Leadership has evolved over time. The velocity of change has increased and leadership for the future looks different than the past.
Development of the leadership mind should never stop. This program will help IT leaders continue to craft their leadership competencies to navigate the ever-changing world in which we operate.
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Determine the most critical business services to ensure availability.
Craft a monitoring strategy to gather usage data.
Integrate business stakeholders into the capacity management process.
Identify and mitigate risks to your capacity and availability.
[infographic]
Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.
Determine the most important IT services for the business.
Understand which services to prioritize for ensuring availability.
1.1 Create a scale to measure different levels of impact.
1.2 Evaluate each service by its potential impact.
1.3 Assign a criticality rating based on the costs of downtime.
RTOs/RPOs
List of gold systems
Criticality matrix
Monitor and measure usage metrics of key systems.
Capture and correlate data on business activity with infrastructure capacity usage.
2.1 Define your monitoring strategy.
2.2 Implement your monitoring tool/aggregator.
RACI chart
Capacity/availability monitoring strategy
Determine how to project future capacity usage needs for your organization.
Data-based, systematic projection of future capacity usage needs.
3.1 Analyze historical usage trends.
3.2 Interface with the business to determine needs.
3.3 Develop a plan to combine these two sources of truth.
Plan for soliciting future needs
Future needs
Identify potential risks to capacity and availability.
Develop strategies to ameliorate potential risks.
Proactive approach to capacity that addresses potential risks before they impact availability.
4.1 Identify capacity and availability risks.
4.2 Determine strategies to address risks.
4.3 Populate and review completed capacity plan.
List of risks
List of strategies to address risks
Completed capacity plan
"Nobody doubts the cloud’s transformative power. But will its ascent render “capacity manager” an archaic term to be carved into the walls of datacenters everywhere for future archaeologists to puzzle over? No. While it is true that the cloud has fundamentally changed how capacity managers do their jobs , the process is more important than ever. Managing capacity – and, by extent, availability – means minimizing costs while maximizing uptime. The cloud era is the era of unlimited capacity – and of infinite potential costs. If you put the infinity symbol on a purchase order… well, it’s probably not a good idea. Manage demand. Manage your capacity. Manage your availability. And, most importantly, keep your stakeholders happy. You won’t regret it."
Jeremy Roberts,
Consulting Analyst, Infrastructure Practice
Info-Tech Research Group
✓ CIOs who want to increase uptime and reduce costs
✓ Infrastructure managers who want to deliver increased value to the business
✓ Enterprise architects who want to ensure stability of core IT services
✓ Dedicated capacity managers
✓ Develop a list of core services
✓ Establish visibility into your system
✓ Solicit business needs
✓ Project future demand
✓ Set SLAs
✓ Increase uptime
✓ Optimize spend
✓ Project managers
✓ Service desk staff
✓ Plan IT projects
✓ Better manage availability incidents caused by lack of capacity
According to 451 Research, 59% of enterprises have had to wait 3+ months for new capacity. It is little wonder, then, that so many opt to overprovision. Capacity management is about ensuring that IT services are available, and with lead times like that, overprovisioning can be more attractive than the alternative. Fortunately there is hope. An effective availability and capacity management plan can help you:
Balancing overprovisioning and spending is the capacity manager’s struggle.
If an IT department is unable to meet demand due to insufficient capacity, users will experience downtime or a degradation in service. To be clear, capacity is not the only factor in availability – reliability, serviceability, etc. are significant as well. But no organization can effectively manage availability without paying sufficient attention to capacity.
"Availability Management is concerned with the design, implementation, measurement and management of IT services to ensure that the stated business requirements for availability are consistently met."
– OGC, Best Practice for Service Delivery, 12
"Capacity management aims to balance supply and demand [of IT storage and computing services] cost-effectively…"
– OGC, Business Perspective, 90
| Business | The highest level of capacity management, business capacity management, involves predicting changes in the business’ needs and developing requirements in order to make it possible for IT to adapt to those needs. Influx of new clients from a failed competitor. |
|---|---|
| Service | Service capacity management focuses on ensuring that IT services are monitored to determine if they are meeting pre-determined SLAs. The data gathered here can be used for incident and problem management. Increased website traffic. |
| Component | Component capacity management involves tracking the functionality of specific components (servers, hard drives, etc.), and effectively tracking their utilization and performance, and making predictions about future concerns. Insufficient web server compute. |
The C-suite cares about business capacity as part of the organization’s strategic planning. Service leads care about their assigned services. IT infrastructure is concerned with components, but not for their own sake. Components mean services that are ultimately designed to facilitate business.
Industry: Healthcare
Source: Interview
New functionalities require new infrastructure
There was a project to implement an elastic search feature. This had to correlate all the organization’s member data from an Oracle data source and their own data warehouse, and pool them all into an elastic search index so that it could be used by the provider portal search function. In estimating the amount of space needed, the infrastructure team assumed that all the data would be shared in a single place. They didn’t account for the architecture of elastic search in which indexes are shared across multiple nodes and shards are often split up separately.
Beware underestimating demand and hardware sourcing lead times
As a result, they vastly underestimated the amount of space that was needed and ended up short by a terabyte. The infrastructure team frantically sourced more hardware, but the rush hardware order arrived physically damaged and had to be returned to the vendor.
Sufficient budget won’t ensure success without capacity planning
The project’s budget had been more than sufficient to pay for the extra necessary capacity, but because a lack of understanding of the infrastructure impact resulted in improper forecasting, the project ended up stuck in a standstill.
There are three variables that are monitored, measured, and analyzed as part of availability management more generally (Valentic).
The availability of a system is the percentage of time the system is “up,” (and not degraded) which can be calculated using the following formula: uptime/(uptime + downtime) x 100%. The more components there are in a system, the lower the availability, as a rule.
The length of time a component/service can go before there is an outage that brings it down, typically measured in hours.
The amount of time it takes for a component/service to be restored in the event of an outage, also typically measured in hours.
| Features of the public cloud | Implications for capacity management |
|---|---|
| Instant, or near-instant, instantiation | Lead times drop; capacity management is less about ensuring equipment arrives on time. |
| Pay-as-you go services | Capacity no longer needs to be purchased in bulk. Pay only for what you use and shut down instances that are no longer necessary. |
| Essentially unlimited scalability | Potential capacity is infinite, but so are potential costs. |
| Offsite hosting | Redundancy, but at the price of the increasing importance of your internet connection. |
Traditionally, increases in capacity have come in bursts as a reaction to availability issues. This model inevitably results in overprovisioning, driving up costs. Access to the cloud changes the equation. On-demand capacity means that, ideally, nobody should pay for unused capacity.
The cloud reality does not look like the cloud ideal. Even with the ostensibly elastic cloud, vendors like the consistency that longer-term contracts offer. Enter reserved instances: in exchange for lower hourly rates, vendors offer the option to pay a fee for a reserved instance. Usage beyond the reserved will be billed at a higher hourly rate. In order to determine where that line should be drawn, you should engage in detailed capacity planning. Unfortunately, even when done right, this process will result in some overprovisioning, though it does provide convenience from an accounting perspective. The key is to use spot instances where demand is exceptional and bounded. Example: A university registration server that experiences exceptional demand at the start of term but at no other time.
Even in the era of elasticity, capacity planning is crucial. Spot instances – the spikes in the graph above – are more expensive, but if your capacity needs vary substantially, reserving instances for all of the space you need can cost even more money. Efficiently planning capacity will help you draw this line.
Simple and effective. Sometimes a simple display can convey all of the information necessary to manage critical systems. In cars it is important to know your speed, how much fuel is in the tank, and whether or not you need to change your oil/check your engine.
Where to begin?! Specialized information is sometimes necessary, but it can be difficult to navigate.
|
STEP 1 |
STEP 2 |
STEP 3 |
STEP 4 |
STEP 5 |
|---|---|---|---|---|
|
Record applications and dependencies Utilize your asset management records and document the applications and systems that IT is responsible for managing and recovering during a disaster. |
Define impact scoring scale Ensure an objective analysis of application criticality by establishing a business impact scale that applies to all applications. |
Estimate impact of downtime Leverage the scoring criteria from the previous step and establish an estimated impact of downtime for each application. |
Identify desired RTO and RPO Define what the RTOs/RPOs should be based on the impact of a business interruption and the tolerance for downtime and data loss. |
Determine current RTO/RPO Conduct tabletop planning and create a flowchart of your current capabilities. Compare your current state to the desired state from the previous step. |
According to end users, every system is critical and downtime is intolerable. Of course, once they see how much totally eliminating downtime can cost, they might change their tune. It is important to have this discussion to separate the critical from the less critical – but still important – services.
"It is wrong to suppose that if you can’t measure it, you can’t manage it – a costly myth."
– W. Edwards Deming, statistician and management consultant, author of The New Economics
While it is true that total monitoring is not absolutely necessary for management, when it comes to availability and capacity – objectively quantifiable service characteristics – a monitoring strategy is unavoidable. Capturing fluctuations in demand, and adjusting for those fluctuations, is among the most important functions of a capacity manager, even if hovering over employees with a stopwatch is poor management.
|
Do |
Do not |
|---|---|
|
✓ Develop a positive relationship with business leaders responsible for making decisions. ✓ Make yourself aware of ongoing and upcoming projects. ✓ Develop expertise in organization-specific technology. ✓ Make the business aware of your expenses through chargebacks or showbacks. ✓ Use your understanding of business projects to predict business needs; do not rely on business leaders’ technical requests alone. |
X Be reactive. X Accept capacity/availability demands uncritically. X Ask line of business managers for specific computing requirements unless they have the technical expertise to make informed judgments. X Treat IT as an opaque entity where requests go in and services come out (this can lead to irresponsible requests). |
The company meeting
“I don’t need this much RAM,” the application developer said, implausibly. Titters wafted above the assembled crowd as her IT colleagues muttered their surprise. Heads shook, eyes widened. In fact, as she sat pondering her utterance, the developer wasn’t so sure she believed it herself. Noticing her consternation, the infrastructure manager cut in and offered the RAM anyway, forestalling the inevitable crisis that occurs when seismic internal shifts rock fragile self-conceptions. Until next time, he thought.
"Work expands as to fill the resources available for its completion…"
– C. Northcote Parkinson, quoted in Klimek et al.
Critical inputs
In order to project your future needs, the following inputs are necessary.
If your focus is on ensuring process continuity in the event of a disaster.
If your focus is on flow mapping and transaction monitoring as part of a plan to engage APM vendors.
If your focus is on hardening your IT systems against major events.
|
Phase 1: Conduct a business impact analysis |
Phase 2: Establish visibility into core systems |
Phase 3: Solicit and incorporate business needs |
Phase 4: Identify and mitigate risks |
|---|---|---|---|
|
1.1 Conduct a business impact analysis 1.2 Assign criticality ratings to services |
2.1 Define your monitoring strategy 2.2 Implement monitoring tool/aggregator |
3.1 Solicit business needs 3.2 Analyze data and project future needs |
4.1 Identify and mitigate risks |
|
Deliverables |
|||
|
|
|
|
“Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful.”
“Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track.”
“We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place.”
“Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project.”
|
Conduct a business impact analysis |
Establish visibility into core systems |
Solicit and incorporate business needs |
Identify and | |
|---|---|---|---|---|
|
Best-Practice Toolkit |
1.1 Create a scale to measure different levels of impact 1.2 Assign criticality ratings to services |
2.1 Define your monitoring strategy 2.2 Implement your monitoring tool/aggregator |
3.1 Solicit business needs and gather data 3.2 Analyze data and project future needs |
4.1 Identify and mitigate risks |
|
Guided Implementations |
Call 1: Conduct a business impact analysis | Call 1: Discuss your monitoring strategy |
Call 1: Develop a plan to gather historical data; set up plan to solicit business needs Call 2: Evaluate data sources |
Call 1: Discuss possible risks and strategies for risk mitigation Call 2: Review your capacity management plan |
|
Onsite Workshop |
Module 1: Conduct a business impact analysis |
Module 2: Establish visibility into core systems |
Module 3: Develop a plan to project future needs |
Module 4: Identify and mitigate risks |
|
Phase 1 Results:
|
Phase 2 Results:
|
Phase 3 Results:
|
Phase 4 Results:
|
Contact your account representative or email Workshops@InfoTech.com for more information.
|
Workshop Day 1 |
Workshop Day 2 |
Workshop Day 3 |
Workshop Day 4 | |
|---|---|---|---|---|
|
Conduct a business |
Establish visibility into |
Solicit and incorporate business needs |
Identify and mitigate risks |
|
|
Activities |
1.1 Conduct a business impact analysis 1.2 Create a list of critical dependencies 1.3 Identify critical sub-components 1.4 Develop best practices to negotiate SLAs |
2.1 Determine indicators for sub-components 2.2 Establish visibility into components 2.3 Develop strategies to ameliorate visibility issues |
3.1 Gather relevant business-level data 3.2 Gather relevant service-level data 3.3 Analyze historical trends 3.4 Build a list of business stakeholders 3.5 Directly solicit requirements from the business 3.6 Map business needs to technical requirements 3.7 Identify inefficiencies and compare historical data |
|
|
Deliverables |
|
|
|
|
Business impact analyses are an invaluable part of a broader IT strategy. Conducting a BIA benefits a variety of processes, including disaster recovery, business continuity, and availability and capacity management
|
STEP 1 |
STEP 2 |
STEP 3 |
STEP 4 |
STEP 5 |
|---|---|---|---|---|
|
Record applications and dependencies Utilize your asset management records and document the applications and systems that IT is responsible for managing and recovering during a disaster. |
Define impact scoring scale Ensure an objective analysis of application criticality by establishing a business impact scale that applies to all applications. |
Estimate impact of downtime Leverage the scoring criteria from the previous step and establish an estimated impact of downtime for each application. |
Identify desired RTO and RPO Define what the RTOs/RPOs should be based on the impact of a business interruption and the tolerance for downtime and data loss. |
Determine current RTO/RPO Conduct tabletop planning and create a flowchart of your current capabilities. Compare your current state to the desired state from the previous step. |
Engaging in detailed capacity planning for an insignificant service draws time and resources away from more critical capacity planning exercises. Time spent tracking and planning use of the ancient fax machine in the basement is time you’ll never get back.
A BIA enables you to identify appropriate spend levels, continue to drive executive support, and prioritize disaster recovery planning for a more successful outcome. For example, an Info-Tech survey found that a BIA has a significant impact on setting appropriate recovery time objectives (RTOs) and appropriate spending.
Terms
No BIA: lack of a BIA, or a BIA bases solely on the perceived importance of IT services.
BIA: based on a detailed evaluation or estimated dollar impact of downtime.
In large organizations especially, collating an exhaustive list of applications and services is going to be onerous. For the purposes of this project, a subset should suffice.
Instructions
Input
Output
Materials
Participants
Include a variety of services in your analysis. While it might be tempting to jump ahead and preselect important applications, don’t. The process is inherently valuable, and besides, it might surprise you.
Note: If there are no dependencies for a particular category, leave it blank.
Example
ID is optional. It is a sequential number by default.
In-House, Co-Lo/MSP, and Cloud dependencies; leave blank if not applicable.
Add notes as applicable – e.g. critical support services.
Modify the Business Impact Scales headings and Overall Criticality Rating terminology to suit your organization. For example, if you don’t have business partners, use that column to measure a different goodwill impact or just ignore that column in this tool (i.e. leave it blank). Estimate the different levels of potential impact (where four is the highest impact and zero is no impact) and record these in the Business Impact Scales columns.
In the BIA tab columns for Direct Costs of Downtime, Impact on Goodwill, and Additional Criticality Factors, use the drop-down menu to assign a score of zero to four based on levels of impact defined in the Scoring Criteria tab. For example, if an organization’s ERP is down, and that affects call center sales operations (e.g. ability to access customer records and process orders), the impact might be as described below:
On the other hand, if payroll processing is down, this may not impact revenue, but it certainly impacts internal goodwill and productivity.
Mission critical services. An outage is catastrophic in terms of cost or public image/goodwill. Example: trading software at a financial institution.
Important to daily operations, but not mission critical. Example: email services at any large organization.
Loss of these services is an inconvenience more than anything, though they do serve a purpose and will be missed if they are never brought back online. Example: ancient fax machines.
Info-Tech recommends gold, silver, and bronze because of this typology’s near universal recognition. If you would prefer a particular designation (it might help with internal comprehension), don’t hesitate to use that one instead.
Every organization has its own rules about how to categorize service importance. For some (consumer-facing businesses, perhaps) reputational damage may trump immediate costs.
Instructions
Input
Output
Materials
Participants
See Info-Tech’s Create a Right-Sized Disaster Recovery Plan blueprint for instructions on how to complete your business impact analysis.
|
Large cloud provider |
Local traditional business |
|---|---|
|
|
"Cloud capacity management is not exactly the same as the ITIL version because ITIL has a focus on the component level. I actually don’t do that, because if I did I’d go crazy. There’s too many components in a cloud environment."
– Richie Mendoza, IT Consultant, SMITS Inc.
Service
Component
"You don’t ask the CEO or the guy in charge ‘What kind of response time is your requirement?’ He doesn’t really care. He just wants to make sure that all his customers are happy."
– Todd Evans, Capacity and Performance Management SME, IBM.
Industry: Telecommunications
Source: Interview
Coffee and Wi-Fi – a match made in heaven
In tens of thousands of coffee shops around the world, patrons make ample use of complimentary Wi-Fi. Wi-Fi is an important part of customers’ coffee shop experience, whether they’re online to check their email, do a YouTube, or update their Googles. So when one telco that provided Wi-Fi access for thousands of coffee shops started encountering availability issues, the situation was serious.
Wi-Fi, whack-a-mole, and web woes
The team responsible for resolving the issue took an ad hoc approach to resolving complaints, fixing issues as they came up instead of taking a systematic approach.
Resolution
Looking at the network as a whole, the capacity manager took a proactive approach by using data to identify and rank the worst service areas, and then directing the team responsible to fix those areas in order of the worst first, then the next worst, and so on. Soon the availability of Wi-Fi service was restored across the network.
Instructions
Input
Output
Materials
Participants
Dependency mapping can be difficult. Make sure you don’t waste effort creating detailed dependency maps for relatively unimportant services.
Ride sharing cannot work, at least not at maximum effectiveness, without these constituent components. When one or more of these components are absent or degraded, the service will become unavailable. This example illustrates some challenges of capacity management; some of these components are necessary, but beyond the ride-sharing company’s control.
Email is an example here not because it is necessarily a “gold system,” but because it is common across industries. This is a useful exercise for any service, but it can be quite onerous, so it should be conducted on the most important systems first.
Use the bottom layer of the pyramid drawn in step 1.2a for a list of important sub-components.
Instructions
Input
Output
Materials
Participants
In terms of service provision, capacity management is a form of availability management. Not all availability issues are capacity issues, but the inverse is true.
Capacity issues will always cause availability issues, but availability issues are not inherently capacity issues. Availability problems can stem from outages unrelated to capacity (e.g. power or vendor outages).
When signing contracts with vendors, you will be presented with an SLA. Ensure that it meets your requirements.
Input
Output
Materials
Participants
Vendors are sometimes willing to eat the cost of violating SLAs if they think it will get them a contract. Be careful with negotiation. Just because the vendor says they can do something doesn’t make it true.
See Info-Tech’s Improve IT-Business Alignment Through an Internal SLA blueprint for instructions on why you should develop internal SLAs and the potential benefits they bring.
1.2
Create a list of dependencies for your most important applications
Using the results of the business impact analysis, the analyst will guide workshop participants through a dependency mapping exercise that will eventually populate the Capacity Plan Template.
Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.
|
Guided Implementation 1: Conduct a business impact analysis Proposed Time to Completion: 1 week | |
|---|---|
|
Step 1.1: Create a scale to measure different levels of impact Review your findings with an analyst Discuss how you arrived at the rating of your critical systems and their dependencies. Consider whether your external SLAs are appropriate. Then complete these activities…
With these tools & templates: Business Impact Analysis Tool |
Step 1.2: Assign criticality ratings to services Review your findings with an analyst Discuss how you arrived at the rating of your critical systems and their dependencies. Consider whether your external SLAs are appropriate. Then complete these activities…
With these tools & templates: Capacity Snapshot Tool |
|
Phase 1 Results & Insights:
|
|
Your findings are only as good as your data. Remember: garbage in, garbage out. There are three characteristics of good data:*
*National College of Teaching & Leadership, “Reliability and Validity”
"Data is king. Good data is absolutely essential to [the capacity manager] role."
– Adrian Blant, Independent Capacity Consultant, IT Capability Solutions
Every organization’s data needs are different; your data needs are going to be dictated by your services, delivery model, and business requirements. Make sure you don’t confuse volume with quality, even if others in your organization make that mistake.
Too much monitoring can be as bad as the inverse
In 2013, a security breach at US retailer Target compromised more than 70 million customers’ data. The company received an alert, but it was thought to be a false positive because the monitoring system produced so many false and redundant alerts. As a result of the daily deluge, staff did not respond to the breach in time.
Info-Tech Insight
Don’t confuse monitoring with management. While establishing visibility is a crucial step, it is only part of the battle. Move on to this project’s next phase to explore opportunities to improve your capacity/availability management process.
It is nearly impossible to overstate the importance of data to the process of availability and capacity management. But the wrong data will do you no good.
Instructions
Bottlenecks are bad. Use the Capacity Snapshot Tool (or another tool like it) to ensure that when the capacity manager leaves (on vacation, to another role, for good) the knowledge that they have accumulated does not leave as well.
Tracking every single component in significant detail will produce a lot of noise for each bit of signal. The approach outlined here addresses that concern in two ways:
Despite this effort, however, managing capacity at the component level is a daunting task. Ultimately, tools provided by vendors like SolarWinds and AppDynamics will fill in some of the gaps. Nevertheless, an understanding of the conceptual framework underlying availability and capacity management is valuable.
Industry: Financial Services
Source: AppDynamics
Challenge
Solution
Results
Source: “Just how complex can a Login Transaction be? Answer: Very!,” AppDynamics
"You don’t use a microscope to monitor an entire ant farm, but you might use many microscopes to monitor specific ants."
– Fred Chagnon, Research Director, Infrastructure Practice, Info-Tech Research Group
The next step in capacity management is establishing whether or not visibility (in the broad sense) is available into critical sub-components.
Instructions
Like ideas and watches, not all types of visibility are created equal. Ensure that you have access to the right information to make capacity decisions.
Instructions
For most mobile phone users, this breakdown is sufficient. For some, more granularity might be necessary.
Make note of monitoring tools and strategies. If anything changes, be sure to re-evaluate the visibility status. An outdated spreadsheet can lead to availability issues if management is unaware of looming problems.
The Capacity Snapshot Tool color-codes your components by status. Green – visibility and granularity are both sufficient; yellow – visibility exists, though not at sufficient granularity; and red – visibility does not exist at all.
Instructions
Input
Output
Materials
Participants
It might be that there is no amelioration strategy. Make note of this difficulty and highlight it as part of the risk section of the Capacity Plan Template.
The process of modernizing the network is fraught with vestigial limitations. Develop a program to gather requirements and plan.
As part of the blueprint, Modernize Enterprise Storage, the Modernize Enterprise Storage Workbook includes a section on storage capacity planning.
2.2
Develop strategies to ameliorate visibility issues
The analyst will guide workshop participants in brainstorming potential solutions to visibility issues and record them in the Capacity Snapshot Tool.
Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.
Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.
|
Guided Implementation 2: Establish visibility into core systems Proposed Time to Completion: 3 weeks | |
|---|---|
|
Step 2.1: Define your monitoring strategy Review your findings with an analyst Discuss your monitoring strategy and ensure you have sufficient visibility for the needs of your organization. Then complete these activities…
With these tools & templates:
|
Step 2.2: Implement your monitoring tool/aggregator Review your findings with an analyst Discuss your monitoring strategy and ensure you have sufficient visibility for the needs of your organization. Then complete these activities…
With these tools & templates:
|
|
Phase 2 Results & Insights:
|
|
The availability and capacity management summary card pictured here is a handy way to capture the results of the activities undertaken in the following phases. Note its contents carefully, and be sure to record specific outputs where appropriate. One such card should be completed for each of the gold services identified in the project’s first phase. Make note of the results of the activities in the coming phase, and populate the Capacity Snapshot Tool. These will help you populate the tool.
The Capacity Plan Template is designed to be a part of a broader mapping strategy. It is not a replacement for a dedicated monitoring tool.
"In all cases the very first thing to do is to look at trending…The old adage is ‘you don’t steer a boat by its wake,’ however it’s also true that if something is growing at, say, three percent a month and it has been growing at three percent a month for the last twelve months, there’s a fairly good possibility that it’s going to carry on going in that direction."
– Mike Lynch, Consultant, CapacityIQ
A holistic approach to capacity management involves peering beyond the beaded curtain partitioning IT from the rest of the organization and tracking business metrics.
Instructions
Input
Output
Materials
Participants
One level of abstraction down is the service level. Service level capacity management, recall that service level capacity management is about ensuring that IT is meeting SLAs in its service provision.
Instructions
Input
Output
Materials
Participants
|
Jan |
Feb |
Mar |
Apr |
May |
June |
July |
|---|---|---|---|---|---|---|
|
74 |
80 |
79 |
83 |
84 |
100 |
102 |
Note: the strength of this approach is that it is easy to visualize. Use the same timescale to facilitate simple comparison.
"Often what is really being offered by many analytics solutions is just more data or information – not insights."
– Brent Dykes, Director of Data Strategy, Domo
You can have all the data in the world and absolutely nothing valuable to add. Don’t fall for this trap. Use the activities in this phase to structure your data collection operation and ensure that your organization’s availability and capacity management plan is data driven.
At-a-glance – it’s how most executives consume all but the most important information. Create a dashboard that tracks the status of your most important systems.
Instructions
This tool collates and presents information gathered from other sources. It is not a substitute for a performance monitoring tool.
Stakeholder analysis is crucial. Lines of authority can be diffuse. Understand who needs to be involved in the capacity management process early on.
Instructions
Input
Output
Materials
Participants
Consider which departments are most closely aligned with the business processes that fuel demand. Prioritize those that have the greatest impact. Consider the stakeholders who will make purchasing decisions for increasing infrastructure capacity.
Establishing a relationship with your stakeholders is a necessary step in managing your capacity and availability.
Instructions
Input
Output
Materials
Participants
The best capacity managers develop new business processes that more closely align their role with business stakeholders. Building these relationships takes hard work, and you must first earn the trust of the business.
Convince, don’t coerce. Stakeholders want the same thing you do. Bake them into the planning process as a step towards this goal.
Input
Output
Materials
Participants
Industry: Financial Services
Source: Interview
In financial services, availability is king
In the world of financial services, availability is absolutely crucial. High-value trades occur at all hours, and any institution that suffers outages runs the risk of losing tens of thousands of dollars, not to mention reputational damage.
