment results

    3 Establish an Analytics Operating Model

    The Purpose

    Capture the right analytics operating model for your organization.

    Key Benefits Achieved

    Explore data operating model frameworks.

    Capture the right analytics operating model for your organization using a step-by-step guide.

    Activities

    3.1 Discuss your operating model results.

    3.2 Review your organizational structure’s pros and cons.

    3.3 Map resources to target structure.

    3.4 Brainstorm initiatives to develop your analytics capabilities.

    Outputs

    Target operating model

    4 Implement Your Analytics Operating Model

    The Purpose

    Formalize your analytics organizational structure and prepare to implement your chosen analytics operating model.

    Key Benefits Achieved

    Implement your chosen analytics operating model.

    Establish an engagement model and communications plan.

    Activities

    4.1 Document your target organizational structure and RACI.

    4.2 Establish an analytics engagement model.

    4.3 Develop an analytics communications plan.

    Outputs

    Reporting and analytics responsibility matrix (RACI)

    Analytics engagement model

    Analytics communications plan

    Analytics organizational chart