People know what they want, but sometimes they have to be herded
While line of business managers and application owners understand the value of capacity management, it can be difficult to establish the working relationship necessary for a fruitful partnership.
Proactively building relationships keeps services available
He built relationships with all the department heads on the business side, and all the application owners.
He established a steering committee for capacity.
He invited stakeholders to regular capacity planning meetings.
He scheduled lunch and learn sessions with business analysts and project managers.
Sometimes “need to know” doesn’t register with sales or marketing. Nearly every infrastructure manager can share a story about a time when someone has made a decision that has critically impacted IT infrastructure without letting anyone in IT in on the “secret.”
In brief
Imagine working for a media company as an infrastructure capacity manager. Now imagine that the powers that be have decided to launch a content-focused web service. Seems like something they would do, right? Now imagine you find out about it the same way the company’s subscribers do. This actually happened – and it shouldn’t have. But a similar lack of alignment makes this a real possibility for any organization. If you don’t establish a systematic plan for soliciting and incorporating business requirements, prepare to lose a chunk of your free time. The business should never be able to say, in response to “nobody tells me anything,” “nobody asked.”
Pictured: an artist’s rendering of the capacity manager in question.
Once you’ve established, firmly, that everyone’s on the same team, meet individually with the stakeholders to assess capacity.
Instructions
Input
Output
Materials
Participants
Sometimes line of business managers will evade or ignore you when you come knocking. They do this because they don’t know and they don’t want to give you the wrong information. Explain that a best guess is all you can ask for and allay their fears.
IT staff and line of business staff come with different skillsets. This can lead to confusion, but it doesn’t have to. Develop effective information solicitation techniques.
Instructions
Input
Output
Materials
Participants
When it comes to mapping technical requirements, IT alone has the ability to effectively translate business needs.
Instructions
Input
Output
Materials
Participants
Adapt the analysis to the needs of your organization. One capacity manager called the one-to-one mapping of business process to infrastructure demand the Holy Grail of capacity management. If this level of precision isn’t attainable, develop your own working estimates using the higher-level data
|
Capacity management The role of the capacity manager is changing, but it still has a purpose. Consider this:
|
Availability management Ensuring services are available is still IT’s wheelhouse, even if that means a shift to a brokerage model:
|
The cloud comes at the cost of detailed performance data. Sourcing a service through an SLA with a third party increases the need to perform your own performance testing of gold level applications. See performance monitoring.
"It is a commonplace observation that work expands so as to fill the time available for its completion. Thus, an elderly lady of leisure can spend the entire day in writing and despatching a postcard to her niece at Bognor Regis. An hour will be spent in finding the postcard, another in hunting for spectacles, half-an-hour in a search for the address, an hour and a quarter in composition, and twenty minutes in deciding whether or not to take an umbrella when going to the pillar-box in the next street."
C. Northcote Parkinson, The Economist, 1955
If you give people lots of capacity, they will use it. Most shops are overprovisioned, and in some cases that’s throwing perfectly good money away. Don’t be afraid to prod if someone requests something that doesn’t seem right.
Questions to ask:
In brief
Who isn’t a sports fan? Big games mean big stakes for pool participants and armchair quarterbacks—along with pressure on the network as fans stream games from their work computers. One organization suffered from this problem, and, instead of taking a hardline and banning all streams, opted to stream the game on a large screen in a conference room where those interested could work for its duration. This alleviated strain on the network and kept staff happy.
Industry:Professional Services
Source:Interview
24/7 AWS = round-the-clock costs
A senior developer realized that his development team had been leaving AWS instances running without any specific reason.
Why?
The development team appreciated the convenience of an always-on instance and, because the people spinning them up did not handle costs, the problem wasn’t immediately apparent.
Resolution
In his spare time over the course of a month, the senior developer wrote a program to manage the servers, including shutting them down during times when they were not in use and providing remote-access start-up when required. His team alone saved $30,000 in costs over the next six months, and his team lead reported that it would have been more than worth paying the team to implement such a project on company time.
Instructions
Input
Output
Materials
Participants
The most effective capacity management takes a holistic approach and looks at the big picture in order to find ways to eliminate unnecessary infrastructure usage, or to find alternate or more efficient sources of required capacity.
Industry:Telecommunications
Source: Interview
High-cost lines
The capacity manager at a telecommunications provider mapped out his firm’s network traffic and discovered they were using a number of VP circuits (inter building cross connects) that were very expensive on the scale of their network.
Paying the toll troll
These VP circuits were supplying needed network services to the telecom provider’s clients, so there was no way to reduce this demand.
Resolution
The capacity manager analyzed where the traffic was going and compared this to the cost of the lines they were using. After performing the analysis, he found he could re-route much of the traffic away from the VP circuits and save on costs while delivering the same level of service to their users.
Make informed decisions about capacity. Remember: retain all documentation. It might come in handy for the justification of purchases.
Instructions
Capacity management (and, by extension, availability management) is a combination of two balancing acts: cost against capacity and supply and demand.*
Instructions
In brief
The fractured nature of the capacity management space means that every organization is going to have a slightly different tooling strategy. No vendor has dominated, and every solution requires some level of customization. One capacity manager (a cloud provider, no less!) relayed a tale about a capacity management Excel sheet programmed with 5,000+ lines of code. As much work as that is, a bespoke solution is probably unavoidable.
3.2
Map business needs to technical requirements and technical requirements to infrastructure requirements
The analyst will guide workshop participants in using their organization’s data to map out the relationships between applications, technical requirements, and the underlying infrastructure usage.
Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.
Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.
|
Guided Implementation 3: Solicit and incorporate business needs Proposed Time to Completion: 2 weeks | |
|---|---|
|
Step 3.1: Solicit business needs and gather data Review your findings with an analyst Discuss the effectiveness of your strategies to involve business stakeholders in the planning process and your methods of data collection and analysis. Then complete these activities…
With these tools & templates: Capacity Plan Template |
Step 3.2: Analyze data and project future needs Review your findings with an analyst Discuss the effectiveness of your strategies to involve business stakeholders in the planning process and your methods of data collection and analysis. Then complete these activities…
With these tools & templates: Capacity Snapshot Tool Capacity Plan Template |
|
Phase 3 Results & Insights:
|
|
Availability: how often a service is usable (that is to say up and not too degraded to be effective). Consequences of reduced availability can include financial losses, impacted customer goodwill, and reduced faith in IT more generally.
Causes of availability issues:
Capacity: a particular component’s/service’s/business’ wiggle room. In other words, its usage ceiling.
Causes of capacity issues:
Availability and capacity issues can stem from a number of different causes. Include a list in your availability and capacity management plan.
Instructions
Input
Output
Materials
Participants
Availability and capacity problems result in incidents, critical incidents, and problems. These are addressed in a separate project (incident and problem management), but information about common causes can streamline that process.
Based on your understanding of your capacity needs (through written SLAs and informal but regular meetings with the business) highlight major risks you foresee.
Instructions
Input
Output
Materials
Participants
It’s an old adage, but it checks out: don’t come to the table armed only with problems. Be a problem solver and prove IT’s value to the organization.
Instructions (cont.)
Input
Output
Materials
Participants
It’s an old adage, but it checks out: don’t come to the table armed only with problems. Be a problem solver and prove IT’s value to the organization.
While capacity management is a form of availability management, it is not the only form. In this activity, outline the specific nature of threats to availability.
Instructions
Input
Output
Materials
Participants
A dynamic central repository is a good way to ensure that availability issues stemming from a variety of causes are captured and mitigated.
Although it is easier said than done, identifying potential mitigations is a crucial part of availability management as an activity.
Instructions (cont.)
Input
Output
Materials
Participants
The stakeholders consulted as part of the process will be interested in its results. Share them, either in person or through a collaboration tool.
The current status of your availability and capacity management plan should be on the agenda for every stakeholder meeting. Direct the stakeholders’ attention to the parts of the document that are relevant to them, and solicit their thoughts on the document’s accuracy. Over time you should get a pretty good idea of who among your stakeholder group is skilled at projecting demand, and who over- or underestimates, and by how much. This information will improve your projections and, therefore, your management over time.
Use the experience gained and the artifacts generated to build trust with the business. The meetings should be regular, and demonstrating that you’re actually using the information for good is likely to make hesitant participants in the process more likely to open up.
4.1
Identify capacity risks and mitigate them
The analyst will guide workshop participants in identifying potential risks to capacity and determining strategies for mitigating them.
Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.
Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.
|
Guided Implementation 4: Identify and mitigate risks Proposed Time to Completion: 1 week |
|---|
|
Step 4.1: Identify and mitigate risks Review your findings with an analyst
Then complete these activities…
With these tools & templates: Capacity Snapshot Tool Capacity Plan Template |
|
Phase 4 Results & Insights:
|
Components are critical to availability and capacity management.
The CEO doesn’t care about the SMTP server. She cares about meeting customer needs and producing profit. For IT capacity and availability managers, though, the devil is in the details. It only takes one faulty component to knock out a service. Keep track and keep the lights on.
Ask what the business is working on, not what they need.
If you ask them what they need, they’ll tell you – and it won’t be cheap. Find out what they’re going to do, and use your expertise to service those needs. Use your IT experience to estimate the impact of business and service level changes on the components that secure the availability you need.
Cloud shmoud.
The role of the capacity manager might be changing with the advent of the public cloud, but it has not disappeared. Capacity managers in the age of the cloud are responsible for managing vendor relationships, negotiating external SLAs, projecting costs and securing budgets, reining in prodigal divisions, and so on.
Client Project: Develop an Availability and Capacity Management Plan
This project has the ability to fit the following formats:
Adrian Blant, Independent Capacity Consultant, IT Capability Solutions
Adrian has over 15 years' experience in IT infrastructure. He has built capacity management business processes from the ground up, and focused on ensuring a productive dialogue between IT and the business.
James Zhang, Senior Manager Disaster Recovery, AIG Technology
James has over 20 years' experience in IT and 10 years' experience in capacity management. Throughout his career, he has focused on creating new business processes to deliver value and increase efficiency over the long term.
Mayank Banerjee, CTO, Global Supply Chain Management, HelloFresh
Mayank has over 15 years' experience across a wide range of technologies and industries. He has implemented highly automated capacity management processes as part of his role of owning and solving end-to-end business problems.
Mike Lynch, Consultant, CapacityIQ
Mike has over 20 years' experience in IT infrastructure. He takes a holistic approach to capacity management to identify and solve key problems, and has developed automated processes for mapping performance data to information that can inform business decisions.
Paul Waguespack, Manager of Application Systems Engineering, Tufts Health Plan
Paul has over 10 years' experience in IT. He has specialized in implementing new applications and functionalities throughout their entire lifecycle, and integrating with all aspects of IT operations.
Richie Mendoza, IT Consultant, SMITS Inc.
Richie has over 10 years' experience in IT infrastructure. He has specialized in using demand forecasting to guide infrastructure capacity purchasing decisions, to provide availability while avoiding costly overprovisioning.
Rob Thompson, President, IT Tools & Process
Rob has over 30 years’ IT experience. Throughout his career he has focused on making IT a generator of business value. He now runs a boutique consulting firm.
Todd Evans, Capacity and Performance Management SME, IBM
Todd has over 20 years' experience in capacity and performance management. At Kaiser Permanente, he established a well-defined mapping of the businesses workflow processes to technical requirements for applications and infrastructure.
451 Research. “Best of both worlds: Can enterprises achieve both scalability and control when it comes to cloud?” 451 Research, November 2016. Web.
Allen, Katie. “Work Also Shrinks to Fit the Time Available: And We Can Prove It.” The Guardian. 25 Oct. 2017.
Amazon. “Amazon Elastic Compute Cloud.” Amazon Web Services. N.d. Web.
Armandpour, Tim. “Lies Vendors Tell about Service Level Agreements and How to Negotiate for Something Better.” Network World. 12 Jan 2016.
“Availability Management.” ITIL and ITSM World. 2001. Web.
Availability Management Plan Template. Purple Griffon. 30 Nov. 2012. Web.
Bairi, Jayachandra, B., Murali Manohar, and Goutam Kumar Kundu. “Capacity and Availability Management by Quantitative Project Management in the IT Service Industry.” Asian Journal on Quality 13.2 (2012): 163-76. Web.
BMC Capacity Optimization. BMC. 24 Oct 2017. Web.
Brooks, Peter, and Christa Landsberg. Capacity Management in Today’s IT Environment. MentPro. 16 Aug 2017. Web.
"Capacity and Availability Management." CMMI Institute. April 2017. Web.
Capacity and Availability Management. IT Quality Group Switzerland. 24 Oct. 2017. Web.
Capacity and Performance Management: Best Practices White Paper. Cisco. 4 Oct. 2005. Web.
"Capacity Management." Techopedia.
“Capacity Management Forecasting Best Practices and Recommendations.” STG. 26 Jan 2015. Web.
Capacity Management from the Ground up. Metron. 24 Oct. 2017. Web.
Capacity Management in the Modern Datacenter. Turbonomic. 25 Oct. 2017. Web.
Capacity Management Maturity Assessing and Improving the Effectiveness. Metron. 24 Oct. 2017. Web.
“Capacity Management Software.” TeamQuest. 24 Oct 2017. Web,
Capacity Plan Template. Purainfo. 11 Oct 2012. Web.
“Capacity Planner—Job Description.” Automotive Industrial Partnership. 24 Oct. 2017. Web.
Capacity Planning. CDC. Web. Aug. 2017.
"Capacity Planning." TechTarget. 24 Oct 2017. Web.
“Capacity Planning and Management.” BMC. 24 Oct 2017. Web.
"Checklist Capacity Plan." IT Process Wiki. 24 Oct. 2017. Web.
Dykes, Brent. “Actionable Insights: The Missing Link Between Data and Business Value.” Forbes. April 26, 2016. Web.
Evolved Capacity Management. CA Technologies. Oct. 2013. Web.
Francis, Ryan. “False positives still cause threat alert fatigue.” CSO. May 3, 2017. Web.
Frymire, Scott. "Capacity Planning vs. Capacity Analytics." ScienceLogic. 24 Oct. 2017. Web.
Glossary. Exin. Aug. 2017. Web.
Herrera, Michael. “Four Types of Risk Mitigation and BCM Governance, Risk and Compliance.” MHA Consulting. May 17, 2013.
Hill, Jon. How to Do Capacity Planning. TeamQuest. 24 Oct. 2017. Web.
“How to Create an SLA in 7 Easy Steps.” ITSM Perfection. 25 Oct. 2017. Web.
Hunter, John. “Myth: If You Can’t Measure It: You Can’t Manage It.” W. Edwards Deming Institute Blog. 13 Aug 2015. Web.
IT Service Criticality. U of Bristol. 24 Oct. 2017. Web.
"ITIL Capacity Management." BMC's Complete Guide to ITIL. BMC Software. 22 Dec. 2016. Web.
“Just-in-time.” The Economist. 6 Jul 2009. Web.
Kalm, Denise P., and Marv Waschke. Capacity Management: A CA Service Management Process Map. CA. 24 Oct. 2017. Web.
Klimek, Peter, Rudolf Hanel, and Stefan Thurner. “Parkinson’s Law Quantified: Three Investigations in Bureaucratic Inefficiency.” Journal of Statistical Mechanics: Theory and Experiment 3 (2009): 1-13. Aug. 2017. Web.
Landgrave, Tim. "Plan for Effective Capacity and Availability Management in New Systems." TechRepublic. 10 Oct. 2002. Web.
Longoria, Gina. “Hewlett Packard Enterprise Goes After Amazon Public Cloud in Enterprise Storage.” Forbes. 2 Dec. 2016. Web.
Maheshwari, Umesh. “Understanding Storage Capacity.” NimbleStorage. 7 Jan. 2016. Web.
Mappic, Sandy. “Just how complex can a Login Transaction be? Answer: Very!” Appdynamics. Dec. 11 2011. Web.
Miller, Ron. “AWS Fires Back at Larry Ellison’s Claims, Saying It’s Just Larry Being Larry.” Tech Crunch. 2 Oct. 2017. Web.
National College for Teaching & Leadership. “The role of data in measuring school performance.” National College for Teaching & Leadership. N.d. Web,
Newland, Chris, et al. Enterprise Capacity Management. CETI, Ohio State U. 24 Oct. 2017. Web.
Office of Government Commerce . Best Practice for Service Delivery. London: Her Majesty’s Stationery Office, 2001.
Office of Government Commerce. Best Practice for Business Perspective: The IS View on Delivering Services to the Business. London: Her Majesty’s Stationery Office, 2004.
Parkinson, C. Northcote. “Parkinson’s Law.” The Economist. 19 Nov. 1955. Web.
“Parkinson’s Law Is Proven Again.” Financial Times. 25 Oct. 2017. Web.
Paul, John, and Chris Hayes. Performance Monitoring and Capacity Planning. VM Ware. 2006. Web.
“Reliability and Validity.” UC Davis. N.d. Web.
"Role: Capacity Manager." IBM. 2008. Web.
Ryan, Liz. “‘If You Can’t Measure It, You Can’t Manage It’: Not True.” Forbes. 10 Feb. 2014. Web.
S, Lalit. “Using Flexible Capacity to Lower and Manage On-Premises TCO.” HPE. 23 Nov. 2016. Web.
Snedeker, Ben. “The Pros and Cons of Public and Private Clouds for Small Business.” Infusionsoft. September 6, 2017. Web.
Statement of Work: IBM Enterprise Availability Management Service. IBM. Jan 2016. Web.
“The Road to Perfect AWS Reserved Instance Planning & Management in a Nutshell.” Botmetric. 25 Oct. 2017. Web.
Transforming the Information Infrastructure: Build, Manage, Optimize. Asigra. Aug. 2017. Web.
Valentic, Branimir. "Three Faces of Capacity Management." ITIL/ISO 20000 Knowledge Base. Advisera. 24 Oct. 2017. Web.
"Unify IT Performance Monitoring and Optimization." IDERA. 24 Oct. 2017. Web.
"What is IT Capacity Management?" Villanova U. Aug. 2017. Web.
Wolstenholme, Andrew. Final internal Audit Report: IT Availability and Capacity (IA 13 519/F). Transport For London. 23 Feb. 2015. Web.
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Understand the benefits of data valuation.
Learn about the data value chain framework and preview the step-by-step guide to start collecting data sources.
Mature your data valuation by putting in the valuation dimensions and metrics. Establish documented results that can be leveraged to demonstrate value in your data assets.
Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.
Explain data valuation approach and value proposition.
A clear understanding and case for data valuation.
1.1 Review common business data sources and how the organization will benefit from data valuation assessment.
1.2 Understand Info-Tech’s data valuation framework.
Organization data valuation priorities
Capture data sources and data collection methods.
A clear understanding of the data value chain.
2.1 Assess data sources and data collection methods.
2.2 Understand key insights and value proposition.
2.3 Capture data value chain.
Data Valuation Tool
Leverage the data valuation framework.
Capture key data valuation dimensions and align with data value chain.
3.1 Introduce data valuation framework.
3.2 Discuss key data valuation dimensions.
3.3 Align data value dimension to data value chain.
Data Valuation Tool
Improve organization’s data value.
Continue to improve data value.
4.1 Capture data valuation metrics.
4.2 Define data valuation for continuous monitoring.
4.3 Create a communication plan.
4.4 Define a plan for continuous improvements.
Data valuation metrics
Data Valuation Communication Plan
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Analyze the scope of the IoT and the three most prominent enterprise use cases.
Develop and prioritize use cases for the IoT using Info-Tech’s IoT Initiative Framework.
Present the IoT initiative to stakeholders and understand the way forward for the IoT initiative.
Despite the universally agreed-upon benefit of formulating a coherent strategy, several obstacles make execution difficult:
A cloud strategy might seem like a big project, but it’s just a series of smaller conversations. The methodology presented here is designed to facilitate those conversations, using a curated list of topics, prompts, participant lists, and sample outcomes. We have divided the strategy into four key areas:
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
This storyboard comprises four phases, covering mission and vision, people, governance, and technology, and how each of these areas requires forethought when migrating to the cloud.
Each section of Document Your Cloud Strategy corresponds to a section in the document template. Once you’ve completed each exercise, you can record your results in the document template, leaving you with an artifact you can share with stakeholders.
Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.
Understand and document your cloud vision and its alignment with your other strategic priorities.
A complete understanding of your strategy, vision, alignment, and a list of success metrics that will help you find your way.
1.1 Record your cloud mission and vision.
1.2 Document your cloud strategy’s alignment with other strategic plans.
1.3 Record your cloud guiding principles.
Documented strategy, vision, and alignment.
Defined success metrics.
Define how people, skills, and roles will contribute to the broader cloud strategy.
Sections of the strategy that highlight skills, roles, culture, adoption, and the creation of a governance body.
2.1 Outline your skills and roles strategy.
2.2 Document your approach to culture and adoption
2.3 Create a cloud governing body.
Documented people strategy.
This section facilitates governance in the cloud, developing principles that apply to architecture, integration, finance management, and more.
Sections of the strategy that define governance principles.
3.1 Conduct discussion on architecture.
3.2 Conduct discussion on integration and interoperability.
3.3 Conduct discussion on operations management.
3.4 Conduct discussion on cloud portfolio management.
3.5 Conduct discussion on cloud vendor management.
3.6 Conduct discussion on finance management.
3.7 Conduct discussion on security.
3.8 Conduct discussion on data controls.
Documented cloud governance strategy.
Creation of a formal cloud strategy relating to technology around provisioning, monitoring, and migration.
Completed strategy sections of the document that cover technology areas.
4.1 Formalize organizational approach to monitoring.
4.2 Document provisioning process.
4.3 Outline migration processes and procedures.
Documented cloud technology strategy.
Moving to the cloud is a big, scary transition, like moving from gas-powered to electric cars, or from cable to streaming, or even from the office to working from home. There are some undeniable benefits, but we must reorient our lives a bit to accommodate those changes, and the results aren’t always one-for-one. A strategy helps you make decisions about your future direction and how you should respond to changes and challenges. In Document Your Cloud Strategy we hope to help you accomplish just that: clarifying your overall mission and vision (as it relates to the cloud) and helping you develop an approach to changes in technology, people management, and, of course, governance. The cloud is not a panacea. Taken on its own, it will not solve your problems. But it can be an important tool in your IT toolkit, and you should aim to make the best use of it – whatever “best” happens to mean for you.
Jeremy Roberts
Research Director, Infrastructure and Operations
Info-Tech Research Group
The cloud is multifaceted. It can be complicated. It can be expensive. Everyone has an opinion on the best way to proceed – and in many cases has already begun the process without bothering to get clearance from IT. The core challenge is creating a coherent strategy to facilitate your overall goals while making the best use of cloud technology, your financial resources, and your people.
Despite the universally agreed-upon benefit of formulating a coherent strategy, several obstacles make execution difficult:
A cloud strategy might seem like a big project, but it’s just a series of smaller conversations. The methodology presented here is designed to facilitate those conversations, using a curated list of topics, prompts, participant lists, and sample outcomes. We have divided the strategy into four key areas:
The answers might be different, but the questions are the same
Every organization will approach the cloud differently, but they all need to ask the same questions: When will we use the cloud? What forms will our cloud usage take? How will we manage governance? What will we do about people? How will we incorporate new technology into our environment? The answers to these questions are as numerous as there are people to answer them, but the questions must be asked.
Grappling with a cloud strategy is a top initiative: 43% of respondents report progressing on a cloud-first strategy as a top cloud initiative.
A document providing a systematic overview of cloud services, their appropriate use, and the steps that an organization will take to maximize value and minimize risk.
Define Your Cloud Vision |
→ |
Vision and alignment
|
→ | Technology
|
Governance
|
||||
|
People
|
Your cloud strategy will comprise the elements listed under “vision and alignment,” “technology,” “governance,” and “people.” The Info-Tech methodology involves breaking the strategy down into subcomponents and going through a three-step process for each one. Start by reviewing a standard set of questions and understanding the goal of the exercise: What do we need to know? What are some common considerations and best practices? Once you’ve had a chance to review, discuss your current state and any gaps: What has been done? What still needs to be done? Finally, outline how you plan to go forward: What are your next steps? Who needs to be involved?
1. Document your vision and alignment |
2. Record your people strategy |
3. Document governance principles |
4. Formalize your technology strategy |
|
|---|---|---|---|---|
Phase Steps |
|
|
Document official organizational positions in these governance areas:
|
|
Phase Outcomes |
Documented strategy: vision and alignment |
Documented people strategy |
Documented cloud governance strategy |
Documented cloud technology strategy |
Separate strategy from tactics
Separate strategy from tactics! A strategy requires building out the framework for ongoing decision making. It is meant to be high level and achieve a large goal. The outcome of a strategy is often a sense of commitment to the goal and better communication on the topic.
The cloud does not exist in a vacuum
Your cloud strategy flows from your cloud vision and should align with the broader IT strategy. It is also part of a pantheon of strategies and should exist harmoniously with other strategies – data, security, etc.
People problems needn’t preponderate
The cloud doesn’t have to be a great disruptor. If you handle the transition well, you can focus your people on doing more valuable work – and this is generally engaging.
Governance is a means to an end
Governing your deployment for its own sake will only frustrate your end users. Articulate the benefits users and the organization can expect to see and you’re more likely to receive the necessary buy-in.
Technology isn’t a panacea
Technology won’t solve all your problems. Technology is a force multiplier, but you will still have to design processes and train your people to fully leverage it.
Cloud Strategy Document template
Inconsistency and informality are the enemies of efficiency. Capture the results of the cloud strategy generation exercises in the Cloud Strategy Document template.
IT benefits |
Business benefits |
|---|---|
|
|
8.8/10 Average reported satisfaction
13 Days Average reported time savings
$46,499 Average cost savings
INDUSTRY: Pharmaceuticals
SOURCE: Info-Tech workshop
The unnamed pharmaceutical company that is the subject of this case study was looking to make the transition to the cloud. In the absence of a coherent strategy, the organization had a few cloud deployments with no easily discernable overall approach. Representatives of several distinct functions (legal, infrastructure, data, etc.) all had opinions on the uses and abuses of cloud services, but it had been difficult to round everyone up and have the necessary conversations. As a result, the strategy exercise had not proceeded in a speedy or well-governed way. This lack of strategic readiness presented a roadblock to moving forward with the cloud strategy and to work with the cloud implementation partner, tasked with execution.
Results
The company engaged Info-Tech for a four-day workshop on cloud strategy documentation. Over the course of four days, participants drawn from across the organization discussed the strategic components and generated consensus statements and next steps. The team was able to formalize the cloud strategy and described the experience as saving 10 days.
Example output: Document your cloud strategy workshop exercise
Anything in green, the team was reasonably sure they had good alignment and next steps. Those yellow flags warranted more discussion and were not ready for documentation.
"Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful."
"Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track."
"We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place."
"Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project."
Document your vision and alignment |
Record your people strategy |
Document governance principles |
Formalize your technology strategy |
|---|---|---|---|
Call #1: Review existing vision/strategy documentation. |
Call #2: Review progress on skills, roles, and governance bodies. |
Call #3: Work through integration, architecture, finance management, etc. based on reqs. (May be more than one call.) |
Call #4: Discuss challenges with monitoring, provisioning, and migration as-needed. |
A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization. A typical GI is 4 to 6 calls over the course of 1 to 3 months
Contact your account representative for more information.
workshops@infotech.com 1-888-670-8889
Day 1 |
Day 2 |
Day 3 |
Day 4 |
Day 5 |
|
|---|---|---|---|---|---|
Answer |
Define the |
Assess the IT |
Bridge the gap and |
Next steps and |
|
Activities |
1.1 Introduction 1.2 Discuss cloud mission and vision 1.3 Discuss alignment with other strategic plans 1.4 Discuss guiding principles 1.5 Define success metrics |
2.1 Discuss skills and roles 2.2 Review culture and adoption 2.3 Discuss a cloud governing body 2.4 Review architecture position 2.5 Discuss integration and interoperability |
3.1 Discuss cloud operations management 3.2 Review cloud portfolio management 3.3 Discuss cloud vendor management 3.4 Discuss cloud finance management 3.5 Discuss cloud security |
4.1 Review and formalize data controls 4.2 Design a monitoring approach 4.3 Document the workload provisioning process 4.4 Outline migration processes and procedures |
5.1 Populate the Cloud Strategy Document |
Deliverables |
Formalized cloud mission and vision, along with alignment with strategic plans, guiding principles, and success metrics |
Position statement on skills and roles, culture and adoption, governing bodies, architecture, and integration/interoperability |
Position statements on cloud operations management, portfolio management, vendor management, finance management, and cloud security |
Position statements on data controls, monitoring, provisioning, and migration |
Completed Cloud Strategy Document |
Phase 1 |
Phase 2 |
Phase 3 |
Phase 4 |
|---|---|---|---|
|
1.1 Document your mission and vision 1.2 Document alignment to other strategic plans 1.3 Document guiding principles 1.4 Document success metrics |
2.1 Define approach to skills and roles 2.2 Define approach to culture and adoption 2.3 Define cloud governing bodies |
3.1 Define architecture direction 3.2 Define integration approach 3.3 Define operations management process 3.4 Define portfolio management direction 3.5 Define vendor management direction 3.6 Document finance management tactics 3.7 Define approach to cloud security 3.8 Define data controls in the cloud |
4.1 Define cloud monitoring strategy 4.2 Define cloud provisioning strategy 4.3 Define cloud migration strategy |
This phase will walk you through the following activities:
This phase has the following outcome:
Before formally documenting your cloud strategy, you should ensure that you have a good understanding of your overall cloud vision. How do you plan to leverage the cloud? What goals are you looking to accomplish? How will you distribute your workloads between different cloud service models (SaaS, PaaS, IaaS)? What will your preferred delivery model be (public, private, hybrid)? Will you support your cloud deployment internally or use the services of various consultants or managed service providers?
The answers to these questions will inform the first section of your cloud strategy. If you haven’t put much thought into this or think you could use a deep dive on the fundamentals of your cloud vision and cloud archetypes, consider reviewing Define Your Cloud Vision, the companion blueprint to this one.
Once you understand your cloud vision and what you’re trying to accomplish with your cloud strategy, this phase will walk you through aligning the strategy with other strategic initiatives. What decisions have others made that will impact the cloud strategy (or that the cloud strategy will impact)? Who must be involved/informed? What callouts must be involved at what point? Do users have access to the appropriate strategic documentation (and would they understand it if they did)?
You must also capture some guiding principles. A strategy by its nature provides direction, helping readers understand the decisions they should make and why those decisions align with organizational interests. Creating some top-level principles is a useful exercise because those principles facilitate comprehension and ensure the strategy’s applicability.
Finally, this phase will walk you through the process of measuring success. Once you know where you’d like to go, the principles that underpin your direction, and how your cloud strategy figures into the broader strategic pantheon, you should record what success actually means. If you’re looking to save money, overall cost should be a metric you track. If the cloud is all about productivity, generate appropriate productivity metrics. If you’re looking to expand into new technology or close a datacenter, you will need to track output specific to those overall goals.
The overall organizational mission is a key foundational element of the cloud strategy. If you don’t understand where you’re going, how can you begin the journey to get there? This section of the strategy has four key parts that you should understand and incorporate into the beginning of the strategy document. If you haven’t already, review Define Your Cloud Vision for instructions on how to generate these elements.
|
1. Cloud vision statement: This is a succinct encapsulation of your overall perspective on the suitability of cloud services for your environment – what you hope to accomplish. The ideal statement includes a scope (who/what does the strategy impact?), a goal (what will it accomplish?), and a key differentiator (what will make it happen?). This is an example: “[Organization] will leverage public cloud solutions and retire existing datacenter and colocation facilities. This transition will simplify infrastructure administration, support and security, while modernizing legacy infrastructure and reducing the need for additional capital expenditure.” You might also consider reviewing your overall cloud archetype (next slide) and including the output of that exercise in the document |
2. Service model decision framework: Services can be provided as software as a service (SaaS), platform as a service (PaaS), infrastructure as a service (IaaS), or they can be colocated or remain on premises. Not all cloud service models serve the same purpose or provide equal value in all circumstances. Understanding how you plan to take advantage of these distinct service models is an important component of the cloud strategy. In this section of the strategy, a rubric that captures the characteristics of the ideal workload for each of the named service models, along with some justification for the selection, is essential. This is a core component of Define Your Cloud Vision, and if you would like to analyze individual workloads, you can use the Cloud Vision Workbook for that purpose. |
|
3. Delivery model decision framework: Just as there are different cloud service models that have unique value propositions, there are several unique cloud delivery models as well, distinguished by ownership, operation, and customer base. Public clouds are the purview of third-party providers who make them available to paying customers. Private clouds are built for the exclusive use of a designated organization or group of organizations with internal clients to serve. Hybrid clouds involve the use of multiple, interoperable delivery models (interoperability is the key term here), while multi-cloud deployment models incorporate multiple delivery and service models into a single coherent strategy. What will your preferred delivery model be? Why? |
4. Support model decision framework: Once you have a service model nailed down and understand how you will execute on the delivery, the question then becomes about how you will support your cloud deployment going forward. Broadly speaking, you can choose to manage your deployment in house using internal resources (e.g. staff), to use managed service providers for ongoing support, or to hire consultants to handle specific projects/tasks. Each approach has its strengths and weaknesses, and many cloud customers will deploy multiple support models across time and different workloads. A foundational perspective on the support model is a key component of the cloud vision and should appear early in the strategy. |
Once you understand the value of the cloud, your workloads’ general suitability for the cloud, and your proposed risks and mitigations, the next step is to define your cloud archetype. Your organization’s cloud archetype is the strategic posture that IT adopts to best support the organization’s goals. Info-Tech’s model recognizes seven archetypes, divided into three high-level archetypes. After consultation with your stakeholders, and based on the results of the suitability and risk assessment activities, define your archetype. The archetype feeds into the overall cloud vision and provides simple insight into the cloud future state for all stakeholders. The cloud vision itself is captured in a “vision statement,” a short summary of the overall approach that includes the overall cloud archetype.
We can best support the organization’s goals by: |
||
Cloud-Focused |
Cloud-Centric |
Providing all workloads through cloud delivery. |
Cloud-First |
Using the cloud as our default deployment model. For each workload, we should ask “why NOT cloud?” |
|
Cloud-Opportunistic |
Hybrid |
Enabling the ability to transition seamlessly between on-premises and cloud resources for many workloads. |
Integrated |
Combining cloud and traditional infrastructure resources, integrating data and applications through APIs or middleware. |
|
Split |
Using the cloud for some workloads and traditional infrastructure resources for others. |
|
Cloud-Averse |
Cloud-Light |
Using traditional infrastructure resources and limiting our use of the cloud to when it is absolutely necessary. |
Anti-Cloud |
Using traditional infrastructure resources and avoiding the use of cloud wherever possible. |
We may not be able to show you this just yet.
Our deeper, more detailed content is reserved for Tymans Group clients.
If you are interested in retaining our services or would really like access, please contact us.
The technical side of IT security demands the best security possible, but the business side of running IT demands that you determine what is cost-effective and can still do the job. You likely shrugged off the early iterations of Microsoft’s security efforts, but you may have heard that things have changed. Where do you start in evaluating Microsoft’s security products in terms of effectiveness? The value proposition sounds tremendous to the CFO, “free” security as part of your corporate license, but how does it truly measure up and how do you articulate your findings to the business?
Microsoft’s security products have improved to the point where they are often ranked competitively with mainstream security products. Depending on your organization’s licensing of Office 365/Microsoft 365, some of these products are included in what you’re already paying for. That value proposition is hard to deny.
Determine what is important to the business, and in what order of priority.
Take a close look at your current solution and determine what are table stakes, what features you would like to have in its replacement, and what your current solution is missing.
Consider Microsoft’s security solutions using an objective methodology. Sentiment will still be a factor, but it shouldn’t dictate the decision you make for the good of the business.
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Examine what you are licensed for, what you are paying, what you need, and what your constraints are.
Determine what is “good enough” security and assess the needs of your organization.
Decide what you will go with and start planning your next steps.
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Your newly hybrid workplace will include virtual, hybrid, and physical meetings, presenting several challenges:
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Understand the problem before you try to fix it. Before you can improve meetings, you need to understand what your norms and challenges currently are.
Document meeting roles, expectations, and how meetings should run. Decide what kind of meeting delivery model to use and develop a training program.
Always be consulting with users: early in the process to set a benchmark, during and after every meeting to address immediate concerns, and quarterly to identify trends and deeper issues.
Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.
Understand the current state of meetings in your organization.
What you need to keep doing and what you need to change
1.1 Brainstorm meeting types.
1.2 Document meeting norms.
1.3 Document and categorize meeting challenges.
Documented challenges with meetings
Meeting norms
Desired changes to meeting norms
Review and implement meeting best practices.
Defined meeting best practices for your organization
2.1 Document meeting roles and expectations.
2.2 Review common meeting challenges and identify best practices.
2.3 Document when to use a hybrid meeting, virtual meeting, or an in-person meeting.
2.4 Develop a training program.
Meeting roles and expectations
List of meeting best practices
Guidelines to help workers choose between a hybrid, virtual, or in-person meeting
Training plan for meetings
Identify opportunities to improve meeting technology.
A strategy for improving the underlying technologies and meeting spaces
3.1 Empower virtual meeting attendees.
3.2 Optimize spaces for hybrid meetings.
3.3 Build a team of meeting champions.
3.4 Iterate to build and improve meeting technology.
3.5 Guide users toward each technology.
Desired improvements to meeting rooms and meeting technology
Charter for the team of meeting champions
Communications Guide Poster
There is no one-size-fits-all approach to product delivery. For many organizations product delivery requires detailed project management practices, while for others it requires much less. Taking an outcome-first approach when planning your product transformation is critical to make the right decision on the balance between project and product management.
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
The activities in this research will guide you through clarifying how you want to talk about projects and products, aligning project management and agility, specifying the different activities for project management, and identifying key differences with funding of products instead of projects.
7 Step 1.1: Clarify How You Want to Talk About Projects and Products
13 Step 1.2: Align Project Management and Agility
16 Step 1.3: Specify the Different Activities for Project Management
20 Step 1.4: Identify Key Differences in Funding of Products Instead of Projects
26 Bibliography
When moving to more product-centric delivery practices, many assume that projects are no longer necessary. That isn’t necessarily the case!
Product delivery can mean different things to different organizations, and in many cases it can involve the need to maintain both projects and project delivery.
Projects are a necessary vehicle in many organizations to drive value delivery, and the activities performed by project managers still need to be done by someone. It is the form and who is involved that will change the most.
|
Ari Glaizel
|
Your Challenge
|
Common Obstacles
|
Info-Tech’s Approach
|
There is no one-size-fits-all approach to product delivery. For many organizations product delivery requires detailed project management practices, while for others it requires much less. Taking an outcome-first approach when planning your product transformation is critical to make the right decision on the balance between project and product management.
Project“A temporary endeavor undertaken to create a unique product, service, or result. The temporary nature of projects indicates a beginning and an end to the project work or a phase of the project work. Projects can stand alone or be part of a program or portfolio.” (PMBOK, PMI) |
|
Product“A tangible solution, tool, or service (physical or digital) that enables the long-term and evolving delivery of value to customers and stakeholders based on business and user requirements.” (Deliver on Your Digital Product Vision, Info-Tech Research Group) |
Output: Your enterprise/organizational definition of products and projects
Participants: Executives, Product/project managers, Applications teams
Regardless of whether you recognize yourself as a “product-based” or “project-based” shop, the same basic principles should apply.
You go through a period or periods of project-like development to build or implement a version of an application or product.
You also have parallel services along with your project development that encompass the more product-based view. These may range from basic support and maintenance to full-fledged strategy teams or services like sales and marketing.
As your product transformation continues, projects can become optional and needed only as part of your organization’s overall delivery processes
| Project | Product | |
| Fund projects | — Funding –› | Fund teams |
| Line-of-business sponsor | — Prioritization –› | Product owner |
| Project owner | — Accountability –› | Product owner |
| Makes specific changes to a product | —Product management –› | Improves product maturity and support of the product |
| Assignment of people to work | — Work allocation –› | Assignment of work to product teams |
| Project manager manages | — Capacity management –› | Team manages |
Product delivery requires significant shifts in the way you complete development and implementation work and deliver value to your users. Make the changes that support improving end-user value and enterprise alignment.
5-10 minutes
Output: Increased appreciation of the relationship between project and product delivery
Participants: Executives, Product/project managers, Applications teams
In product-centric, Agile teams, many roles that a project manager previously performed are now taken care of to different degrees by the product owner, delivery team, and process manager.
The overall change alters the role of project management from one that orchestrates all activities to one that supports, monitors, and escalates.
5-10 minutes
Output: An assessment of what is in the way to effectively deliver on Agile and product-focused projects
Participants: Executives, Product/project managers, Applications teams
|
|
||||
|
|
5-10 minutes
Output: Current understanding of the role of project management in Agile/product delivery
Participants: Executives, Product/project managers, Applications teams
Project managers still have a role to play in Agile projects and products. Agreeing to what they should be doing is critical to successfully moving to a product-centric approach to delivery.
| Autonomy
Fund what delivers value Fund long-lived delivery of value through products (not projects). Give autonomy to the team to decide exactly what to build. | Flexibility
Allocate iteratively Allocate to a pool based on higher-level business case. Provide funds in smaller amounts to different product teams and initiatives based on need. |
| Accountability
Measure and adjust Product teams define metrics that contribute to given outcomes. Track progress and allocate more (or less) funds as appropriate. |  Info-Tech InsightChanges to funding require changes to product and Agile practices to ensure product ownership and accountability. |
(Adapted from Bain & Company)
| TRADITIONAL PROJECTS WITH WATERFALL DELIVERY | TRADITIONAL PROJECTS WITH AGILE DELIVERY | PRODUCTS WITH AGILE PROJECT DELIVERY | PRODUCTS WITH AGILE DELIVERY | |
WHEN IS THE BUDGET TRACKED? |
Budget tracked by major phases | Budget tracked by sprint and project | Budget tracked by sprint and project | Budget tracked by sprint and release |
HOW ARE CHANGES HANDLED? |
All change is by exception | Scope change is routine; budget change is by exception | Scope change is routine; budget change is by exception | Budget change is expected on roadmap cadence |
WHEN ARE BENEFITS REALIZED? |
Benefits realization post project completion | Benefits realization ongoing throughout the life of the project | Benefits realization ongoing throughout the life of the product | Benefits realization ongoing throughout life of the product |
WHO DRIVES? |
Project Manager
|
Product Owner
|
Product Manager
|
Product Manager
|
| ˆ ˆ
Hybrid Operating Environments |
||||
As you evolve your approach to product delivery, you will be decoupling the expected benefits, forecast, and budget. Managing them independently will improve your ability adapt to change and drive the right outcomes!
Output: Understanding of funding principles and challenges
Participants: Executives, Product owners, Product managers, Project managers, Delivery managers
| Global Digital Financial Services Company
This financial services company looked to drive better results by adopting more product-centric practices.
Results
|
|
|
Deliver on Your Digital Product Vision
Implement Agile Practices That Work
Implement DevOps Practices That Work
Prepare an Actionable Roadmap for Your PMO
|
Deliver Digital Products at Scale
Extend Agile Practices Beyond IT
Spread Best Practices With an Agile Center of Excellence
Tailor IT Project Management Processes to Fit Your Projects
|
Cobb, Chuck. “Are there Project Managers in Agile?” High Impact Project Management, n.d. Web.
Cohn, Mike. “What Is a Product?” Mountain Goat Software, 6 Sept. 2016. Web.
Cobb, Chuck. “Agile Project Manager Job Description.” High Impact Project Management, n.d. Web.
“How do you define a product?” Scrum.org, 4 April 2017. Web.
Johnson, Darren, et al. “How to Plan and Budget for Agile at Scale.” Bain & Company, 8 Oct. 2019. Web.
“Product Definition.” SlideShare, uploaded by Mark Curphey, 25 Feb. 2007. Web.
Project Management Institute. A Guide to the Project Management Body of Knowledge (PMBOK Guide). 7th ed., Project Management Institute, 2021.
Schuurman, Robbin. “Scrum Master vs Project Manager – An Overview of the Differences.” Scrum.org, 11 Feb 2020. Web.
Schuurman, Robbin. “Product Owner vs Project Manager.” Scrum.org, 12 March 2020. Web.
Vlaanderen, Kevin. “Towards Agile Product and Portfolio Management.” Academia.edu, 2010. Web.
“What is a Developer in Scrum?” Scrum.org, n.d. Web.
“What is a Scrum Master?” Scrum.org, n.d. Web.
“What is a Product Owner?” Scrum.org, n.d. Web.
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Make the case for a web experience management suite and structure the WEM strategy project.
Identify the target state WEM strategy, assess current state, and identify gaps.
Build the WEM technology stack and create a web strategy initiatives roadmap.
Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.
Discuss the general project overview for the WEM selection.
Launch of your WEM selection project.
Development of your organization’s WEM requirements.
1.1 Facilitation of activities from the Launch the WEM Project and Collect Requirements phase, including project scoping and resource planning.
1.2 Conduct overview of the WEM market landscape, trends, and vendors.
1.3 Conduct process mapping for selected marketing processes.
1.4 Interview business stakeholders.
1.5 Prioritize WEM functional requirements.
WEM Procurement Project Charter
WEM Use-Case Fit Assessment
Plan the procurement and the implementation of the WEM solution.
Selection of a WEM solution.
A plan for implementing the selected WEM solution.
2.1 Complete marketing process mapping with business stakeholders.
2.2 Interview IT staff and project team, identify technical requirements for the WEM suite, and document high-level solution requirements.
2.3 Perform a use-case scenario assessment, review use-case scenario results, identify use-case alignment, and review the WEM Vendor Landscape vendor profiles and performance.
2.4 Create a custom vendor shortlist and investigate additional vendors for exploration in the marketplace.
2.5 Meet with project manager to discuss results and action items.
Vendor Shortlist
WEM RFP
Vendor Evaluations
Selection of a WEM Solution
WEM projected work break-down
Implementation plan
Framework for WEM deployment and CRM/Marketing Management Suite Integration
A properly optimized SAP business process will reduce costs and increase productivity.
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
SAP is a core tool that the business leverages to accomplish its goals. Use this blueprint to strategically re-align business goals, identify business application capabilities, complete a process assessment, evaluate user adoption, and create an optimization plan that will drive a cohesive technology strategy that delivers results.
The Get the Most out of Your SAP Workbook serves as the holding document for the different elements for the Get the Most out of Your SAP blueprint. Use each assigned tab to input the relevant information for the process of optimizing your SAP.
Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.
Get the most out of your SAP.
Develop an ongoing SAP optimization team.
Re-align SAP and business goals.
Understand your current system state capabilities and processes.
Validate user satisfaction, application fit, and areas of improvement to optimize your SAP.
Take a 360-degree inventory of your SAP and related systems.
Realign business and technology drivers. Assess user satisfaction.
Review the SAP marketplace.
Complete a thorough examination of capabilities and processes.
Manage your vendors and data.
Pull this all together to prioritize optimization efforts and develop a concrete roadmap.
1.1 Determine your SAP optimization team.
1.2 Align organizational goals.
1.3 Inventory applications and interactions.
1.4 Define business capabilities.
1.5 Explore SAP-related costs.
SAP optimization team
SAP business model
SAP optimization goals
SAP system inventory and data flow
SAP process list
SAP and related costs
Map current-state capabilities.
Complete an SAP process gap analysis to understand where the SAP is underperforming.
Review the SAP application portfolio assessment to understand user satisfaction and data concerns.
Undertake a software review survey to understand your satisfaction with the vendor and product.
2.1 Conduct gap analysis for SAP processes.
2.2 Perform an application portfolio assessment.
2.3 Review vendor satisfaction.
SAP process gap analysis
SAP application portfolio assessment
ERP software reviews survey
Assess SAP.
Learn the processes that you need to focus on.
Uncover underlying user satisfaction issues to address these areas.
Understand where data issues are occurring so that you can mitigate this.
Investigate your relationship with the vendor and product, including that relative to others.
Identify any areas for cost optimization (optional).
3.1 Explore process gaps.
3.2 Analyze user satisfaction.
3.3 Assess data quality.
3.4 Understand product satisfaction and vendor management.
3.5 Look for SAP cost optimization opportunities (optional).
SAP process optimization priorities
SAP vendor optimization opportunities
SAP cost optimization
Build the optimization roadmap.
Understanding where you need to improve is the first step, now understand where to focus your optimization efforts.
4.1 SAP process gap analysis
4.2 SAP application portfolio assessment
4.3 SAP software reviews survey
ERP optimization roadmap
 |
Chad Shortridge Senior Research Director, Enterprise Applications Info-Tech Research Group |
 |
Lisa Highfield Research Director, Enterprise Applications Info-Tech Research Group |
Enterprise resource planning (ERP) is a core tool that the business leverages to accomplish its goals. An ERP that is doing its job well is invisible to the business. The challenges come when the tool is no longer invisible. It has become a source of friction in the functioning of the business.
SAP systems are expensive, benefits can be difficult to quantify, and issues with the products can be difficult to understand. Over time, technology evolves, organizational goals change, and the health of these systems is often not monitored. This is complicated in today’s digital landscape with multiple integrations points, siloed data, and competing priorities.
Too often organizations jump into selecting replacement systems without understanding the health of their systems. We can do better than this.
IT leaders need to take a proactive approach to continually monitor and optimize their enterprise applications. Strategically re-align business goals, identify business application capabilities, complete a process assessment, evaluate user adoption, and create an optimization plan that will drive a cohesive technology strategy that delivers results.
Your Challenge |
Common Obstacles |
Info-Tech’s Approach |
Your SAP ERP systems are critical to supporting the organization’s business processes. They are expensive. Direct benefits and ROI can be hard to measure. SAP application portfolios are often behemoths to support. With complex integration points and unique business processes, stabilization is the norm. Application optimization is essential to staying competitive and productive in today’s digital environment. |
Balancing optimization with stabilization is one of the most difficult decisions for ERP application leaders. Competing priorities and often unclear ERP strategies make it difficult to make decisions about what, how, and when to optimize. Enterprise applications involve large numbers of processes, users, and evolving vendor roadmaps. Teams do not have a framework to illustrate, communicate, and justify the optimization effort in the language your stakeholders understand. |
In today’s rapidly changing SAP landscape it is imperative to evaluate your applications for optimization, no matter what your strategy is moving forward. Assess your SAP applications and the environment in which they exist. Take a business-first strategy to prioritize optimization efforts. Validate ERP capabilities, user satisfaction, issues around data, vendor management, and costs to build out an overall roadmap and optimization strategy. Pull this all together to prioritize optimization efforts and develop a concrete roadmap. |
SAP ERP environments are changing, but we cannot stand still on our optimization efforts. Understand your product(s), processes, user satisfaction, integration points, and the availability of data to business decision makers. Examine these areas to develop a personalized SAP optimization roadmap that fits the needs of your organization. Incorporate these methodologies into an ongoing optimization strategy aimed at enabling the business, increasing productivity, and reducing costs.
SAP enterprise resource planning (ERP) systems facilitate the flow of information across business units. It allows for the seamless integration of systems and creates a holistic view of the enterprise to support decision making. In many organizations, the SAP system is considered the lifeblood of the enterprise. Problems with this key operational system will have a dramatic impact on the ability of the enterprise to survive and grow. ERP implementation should not be a one-and-done exercise. There needs to be ongoing optimization to enable business processes and optimal organizational results.
SAP ERP systems facilitate the flow of information across business units. They allow for the seamless integration of systems and create a holistic view of the enterprise to support decision making.
In many organizations, the ERP system is considered the lifeblood of the enterprise. Problems with this key operational system will have a dramatic impact on the ability of the enterprise to survive and grow.
An ERP system:
SAP use cases:
Product-Centric
Suitable for organizations that manufacture, assemble, distribute, or manage material goods.
Service-Centric
Suitable for organizations that provide and manage field services and/or professional services.
Product Description
Employees |
105,000 |
|---|---|
Headquarters |
Walldorf, Baden-Württemberg, Germany |
Website |
|
Founded |
1972 |
Presence |
Global, Publicly Traded |
Only 72% of SAP S/4HANA clients were satisfied with the product’s business value in 2022. This was 9th out of 10 in the enterprise resource planning category.
As of 2022, 65% of SAP customers have not made the move to S/4HANA. These customers will continue to need to optimize the current ERP to meet the demanding needs of the business.
Organizations will need to continue to support and optimize their SAP ERP portfolios. As of 2022, 42% of ASUG members were planning a move to S/4HANA but had not yet started to move.
HANA used to be primarily viewed as a commercial vehicle to realize legacy license model discounts. Now, however, SAP has built a roadmap to migrate all customers over to S/4HANA. While timelines may be delayed, the inevitable move is coming.
30-35% of SAP customers likely have underutilized assets. This can add up to millions in unused software and maintenance.
Drivers of Dissatisfaction |
|||
|---|---|---|---|
Organizational |
People and teams |
Technology |
Data |
Competing priorities |
Knowledgeable staff/turnover |
Integration issues |
Access to data |
Lack of strategy |
Lack of internal skills |
Selecting tools and technology |
Data hygiene |
Budget challenges |
Ability to manage new products |
Keeping pace with technology changes |
Data literacy |
Lack of training |
Update challenges |
One view of the customer |
|
Finance, IT, Sales, and other users of the ERP system can only optimize ERP with the full support of each other. The cooperation of the departments is crucial when trying to improve ERP technology capabilities and customer interaction.
While technology is the key enabler of building strong customer experiences, there are many other drivers of dissatisfaction. IT must stand shoulder-to-shoulder with the business to develop a technology framework for ERP.
Big growth numbers Year-over-year call topic requests |
Other changes Year-over-year call topic requests |
|---|---|
 |
 |
We are seeing applications leaders’ priorities change year over year, driven by a shift in their approach to problem solving. Leaders are moving from a process-centric approach to a collaborative approach that breaks down boundaries and brings teams together. |
Software development lifecycle topics are tactical point solutions. Organizations have been “shifting left” to tackle the strategic issues such as product vision and Agile mindset to optimize the whole organization. |
Many organizations may be coming up against changes to their SAP ERP application portfolio.
Some challenges organizations may be dealing with include:
“[A] successful application [optimization] strategy starts with the business need in mind and not from a technological point of view. No matter from which angle you look at it, modernizing a legacy application is a considerable undertaking that can’t be taken lightly. Your best approach is to begin the journey with baby steps.”
1. Map Current-State Capabilities |
2. Assess Your Current State |
3. Identify Key Optimization Areas |
4. Build Your Optimization Roadmap |
|
|---|---|---|---|---|
Phase Steps |
|
|
|
|
Phase Outcomes |
|
|
|
|
Get the Most Out of Your SAP Workbook
Identify and prioritize your SAP optimization goals.
Application Portfolio Assessment
Assess IT-enabled user satisfaction across your SAP portfolio.
SAP Optimization Roadmap
Complete an assessment of processes, user satisfaction, data quality, and vendor management.
Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful.
Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track.
We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place.
Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project.
Phase 1 |
Phase 2 |
Phase 3 | Phase 4 |
|---|---|---|---|
Call #1: Scope requirements, objectives, and your specific challenge. |
Call #2:
Call #3:
Call #4: Understand product satisfaction and vendor management. Call #5: Review APA results. |
Call #6: Understand SAP optimization opportunities. Call #7: Determine the right SAP path for your organization. |
Call #8: Build out optimization roadmap and next steps. |
A Guided Implementation (GI) is series of calls with an Info-Tech analyst to help implement our best practices in your organization. A typical GI is 8 to 12 calls over the course of 4 to 6 months.
Contact your account representative for more information.
workshops@infotech.com1-888-670-8889
Day 1 | Day 2 | Day 3 | Day 4 | Day 5 | |
|---|---|---|---|---|---|
Define Your SAP Application Vision | Map Current State | Assess SAP | Build Your Optimization Roadmap | Next Steps and Wrap-Up (offsite) | |
Activities | 1.1 Identify Stakeholders and Build Your Optimization Team 1.2 Build an SAP Strategy Model 1.3 Inventory Current System State 1.4 Define Optimization Timeframe 1.5 Understand SAP Costs | 2.1 Assess SAP Capabilities 2.2 Review Your Satisfaction With the Vendor/Product and Willingness for Change | 3.1 Prioritize Optimization Opportunities 3.2 Discover Optimization Initiatives | 4.1 Build Your Optimization Roadmap | 5.1 Complete in-progress deliverables from previous four days. 5.2 Set up review time for workshop deliverables and to discuss next steps. |
Deliverables |
|
|
|
|
Phase 1 | Phase 2 | Phase 3 | Phase 4 |
|---|---|---|---|
1.1 Identify Stakeholders and Build Your Optimization Team 1.2 Build an SAP Strategy Model 1.3 Inventory Current System State 1.4 Define Optimization Timeframe 1.5 Understand SAP Costs | 2.1 Assess SAP Capabilities 2.2 Review Your Satisfaction With the Vendor/Product and Willingness for Change | 3.1 Prioritize Optimization Opportunities 3.2 Discover Optimization Initiatives | 4.1 Build Your Optimization Roadmap |
This phase will guide you through the following activities:
This phase involves the following participants:
Activities
1.1.1 Identify stakeholders critical to success
1.1.2 Map your SAP optimization stakeholders
1.1.3 Determine your SAP optimization team
This step will guide you through the following activities:
This step involves the following participants:
Outcomes of this step
Title |
Role Within the Project Structure |
|---|---|
Organizational Sponsor |
|
Project Manager |
|
Business Unit Leaders |
|
Optimization Team |
|
Steering Committee |
|
Do not limit project input or participation. Include subject-matter experts and internal stakeholders at stages within the project. Such inputs can be solicited on a one-off basis as needed. This ensures you take a holistic approach to create your ERP optimization strategy.
1 hour
Record this information in the Get the Most Out of Your SAP Workbook.
Download the Get the Most Out of Your SAP Workbook
Identify which stakeholders to include and what their level of involvement should be during requirements elicitation based on relevant topic expertise.
Sponsor |
End User |
IT |
Business |
|
|---|---|---|---|---|
Description |
An internal stakeholder who has final sign-off on the ERP project. |
Front-line users of the ERP technology. |
Back-end support staff who are tasked with project planning, execution, and eventual system maintenance. |
Additional stakeholders that will be impacted by any ERP technology changes. |
Examples |
|
|
|
|
Value |
Executive buy-in and support is essential to the success of the project. Often, the sponsor controls funding and resource allocation. |
End users determine the success of the system through user adoption. If the end user does not adopt the system, the system is deemed useless and benefits realization is poor. |
IT is likely to be responsible for more in-depth requirements gathering. IT possesses critical knowledge around system compatibility, integration, and data. |
Involving business stakeholders in the requirements gathering will ensure alignment between HR and organizational objectives. |
Large-scale ERP projects require the involvement of many stakeholders from all corners and levels of the organization, including project sponsors, IT, end users, and business stakeholders. Consider the influence and interest of stakeholders in contributing to the requirements elicitation process and involve them accordingly.
EXAMPLE: Stakeholder involvement during selection
1 hour
Record this information in the Get the Most Out of Your SAP Workbook.
Download the Get the Most Out of Your SAP Workbook
Consider the core team functions when putting together the project team. Form a cross-functional team (i.e. across IT, Marketing, Sales, Service, Operations) to create a well-aligned ERP optimization strategy. Don’t let your project team become too large when trying to include all relevant stakeholders. Carefully limiting the size of the project team will enable effective decision making while still including functional business units such as Marketing, Sales, Service, and Finance as well as IT.
Required Skills/Knowledge | Suggested Project Team Members |
|---|---|
Business | |
|
|
IT | |
|
|
Other | |
|
|
1 hour
Note: Depending on your initiative and the size of your organization, the size of this team will vary.
Record this information in the Get the Most Out of Your SAP Workbook.
Download the Get the Most Out of Your SAP Workbook
Activities
1.2.1 Explore environmental factors and technology drivers
1.2.2 Consider potential barriers and challenges
1.2.3 Discuss enablers of success
1.2.4 Develop your SAP optimization goals
This step will guide you through the following activities:
This step involves the following participants:
Outcomes of this step
Corporate Strategy |
Unified ERP Strategy |
IT Strategy |
|---|---|---|
Your corporate strategy:
|
|
Your IT strategy:
|
ERP projects are more successful when the management team understands the strategic importance and the criticality of alignment. Time needs to be spent upfront aligning business strategies with ERP capabilities. Effective alignment between IT and the business should happen daily. Alignment doesn’t just need to occur just at the executive level but at each level of the organization.
Stakeholder Interviews
Begin by conducting interviews of your executive team. Interview the following leaders:
INTERVIEWS MUST UNCOVER
Business Needs | Business Drivers | Technology Drivers | Environmental Factors | |
|---|---|---|---|---|
Definition | A business need is a requirement associated with a particular business process. | Business drivers can be thought of as business-level goals. These are tangible benefits the business can measure such as customer retention, operation excellence, and financial performance. | Technology drivers are technological changes that have created the need for a new ERP enablement strategy. Many organizations turn to technology systems to help them obtain a competitive edge. | These external considerations are factors that take place outside of the organization and impact the way business is conducted inside the organization. These are often outside the control of the business. |
Examples |
|
|
|
|
Info-Tech Insight
One of the biggest drivers for ERP adoption is the ability to make quicker decisions from timely information. This driver is a result of external considerations. Many industries today are highly competitive, uncertain, and rapidly changing. To succeed under these pressures, there needs to be timely information and visibility into all components of the organization.
30 minutes
Record this information in the Get the Most Out of Your SAP Workbook.
External Considerations |
Organizational Drivers |
Technology Considerations |
Functional Requirements |
|---|---|---|---|
|
|
|
|
Download the Get the Most Out of Your SAP Workbook
There are several different factors that may stifle the success of an ERP implementation. Organizations that are creating an ERP foundation must scan their current environment to identify internal barriers and challenges.
Common Internal Barriers
Management Support |
Organizational Culture |
Organizational Structure |
IT Readiness |
|
|---|---|---|---|---|
Definition |
The degree of understanding and acceptance toward ERP systems. |
The collective shared values and beliefs. |
The functional relationships between people and departments in an organization. |
The degree to which the organization’s people and processes are prepared for a new ERP system. |
Questions |
|
|
|
|
Impact |
|
|
|
|
Organizational Goals |
Enablers |
Barriers |
|---|---|---|
|
|
|
Source: Epizitone and Olugbara, 2020; CC BY 4.0
Info-Tech Insight
Complement your ability to deliver on your critical success factors with the capabilities of your implementation partner to drive a successful ERP implementation.
“Implementation partners can play an important role in successful ERP implementations. They can work across the organizational departments and layers creating a synergy and a communications mechanism.” – Ayogeboh Epizitone, Durban University of Technology
1-3 hours
Record this information in the Get the Most Out of Your SAP Workbook.
Functional Gaps |
Technical Gaps |
Process Gaps |
Barriers to Success |
|---|---|---|---|
|
|
|
|
Download the Get the Most Out of Your SAP Workbook
1-3 hours
Record this information in the Get the Most Out of Your SAP Workbook.
Business Benefits | IT Benefits | Organizational Benefits | Enablers of Success |
|---|---|---|---|
|
|
|
|
Download the Get the Most Out of Your SAP Workbook
Benefits can be realized internally and externally to the organization or department and have different drivers of value.
Organizational Goals
Application functions that are specifically related to the impact on your organization’s ability to generate revenue and deliver value to your customers.
Reduction of overhead. The ways in which an application limits the operational costs of business functions.
Functions that enable business capabilities that improve the organization’s ability to perform its internal operations.
Application functions that enable and improve the interaction with customers or produce market information and insights.
Business Value Matrix
30 minutes
Record this information in the Get the Most Out of Your SAP Workbook.
Download the Get the Most Out of Your SAP Workbook
Activities
1.3.1 Inventory SAP applications and interactions
1.3.2 Draw your SAP system diagram
1.3.3 Inventory your SAP modules and business capabilities (or business processes)
1.3.4 Define your key SAP optimization modules and business capabilities
This step will guide you through the following activities:
This step involves the following participants:
Outcomes of this step
1-3+ hours
Record this information in the Get the Most Out of Your SAP Workbook.
Download the Get the Most Out of Your SAP Workbook
Be sure to include enterprise applications that are not included in the ERP application portfolio. Popular systems to consider for POIs include billing, directory services, content management, and collaboration tools.
ERP – enterprise resource planning
Email – email system such as Microsoft Exchange
Calendar – calendar system such as Microsoft Outlook
WEM – web experience management
ECM – enterprise content management
When assessing the current application portfolio that supports your ERP, the tendency will be to focus on the applications under the ERP umbrella. These relate mostly to marketing, sales, and customer service. Be sure to include systems that act as input to, or benefit due to outputs from, ERP or similar applications.
1-3+ hours
Include:
Download the Get the Most Out of Your SAP Workbook
In business architecture, the primary view of an organization is known as a business capability map. A business capability defines what a business does to enable value creation, rather than how.
Business capabilities:
A business capability map provides details that help the business architecture practitioner direct attention to a specific area of the business for further assessment.
The operating model
An operating model is a framework that drives operating decisions. It helps to set the parameters for the scope of ERP and the processes that will be supported. The operating model will serve to group core operational processes. These groupings represent a set of interrelated, consecutive processes aimed at generating a common output. From your developed processes and your SAP license agreements you will be able to pinpoint the scope for investigation including the processes and modules.
Operating Processes |
||||
| 1. Develop vision and strategy | 2. Develop and manage products and services | 3. Market and sell products and services | 4. Deliver physical products | 5. Deliver services |
Management and Support Processes |
||||
| 6.Manage customer service | ||||
7. Develop and manage human capital |
||||
| 8. Manage IT | ||||
9. Manage financial resources |
||||
10. Acquire, construct, and manage assets |
||||
11. Manage enterprise risk, compliance, remediation, and resiliency |
||||
12. Manage external relationships |
||||
13. Develop and manage business capabilities |
||||
Source: APQC
If you do not have a documented process model, you can use the APQC Framework to help define your inventory of sales business processes. APQC’s Process Classification Framework is a taxonomy of cross-functional business processes intended to allow the objective comparison of organizational performance within and among organizations.
Value Streams |
Design Product |
Produce Product |
Sell Product |
Customer Service |
|
|
|
|
Value streams connect business goals to the organization’s value realization activities in the marketplace. Those activities are dependent on the specific industry segment in which an organization operates.
There are two types of value streams: core value streams and support value streams.
An effective method for ensuring all value streams have been considered is to understand that there can be different end-value receivers.
Source: APQC
APQC provides a process classification framework. It allows organizations to effectively define their processes and manage them appropriately.
| Level 1 | Level 2 | Level 3 | Level 4 |
Market and sell products and services |
Understand markets, customers, and capabilities |
Perform customer and market intelligence analysis |
Conduct customer and market research |
Market and sell products and services |
Develop a sales strategy |
Develop a sales forecast |
Gather current and historic order information |
Deliver services |
Manage service delivery resources |
Manage service delivery resource demand |
Develop baseline forecasts |
| ? | ? | ? | ? |
Focus your initial assessment on the level 1 processes that matter to your organization. This allows you to target your scant resources on the areas of optimization that matter most to the organization and minimize the effort required from your business partners. You may need to iterate the assessment as challenges are identified. This allows you to be adaptive and deal with emerging issues more readily and become a more responsive partner to the business.
Cloud/Hardware Fiori Analytics Integrations Extended Solutions |
R&D Engineering
Sourcing and Procurement
Supply Chain
Asset Management
|
 |
Finance
Human Resources
Sales
Service
|
1-3+ hours
Record this information in the Get the Most Out of Your SAP Workbook.
Download the Get the Most Out of Your SAP Workbook
Record this information in the Get the Most Out of Your SAP Workbook.
Download the Get the Most Out of Your SAP Workbook
Activities
1.4.1 Define SAP key dates and SAP optimization roadmap timeframe and structure
This step will guide you through the following activities:
This step involves the following participants:
Outcomes of this step
1-3+ hours
Record this information in the Get the Most Out of Your SAP Workbook.
Download the Get the Most Out of Your SAP Workbook
Activities
1.5.1 Document costs associated with SAP
This step will walk you through the following activities:
This step involves the following participants:
Outcomes of this step
1-3 hours
Before you can make changes and optimization decisions, you need to understand the high-level costs associated with your current application architecture. This activity will help you identify the types of technology and people costs associated with your current systems.
Record this information in the Get the Most Out of Your SAP Workbook.
Download the Get the Most Out of Your SAP Workbook
Phase 1 |
Phase 2 |
Phase 3 |
Phase 4 |
|---|---|---|---|
1.1 Identify Stakeholders and Build Your Optimization Team 1.2 Build an SAP Strategy Model 1.3 Inventory Current System State 1.4 Define Optimization Timeframe 1.5 Understand SAP Costs |
2.1 Assess SAP Capabilities 2.2 Review Your Satisfaction With the Vendor/Product and Willingness for Change |
3.1 Prioritize Optimization Opportunities 3.2 Discover Optimization Initiatives |
4.1 Build Your Optimization Roadmap |
This phase will walk you through the following activities:
This phase involves the following participants:
Activities
2.1.1 Rate capability relevance to organizational goals
2.1.2 Complete an SAP application portfolio assessment
2.1.3 (Optional) Assess SAP process maturity
This step will guide you through the following activities:
This step involves the following participants:
Outcomes of this step
 |
Assess the health of the application portfolio
|
 |
Provide targeted department feedback
|
 |
Gain insight into the state of data quality
|
3 hours
Option 1: Use Info-Tech’s Application Portfolio Assessment to generate your user satisfaction score. This tool not only measures application satisfaction but also elicits great feedback from users regarding the support they receive from the IT team around SAP.
Option 2: Create a survey manually.
Record Results
Record this information in the Get the Most Out of Your SAP Workbook.
Download the ERP Application Inventory Tool
Download the Get the Most Out of Your SAP Workbook
1-3 hours
Record this information in the Get the Most Out of Your SAP Workbook.
Download the Get the Most Out of Your SAP Workbook
Activities
2.2.1 Rate your vendor and product satisfaction
2.2.2 Review SAP product scores (if applicable)
2.2.3 Evaluate your product satisfaction
2.2.4 Check your business process change tolerance
This step will guide you through the following activities:
This step involves the following participants:
Outcomes of this step
30 minutes
Use Info-Tech’s vendor satisfaction survey to identify optimization areas with your ERP product(s) and vendor(s).
Record this information in the Get the Most Out of Your SAP Workbook.
SoftwareReviews’ Enterprise Resource Planning Category
Download the Get the Most Out of Your SAP Workbook
30 minutes
Record this information in the Get the Most Out of Your SAP Workbook.
Download the Get the Most Out of Your SAP Workbook
 |
|
Source: SoftwareReviews ERP Mid-Market, April 2022 |
Source: SoftwareReviews ERP Enterprise, April 2022 |
1 hours
| Input | Output |
|
|
| Materials | Participants |
|
|
Download Get the Most Out of Your SAP Workbook for additional process levels
Determine the areas of risk to conform to best practice and minimize customization. These will be areas needing focus from the vendor supporting change and guiding best practice. For example: Must be able to support our unique process manufacturing capabilities and enhance planning and visibility to detailed costing.
Phase 1 | Phase 2 | Phase 3 | Phase 4 |
|---|---|---|---|
1.1 Identify Stakeholders and Build Your Optimization Team 1.2 Build an SAP Strategy Model 1.3 Inventory Current System State 1.4 Define Optimization Timeframe 1.5 Understand SAP Costs | 2.1 Assess SAP Capabilities 2.2 Review Your Satisfaction With the Vendor/Product and Willingness for Change | 3.1 Prioritize Optimization Opportunities 3.2 Discover Optimization Initiatives | 4.1 Build Your Optimization Roadmap |
This phase will walk you through the following activities:
This phase involves the following participants:
In this context…business value is
the value of the business outcome that the application produces. Additionally, it is how effective the application is at producing that outcome.
Business value is not
the user’s experience or satisfaction with the application.
First, the authorities on business value need to define and weigh their value drivers that describe the priorities of the organization. This will allow the applications team to apply a consistent, objective, and strategically aligned evaluation of applications across the organization.
Capabilities are what the system and business does that creates value for the organization. Optimization initiatives are projects with a definitive start and end date, and they enhance, create, maintain, or remove capabilities with the goal of increasing value.
Enabling a high-performing organization requires excellent management practices and continuous optimization efforts. Your technology portfolio and architecture are important, but we must go deeper. Taking a holistic view of ERP technologies in the environments in which they operate allows for the inclusion of people and process improvements – this is key to maximizing business results. Using a formal ERP optimization initiative will drive business-IT alignment, identify IT automation priorities, and dig deep into continuous process improvement.
Address process gaps:
Support user satisfaction:
Improve data quality:
Proactively manage vendors:
Activities
3.1.1 Prioritize optimization capability areas
This step will guide you through the following activities:
This step involves the following participants:
Outcomes of this step
Benefits can be realized internally and externally to the organization or department and have different drivers of value.
Organizational Goals
Application functions that are specifically related to the impact on your organization’s ability to generate revenue and deliver value to your customers.
Reduction of overhead. The ways in which an application limits the operational costs of business functions.
Functions that enable business capabilities that improve the organization’s ability to perform its internal operations.
Application functions that enable and improve the interaction with customers or produce market information and insights.
Business Value Matrix
Review your ERP capability areas and rate them according to relevance to organizational goals. This will allow you to eliminate optimization ideas that may not bring value to the organization.
1-3 hours
Record this information in the Get the Most Out of Your SAP Workbook.
Download the Get the Most Out of Your SAP Workbook
Activities
3.2.1 Discover product and vendor satisfaction opportunities
3.2.2 Discover capability and feature optimization opportunities
3.2.3 Discover process optimization opportunities
3.2.4 Discover integration optimization opportunities
3.2.5 Discover data optimization opportunities
3.2.6 Discover SAP cost-saving opportunities
This step will guide you through the following activities:
This step involves the following participants:
Outcomes of this step
A vendor management initiative (VMI) is an organization’s formalized process for evaluating, selecting, managing, and optimizing third-party providers of goods and services.
The amount of resources you assign to managing vendors depends on the number and value of your organization’s relationships. Before optimizing your vendor management program around the best practices presented in Info-Tech’s Jump Start Your Vendor Management Initiative blueprint, assess your current maturity and build the process around a model that reflects the needs of your organization.
Note: Info-Tech uses VMI interchangeably with the terms “vendor management office (VMO),” “vendor management function,” “vendor management process,” and “vendor management program.”
1-2 hours
Record this information in the Get the Most Out of Your SAP Workbook.
Download the Get the Most Out of Your SAP Workbook
1-2 hours
Record this information in the Get the Most Out of Your SAP Workbook.
Download the Get the Most Out of Your SAP Workbook
In ~90% of SAP business process analysis reports, SAP identified significant potential for improving the existing SAP implementation, i.e. the large majority of customers are not yet using their SAP Business Suite to the full extent.
Goals of Process Improvement |
Process Improvement Sample Areas |
Improvement Possibilities |
|
|
|
1-2 hours
Record this information in the Get the Most Out of Your SAP Workbook.
Download the Get the Most Out of Your SAP Workbook
The Benefits of Integration |
The Challenges of Integration |
|---|---|
|
|
Financial Consolidation |
Data Backup |
Synchronization Across Sites |
Legacy Consolidation |
|---|---|---|---|
|
|
|
|
|
|
|
|
For more information: Implement a Multi-site ERP
1-2 hours
Record this information in the Get the Most Out of Your SAP Workbook.
Download the Get the Most Out of Your SAP Workbook
Have an overall data migration plan before beginning your systems consolidation journey to S/4HANA.
IT has several concerns around ERP data and wide dissemination of that data across sites. Large organizations can benefit from building a data warehouse or at least adopting some of the principles of data warehousing. The optimal way to deal with the issue of integration is to design a metadata-driven data warehouse that acts as a central repository for all ERP data. They serve as the storage facility for millions of transactions, formatted to allow analysis and comparison.
Key considerations:
Info-Tech Insight
Data warehouse solutions can be expensive. See Info-Tech’s Build a Data Warehouse on a Solid Foundation for guidance on what options are available to meet your budget and data needs.
Data Quality Management |
Effective Data Governance |
Data-Centric Integration Strategy |
Extensible Data Warehousing |
|---|---|---|---|
|
|
|
|
Restore Trust in Your Data Using a Business-Aligned Data Quality Management Approach |
Organizations are faced with challenges associated with changing data landscapes.
Data migrations should not be taken lightly. It requires an overall data governance to assure data integrity for the move to S/4HANA and beyond.
Have a solid plan before engaging S/4HANA Migration Cockpit.
Develop a Master Data Management Strategy and Roadmap
1-2 hours
Record this information in the Get the Most Out of Your SAP Workbook.
Download the Get the Most Out of Your SAP Workbook
Look for quick wins:
30-35% of SAP customers likely have underutilized assets. This can add up to millions in unused software and maintenance.
20% Only 20 percent of companies manage to capture more than half the projected benefits from ERP systems.
 |
Explore the Secrets of SAP Software Contracts to Optimize Spend and Reduce Compliance Risk |
 |
With the relatively slow uptake of the S/4HANA platform, the pressure is immense for SAP to maintain revenue growth.
SAP’s definitions and licensing rules are complex and vague, making it extremely difficult to purchase with confidence while remaining compliant.
Without having a holistic negotiation strategy, it is easy to hit a common obstacle and land into SAP’s playbook, requiring further spend.
Price Benchmarking & Negotiation
Secrets of SAP S/4HANA Licensing:
SAP’s 2025 Support End of Life Date Delayed…As Predicted Here First
1-2 hours
Record this information in the Get the Most Out of Your SAP Workbook.
Download the Get the Most Out of Your SAP Workbook
Phase 1 | Phase 2 | Phase 3 | Phase 4 |
|---|---|---|---|
1.1 Identify Stakeholders and Build Your Optimization Team 1.2 Build an SAP Strategy Model 1.3 Inventory Current System State 1.4 Define Optimization Timeframe 1.5 Understand SAP Costs | 2.1 Assess SAP Capabilities 2.2 Review Your Satisfaction With the Vendor/Product and Willingness for Change | 3.1 Prioritize Optimization Opportunities 3.2 Discover Optimization Initiatives | 4.1 Build Your Optimization Roadmap |
This phase will walk you through the following activities:
This phase involves the following participants:
Get the Most Out of Your SAP
Activities
4.1.1 Pick your path
4.1.2 Pick the right SAP migration path
4.1.3 Build a roadmap
4.1.4 Build a visual roadmap
This step will walk you through the following activities:
This step involves the following participants:
Outcomes of this step
CURRENT STATE |
STRATEGY |
|---|---|
There is significant evidence of poor user satisfaction, inefficient processes, lack of data usage, poor integrations, and little vendor management. Look for opportunities to improve the system. |
OPTIMIZE CURRENT SYSTEM |
Your existing application is, for the most part, functionally rich but may need some tweaking. Spend time and effort building and enhancing additional functionalities or consolidating and integrating interfaces. |
AUGMENT CURRENT SYSTEM |
Your ERP application portfolio consists of multiple apps serving the same functions. Consolidating applications with duplicate functionality is more cost efficient and makes integration and data sharing simpler. |
CONSOLIDATE CURRENT SYSTEMS |
The current system is reaching end of life and the software vendor offers a fit-for-use upgrade or system to which you can migrate. Prepare your migration strategy to move forward on the product roadmap. |
UPGRADE SYSTEM |
The current SAP system and future SAP roadmap are not fit for use. Vendor satisfaction is at an all-time low. Revisit your ERP strategy as you move into requirements gathering and selection. |
REPLACE SYSTEM |
MAINTAIN CURRENT SYSTEM
Keep the system but look for optimization opportunities.
Your existing application portfolio satisfies both functionality and integration requirements. The processes surrounding it likely need attention, but the system should be considered for retention.
Maintaining your current system entails adjusting current processes and/or adding new ones and involves minimal cost, time, and effort.
INDICATORS | POTENTIAL SOLUTIONS |
|---|---|
People | |
|
|
Process | |
|
|
Technology | |
|
|
MAINTAIN CURRENT SYSTEM
Alternative Overview
Initial Investment ($) |
Medium |
Risk |
Medium |
Change Management Required |
Medium |
Operating Costs ($) |
Low |
Alignment With Organizational Goals and ERP Strategy |
Medium-Low |
Key Considerations
|
|
Advantages |
|
Disadvantages |
|
For what time frame does this make sense? |
|
Short Term |
✓ |
Medium Term |
|
Long Term |
|
AUGMENT CURRENT SYSTEM
Add to the system.
Your existing application is for the most part functionally rich but may need some tweaking. Spend time and effort enhancing your current system.
You will be able to add functions by leveraging existing system features. Augmentation requires limited investment and less time and effort than a full system replacement.
INDICATORS |
POTENTIAL SOLUTIONS |
Technology Pain Points |
|
|
|
Data Pain Points |
|
|
|
AUGMENT CURRENT SYSTEM
Maintain core system.
Invest in SAP modules or extended functionality.
Add functionality with bolt-on targeted “best of breed” solutions.
Invest in tools to make the SAP portfolio and ecosystem work better.
Alternative Overview
Initial Investment ($) | High |
Risk | High |
Change Management | High |
Operating Costs ($) | High |
Alignment With Organizational Goals and ERP Strategy | High |
Key Considerations
| |
Advantages |
|
Disadvantages |
|
For what time frame does this make sense? | |
Short Term | |
Medium Term | ✓ |
Long Term | |
CONSOLIDATE AND INTEGRATE SYSTEMS
Get rid of one system, combine two, or connect many.
Your ERP application portfolio consists of multiple apps serving the same functions.
Consolidating your systems eliminates the need to manage multiple pieces of software that provide duplicate functionality. Reducing the number of ERP applications makes integration and data sharing simpler.
INDICATORS | POTENTIAL SOLUTIONS |
Technology Pain Points | |
|
|
Data Pain Points | |
|
|
AUGMENT CURRENT SYSTEM
Get rid of old disparate on-premise solutions.
Consolidate into an up-to-date ERP solution.
Standardize across the organization.
Alternative Overview
Initial Investment ($) | High |
Risk | Med |
Change Management | Med |
Operating Costs ($) | Med |
Alignment With Organizational Goals and ERP Strategy | High |
Key Considerations
| |
Advantages |
|
Disadvantages |
|
For what time frame does this make sense? | |
Short Term | |
Medium Term | ✓ |
Long Term | |
REPLACE CURRENT SYSTEM
Move to a new SAP solution
You’re transitioning from an end-of-life legacy system. Your existing system offers poor functionality and poor integration. It would likely be more cost- and time-efficient to replace the application and its surrounding processes altogether. You are satisfied with SAP overall and want to continue to leverage your SAP relationships and investments.
INDICATORS | POTENTIAL SOLUTIONS |
Technology Pain Points | |
|
|
Data Pain Points | |
|
|
Process Pains | |
|
|
UPGRADE SYSTEM
Upgrade your current SAP systems with SAP product replacements.
Invest in SAP with the appropriate migration path for your organization.
Alternative Overview
Initial Investment ($) | High |
Risk | Med |
Change Management | Med |
Operating Costs ($) | Med |
Alignment With Organizational Goals and ERP Strategy | High |
Key Considerations
| |
Advantages |
|
Disadvantages |
|
For what time frame does this make sense? | |
Short Term | |
Medium Term | |
Long Term | ✓ |
REPLACE CURRENT SYSTEM
Start from scratch.
You’re transitioning from an end-of-life legacy system. Your existing system offers poor functionality and poor integration. It would likely be more cost and time efficient to replace the application and its surrounding processes all together.
INDICATORS | POTENTIAL SOLUTIONS |
Technology Pain Points | |
|
|
Data Pain Points | |
|
|
Process Pains | |
|
|
AUGMENT CURRENT SYSTEM
Get rid of old disparate on-premises solutions.
Consolidate into an up-to-date ERP solution.
Standardize across the organization.
Alternative Overview
Initial Investment ($) | High |
Risk | Med |
Change Management | Med |
Operating Costs ($) | Med |
Alignment With Organizational Goals and ERP Strategy | High |
Key Considerations
| |
Advantages |
|
Disadvantages |
|
For what time frame does this make sense? | |
Short Term | |
Medium Term | ✓ |
Long Term | |
1.5 hours
For each given path selected, identify:
Record this information in the Get the Most Out of Your SAP Workbook.
Download the Get the Most Out of Your SAP Workbook
A workload-first approach will allow you to take full advantage of the cloud’s strengths
See Info-Tech’s Define Your Cloud Vision for more information.
Info-Tech Insight
Not all workloads fit well in the cloud. Many environments will mix service models (e.g. SaaS for some workloads, some in IaaS, some on-premises) and this can be perfectly effective. It must be consistent and intentional, however.
Updates |
4 times a year |
License Model |
Subscription |
Server Platform |
SAP |
Platform Management |
SAP only |
Pre-Set Templates (industries) |
Not allowed |
Single vs. Multi-Tenant |
Multi-client |
Maintenance ALM Tool |
SAP ALM |
New Implementation
This is a public cloud solution for new clients adopting SAP that are mostly looking for full functionality within best practice.
Consider a full greenfield approach. Even for mid-size existing customers looking for a best-practice overhaul.
Functionality is kept to the core. Any specialties or unique needs would be outside the core.
Regional localization is still being expanded and must be evaluated early if you are a global company.
Updates | Every 1-2 years or up to client’s schedule |
License Model | Subscription |
Server Platform | AZURE, AWS, Google |
Platform Management | SAP only |
Pre-Set Templates (industries) | Coded separately |
Single vs. Multi-Tenant | Single tenant |
Maintenance ALM Tool | SAP ALM or SAP Solution Manager |
New Implementation With Client Specifics
No longer available to new customers from January 25, 2022, though available for renewals.
Replacement is called SAP Extended Services for SAP S/4HANA Cloud, private edition.
This offering is a grey area, and the extended offerings are being defined.
New S/4HANA Cloud extensibility is being offered to early adopters, allowing for customization within a separate system landscape (DTP) and aiming for an SAP Central Business Configuration solution for the cloud. A way of fine-tuning to meet customer-specific needs.
Updates | Every 1-5 years or up to client’s schedule |
License Model | Subscription |
Server Platform | AZURE, AWS, Google |
Platform Management | SAP only |
Pre-Set Templates (industries) | Allowed |
Single vs. Multi-Tenant | Single tenant |
Maintenance ALM Tool | SAP ALM or SAP Solution Manager |
New Implementation With Client Specifics
This is a private cloud solution for existing or new customers needing more uniqueness, though still looking to adopt best practice.
Still considered a new implementation with data migration requirements that need close attention.
This offering is trying to move clients to the S/4HANA Cloud with close competition with the Any Premise product offering. Providing client specific scalability while allowing for standardization in the cloud and growth in the digital strategy. All customizations and ABAP functionality must be revisited or revamped to fit standardization.
Updates | Client decides |
License Model | Perpetual or subscription |
Server Platform | AZURE, AWS, Google, partner's or own server room |
Platform Management | Client and/or partner |
Pre-Set Templates (industries) | Allowed |
Single vs. Multi-Tenant | Single tenant |
Maintenance ALM Tool | SAP Solution Manager |
Status Quo Migration to S/4HANA
This is for clients looking for a quick transition to S/4HANA with minimal risks and without immediate changes to their operations.
Though knowing the direction with SAP is toward its cloud solution, this may be a long costly path to getting the that end state.
The Any Premise version carries over existing critical ABAP functionalities, and the SAP GUI can remain as the user interface.
1 hour
Consider: relevance to achieving goals, number of users, importance to role, satisfaction with features, usability, data quality
Value Opportunities: increase revenue, decrease costs, enhanced services, reach customers
Additional Factors:
Prioritize
Record this information in the Get the Most Out of Your SAP Workbook.
Download the Get the Most Out of Your SAP Workbook
1 hour
Migration paths: Determine your migration path and next steps using the Activity 4.1.1 “SAP System Options.”
Record this information in the Get the Most Out of Your SAP Workbook.
Note: Your roadmap should be treated as a living document that is updated and shared with the stakeholders on a regular schedule.
Download the Get the Most Out of Your SAP Workbook
1 hour
Optimization initiatives: Determine which if any to proceed with.
Record this information in the Get the Most Out of Your SAP Workbook.
Note: Your roadmap should be treated as a living document that is updated and shared with the stakeholders on a regular schedule.
Download the Get the Most Out of Your SAP Workbook
Initiative |
Owner |
Start Date |
Completion Date |
|---|---|---|---|
Create final workshop deliverable |
Info-Tech |
16 September 2021 |
|
Review final deliverable |
Workshop sponsor |
||
Present to executive team |
October 2021 |
||
Build business case |
CFO, CIO, Directors |
3 weeks to build 3-4 weeks process time |
|
Build an RFI for initial costings |
1-2 weeks |
||
Stage 1 approval for requirements gathering |
Executive committee |
Milestone |
|
Determine and acquire BA support for next step |
1 week |
||
Requirements gathering – level 2 processes |
Project team |
1 week |
|
Build RFP (based on informal approval) |
CFO, CIO, Directors |
4th calendar quarter 2022 |
Possible completion: January 2023 2-4 weeks |
1 hour
Record this information in the Get the Most Out of Your SAP Workbook.
Download the Get the Most Out of Your SAP Workbook
Info-Tech Insight
It is becoming a common practice for implementation partners to engage in a two- to three-month Discovery Phase or Phase 0 to prepare an implementation roadmap. It is important to understand how this effort is tied to the overall service agreement.
ERP technology is critical to facilitating an organization’s flow of information across business units. It allows for seamless integration of systems and creates a holistic view of the enterprise to support decision making. ERP implementation should not be a one-and-done exercise. There needs to be an ongoing optimization to enable business processes and optimal organizational results.
Get the Most Out of Your SAP allows organizations to proactively implement continuous assessment and optimization of their enterprise resource planning system, including:
This formal SAP optimization initiative will drive business-IT alignment, identify IT automation priorities, and dig deep into continuous process improvement.
If you would like additional support, have our analysts guide you through other phases as part of an Info-Tech workshop.
Contact your account representative for more information.
1-888-670-8889
 | Ben Dickie Research Practice Lead Info-Tech Research Group Ben Dickie is a Research Practice Lead at Info-Tech Research Group. His areas of expertise include customer experience management, CRM platforms, and digital marketing. He has also led projects pertaining to enterprise collaboration and unified communications. |
 | Scott Bickley Practice Lead and Principal Research Director Info-Tech Research Group Scott Bickley is a Practice Lead and Principal Research Director at Info-Tech Research Group focused on vendor management and contract review. He also has experience in the areas of IT asset management (ITAM), software asset management (SAM), and technology procurement along with a deep background in operations, engineering, and quality systems management. |
 | Andy Neil Practice Lead, Applications Info-Tech Research Group Andy is a Senior Research Director, Data Management and BI, at Info-Tech Research Group. He has over 15 years of experience in managing technical teams, information architecture, data modeling, and enterprise data strategy. He is an expert in enterprise data architecture, data integration, data standards, data strategy, big data, and the development of industry standard data models. |
Armel, Kate. "New Article: Data-Driven Estimation, Management Lead to High Quality." QSM: Quantitative Software Management, 14 May 2013. Accessed 4 Feb. 2021.
Enterprise Resource Planning. McKinsey, n.d. Accessed 13 Apr. 2022.
Epizitone, Ayogeboh. Info-Tech Interview, 10 May 2021.
Epizitone, Ayogeboh, and Oludayo O. Olugbara. “Principal Component Analysis on Morphological Variability of Critical Success Factors for Enterprise Resource Planning.” International Journal of Advanced Computer Science and Applications (IJACSA), vol. 11, no. 5, 2020. Web.
Gheorghiu, Gabriel. "The ERP Buyer’s Profile for Growing Companies." Selecthub, 2018. Accessed 21 Feb. 2021.
Karlsson, Johan. "Product Backlog Grooming Examples and Best Practices." Perforce, 18 May 2018. Accessed 4 Feb. 2021.
Lichtenwalter, Jim. “A look back at 2021 and a look ahead to 2022.” ASUG, 23 Jan. 2022. Web.
“Maximizing the Emotional Economy: Behavioral Economics." Gallup, n.d. Accessed 21 Feb. 2021.
Mell, Peter, and Timothy Grance. “The NIST Definition of Cloud Computing.” National Institute of Standards and Technology. Sept. 2011. Web.
Norelus, Ernese, Sreeni Pamidala, and Oliver Senti. "An Approach to Application Modernization: Discovery and Assessment Phase," Medium, 24 Feb 2020. Accessed 21 Feb. 2021.
“Process Frameworks." APQC, n.d. Accessed 21 Feb. 2021.
“Quarterly number of SAP S/4HANA subscribers worldwide, from 2015 to 2021.” Statista, n.d. Accessed 13 Apr. 2022.
Riley, L., C.Hanna, and M. Tucciarone. “Rightsizing SAP in these unprecedented times.” Upperedge, 19 May 2020.
Rubin, Kenneth S. Essential Scrum: A Practical Guide to the Most Popular Agile Process. Pearson Education, 2012.
“SAP S/4HANA Product Scorecard Report.” SoftwareReviews, n.d. Accessed 18 Apr. 2022.
Saxena, Deepak, and Joe Mcdonagh. "Evaluating ERP Implementations: The Case for a Lifecycle-based Interpretive Approach." The Electronic Journal of Information Systems Evaluation, vol. 22, no. 1, 2019, pp. 29-37. Accessed 21 Feb. 2021.
Smith, Anthony. "How To Create A Customer-Obsessed Company Like Netflix." Forbes, 12 Dec. 2017. Accessed 21 Feb. 2021.
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Deciding which service desk metrics to track and how to analyze them can be daunting. Use this deck to narrow down your goal-oriented metrics as a starting point and set your own benchmarks.
For each metric, consider adding the relevant overall goal, audience, cadence, and action. Use the audience and cadence of the metric to split your tracked metrics into various dashboards. Your final list of metrics and reports can be added to your service desk SOP.
When establishing a suite of metrics to track, it’s tempting to start with the metrics measured by other organizations. Naturally, benchmarking will enter the conversation. While benchmarking is useful, measuring you organization against others with a lack of context will only highlight your failures. Furthermore, benchmarks will highlight the norm or common practice. It does not necessarily highlight best practice.
Keeping the limitations of benchmarking in mind, establish your own metrics suite with action-based metrics. Define the audience, cadence, and actions for each metric you track and pair them with business goals. Measure only what you need to.
Slowly improve your metrics process over time and analyze your environment using your own data as your benchmark.
Benedict Chang
Research Analyst, Infrastructure & Operations
Info-Tech Research Group
Info-Tech Insight
Identify the metrics that serve a real purpose and eliminate the rest. Establish a formal review process to ensure metrics are still valid, continue to provide the answers needed, and are at a manageable and usable level.
Current Metrics Suite
19% Effective
36% Some Improvement Necessary
45% Significant Improvement Necessary
Source: Info-Tech Research Group’s CEO/CIO Alignment Diagnostic, 2019; N=622
Source: Info-Tech Research Group’s CEO/CIO Alignment Diagnostic, 2019; N=622
They can be the first step to reach an end goal, but if benchmarks are observed in isolation, it will only highlight your failures.
This does not account for all the unique variables that make up an IT organization.
For example, benchmarks that include cost and revenue may include organizations that prioritize first-call resolution (FCR), but the variables that make up this benchmark model will be quite different within your own organization.
Info-Tech Insight
Benchmarks reflect the norm and common practice, not best practice.
Being above or below the norm is neither a good nor a bad thing.
Determining what the results mean for you depends on what’s being measured and the unique factors, characteristics, and priorities in your organization.
If benchmark data is a priority within your IT organization, you may look up organizations like MetricNet, but keep the following in mind:
Review the collected benchmark data
See where IT organizations in your industry typically stand in relation to the overall benchmark.
Assess the gaps
Large gaps between yourself and the overall benchmark could indicate areas for improvement or celebration. Use the data to focus your analysis, develop deeper self-awareness, and prioritize areas for potential concern.
Benchmarks are only guidelines
The benchmark source data may not come from true peers in every sense. Each organization is different, so always explore your unique context when interpreting any findings.
Use metrics that drive productive change and improvement. Track only what you need to report on.
Ensure each metric aligns with the desired business goal, is action-based, and includes the answers to what, why, how, and who.
Establish internal benchmarks by analyzing the trends from your own data to set baselines.
Act on the results of your metrics by adjusting targets and measuring success.
Audience - Who is this metric tracked for?
Goal - Why are you tracking this metric? This can be defined along with the CSFs and KPIs.
Cadence - How often are you going to view, analyze, and action this metric?
Action - What will you do if this metric spikes, dips, trends up, or trends down?
Critical success factors (CSFs) are high-level goals that help you define the direction of your service desk. Key performance indicators (KPIs) can be treated as the trend of metrics that will indicate that you are moving in the direction of your CSFs. These will help narrow the data you have to track and action (metrics).
CSFs, or your overall goals, typically revolve around three aspects of the service desk: time spent on tickets, resources spent on tickets, and the quality of service provided.
| Critical success factor | Key performance indicator |
|---|---|
| High End-User Satisfaction | Increasing CSAT score on transactional surveys |
| High end-user satisfaction score | |
| Proper resolution of tickets | |
| Low time to resolve | |
| Low Cost per Ticket | Decreasing cost per ticket (due to efficient resolution, FCR, automation, self-service, etc.) |
| Improve Access to Self-Service (tangential to improve customer service) | High utilization of knowledgebase |
| High utilization of portal |
Download the Service Desk Metrics Workbook
Example metrics:
| Critical success factor | Key performance indicator | Metric | Cadence | Audience | Action |
|---|---|---|---|---|---|
| High End-User Satisfaction | Increasing CSAT score on transactional surveys | Monthly average of ticket satisfaction scores | Monthly | Management | Action low scores immediately, view long-term trends |
| High end-user satisfaction score | Average end-user satisfaction score from annual survey | Annually | IT Leadership | View IT satisfaction trends to align IT with business direction | |
| Proper resolution of tickets | Number of tickets reopened | Weekly | Service Desk Technicians | Action reopened tickets, look for training opportunities | |
| SLA breach rate | Daily | Service Desk Technicians | Action reopened tickets, look for training opportunities | ||
| Low time to resolve | Average TTR (incidents) | Weekly | Management | Look for trends to monitor resources | |
| Average TTR by priority | Weekly | Management | Look for TTR solve rates to align with SLA | ||
| Average TTR by tier | Weekly | Management | Look for improperly escalated tickets or shift-left opportunities |
Download the Service Desk Metrics Workbook
Example metrics:
| Metric | Who Owns the Data? | Efforts to Track? | Dashboards |
|---|---|---|---|
| Monthly average of ticket satisfaction scores | Service Desk | Low | Monthly Management Meeting |
| Average end-user satisfaction score | Service Desk | Low | Leadership Meeting |
| Number of tickets reopened | Service Desk | Low | Weekly Technician Standup |
| SLA breach rate | Service Desk | Low | Daily Technician Standup |
| Average TTR (incidents) | Service Desk | Low | Weekly Technician Standup |
| Average TTR by priority | Service Desk | Low | Weekly Technician Standup |
| Average TTR by tier | Service Desk | Low | Weekly Technician Standup |
| Average TTR (SRs) | Service Desk | Low | Weekly Technician Standup |
| Number of tickets reopened | Service Desk | Low | Daily Technician Standup |
Download the Service Desk Metrics Workbook
Metrics are typically focused on transactional efficiency and process effectiveness and not what was achieved against the customers’ need and satisfaction.
Understand the relationships between performance and metrics management to provide the end-to-end service delivery picture you are aiming to achieve.
ITSM solutions offer an abundance of metrics to choose from. The most common ones are typically built into the reporting modules of the tool suite.
Do not start tracking everything. Choose metrics that are specifically aligned to your organization’s desired business outcomes.
Don’t ignore the correlation and context between the suites of metrics chosen and how one interacts and affects the other.
Measuring metrics in isolation may lead to an incomplete picture or undesired technician behavior. Tension metrics help complete the picture and lead to proper actions.
An arbitrary target on a metric that is consistently met month over month is useless. Each metric should inform the overall performance by combining capable service level management and customer experience programs to prove the value IT is providing to the organization.
This project will help you build and improve essential service desk processes, including incident management, request fulfillment, and knowledge management, to create a sustainable service desk.
Take Control of Infrastructure and Operations Metrics
Make faster decisions and improve service delivery by using the right metrics for the job.
Analyze Your Service Desk Ticket Data
Take a data-driven approach to service desk optimization.
IT Diagnostics: Build a Data-Driven IT Strategy
Our data-driven programs ask business and IT stakeholders the right questions to ensure you have the inputs necessary to build an effective IT strategy.
Apply zero trust to key protect surfaces. A successful zero trust strategy should evolve through an iterative and repeatable process by assessing the full spectrum of available technologies to apply zero trust principles to the most relevant protect surfaces.
Every organization should have a zero trust strategy and the roadmap to deploy it must always be tested and refined. Our unique approach:
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
The storyboard contains five easy-to-follow steps on building a roadmap for implementing zero trust, from aligning initiatives to business goals to establishing metrics for measuring the progress and effectiveness of a zero trust implementation.
Use this tool to develop your zero trust strategy by having it focus on key protect surfaces that are aligned to the goals of the business.
Use this tool to develop your zero trust strategy by creating a roadmap that is aligned with the current state of the organization when it comes to zero trust and its desired target state.
Use this tool to develop your zero trust strategy by identifying the best solutions for zero trust initiatives.
Use this tool to develop your zero trust strategy by identifying metrics that will allow the organization to monitor how the zero trust implementation is progressing, and whether it is proving to be effective.
Use this template to present the zero trust strategy and roadmap to ensure all key elements are captured.
Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.
Align business goals to protect surfaces.
A better understanding of how business goals can map to key protect surfaces and their associated DAAS elements.
1.1 Understand business and IT strategy and plans.
1.2 Define business goals.
1.3 Identify five critical protect surfaces and their associated DAAS elements.
1.4 Map business goals and protect surfaces.
Mapping of business goals to key protect surfaces and their associated DAAS elements.
Identify and define zero trust initiatives.
A list of zero trust initiatives to be prioritized and set into a roadmap.
2.1 Assess current security capabilities and define the zero trust target state for a set of controls.
2.2 Identify tasks to close maturity gaps.
2.3 Assign tasks to zero trust initiatives.
Security capabilities current state assessment
Zero trust target state
Tasks to address maturity gaps
Complete the zero trust gap analysis and prioritize zero trust initiatives.
A prioritized list of zero trust initiatives aligned to business goals and key protect surfaces.
3.1 Align initiatives to business goals and key protect surfaces.
3.2 Conduct cost/benefit analysis on zero trust initiatives.
3.3 Prioritize initiatives.
Zero trust initiative list mapped to business goals and key protect surfaces
Prioritization of zero trust initiatives
Finalize the zero trust roadmap and begin to formulate zero trust policies for roadmap initiatives.
A zero trust roadmap of prioritized initiatives.
4.1 Define solution criteria.
4.2 Identify candidate solutions.
4.3 Evaluate candidate solutions.
4.4 Finalize roadmap.
4.5 Formulate policies for critical DAAS elements.
4.6 Establish metrics for high-priority initiatives.
Zero trust roadmap
Zero trust policies for critical protect surfaces
Method for defining zero trust policies for candidate solutions
Metrics for high-priority initiatives
For the longest time we have focused on reducing the attack surface to deter malicious actors from attacking organizations, but I dare say that has made these actors scream “challenge accepted.” With sophisticated tools, time, and money in their hands, they have embarrassed even the finest of organizations. A popular hybrid workforce and rapid cloud adoption have introduced more challenges for organizations, as the security and network perimeter have shifted and the internet is now the corporate network. Suffice it to say that a new mindset needs to be adopted to stay on top of the game.
The success of most attacks is tied to denial of service, data exfiltration, and ransom. A shift from focusing on the attack surface to the protect surface will help organizations implement an inside-out architecture that protects critical infrastructure, prevents the success of any attack, makes it difficult to gain access, and links directly to business goals.
Zero trust principles aid that shift across several pillars (Identity, Device, Application, Network, and Data) that make up a typical infrastructure; hence, the need for a zero trust roadmap to accomplish that which we desire for our organization.
Victor Okorie
Senior Research Analyst, Security and Privacy
Info-Tech Research Group
A successful zero trust strategy should evolve through an iterative and repeatable process by assessing the full spectrum of available technologies to apply zero trust principles to the most relevant protect surfaces.
On this zero trust journey, identify your valuable assets and zero trust controls to protect them.
Reduce attacker’s ability to move laterally
Enforce least privilege access to critical resources
Reduce enterprise attack surface
Organizations with a full implementation of zero trust saved 43% on the costs of data breaches.
(Source: Teramind, 2021)
Zero trust is considered key to the success of 96% of organizations in a survey conducted by Microsoft.
(Source: Microsoft, 2021)
“A cybersecurity paradigm focused on resource protection and the premise that trust is never granted implicitly but must be continually evaluated.”
Source: NIST, SP 800-207: Zero Trust Architecture, 2020
“An evolving set of cybersecurity paradigms that move defenses from static, network-based perimeters to focus on users, assets, and resources.”
Source: DOD, Zero Trust Reference Architecture, 2021
“A security model, a set of system design principles, and a coordinated cybersecurity and system management strategy based on an acknowledgement that threats exist both inside and outside traditional network boundaries.”
Source: NSA, Embracing a Zero Trust Security Model, 2021
“Zero trust provides a collection of concepts and ideas designed to minimize uncertainty in enforcing accurate, least privilege per-request access decisions in information systems and services in the face of a network viewed as compromised.”
Source: CISA, Zero Trust Maturity Model, 2021
“The foundational tenet of the zero trust model is that no actor, system, network, or service operating outside or within the security perimeter is trusted.”
Source: OMB, Moving the U.S. Government Toward Zero Trust Cybersecurity Principles, 2022
Zero trust is an ideal in the literal sense of the word, because it is a standard defined by its perfection. Just as nothing in life is perfect, there is no measure that determines an organization is absolutely zero trust. The best organizations can do is improve their security iteratively and get as close to ideal as possible.
In the most current application of zero trust in the enterprise, a zero trust strategy applies a set of principles, including least-privilege access and per-request access enforcement, to minimize compromise to critical assets. A zero trust roadmap is a plan that leverages zero trust concepts, considers relationships between technical elements as well as security solutions, and applies consistent access policies to minimize areas of exposure.
Solutions offering zero trust often align with one of five pillars. A successful zero trust implementation may involve a combination of solutions, each protecting the various data, application, assets, and/or services elements in the protect surface.
Reduced business risks as continuous verification of identity, devices, network, applications, and data is embedded in the organizations practice.
36% of data breaches involved internal actors.
Source: Verizon, 2021
Reduced CapEx and OpEx due to the scalability, low staffing requirement, and improved time-to-respond to threats.
Source: SecurityBrief - Australia, 2020.
Helps achieve compliance with several privacy standards and regulations, improves maturity for cyber insurance premium, and fewer gaps during audits.
Scope of compliance reduced due to segmentation.
Reduced risk of data breach in any instance of a malicious attack as there’s no lateral movement, secure segment, and improved visibility.
10% Increase in data breach costs; costs went from $3.86 million to $4.24 million.
Source: IBM, 2021
1. Define Business Goals and Protect Surfaces |
2. Assess Key Capabilities and Identify Zero Trust Initiatives |
3. Evaluate Candidate Solutions and Finalize Roadmap |
4. Formulate Policies for Roadmap Initiatives |
5. Monitor the Zero Trust Roadmap Deployment |
|
|---|---|---|---|---|---|
Phase Steps |
Define business goals Identify critical DAAS elements Map business goals to critical DAAS elements |
|
|
|
|
Phase Outcomes |
Mapping of business goals to protect surfaces |
Gap analysis of security capabilities |
Evaluation of candidate solutions and a roadmap to close gaps |
Method for defining zero trust policies for candidate solutions |
Metrics for measuring the progress and efficiency of the zero trust implementation |
A successful zero trust strategy should evolve through an iterative and repeatable process by assessing the full spectrum of available technologies to apply zero trust principles to the most relevant protect surfaces.
Developing a zero trust roadmap collaboratively with business stakeholders enables alignment with upcoming business priorities and industry trends.
Deriving protect surface elements from business goals reframes how security controls are applied. Assess control effectiveness in this context and identify zero trust capabilities to close any gaps.
Don’t let your solution dictate your roadmap. Define your zero trust solution criteria before engaging in vendor selection.
The success of a zero trust implementation relies on consistent enforcement. Applying the Kipling methodology to each protect surface is the best way to design zero trust policies.
To measure the efficacy of a zero trust implementation, ensure you know what a successful zero trust implementation means for your organization, and define metrics that demonstrate whether that success is being realized.
Each step of this blueprint is accompanied by supporting deliverables to help you accomplish your goals:
Present your zero trust strategy in a prepopulated document that summarizes the work you have completed as a part of this blueprint.
Identify critical and vulnerable DAAS elements to protect and align them to business goals.
Perform a gap analysis between current and target states to build a zero trust roadmap.
Determine and evaluate candidate solutions based on defined criteria.
Develop metrics to track the progress and efficiency of the organization’s zero trust implementation.
Organizations with a mature implementation of zero trust saved 43%, or $1.76 million, on the costs of data breaches.
Source: IBM, 2021
In phase 2 of this blueprint, we will help you establish zero trust implementation tasks for your organization.
In phase 3, we will help you develop a game plan and a roadmap for implementing those tasks.
INDUSTRY: Government
SOURCE: Zero Trust Architecture Technical Exchange Meeting
NASA recognized the potential benefits of both adopting a zero trust architecture (including aligning with OMB FISMA and DHS CDM DEFEND) and improving NASA systems, especially those related to user experience with dynamic access, application security with sole access from proxy, and risk-based asset management with trust score. The trust score is continually evaluated from a combination of static factors, such as credential and biometrics, and dynamic factors, such as location and behavior analytics, to determine the level of access. The enhanced access mechanism is projected on use-case flows of users and external partners to analyze the required initiatives.
The lessons learned in adapting zero trust were:
NASA implemented zero trust architecture by leveraging the agency existing components on a roadmap with phases related to maturity. The initial development includes privileged access management, security user behavior analytics, and a proof-of-concept lab for evaluating the technologies.
Case Study Source: NASA, “Planning for a Zero Trust Architecture Target State,” 2019
“Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful.”
“Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track.”
“We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place.”
“Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project.”
What does a typical GI on this topic look like?
| Phase 1 | Phase 2 | Phase 3 | Phase 4 | Phase 5 |
|---|---|---|---|---|
| Call #1: Scope requirements, objectives, and your specific challenges. |
Call #3: |
Call #5: Identify and evaluate solution criteria. |
Call #7: |
Call #8: |
| Call #2: Identify business goals and protect surfaces. |
Call #4: |
Call #6: |
A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization.
A typical GI is between 8 to 12 calls over the course of 2 to 4 months.
Contact your account representative for more information.workshops@infotech.com 1-888-670-8889
| Day 1 | Day 2 | Day 3 | Day 4 | Day 5 | |
|---|---|---|---|---|---|
Define Business Goals and Protect Surfaces |
Begin Gap Analysis |
Complete Gap Analysis |
Finalize Roadmap and Formulate Policies |
Next Steps and |
|
| Activities | 1.1 Understand business and IT strategy and plans. 1.2 Define business goals. 1.3 Identify five critical protect surfaces and their associated DAAS elements. 1.4 Map business goals and protect surfaces. |
2.1 Assess current security capabilities and define the zero Trust target state for a set of controls. 2.2 Identify tasks to close maturity gaps. 2.3 Assign tasks to zero trust initiatives. |
3.1 Align initiatives to business goals and key protect surfaces. 3.2 Conduct cost/benefit analysis on zero trust initiatives. 3.3 Prioritize initiatives. |
4.1 Define solution criteria. 4.2 Identify candidate solutions. 4.3 Evaluate candidate solutions. 4.4 Finalize roadmap. 4.5 Formulate policies for critical DAAS elements. 4.6 Establish metrics for high-priority initiatives. |
5.1 Complete in-progress deliverables from previous four days. 5.2 Set up review time for workshop deliverables and to discuss next steps. |
| Deliverables |
|
|
|
|
|
Security and the business need to be in alignment when implementing zero trust. Defining the business goal helps rationalize the need for a zero trust implementation.
Download the Zero Trust Protect Surface Mapping Tool
Developing a zero trust roadmap collaboratively with business stakeholders enables alignment with upcoming business priorities and industry trends.
Regardless of whether the user is accessing resources internally or externally, zero trust is posed to authenticate, authorize, and continuously verify the security policies and posture before access is granted or denied. Many network architecture can be local, cloud based, or hybrid and with users working from any location, there is no network perimeter as we knew it and the internet is now the corporate network.
Zero trust framework seeks to extend the perimeter-less security to the present digital transformation.
A protect surface can be described as what’s critical, most vulnerable, or most valuable to your organization. This protect surface could include at least one of the following – data, assets, applications, and services (DAAS) – that requires protection. This is also the area that zero trust policy is aimed to protect. Understanding what your protect surface is can help channel the required energy into protecting that which is crucial to the business, and this aligns with the shift from focusing on the attack surface to narrowing it down to a smaller and achievable area of protection.
Anything and everything that connects to the internet is a potential attack surface and pursuing every loophole will leave us one step behind due to lack of resources. Since a protect surface contains one or more DAAS element, the micro-perimeter is created around it and the appropriate protection is applied around it. As a team, we can ask ourselves this question when thinking of our protect surface: to what degree does my organization want me to secure things? The knowledge of the answer to this question can be tied to the risk tolerance level of the organization and it is only fair for us to engage the business in identifying what the protect surface should be.
The protect surface is a shift from focusing on the attack surface. DAAS elements show where the initiatives and controls associated with the zero trust pillars (Identity, Devices, Network, Application, and Data) need to be applied.
INDUSTRY: Healthcare
SOURCE: Info-Tech Research Group
This granular identification provides an opportunity to not only see what the protect surface and DAAS elements are but also understand where to apply security controls that align with the principle of zero trust as well as how the transaction flows. The application pillar initiatives will provide protection to the EPIC application and the device pillar initiatives will provide protection to the workstations and physical scanners. The identity pillar initiatives will apply protection to the active directory, and single sign-on services. The zero trust pillar initiatives align with the protection of the DAAS elements.
The protect surface is a shift from focusing on the attack surface as it creates a micro-perimeter for the application of zero trust policies on the system. This drastically reduces the success of an attack whether internally or externally, reduces the attack surface, and is also repeatable.
Download the Zero Trust Protect Surface Mapping Tool
Download the Zero Trust Protect Surface Mapping Tool
A best-of-breed approach ensures holistic coverage of your zero trust program while refraining from locking you into a specific reference.
Download the Zero Trust Program Gap Analysis Tool
Refer to the Protect Surface Mapping Tool, copy the following elements from the Protect Surface tab.
Deriving protect surface elements from business goals reframes how security controls are applied. Assess control effectiveness in this context and identify zero trust capabilities to close any gaps.
Download the Zero Trust Program Gap Analysis Tool
Maturity models are very effective for determining target states. This table provides general descriptions for each maturity level. As a group, consider which description most accurately reflects the ideal target state in your organization.
Initial/ad hoc security programs are reactive. Lacking strategic vision, these programs are less effective and less responsive to the needs of the business.
Developing security programs can be effective at what they do but are not holistic. Governance is largely absent. These programs tend to rely on the talents of individuals rather than a cohesive plan.
A defined security program is holistic, documented, and proactive. At least some governance is in place; however, metrics are often rudimentary and operational in nature. These programs still often rely on best practices rather than strong risk management.
Managed security programs have robust governance and metrics processes. Management and board-level metrics for the overall program are produced. These are reviewed by business leaders and drive security decisions. More mature risk management practices take the place of best practices.
An optimized security program is based on strong risk management practices, including the production of key risk indicators (KRIs). Individual security services are optimized using key performance indicators (KPIs) that continually measure service effectiveness and efficiency.
Make sure that the gap between target state and current state is achievable for the current zero trust roadmap. For instance, if you set your current maturity to 1 – Ad Hoc, then having a target maturity of 4 – Managed or 5 – Optimized is not recommended due to the big jump.
Download the Zero Trust Program Gap Analysis Tool
Make sure that the Gap Closure Tasks are SMART (Specific, Measurable, Achievable, Realistic, Timebound).
Download the Zero Trust Program Gap Analysis Tool
In the example below, we see three gap closure tasks within the Authentication process for the Identity pillar being consolidated into a single initiative “IAM modernization.”
We can also see three gap closure tasks within the Micro Segmentation process for the Network pillar being grouped into another initiative “Network segmentation.”
As you go through this exercise, you may find that some tasks that you previously defined could be consolidated into an initiative.
If the list of tasks is too long for the Description column, then you can also shorten the name of the tasks or group several tasks to a more general task.
Download the Zero Trust Program Gap Analysis Tool
Don’t let your solution dictate your roadmap. Define your zero trust solution criteria before engaging in vendor selection.
Download the Zero Trust Candidate Solutions Selection Tool
On the Setup tab, provide a weight for each evaluation criterion to evaluate the candidate solutions. You can use “0%” weight if that criterion is not required in your solution selection.
On the Setup tab, provide a weight for each evaluation criterion to evaluate the candidate solutions. You can use “0%” weight if that criterion is not required in your solution selection.
| Awareness | Education & Discovery | Evaluation | Selection | Negotiation & Configuration |
|---|---|---|---|---|
| 1.1 Proactively Lead Technology Optimization & Prioritization | 2.1 Understand Marketplace Capabilities & Trends | 3.1 Gather & Prioritize Requirements & Establish Key Success Metrics | 4.1 Create a Weighted Vendor Selection Decision Model | 5.1 Initiate Price Negotiation With Top |
| 1.2 Scope & Define the Selection Process for Each Selection Request Action | 2.2 Discover Alternative Solutions & Conduct Market Education | 3.2 Conduct a Data-Driven Comparison of Vendor Features & Capabilities | 4.2 Conduct Investigative Interviews Focused on Mission Critical Priorities With Top 2-4 Vendors | 5.2 Negotiate Contract Terms & Product Configuration Two Vendors Selected |
| 1.3 Conduct an Accelerated Business Needs Assessment | 2.3 Evaluate Enterprise Architecture & Application Portfolio | 3.3 Narrow the Field to Four Top Contenders | 4.3 Validate Key Issues With Deep Technical Assessments, Trial Configuration & Reference Checks | 5.3 Finalize Budget Approval & Project Implementation Timeline |
| 1.4 Align Stakeholder Calendars to Reduce Elapsed Time & Asynchronous Evaluation | 2.4 Validate the Business Case | 5.4 Invest in Training & Onboarding Assistance |
The Data Quadrant is a thorough evaluation and ranking of all software in an individual category to compare platforms across multiple dimensions.
Vendors are ranked by their Composite Score, based on individual feature evaluations, user satisfaction rankings, vendor capability comparisons, and likeliness to recommend the platform.
The Emotional Footprint is a powerful indicator of overall user sentiment toward the relationship with the vendor, capturing data across five dimensions.
Vendors are ranked by their Customer Experience (CX) Score, which combines the overall Emotional Footprint rating with a measure of the value delivered by the solution.
Add a description associated with the candidate solution, e.g. reference link to vendors or manufacturers. This will make it easier to perform the evaluation.
On the Scoring tab, evaluate solution features, usability, affordability, and architecture using the instructions on the following slides. This activity will produce a solution score that can be used to identify the suitability of a solution.
After all candidate solutions are evaluated, the Solution Score column can be sorted to rank the candidate solutions. After sorting, the top solutions can be used on prioritization of initiatives on Zero Trust Program Gap Analysis Tool.
Use Zero Trust Program Gap Analysis Tool.
The Cost / Effort Rating is calculated based on the weight defined on step 2.1.1. The Benefit Rating is calculated based on the weight defined on step 2.1.2.
Use Zero Trust Program Gap Analysis Tool.
The Benefits-Cost column will give results after comparing the cost and the benefit. Negative value means that the cost outweighs the benefit. Positive value means that the benefit outweighs the cost. Zero value means that the cost equals the benefit.
An effort map is a tool used for the visualization of a cost and benefit analysis. It is a quadrant output that visually shows how your gap initiatives were prioritized based on tab 7 in the Zero Trust Program Gap Analysis Tool.
Once the effort map is complete, work to further simplify the visual output by categorizing initiatives based on the quadrant in which they have been placed.
In the example below, we see “IAM modernization” was assessed as 9 on cost/effort rating and 5 on benefit rating and its Benefits-Cost has a positive value of 1. We can label this as SHOULD DO (wave 2).
We can also see “Network segmentation” was assessed as 6 on cost/effort rating and 4 on benefit rating and its Benefits-Cost has a positive value of 2. We can label this as MUST DO (wave 1).
We can also see “Unified Endpoints Management” was assessed as 8 on cost/effort rating and 2 on benefit rating and its Benefits-Cost has a negative value of -4. We can label this as WON’T DO (no wave).
We can also see “Data Protection” was assessed as 4 on cost/effort rating and 2 on benefit rating and its Benefits-Cost has a zero value. We can label this as COULD DO (wave 3).
It is recommended to define the threshold of each wave based on the value of Benefits-Cost before assigning waves.
This table provides you with the information to have important conversations with management and stakeholders.
| Who | Who should access a resource? Here, the user ID that identifies the users through the principle of least privilege is allowed access to a particular resource. The authentication policy will be used to verify identity of a user when access request to a resource is made. Who requires MFA? |
|---|---|
| What | What application is used to access the resource? Application ID to identify applications that are only allowed on the network. Port control policies can be used for the application service. |
| When | When do users access the resource? Policy that identifies and enforces time schedule when an application accessed by users is used. |
| Where | Where is the resource located? The location of the destination resource should be added to the policy and, where possible, restrict the source of the traffic either by zone and/or IP address. |
| Why | Why is the data accessed? Data classification should be done to know why the data needs protection and the type of protection (data filtering). |
| How | How should you allow access to the resource? This covers the protection of the application traffic. Principle of least privilege access, log all traffic, configure security profiles, NGFW, decryption and encryption, consistent application of policy and threat prevention across all locations for all local and remote users on managed and unmanaged endpoints are ways to apply content-ID. |
The success of a zero trust implementation relies on enforcing policies consistently. Applying the Kipling methodology to the protect surface is the best way to design zero trust policies.
| Who | What | When | Where | Why | How | |
|---|---|---|---|---|---|---|
| Method | User-ID | App-ID | Time limit | System Object | Classification | Content-ID |
| On-Prem | Pyxis_Users | Pyxis | Any | Pyxis_server | Severe (high value data) | Decrypt, Inspect, log traffic |
| Cloud | Sales | Salesforce | Working hours | Canada | Severe (high value data) | Decrypt, Inspect, log traffic |
| Who | What | When | Where | Why | How | |
|---|---|---|---|---|---|---|
| Method | User-ID | App-ID | Time limit | System Object | Classification | Content-ID |
| Who | What | When | Where | Why | How | |
|---|---|---|---|---|---|---|
| Method | User-ID | App-ID | Time limit | System Object | Classification | Content-ID |
| Who | What | When | Where | Why | How | |
|---|---|---|---|---|---|---|
| Method | User-ID | App-ID | Time limit | System Object | Classification | Content-ID |
This component makes up the final piece of formulating the policies as it applies the protection of the application traffic.
The principle of least privilege is applied to the security policy to only allow access requests and restrict the access to the purpose it serves. This access request is then logged as well as the traffic (both internal and external). Most firewalls (NGFW) have policy rules that, by default, enable logging.
Segmentation gateways (NGFW, VM-series firewalls, agent-based and clientless VPN solutions), are used to apply zero trust policy (Kipling methodology) in the network, cloud, and endpoint (managed and unmanaged) for all local and remote users.
These policies need to be applied to security profiles on all allowed traffic. Some of these profiles include but are not limited to the following: URL filtering profile for web access and protect against phishing attacks, vulnerability protection profile intrusion prevention systems, anti spyware profiles to protect against command-and-control threats, malware and antivirus profile to protect against malware, and a file blocking profile to block and/or alert suspicious file types.
Good visibility on your network can also be tied to decryption as you can inspect traffic and data to the lowest level possible that is generally accepted by your organization and in compliance with regulation.
With users working from anywhere on managed and unmanaged devices, access to the internet, SAAS, public cloud, and the data center will have consistent policies applied regardless of their location.
The policy is validating that the user is who they say they are based on the role profile, what they are trying to access to make sure their role or attribute profile has the appropriate permission to the application, and within the stipulated time limit. Where the data or application is located is also verified and the why needs to be satisfied before the requested access is granted. Based on the mentioned policies, the how element is then applied throughout the lifecycle of the access.
Who (Internet) |
What (SAAS) |
When | Where (Public Cloud) |
Why | How (Data Center) |
|
|---|---|---|---|---|---|---|
| Method | User-ID | App-ID | Time limit | System Object | Classification | Content-ID |
| On-Prem | Pyxis_Users | Pyxis | Any | Pyxis_server | Severe (high value data) | Decrypt, Inspect, log traffic |
| Cloud | Sales | Salesforce | Working hours | Canada | Severe (high value data) | Decrypt, Inspect, log traffic |
To measure the efficacy of a zero trust implementation, ensure you know what a successful zero trust implementation means for your organization, and define metrics that demonstrate whether that success is being realized.
For each metric defined in step 4.1.1:
On tab “3. Track Metrics” of the Zero Trust Progress Monitoring Tool:
On tab “4. Graphs” of the Zero Trust Progress Monitoring Tool:
Copy and paste desired graphs into presentations for audience members identified in step 5.1.2.
Leverage the Zero Trust Communication Deck to showcase the work that you have done in the tools and activities associated with this research.
In this communication deck template, you will find the following sections:
If you would like additional support, have our analysts guide you through other phases as part of an Info-Tech workshop
Contact your account representative for more information
workshops@infotech.com
1-888-670-8889
To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.
Info-Tech analysts will join you and your team at your location or welcome you to Info-Tech’s historic Toronto office to participate in an innovative onsite workshop.
Contact your account representative for more information.
workshops@infotech.com 1-888-670-8889
Assess current security capabilities and build a roadmap of tasks and initiatives that close maturity gaps.
Identify and track metrics for zero trust tasks and initiatives.
Build an Information Security Strategy
Info-Tech has developed a highly effective approach to building an information security strategy – an approach that has been successfully tested and refined for over seven years with hundreds of organizations. This unique approach includes tools for ensuring alignment with business objectives, assessing organizational risk and stakeholder expectations, enabling a comprehensive current-state assessment, prioritizing initiatives, and building out a security roadmap.
Determine Your Zero Trust Readiness
IT security was typified by perimeter security. However, the way the world does business has mandated a change to IT security. In response, zero trust is a set of principles that can add flexibility to planning your IT security strategy.
Use this blueprint to determine your zero trust readiness and understand how zero trust can benefit both security and the business.
Mature Your Identity and Access Management Program
Many organizations are looking to improve their identity and access management (IAM) practices but struggle with where to start and whether all areas of IAM have been considered. This blueprint will help you improve the organization's identity and access management practices by following our three-phase methodology:
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
A business-led, top-management-supported initiative partnered with IT has the greatest chance of success.
Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.
To build understanding and alignment between business and IT on what an ERP is and the goals for the project
Clear understanding of how the ERP supports the organizational goals
What business processes the ERP will be supporting
An initial understanding of the effort involved
1.1 Introduction to ERP
1.2 Background
1.3 Expectations and goals
1.4 Align business strategy
1.5 ERP vision and guiding principles
1.6 ERP strategy model
1.7 ERP operating model
ERP strategy model
ERP Operating model
Generate an understanding of the business processes, challenges, and application portfolio currently supporting the organization.
An understanding of the application portfolio supporting the business
Detailed understanding of the business operating processes and pain points
2.1 Build application portfolio
2.2 Map the level 1 ERP processes including identifying stakeholders, pain points, and key success indicators
2.3 Discuss process and technology maturity for each level 1 process
Application portfolio
Mega-processes with level 1 process lists
A project of this size has multiple stakeholders and may have competing priorities. This section maps those stakeholders and identifies their possible conflicting priorities.
A prioritized list of ERP mega-processes based on process rigor and strategic importance
An understanding of stakeholders and competing priorities
Initial compilation of the risks the organization will face with the project to begin early mitigation
3.1 ERP process prioritization
3.2 Stakeholder mapping
3.3 Competing priorities review
3.4 Initial risk register compilation
Prioritized ERP operating model
Stakeholder map.
Competing priorities list.
Initial risk register.
Select a future state and build the initial roadmap to set expectations and accountabilities.
Identification of the future state
Initial roadmap with expectations on accountability and timelines
4.1 Discuss future state options
4.2 Build initial roadmap
4.3 Review of final deliverable
Future state options
Initiative roadmap
Draft final deliverable
|
Analyst Perspective |
Phase 3: Plan Your Project |
|
Executive Summary |
Step 3.1: Stakeholders, risk, and value |
|
Phase 1: Build Alignment and Scope |
Step 3.2: Project set up |
|
Step 1.1: Aligning Business and IT |
Phase 4: Next Steps |
|
Step 1.2: Scope and Priorities |
Step 4.1: Build your roadmap |
|
Phase 2: Define Your ERP |
Step 4.2: Wrap up and present |
|
Step 2.1: ERP business model |
Summary of Accomplishment |
|
Step 2.2: ERP processes and supporting applications |
Research Contributors |
|
Step 2.3: Process pains, opportunities, and maturity |
Related Info-Tech Research |
|
Bibliography |
Enterprise resource planning (ERP) is a core tool that the business leverages to accomplish its goals. An ERP that is doing its job well is invisible to the business. The challenges come when the tool is no longer invisible. It has become a source of friction in the functioning of the business
ERP systems are expensive, their benefits are difficult to quantify, and they often suffer from poor user satisfaction. Post-implementation, technology evolves, organizational goals change, and the health of the system is not monitored. This is complicated in today’s digital landscape with multiple integration points, siloed data, and competing priorities.
Too often organizations jump into selecting replacement systems without understanding the needs of the organization. Alignment between business and IT is just one part of the overall strategy. Identifying key pain points and opportunities, assessed in the light of organizational strategy, will provide a strong foundation to the transformation of the ERP system.
Robert Fayle
Research Director, Enterprise Applications
Info-Tech Research Group
Organizations often do not know where to start with an ERP project. They focus on tactically selecting and implementing the technology but ignore the strategic foundation that sets the ERP system up for success. ERP projects are routinely reported as going over budget, over schedule, and they fail to realize any benefits.
ERP projects impact the entire organization – they are not limited to just financial and operating metrics. The disruption is felt during both implementation and in the production environment.
Missteps early on can cost time, financial resources, and careers. Roughly 55% of ERP projects reported being over budget, and two-thirds of organizations implementing ERP realized less than half of their anticipated benefits.
Obtain organizational buy-in and secure top management support. Set clear expectations, guiding principles, and critical success factors.
Build an ERP operating model/business model that identifies process boundaries, scope, and prioritizes requirements. Assess stakeholder involvement, change impact, risks, and opportunities.
Understand the alternatives your organization can choose for the future state of ERP. Develop an actionable roadmap and meaningful KPIs that directly align with your strategic goals.
Accountability for ERP success is shared between IT and the business. There is no single owner of an ERP. A unified approach to building your strategy promotes an integrated roadmap so all stakeholders have clear direction on the future state.
Enterprise resource planning (ERP) systems facilitate the flow of information across business units. It allows for the seamless integration of systems and creates a holistic view of the enterprise to support decision making.
In many organizations, the ERP system is considered the lifeblood of the enterprise. Problems with this key operational system will have a dramatic impact on the ability of the enterprise to survive and grow.
A measured and strategic approach to change will help mitigate many of the risks associated with ERP projects, which will avoid the chances of these changes becoming the dreaded “career killers.”
Enterprise resource planning (ERP) systems facilitate the flow of information across business units. They allow for the seamless integration of systems and create a holistic view of the enterprise to support decision making.
In many organizations, the ERP system is considered the lifeblood of the enterprise. Problems with this key operational system will have a dramatic impact on the ability of the enterprise to survive and grow.
An ERP system:
50-70%
Statistical analysis of ERP projects indicates rates of failure vary from 50 to 70%. Taking the low end of those analyst reports, one in two ERP projects is considered a failure. (Source: Saxena and Mcdonagh)
85%
Companies that apply the principles of behavioral economics outperform their peers by 85% in sales growth and more than 25% in gross margin. (Source: Gallup)
40%
Nearly 40% of companies said functionality was the key driver for the adoption of a new ERP. (Source: Gheorghiu)
| Drivers of Dissatisfaction | |||
Business
|
Data
|
People and teams
|
Technology
|
Finance, IT, Sales, and other users of the ERP system can only optimize ERP with the full support of each other. The cooperation of the departments is crucial when trying to improve ERP technology capabilities and customer interaction.
While technology is the key enabler of building strong customer experiences, there are many other drivers of dissatisfaction. IT must stand shoulder-to-shoulder with the business to develop a technology framework for ERP.
| 1. Build alignment and scope | 2. Define your ERP | 3. Plan your project | 4. Next Steps | |
| Phase Steps |
|
|
|
|
| Phase Outcomes | Discuss organizational goals and how to advance those using the ERP system. Establish the scope of the project and ensure that business and IT are aligned on project priorities. | Build the ERP business model then move on to the top level (mega) processes and an initial list of the sub-processes. Generate a list of applications that support the identified processes. Conclude with a complete view of the mega-processes and their sub-processes. | Map out your stakeholders to evaluate their impact on the project, build an initial risk register and discuss group alignment. Conclude the phase by setting the initial core project team and their accountabilities to the project. | Review the different options to solve the identified pain points then build out a roadmap of how to get to that solution. Build a communication plan as part of organizational change management, which includes the stakeholder presentation. |
Each step of this blueprint is accompanied by supporting deliverables to help you accomplish your goals:
|
ERP Strategy ReportComplete an assessment of processes, prioritization, and pain points, and create an initiative roadmap.
|
ERP Business ModelAlign your business and technology goals and objectives in the current environment. |
|
ERP Operating ModelIdentify and prioritize your ERP top-level processes. |
|
ERP Process PrioritizationAssess ERP processes against the axes of rigor and strategic importance. |
|
ERP Strategy RoadmapA data-driven roadmap of how to address the ERP pain points and opportunities. |
|
Aerospace organization assesses ERP future state from opportunities, needs, and pain points
Several issues plagued the aerospace and defense organization. Many of the processes were ad hoc and did not use the system in place, often relying on Excel. The organization had a very large pain point stemming from its lack of business process standardization and oversight. The biggest gap, however, was from the under-utilization of the ERP software.
By assessing the usage of the system by employees and identifying key workarounds, the gaps quickly became apparent. After assessing the organization’s current state and generating recommendations from the gaps, it realized the steps needed to achieve its desired future state. The analysis of the pain points generated various needs and opportunities that allowed the organization to present and discuss its key findings with executive leadership to set milestones for the project.
The overall assessment led the organization to the conclusion that in order to achieve its desired future state and maximize ROI from its ERP, the organization must address the internal issues prior to implementing the upgraded software.
DIY Toolkit |
Guided Implementation |
Workshop |
Consulting |
| "Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful." | "Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track." | "We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place." | "Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project." |
A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization.
A typical GI is between eight to twelve calls over the course of four to six months.
Contact your account representative for more information.
workshops@infotech.com1-888-670-8889
| Day 1 | Day 2 | Day 3 | Day 4 | Day 5 | |
| Activities |
Introduction to ERP1.1 Introduction to ERP 1.2 Background 1.3 Expectations and goals 1.4 Align business strategy 1.5 ERP vision and guiding principles 1.6 ERP strategy model 1.7 ERP operating model |
Build the ERP operating model2.1 Build application portfolio 2.2 Map the level 1 ERP processes including identifying stakeholders, pain points, and key success indicators 2.3 Discuss process and technology maturity for each level 1 process |
Project set up3.1 ERP process prioritization 3.2 Stakeholder mapping 3.3 Competing priorities review 3.4 Initial risk register compilation 3.5 Workshop retrospective |
Roadmap and presentation review4.1 Discuss future state options 4.2 Build initial roadmap 4.3 Review of final deliverable |
Next Steps and wrap-up (offsite)5.1 Complete in-progress deliverables from previous four days 5.2 Set up review time for workshop deliverables and to discuss next steps |
| Deliverables |
|
|
|
|
|
Phase 1
|
Phase 2
|
Phase 3
|
Phase 4
|
Build a common language to ensure clear understanding of the organizational needs. Define a vision and guiding principles to aid in decision making and enumerate how the ERP supports achievement of the organizational goals. Define the initial scope of the ERP project. This includes the discussion of what is not in scope.
When faced with a challenge, prepare for the WHY.
Most organizations can answer “What?”
Some organizations can answer “How?”
Very few organizations have an answer for “Why?”
Each stage of the project will be difficult and present its own unique challenges and failure points. Re-evaluate if you lose sight of WHY at any stage in the project.
Business and IT have a shared understanding of how the ERP supports the organizational goals.
Every group has their own understanding of the ERP system, and they may use the same words to describe different things. For example, is there a difference between procurement of office supplies and procurement of parts to assemble an item for sale? And if they are different, do your terms differ (e.g., procurement versus purchasing)?
| Term(s) | Definition |
| HRMS, HRIS, HCM | Human Resource Management System, Human Resource Information System, Human Capital Management. These represent four capabilities of HR: core HR, talent management, workforce management, and strategic HR. |
| Finance | Finance includes the core functionalities of GL, AR, and AP. It also covers such items as treasury, financial planning and analysis (FP&A), tax management, expenses, and asset management. |
| Supply Chain | The processes and networks required to produce and distribute a product or service. This encompasses both the organization and the suppliers. |
| Procurement | Procurement is about getting the right products from the right suppliers in a timely fashion. Related to procurement is vendor contract management. |
| Distribution | The process of getting the things we create to our customers. |
| CRM | Customer Relationship Management, the software used to maintain records of our sales and non-sales contact with our customers. |
| Sales | The process of identifying customers, providing quotes, and converting those quotes to sales orders to be invoiced. |
| Customer Service | This is the process of supporting customers with challenges and non-sales questions related to the delivery of our products/services. |
| Field Service | The group that provides maintenance services to our customers. |
Record this information in the ERP Strategy Report Template.
Download the ERP Strategy Report Template
Example/working slide for your glossary. Consider this a living document and keep it up to date.
| Term(s) | Definition |
| HRMS, HRIS, HCM | Human Resource Management System, Human Resource Information System, Human Capital Management. These represent four capabilities of HR: core HR, talent management, workforce management, and strategic HR. |
| Finance | Finance includes the core functionalities of GL, AR, and AP. It also covers such items as treasury, financial planning and analysis (FP&A), tax management, expenses, and asset management. |
| Supply Chain | The processes and networks required to produce and distribute a product or service. This encompasses both the organization and the suppliers. |
| Procurement | Procurement is about getting the right products from the right suppliers in a timely fashion. Related to procurement is vendor contract management. |
| Distribution | The process of getting the things we create to our customers. |
| CRM | Customer Relationship Management, the software used to maintain records of our sales and non-sales contact with our customers. |
| Sales | The process of identifying customers, providing quotes, and converting those quotes to sales orders to be invoiced. |
| Customer Service | This is the process of supporting customers with challenges and non-sales questions related to the delivery of our products/services. |
| Field Service | The group that provides maintenance services to our customers. |
Guiding principles are high-level rules of engagement that help to align stakeholders from the outset. Determine guiding principles to shape the scope and ensure stakeholders have the same vision.
Guiding principles should be constructed as full sentences. These statements should be able to guide decisions.
EXAMPLES
1 hour
Record this information in the ERP Strategy Report Template.
Download the ERP Strategy Report Template
We, [Organization], will select and implement an integrated software suite that enhances the growth and profitability of the organization through streamlined global business processes, real time data-driven decisions, increased employee productivity, and IT investment protection.
| Corporate Strategy | Unified Strategy | ERP Strategy |
|
|
|
ERP projects are more successful when the management team understands the strategic importance and the criticality of alignment. Time needs to be spent upfront aligning business strategies with ERP capabilities. Effective alignment between IT and the business should happen daily. Alignment doesn’t just to occur at the executive level alone, but at each level of the organization.
1-2 hours
Download the ERP Strategy Report Template
| Corporate Strategy | ERP Benefits |
| End customer visibility (consumer experience) |
|
| Social responsibility |
|
| New business development |
|
| Employee experience |
|
A project scope statement and a prioritized list of projects that may compete for organizational resources.
Establishing the parameters of the project in a scope statement helps define expectations and provides a baseline for resource allocation and planning. Future decisions about the strategic direction of ERP will be based on the scope statement.
Well-executed requirements gathering will help you avoid expanding project parameters, drawing on your resources, and contributing to cost overruns and project delays. Avoid scope creep by gathering high-level requirements that lead to the selection of category-level application solutions (e.g. HRIS, CRM, PLM etc.) rather than granular requirements that would lead to vendor application selection (e.g. SAP, Microsoft, Oracle, etc.).
Out-of-scope items should also be defined to alleviate ambiguity, reduce assumptions, and further clarify expectations for stakeholders. Out-of-scope items can be placed in a backlog for later consideration.
| In Scope | Out of Scope |
| Strategy | High-level ERP requirements, strategic direction |
| Software selection | Vendor application selection, Granular system requirements |
1 hour
Record this information in the ERP Strategy Report Template.
Download the ERP Strategy Report Template
The following systems are considered in scope for this project:
The following systems are out of scope for this project:
The following systems are in scope, in that they must integrate into the new system. They will not change.
Organizations typically have multiple projects on the table or in flight. Each of those projects requires resources and attention from business and/or the IT organization.
Don’t let poor prioritization hurt your ERP implementation.
BNP Paribas Fortis had multiple projects that were poorly prioritized resulting in the time to bring products to market to double over a three-year period. (Source: Neito-Rodriguez, 2016)
| Project | Timeline | Priority notes | Implications |
| Warehouse management system upgrade project | Early 2022 implementation | High | Taking IT staff and warehouse team, testing by finance |
| Microsoft 365 | October 2021-March 2022 | High | IT Staff, org impacted by change management |
| Electronic Records Management | April 2022 – Feb 2023 | High | Legislative requirement, org impact due to record keeping |
| Web site upgrade | Early fiscal 2023 |
1 hour
Record this information in the ERP Strategy Report Template.
Download the ERP Strategy Report Template
List all your known projects both current and proposed. Discuss the prioritization of those projects, whether they are more or less important than your ERP project.
| Project | Timeline | Priority notes | Implications |
| Warehouse management system upgrade project | Early 2022 implementation | High | Taking IT staff and warehouse team, testing by finance |
| Microsoft 365 | October 2021-March 2022 | High | IT Staff, org impacted by change management |
| Electronic Records Management | April 2022 – Feb 2023 | High | Legislative requirement, org impact due to record keeping |
| Web site upgrade | Early fiscal 2023 | Medium | |
| Point of Sale replacement | Oct 2021– Mar 2022 | Medium | |
| ERP utilization and training on unused systems | Friday, Sept 17 | Medium | Could impact multiple staff |
| Managed Security Service RFP | This calendar year | Medium | |
| Mental Health Dashboard | In research phase | Low |
Phase 1
| Phase 2
| Phase 3
| Phase 4
|
|
|||
External Considerations
|
Organizational Drivers
|
Technology Considerations
|
Functional Requirements
|
1 hour
Record this information in the ERP Strategy Report Template.
Download the ERP Strategy Report Template
| Environmental Factors | Technology Drivers | Business Needs |
|
|
|
|
|||
Functional Gaps
|
Technical Gaps
|
Process Gaps
|
Barriers to Success
|
Business Benefits
|
IT Benefits
|
Organizational Benefits
|
Enablers of Success
|
1 hour
Record this information in the ERP Strategy Report Template.
Download the ERP Strategy Report Template
| Organizational Goals | Enablers | Barriers |
|
|
|
In business architecture, the primary view of an organization is known as a business capability map.
A business capability defines what a business does to enable value creation rather than how.
Business capabilities:
A business capability map provides details that help the business architecture practitioner direct attention to a specific area of the business for further assessment.
If you do not have a documented process model, you can use the APQC Framework to help define your inventory of business processes.
APQC’s Process Classification Framework is a taxonomy of cross-functional business processes intended to allow the objective comparison of organizational performance within and among organizations.
APQC’s Process Classification Framework
2-4 hours
Record this information in the ERP Strategy Report Template.
Download the ERP Strategy Report Template
| Core Finance | Core HR | Workforce Management | Talent Management | Warehouse Management | Enterprise Asset Management | ||||||
| Process | Technology | Process | Technology | Process | Technology | Process | Technology | Process | Technology | Process | Technology |
|
|
|
|
|
|
||||||
| Planning & Budgeting | Strategic HR | Procurement | Customer Relationship Management | Facilities Management | Project Management | ||||||
| Process | Technology | Process | Technology | Process | Technology | Process | Technology | Process | Technology | Process | Technology |
|
|
|
|
|
|
||||||
1-2 hours
Record this information in the ERP Strategy Report Template.
Download the ERP Strategy Report Template
Inventory your applications and assess usage, satisfaction, and disposition
| Application Name | Satisfaction | Processes Supported | Future Disposition |
| PeopleSoft Financials | Medium and declining | ERP – shares one support person with HR | Update or Replace |
| Time Entry (custom) | Low | Time and Attendance | Replace |
| PeopleSoft HR | Medium | Core HR | Update or Replace |
| ServiceNow | High ITSM CSM: Med-Low |
ITSM and CSM CSM – complexity and process changes |
Update |
| Data Warehouse | High IT Business: Med-Low |
BI portal – Tibco SaaS datamart | Keep |
| Regulatory Compliance | Medium | Regulatory software – users need training | Keep |
| ACL Analytics | Low | Audit | Replace |
| Elite | Medium | Supply chain for wholesale | Update (in progress) |
| Visual Importer | Med-High | Customs and taxes | Keep |
| Custom Reporting application | Med-High | Reporting solution for wholesale (custom for old system, patched for Elite) | Replace |
For each mega-process:
Congratulations, you have made it to the “big lift” portion of the blueprint. For each of the processes that were identified in exercise 2.2.1, you will fill out the following six details:
It will take one to three hours per mega-process to complete the six different sections.
Note:
For each mega-process identified you will create a separate slide in the ERP Strategy Report. Default slides have been provided. Add or delete as necessary.
*A “stage gate” approach should be used: the next level begins after consensus is achieved for the previous level.
1 hour per mega-process
Record this information in the ERP Strategy Report Template.
Download the ERP Strategy Report Template
30+ minutes per mega-process
Record this information in the ERP Strategy Report Template.
Download the ERP Strategy Report Template
30 minutes per mega-process
Record this information in the ERP Strategy Report Template.
Download the ERP Strategy Report Template
1 hour
Record this information in the ERP Strategy Report Template.
Download the ERP Strategy Report Template
1 hour
Record this information in the ERP Strategy Report Template.
Download the ERP Strategy Report Template.
Establishing an order of importance can impact vendor selection and implementation roadmap; high priority areas are critical for ERP success.
Phase 1
| Phase 2
| Phase 3
| Phase 4
|
Identify which stakeholders to include and what their level of involvement should be during requirements elicitation based on relevant topic expertise.
| Sponsor | End User | IT | Business | |
| Description | An internal stakeholder who has final sign-off on the ERP project. | Front-line users of the ERP technology. | Back-end support staff who are tasked with project planning, execution, and eventual system maintenance. | Additional stakeholders that will be impacted by any ERP technology changes. |
| Examples |
|
|
|
|
| Value | Executive buy-in and support is essential to the success of the project. Often, the sponsor controls funding and resource allocation. | End users determine the success of the system through user adoption. If the end user does not adopt the system, the system is deemed useless and benefits realization is poor. | IT is likely to be responsible for more in-depth requirements gathering. IT possesses critical knowledge around system compatibility, integration, and data. | Involving business stakeholders in the requirements gathering will ensure alignment between HR and organizational objectives. |
Large-scale ERP projects require the involvement of many stakeholders from all corners and levels of the organization, including project sponsors, IT, end users, and business stakeholders. Consider the influence and interest of stakeholders in contributing to the requirements elicitation process and involve them accordingly.
1 hour
Record this information in the ERP Strategy Report Template.
Download the ERP Strategy Report Template
Understanding the technical and strategic risks of a project can help you establish contingencies to reduce the likelihood of risk occurrence and devise mitigation strategies to help offset their impact if contingencies are insufficient.
| Risk | Impact | Likelihood | Mitigation Effort |
| Inadequate budget for additional staffing resources. | 2 | 1 | Use internal transfers and role-sharing rather than external hiring. |
| Push-back on an ERP solution. | 2 | 2 | Use formal communication plans, an ERP steering committee, and change management to overcome organizational readiness. |
| Overworked resources. | 1 | 1 | Create a detailed project plan that outlines resources and timelines in advance. |
Rating Scale: |
|||
| Impact: | 1- High Risk | 2- Moderate Risk | 3- Minimal Risk |
| Likelihood: | 1- High/Needs Focus | 2- Can Be Mitigated | 3- Remote Likelihood |
The biggest sources of risk in an ERP strategy are lack of planning, poorly defined requirements, and lack of governance.
Apply the following mitigation tips to avoid pitfalls and delays.
1-2 hours
Record this information in the ERP Strategy Report Template.
Download the ERP Strategy Report Template
| Risk | Impact | Likelihood | Mitigation Effort |
| Inadequate budget for additional staffing resources. | 2 | 1 | Use internal transfers and role-sharing rather than external hiring. |
| Push-back on an ERP solution. | 2 | 2 | Use formal communication plans, an ERP steering committee, and change management to overcome organizational readiness. |
| Overworked resources. | 1 | 1 | Create a detailed project plan that outlines resources and timelines in advance. |
| Project approval | 1 | 1 | Build a strong business case for project approval and allow adequate time for the approval process |
| Software does not work as advertised resulting in custom functionality with associated costs to create/ maintain | 1 | 2 | Work with staff to change processes to match the software instead of customizing the system thorough needs analysis prior to RFP creation |
| Under estimation of staffing levels required, i.e. staff utilized at 25% for project when they are still 100% on their day job | 1 | 2 | Build a proper business case around staffing (be somewhat pessimistic) |
| EHS system does not integrate with new HRMS/ERP system | 2 | 2 | |
| Selection of an ERP/HRMS that does not integrate with existing systems | 2 | 3 | Be very clear in RFP on existing systems that MUST be integrated to |
Rating Scale: |
|||
| Impact: | 1- High Risk | 2- Moderate Risk | 3- Minimal Risk |
| Likelihood: | 1- High/Needs Focus | 2- Can Be Mitigated | 3- Remote Likelihood |
By answering the seven questions the key stakeholders are indicating their commitment. While this doesn’t guarantee that the top two critical success factors have been met, it does create the conversation to guide the organization into alignment on whether to proceed.
30 minutes
There are no wrong answers. It should be okay to disagree with any of these statements. The goal of the exercise is to generate conversation that leads to support of the project and collaboration on the part of the participants.
Record this information in the ERP Strategy Report Template.
Download the ERP Strategy Report Template
| Question # | Question | Strongly disagree | Somewhat disagree | Neither agree nor disagree | Somewhat agree | Strongly agree |
| 1. | I have everything I need to succeed. | 1 | 2 | 3 | 4 | 5 |
| 2. | The right people are involved in the project. | 1 | 2 | 3 | 4 | 5 |
| 3. | I understand the process of ERP selection. | 1 | 2 | 3 | 4 | 5 |
| 4. | My role in the project is clear to me. | 1 | 2 | 3 | 4 | 5 |
| 5. | I am clear about the vision for this project. | 1 | 2 | 3 | 4 | 5 |
| 6. | I am nervous about this project. | 1 | 2 | 3 | 4 | 5 |
| 7. | There is leadership support for the project. | 1 | 2 | 3 | 4 | 5 |
Consider the core team functions when composing the project team. It is essential to ensure that all relevant perspectives (business, IT, etc.) are evaluated to create a well-aligned and holistic ERP strategy.
There may be an inclination towards a large project team when trying to include all relevant stakeholders. Carefully limiting the size of the project team will enable effective decision making while still including functional business units like HR and Finance, as well as IT.
1 hour
Record this information in the ERP Strategy Report Template.
Download the ERP Strategy Report Template
Of particular importance for this table is the commitment column. It is important that the organization understands the level of involvement for all roles. Failure to properly account for the necessary involvement is a major risk factor.
| Role | Candidate | Responsibility | Commitment |
| Project champion | John Smith |
|
20 hours/week |
| Steering committee |
|
10 hours/week | |
| Project manager |
|
40 hours/week | |
| Project team |
|
40 hours/week | |
| Subject matter experts by area |
|
5 hours/week |
Build a list of the core ERP strategy team members and then structure a RACI chart with the relevant categories and roles for the overall project.
1 hour
Record this information in the ERP Strategy Report Template.
Download the ERP Strategy Report Template
| Project champion | Project advisor | Project steering committee | Project manager | Project team | Subject matter experts | |
| Determine project scope & vision | I | C | A | R | C | C |
| Document business goals | I | I | A | R | I | C |
| Inventory ERP processes | I | I | A | C | R | R |
| Map current state | I | I | A | R | I | R |
| Assess gaps and opportunities | I | C | A | R | I | I |
| Explore alternatives | R | R | A | I | I | R |
| Build a roadmap | R | A | R | I | I | R |
| Create a communication plan | R | A | R | I | I | R |
| Present findings | R | A | R | I | I | R |
Phase 1
| Phase 2
| Phase 3
| Phase 4
|
There are several different paths you can take to achieve your ideal future state. Make sure to pick the one that suits your needs as defined by your current state.
| CURRENT STATE | STRATEGY |
| Your existing application satisfies both functionality and integration requirements. The processes surrounding it likely need attention, but the system should be considered for retention. | MAINTAIN CURRENT SYSTEM |
| Your existing application is, for the most part, functionally rich, but may need some tweaking. Spend time and effort building and enhancing additional functionalities or consolidating and integrating interfaces. | AUGMENT CURRENT SYSTEM |
| Your ERP application portfolio consists of multiple apps serving the same functions. Consolidating applications with duplicate functionality is more cost efficient and makes integration and data sharing simpler. | OPTIMIZE: CONSOLIDATE AND INTEGRATE SYSTEMS |
| Your existing system offers poor functionality and poor integration. It would likely be more cost and time efficient to replace the application and its surrounding processes altogether. | TRANSFORM: REPLACE CURRENT SYSTEM |
Keep the system, change the process.
Your existing application satisfies both functionality and integration requirements. The processes surrounding it likely need attention, but the system should be considered for retention.
Maintaining your current system entails adjusting current processes and/or adding new ones, and involves minimal cost, time, and effort.
| INDICATORS | POTENTIAL SOLUTIONS |
| People Pain Points | |
|
|
| Process Pain Points | |
|
|
Add to the system.
Your existing application is for the most part functionally rich but may need some tweaking. Spend time and effort enhancing your current system.
You will be able to add functions by leveraging existing system features. Augmentation requires limited investment and less time and effort than a full system replacement.
| INDICATORS | POTENTIAL SOLUTIONS |
| Technology Pain Points | |
|
|
| Data Pain Points | |
|
|
Get rid of one system, combine two, or connect many.
Your ERP application portfolio consists of multiple apps serving the same functions.
Consolidating your systems eliminates the need to manage multiple pieces of software that provide duplicate functionality. Reducing the number of ERP applications makes integration and data sharing simpler.
| INDICATORS | POTENTIAL SOLUTIONS |
| Technology Pain Points | |
|
|
| Data Pain Points | |
|
|
Start from scratch.
You’re transitioning from an end-of-life legacy system. Your existing system offers poor functionality and poor integration. It would likely be more cost and time efficient to replace the application and its surrounding processes all together.
| INDICATORS | POTENTIAL SOLUTIONS |
| Technology Pain Points | |
|
|
| Data Pain Points | |
|
|
| Process Pains | |
|
|
1-2 hours
Record this information in the ERP Strategy Report Template.
Note:
Your roadmap should be treated as a living document that is updated and shared with the stakeholders on a regular schedule.
Download the ERP Strategy Report Template
| Initiative | Owner | Start Date | Completion Date |
| Create final workshop deliverable | Info-Tech | 16 September, 2021 | |
| Review final deliverable | Workshop sponsor | ||
| Present to executive team | Oct 2021 | ||
| Build business case | CFO, CIO, Directors | 3 weeks to build 3-4 weeks process time |
|
| Build an RFI for initial costings | 1-2 weeks | ||
| Stage 1 approval for requirements gathering | Executive committee | Milestone | |
| Determine and acquire BA support for next step | 1 week | ||
| Requirements gathering – level 2 processes | Project team | 5-6 weeks effort | |
| Build RFP (based on informal approval) | CFO, CIO, Directors | 4th calendar quarter 2022 | Possible completion January 2023 2-4 weeks |
1 hour
Record this information in the ERP Strategy Report Template.
Download the ERP Strategy Report Template
A communication plan is necessary because not everyone will react positively to change. Therefore, you must be prepared to explain the rationale behind any initiatives that are being rolled out.
“The most important thing in project management is communication, communication, communication. You have to be able to put a message into business terms rather than technical terms.” (Lance Foust, I.S. Manager, Plymouth Tube Company)
| Project Goals | Communication Goals | Required Resources | Communication Channels |
| Why is your organization embarking on an ERP project? | What do you want employees to know about the project? | What resources are going to be utilized throughout the ERP strategy? | How will your project team communicate project updates to the employees? |
| Streamline processes and achieve operational efficiency. | We will focus on mapping and gathering requirements for (X) mega-processes. | We will be hiring process owners for each mega-process. | You will be kept up to date about the project progress via email and intranet. Please feel free to contact the project owner if you have any questions. |
1 hour
Record this information in the ERP Strategy Report Template.
Download the ERP Strategy Report Template
Use the communication planning template to track communication methods needed to convey information regarding ERP initiatives.
This is designed to help your organization make ERP initiatives visible and create stakeholder awareness.
| Audience | Purpose | Delivery/ Format | Communicator | Delivery Date | Status/Notes |
| Front-line employees | Highlight successes | Bi-weekly email | CEO | Mondays | |
| Entire organization | Highlight successes Plans for next iteration |
Monthly townhall | Senior leadership | Last Thursday of every month | Recognize top contributors from different parts of the business. Consider giving out prizes such as coffee mugs |
| Iteration demos | Show completed functionality to key stakeholders | Iteration completion web conference | Delivery lead | Every other Wednesday | Record and share the demonstrations to all employees |
After completing the activities and exercises within this blueprint, the final step of the process is to present the deliverable to senior management and stakeholders.
“When delivering the strategy and next steps, break the project down into consumable pieces. Make sure you deliver quick wins to retain enthusiasm and engagement.
By making it look like a different project you keep momentum and avoid making it seem unattainable.” (Scott Clark, Innovation Credit Union)
“To successfully sell the value of ERP, determine what the high-level business problem is and explain how ERP can be the resolution. Explicitly state which business areas ERP is going to touch. The business often has a very narrow view of ERP and perceives it as just a financial system. The key part of the strategy is that the organization sees the broader view of ERP.” (Scott Clark, Innovation Credit Union)
1 hour
Download the ERP Strategy Report Template
ERP technology is critical to facilitating an organization’s flow of information across business units. It allows for seamless integration of systems and creates a holistic view of the enterprise to support decision making. ERP implementation should not be a one-and-done exercise. There needs to be an ongoing optimization to enable business processes and optimal organizational results.
Build an ERP Strategy and Roadmap allows organizations to proactively implement continuous assessment and optimization of their enterprise resource planning system, including:
This formal ERP optimization initiative will drive business-IT alignment, identify IT automation priorities, and dig deep into continuous process improvement.
Contact your account representative for more information.
workshops@infotech.com 1-888-670-8889
| Name | Title | Organization |
| Anonymous | Anonymous | Software industry |
| Anonymous | Anonymous | Pharmaceutical industry |
| Boris Znebel | VP of Sales | Second Foundation |
| Brian Kudeba | Director, Administrative Systems | Fidelis Care |
| David Lawrence | Director, ERP | Allegheny Technologies Inc. |
| Ken Zima | CIO | Aquarion Water Company |
| Lance Foust | I.S. Manager | Plymouth Tube Company |
| Pooja Bagga | Head of ERP Strategy & Change | Transport for London |
| Rob Schneider | Project Director, ERP | Strathcona County |
| Scott Clark | Innovation Credit Union | |
| Tarek Raafat | Manager, Application Solutions | IDRC |
| Tom Walker | VP, Information Technology | StarTech.com |
Gheorghiu, Gabriel. "The ERP Buyer’s Profile for Growing Companies." Selecthub. 2018. Accessed 21 Feb. 2021.
"Maximizing the Emotional Economy: Behavioral Economics." Gallup. n.d. Accessed 21 Feb. 2021.
Neito-Rodriguez, Antonio. Project Management | How to Prioritize Your Company's Projects. 13 Dec. 2016. Accessed 29 Nov 2021. Web.
"A&D organization resolves organizational.“ Case Study. Panorama Consulting Group. 2021. PDF. 09 Nov. 2021. Web.
"Process Frameworks." APQC. n.d. Accessed 21 Feb. 2021.
Saxena, Deepak and Joe Mcdonagh. "Evaluating ERP Implementations: The Case for a Lifecycle-based Interpretive Approach." The Electronic Journal of Information Systems Evaluation, 29-37. 22 Feb. 2019. Accessed 21 Feb. 2021.
In early April, I already wrote about exit plans and how they are the latest burning platform.
As of the end of May 2025, we have both Microsoft and Google reassuring European clients about their sovereign cloud solutions. There are even air-gapped options for military applications. These messages come as a result of the trade war between the US and the rest of the world.
There is also the other, more mundane example of over-reliance on a single vendor: the Bloomberg-terminal outage of May 21st, 2025. That global outage severely disrupted financial markets. It caused traders to lose access to real-time data, analytics, and pricing information for approximately 90 minutes. This widespread system failure delayed critical government bond auctions in the UK, Portugal, Sweden, and the EU.
It serves as a reminder of the heavy reliance on the Bloomberg Terminal, which is considered an industry standard despite its high annual cost. While some Bloomberg services like instant messaging remained functional, allowing limited communication among traders, the core disruption led to significant frustration and slowed down trading activities.
You want to think about this for a moment. Bloomberg is, just like Google and Microsoft are, cornerstones in their respective industries. MS, Google, and Amazon even in many more industries.
So the issue goes beyond the “panic of the day.” Every day, there will be some announcement that sends markets reeling and companies fearing. Granted, the period we go through today can have grave consequences, but at the same time, it may be over in the coming months or years.
Let's take a step back and see if we can locate the larger issue at stake. I dare to say that the underlying issue is trust. We are losing trust in one another at a fast pace. Not between business partners, meaning companies who are, in a transaction or relationship, are more or less equal. Regardless of their geolocation, people are keen to do business together in a predictable, mutually beneficial way. And as long as that situation is stable, there is little need, beyond compliance and normal sound practices, to start to distrust each other.
Trouble brews when other factors come into play. I want to focus on two of them in this article.
The past few years have seen a large increase in power of the cloud computing platforms. The pandemic of 2019 through to 2023 changed our way of working and gave a big boost to these platforms. Of course, they were already establishing their dominance in the early 2010s.
Amazon launched SQS in 2004 with S3 (storage) and EC2 (compute) in 2006. Azure launched in 2008 as a PaaS platform for .NET developers, and became really available in 2010. Since then, it grew into the IaaS (infrastructure as a service) platform we know today. Google's Cloud Platform (GCP) launched in 2008 and added components such as BigQuery, Compute Engine and Storage in the 2010s.
Since the pandemic, we've seen another boost to their popularity. These platforms solidified their lead through several vectors:
Companies made decisions on these premises. A prime example is the use of native cloud functions. These make life easier for developers. Native functions allow for serverless functionality to be made available to clients, and to do so in a non-infra-based way. It gives the impression of less complexity to the management. They are also easily scalable.
This comes at a cost, however. The cost is vendor lock-in. And with vendor lock-in, comes increased pricing power for the vendor.
For a long time, it seems EU companies' attitude was: “It won't be such an issue, after all, there are multiple cloud vendors and if all else fails, we just go back.” The reality is much starker, I suspect that cloud providers with this level of market power will increase their pricing significantly.
in come two elements:
The latest push to their market power came as an unintended consequence of EU Law: DORA. That EU law requires companies to have testable exit plans in place. But it goes well beyond this. The EU has increased the regulatory burden on companies significantly. BusinessEurope, a supranational organization, estimates that in the past five years, the Eu managed to release over 13,000 legislative acts. This is compared to 3,500 in the US.
Coming back to DORA, this law requires EU companies to actually test their exit plans and show proof of it to the EU ESAs (European Supervisory Agency). The reaction I have seen in industry representative organizations is complacency.
The cost of compliance is significant; hence, companies try to limit their exposure to the law as much as possible. They typically do this by limiting the applicability scope of the law to their business, based on the wording of the law. And herein lies the trap. This is not lost on the IT providers. They see that companies do the heavy lifting for them. What do I mean by that? Several large providers are looked at by the EU as systemic providers. They fall under direct supervision by the ESAs.
For local EU providers, it is what it is, but for non-EU providers, they get to show their goodwill, using sovereign IT services. I will come back to this in the next point, US unpredictability and laws. But the main point is: we are giving them more market power, and we have less contractual power. Why? Because we are showing them that we will go to great lengths to keep using their services.
US companies must comply with US law. So far, so good. Current US legislation also already requires US companies to share data on non-US citizens.
This last one is of particular concern. Not so much because of its contents, but because it is an Executive Order.
We know that the current (May 2025) US government mostly works through executive orders. Let's not forget that executive orders are a legitimate way to implement policy, This means that the US government could use access to cloud services as a lever to obtain more favorable trade rules.
The EU responds to this (the laws and executive order) by implementing several sovereignty countermeasures like GDPR, DORA, Digital markets Act (DMA), Data Governance Act (DGA), Cybersecurity Act and the upcoming European Health Data Act (EHDS). This is called the “Brussels Effect.”
Europe is also investing in several strategic initiatives such as
This points to a new dynamic between the EU and the US, EU-based companies simply cannot trust their US counterparts anymore to the degree they could before. The sad thing is, that there is no difference on the interpersonal level. It is just that companies must comply with their respective laws.
Hence, Microsoft, Google, and AWS and any other US provider cannot legally provide sovereign cloud services. In a strict legal sense, Microsoft and Google cannot absolutely guarantee that they can completely insulate EU companies and citizens from all US law enforcement requests for data, despite their robust efforts and sovereign cloud offerings. This is because they are US companies, subject to US law and US jurisdiction. The CLOUD act and FISA section 702 compel US companies to comply.
Moreover, there is the nature of sovereign cloud offerings:
And lastly, there are the legal challenges to the EU data privacy Framework (DPF)
This all means that while the cloud providers are doing everything they can, and I'm assuming they are acting in good faith. The fact that they are US entities means however that they are subject to all US legislation and executive orders. And we cannot trust this last part. Again, this is why the EU is pursuing its digital sovereignty initiatives and why some highly sensitive EU public sector entities are gravitating towards truly EU-owned and operated cloud solutions.
If your provider goes bankrupt, you do not have a leg to stand on. Most jurisdictions, including the EU and US, have the following elements regarding bankruptcy:
Automatic Stay: Upon a bankruptcy filing (in most jurisdictions, including the US and EU), an “automatic stay” is immediately imposed. This is a court order that stops most collection activities against the debtor. For you as a customer, this can mean you might be prevented from:
Debtor's Estate and Creditor Priority
So, while I understand the wait and see stance in regard to exit plans, given where we are, it is in my opinion the wrong thing to do. Companies must make actionable exit plans and prepare beforehand for the exit. That means that you have to:
If you want more detailed steps on how to get there, feel free to contact me.
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Improve employee engagement and ultimately the organization’s bottom line.
Have a productive engagement feedback discussion with teams.
Facilitate effective team engagement action planning.
Solicit employee pain points that could potentially hinder their engagement.
Develop a stronger relationship with employees to drive engagement.
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Acquire a holistic perspective of the development team, process, and tools to identify the bottlenecks and inefficiency points that are significantly delaying releases.
Identify the development guiding principles and artifact management practices and build automation and continuous integration processes and tools that best fit the context and address the organization’s needs.
Prioritize lean implementation initiatives in a gradual, phased approach and map the critical stakeholders in the lean transformation.
Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.
Assess the current state of your development environment.
Select a pilot project to demonstrate the value of your optimization.
Realization of the root causes behind the bottlenecks and inefficiencies in your current development process.
Valuation of your current development tools.
Selection of a pilot project that will be used to gather the metrics in order obtain buy-in for wider optimization initiatives.
1.1 Assess your readiness to transition to lean development.
1.2 Conduct a SWOT analysis and value-stream assessment of your current development process.
1.3 Evaluate your development tools.
1.4 Select a pilot project.
Lean development readiness assessment
Current state analysis of development process
Value assessment of existing development tools
Pilot project selection
Establish your development guiding principles.
Enhance the versioning and management of your development artifacts.
Automatically build and continuously integrate your code.
Grounded and well-understood set of guiding principles that are mapped to development tasks and initiatives.
Version control strategy of development artifacts, including source code, adapted to support lean development.
A tailored approach to establish the right environment to support automated build, testing, and continuous integration tools.
2.1 Assess your alignment to the lean principles.
2.2 Define your lean development guiding principles.
2.3 Define your source code branching approach.
2.4 Define your build automation approach.
2.5 Define your continuous integration approach.
Level of alignment to lean principles
Development guiding principles
Source code branching approach
Build automation approach.
Continuous integration approach
Prioritize your optimization initiatives to build an implementation roadmap.
Identify the stakeholders of your lean transformation.
Phased implementation roadmap that accommodates your current priorities, constraints, and enablers.
Stakeholder engagement strategy to effectively demonstrate the value of the optimized development environment.
3.1 Identify metrics to gauge the success of your lean transformation.
3.2 List and prioritize your implementation steps.
3.3 Identify the stakeholders of your lean transformation.
List of product, process, and tool metrics
Prioritized list of tasks to optimize your development environment
Identification of key stakeholders
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
This trends and buyer’s guide will help you:
Create your own request for proposal (RFP) for your customer service management suite procurement process by customizing Info-Tech's RFP template.
Use this tool to assess your maturity and fit for a CSM solution. It will help identify your current CSM state and assist with the decision to move forward with a new solution or augment certain features.
Keep stakeholders engaged with simple and friction-free templates to document your progress for Rapid Application Selection.
Leverage a traceable and straightforward Vendor Evaluation Workbook to narrow the field of potential vendors and accelerate the application selection process.
Create an objective and fair scoring process to evaluate the RFPs and demonstrations provided by shortlisted vendors. Within this framework, provide a multidimensional evaluation that analyzes the solution's functional capabilities, architecture, costs, service support, and overall suitability in comparison to the organization's expressed requirements.
Create an organized and streamlined vendor demonstration process by clearly outlining your expectations for the demo. Use the demo as an opportunity to ensure that capabilities expressed by vendors are actually present within the considered solution.
The pandemic and growing younger demographic have shifted the terrain of customer service delivery. Customer service management (CSM) tools ensure organizations enhance customer acquisition, customer retention, and overall revenues into the future.
It is one thing to research customer service best practices; it is another to experience such service. Whether being put on hold for an hour with a telecommunications company, encountering voice biometric security with a bank, or receiving automated FAQs from a chatbot, we all perform our own primary research in customer service by going about our daily lives. Yet while the pandemic required a shift to this multichannel and digital assistant environment (to account for ongoing agent attrition), this trend was actually just accelerated. A growing younger demographic now prefers online communication channels to voice. Social media (whichever the platform) is a fundamental part of this demographic’s online presence and has instigated the need for customer service delivery to meet customers where they are – for both damage control and enhancing customer relationships.
Organizations delivering customer service across multiple product lines need to examine what delivery channels they need to satisfy customers, alongside assessing how customer loyalty and cross-selling can increase revenues and company reputation. Customer service management tools can assist and enable the future state.
Thomas Randall, Ph.D.
Research Director, Info-Tech Research Group
| Your Challenge | Common Obstacles | Info-Tech’s Solution |
|
|
This trends and buyer’s guide will help you:
|
The objective at the end of the day is to have a single interface that the front-line staff interacts with. I think that is the holy grail when we look at CSM technology. The objective that everyone has in mind is we'd all like to get to one screen and one window. Ultimately, the end game really hasn't changed: How can we make it easy for the agents and how can we minimize their errors? How can we streamline the process so they can work?
Colin Taylor, CEO, The Taylor Reach Group
| 1. Contextualize the CSM Landscape | 2. Select the Right CSM Vendor | |
|---|---|---|
| Phase Steps |
|
|
| Phase Outcomes |
|
|
Info-Tech Insight
Need help constructing your RFP? Use Info-Tech’s CSM Platform RFP Template!
| Phase 1 | Phase 2 |
|---|---|
|
Call #1: Discover if CSM tools are right for your organization. Understand what a CSM platform is and discover the “art of the possible.” Call #2: Identify right-sized vendors and build the business case to select a CSM platform. |
Call #3: Define your key CSM requirements. Call #4: Build procurement items, such as an RFP and demo script. Call #5: Evaluate vendors and perform final due diligence. |
A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization.
The CSM selection process should be broken into segments:
| DIY Toolkit | Guided Implementation | Workshop | Consulting |
|---|---|---|---|
| "Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful." | "Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track." | "We need to his the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place." | "Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project." |
Diagnostics and consistent frameworks are used throughout all four options
Expert analyst guidance over five weeks on average to select and negotiate software
Save money, align stakeholders, speed up the process, and make better decisions
Use a repeatable, formal methodology to improve your application selection process
Better, faster results, guaranteed, included in membership
40 hours of expert analyst guidance
Project & stakeholder management assistance
Save money, align stakeholders, speed up the process, and make better decisions
Better, faster results, guaranteed, $25,000 standard engagement fee
| MULTIPLE CHANNELS Customers may resolve their issues via a variety of channels, including voice, SMS, email, social media, and live webchat. |
KNOWLEDGE BASE Provide a knowledge base for FAQs that is both customer facing (via customer portal) and agent facing (for live resolutions). |
| ANALYTICS Track customer satisfaction, agent performances, ticket resolutions, backlogs, traffic analysis, and other key performance indicators (KPIs). |
COLLABORATION Enable agents to escalate and collaborate within a unified platform (e.g. tagging colleagues to flag a relevant customer query). |
Info-Tech Insight
After-sales customer service is critical for creating, maintaining, and growing customer relationships. Organizations that fail to provide adequate service will be poorly positioned for future customer service and sales efforts.
INTEGRATIONS
Note what integrations are available for your contact center, CRM, or industry-specific solutions (e.g. inventory management) to get the most out of CSM.
SENTIMENT ANALYSIS
Reads, contextualizes, and categorizes tickets by sentiment (e.g. “positive”) before escalating to an appropriate agent.
AUTO-RESPONSE EDITOR
Built-in AI provides prewritten responses or auto-pulls the relevant knowledge article, assisting agents with speed to resolution.
ATTRIBUTES-BASED ROUTING
Learns over time how best to route tickets to appropriate agents based on skills, availability, or proximity of an agent (e.g. multilingual, local, or specialist agents).
AUTOMATED WORKFLOWS
CSM tool providers have varying usability for workflow building and enablement. Ensure your use cases align.
TICKET PRIORITIZATION
Adapts and prioritizes customer issues by service-level agreement (SLA), priority, and severity according to inputted KPIs.
Good technology will not fix a bad process. I don't care how good the technology is. If the use case is wrong and the process is wrong, it's not going to work.
Colin Taylor, CEO
The Taylor Reach Group
| Real-time | Pre-event | Post-event | |
|---|---|---|---|
| Channel example: Notifications via SMS or social media. | Channel example: Notifications via SMS or social media. | Channel example: Working with an agent or live chatbot. | Channel example: Working with an agent or live chatbot. |
| “Your car may need a check-up for faulty parts.” | “Here is a local garage to fix your tire pressure.” | “I see you have poor tire pressure. Here is a local garage.” | “Thank you for your patience, how can we help?” |
| Predictive Service The CSM recommends mitigation options to the customer before the issue occurs and before the customer knows they need it. |
Proactive Service The issue occurs but the CSM recommends mitigation options to the customer before the customer contacts the organization. |
Real-Time Service The organization offers real-time mitigation options while working with the customer to resolve the issue. |
Reactive Service The customer approaches the organization after the issue occurs, but the organization has no insight into the event. |
Organizations should ask whether they need a standalone CSM solution or a CSM as part of a broader suite of CXM tools. The latter is especially relevant if your organization already invests in a CXM platform.
Customer Service Complexity
Low complexity refers to primarily transactional inquiries. High complexity refers to service workflows for symptom analysis, problem identification, and solution delivery.
Product Complexity
High complexity refers to having a large number of brands and individual SKUs, technologically complex products, and products with many add-ons.
Info-Tech Insight
Use Info-Tech’s CSM Platform Opportunity Assessment Tool to discover your organization’s customer service maturity.
30 minutes
| Input | Output |
|---|---|
|
|
| Materials | Participants |
|
|
Download the CSM Platform Opportunity Assessment Tool
| Bypass | Adopt |
|---|---|
| Monochannel approach You do not participate in multichannel campaigns or your customer personas are typically limited to one or two channels (e.g. voice or SMS). |
Multichannel approach You are pursuing multifaceted, customer-specific campaigns across a multitude of channels. |
| Small to mid-sized business with small CX team Do not buy what you do not need. Focus on the foundations of customer experience (CX) first before extending into a full-fledged CSM tool. |
Maturing CX department Customer service needs are extending into managing budgets, generating and segmenting leads, and measuring channel effectiveness. |
| Limited product range CSM tools typically gain return on investment (ROI) if the organization has a complex product range and is looking to increase cross-sell opportunities across different customer personas. |
Multiple product lines Customer base and product lines are large enough to engage in opportunities for cross- and up-selling. |
AkzoNobel
INDUSTRY
Retail
SOURCE
Sprinklr (2021)
Use CSM tools to unify the multichannel experience and reduce response time.
| Challenge | Solution | Results |
| AzkoNobel is a leading global paints and coatings company. AzkoNobel had 60+ fragmented customer service accounts on social media for multiple brands. There was little consistency in customer experience and agent responses. Moreover, the customer journey was not being tracked, resulting in lost opportunities for cross-selling across brands. The result: slow response times (up to one week) and unsatisfied customers, leaving the AzkoNobel brand in a vulnerable state. |
AkzoNobel leveraged Sprinklr, a customer experience software provider, to unify six social channels, 19 accounts, and six brands. Sprinklr aligned governance across social media channels with AzkoNobel’s strategic business goals, emphasizing the need for process, increasing revenue, and streamlining customer service. AzkoNobel was able to use keywords from customers’ inbound messaging to put an escalation process in place. |
Since bringing on Sprinklr in 2015-2016, unifying customer service channels under one multichannel platform resulted in:
|
| 1920s | 1950s | 1967-1973 | 1980-1990s | 2000-2010s |
|---|---|---|---|---|
| The introduction of lines of credit and growth of household appliance innovations meant households were buying products at an unprecedented rate. Department stores would set up customer service sections to assist with live fixes or returns. | Following the Great Depression and World War II, process, efficiency, and computational technology became defining features of customer service. These features were played out in call centers as automatic call distribution (ACD) technology began to scale. | With the development of private automatic branch exchange (PABX), AT&T introduced the toll-free telephone number. Companies began training staff and departments for customer service and building loyalty. With the development of interactive voice response (IVR) in 1973, call centers became increasingly more efficient at routing. | Analog technology shifted to digital and the term “contact center” was coined. These centers began being outsourced internationally. With the advent of the internet, CSM technology (in the early guise of a “help desk”) became equipped with computer telephony integration (CTI). | Software as a service (SaaS) and CRM maturation strengthened the retention and organization of customer data. Social media also enhanced consumer power as companies rushed to prevent online embarrassment. This prompted investment in multichannel customer service. |
2023
Go mobile first
85% of customers believe a company’s mobile website should be just as good as its desktop website. Enabling user-friendly mobile websites provides an effective channel to keep inbound calls down.
2024
Shift from multichannel to omnichannel
Integrating CSM tools with your broader CXM suite enables customer data to seamlessly travel between channels for an omnichannel experience.
2025
Enable predictive service
CSM tools integrate with Internet of Things (IoT) systems to provide automated notifications that alert staff of issues and mitigate issues with customers before the issue even occurs.
2026
Leverage predictive analytics for ML use cases
Use customers’ historic data and preferences to perform better automated customer service over time (e.g. providing personalized resolutions based on previous customer engagements).
Context and scenario play a huge role in measuring good customer service. Ensure your KPIs accurately reflect the incentives you want to give your customer support staff for delivering appropriate customer service.
David Thomas, Customer Service Specialist
Freedom Mobile
(Reve Chat, 2022)
BIOMETRICS
65% of customers say they would accept voice recognition to authorize their identity when calling a customer support line (GetApp, 2021).
PERSONALIZATION
51% of marketers, advocating for personalization across multiple touchpoints saw 300% ROI (KoMarketing, 2020).
SOCIAL MEDIA
29% of customers aged 18 to 39 prefer online chat communication before and after purchase (RingCentral, 2020).
SELF-SERVICE
92% of customers say they would use a knowledge base for self-service support if it was available (Vanilla, 2020).
Business Opportunity
Determine high-level understanding of the need that must be addressed, along with the project goals and affiliated key metrics. Establish KPIs to measure project success.
System Diagram
Determine the impact on the application portfolio and where integration is necessary.
Risks
Identify potential blockers and risk factors that will impede selection.
High-Level Requirements
Consider the business functions and processes affected.
People Impact
Confirm who will be affected by the output of the technology selection.
Overall Business Case
Calculate the ROI and the financial implications of the application selection. Highlight the overarching value.
2 hours
| Input | Output |
|---|---|
|
|
| Materials | Participants |
|
|
Download the Software Selection Workbook
Understanding business needs through requirements gathering is key to defining everything about what is being purchased, yet it is an area where people often make critical mistakes.
| Signs of poorly scoped requirements | Best practices |
|---|---|
|
|
Info-Tech Insight
Review Info-Tech’s requirements gathering methodology to improve your requirements gathering process.
As you gather requirements, decide which procurement route best suits your context.
| RFI (Request for Information) | RFQ (Request for Quotation) | RFP (Request for Proposal) | |
|---|---|---|---|
| Purpose and Usage |
Gather information about products/services when you know little about what’s available. Often followed by an RFP. |
Solicit pricing and delivery information for products/services with clearly defined requirements.
Best for standard or commodity products/services. |
Solicit formal proposals from vendors to conduct an evaluation and selection process. Formal and fair process; identical for each participating vendor. |
| Level of Intent |
Fact-finding – there is no commitment to engage the vendor. Vendors are often reluctant to provide quotes. |
Committed to procure a specific product/service at the lowest price. |
Intent to buy the products/services in the RFP. Business case/approval to spend is already obtained. |
| Level of Detail | High-level requirements and business goals. |
Detailed specifications of what products/services are needed. Detailed contract and delivery terms. |
Detailed business requirements and objectives. Standard questions and contract term requests for all vendors. |
| Response |
Generalized response with high-level product/services. Sometimes standard pricing quote. |
Price quote and confirmation of ability to fulfill desired terms. |
Detailed solution description, delivery approach, customized price quote, and additional requested information. Product demo and/or hands-on trial. |
Info-Tech Insight
If you are in a hurry, consider instead issuing Info-Tech’s Vendor Evaluation Workbook. This workbook speeds up the typical procurement process by adding RFP-like requirements (such as operational and technical requirements) while driving the procurement process via emphasis on high-value use cases.
Download the Vendor Evaluation Workbook
2 hours
| Input | Output |
|---|---|
|
|
| Materials | Participants |
|
|
Download the CSM Platform RFP Scoring Tool
Download the CSM Platform RFP Template
Avoid vendor glitz and glamour shows by ensuring vendors are concretely applying their solution to your high-value use cases.
| 1 | Minimize the number of vendors to four to keep up the pace of the selection process. |
| 2 | Provide a demo script that captures your high-value use cases and differentiating requirements. |
| 3 | Ensure demos are booked close together and the selection committee attends all demos. |
Rapid-fire vendor investigative interview
Invite vendors to come onsite (or join you via videoconference) to demonstrate the product and answer questions. Use a highly targeted demo script to help identify how a vendor’s solution will fit your organization’s particular business capability needs.
Give each vendor 90 to 120 minutes to give a rapid-fire presentation. We suggest the following structure:
To ensure a consistent evaluation, vendors should be asked analogous questions and answers should be tabulated.
How to challenge the vendors in the investigative interview
To kick-start scripting your demo scenarios, leverage our CSM Platform Vendor Demo Script Template.
A vendor scoring model is a systematic method for effectively assessing competing vendors. A weighted-average scoring model is an approach that strikes a strong balance between rigor and evaluation speed.
| How do I build a scoring model? | What are some of the best practices? |
|---|---|
|
|
Info-Tech Insight
Even the best scoring model will still involve some “art” rather than science. Scoring categories such as vendor viability always entail a degree of subjective interpretation.
| Criteria | Description |
|---|---|
| Functional Capabilities | How well does the vendor align with the top-priority functional requirements identified in your accelerated needs assessment? What is the vendor’s functional breadth and depth? |
| Affordability | How affordable is this vendor? Consider a three-to-five-year total cost of ownership (TCO) that encompasses not just licensing costs but also implementation, integration, training, and ongoing support costs. |
| Architectural Fit | How well does this vendor align with your direction from an enterprise architecture perspective? How interoperable is the solution with existing applications in your technology stack? Does the solution meet your deployment model preferences? |
| Extensibility | How easy is it to augment the base solution with native or third-party add-ons as your business needs may evolve? |
| Scalability | How easy is it to expand the solution to support increased user, data, and/or customer volumes? Does the solution have any capacity constraints? |
| Vendor Viability | How viable is this vendor? Are they an established player with a proven track record or a new and untested entrant to the market? What is the financial health of the vendor? How committed are they to the particular solution category? |
| Vendor Vision | Does the vendor have a cogent and realistic product roadmap? Are they making sensible investments that align with your organization’s internal direction? |
| Emotional Footprint | How well does the vendor’s organizational culture and team dynamics align to yours? |
| Third-Party Assessments and/or References | How well-received is the vendor by unbiased third-party sources like SoftwareReviews? For larger projects, how well does the vendor perform in reference checks (and how closely do those references mirror your own situation)? |
You may be faced with multiple products, services, master service agreements, licensing models, service agreements, and more.
Use Info-Tech’s Contract Review Services to gain insights on your agreements.
Consider the aspects of a contract review:
Validate that a contract meets IT’s and the business’ needs by looking beyond the legal terminology. Use a practical set of questions, rules, and guidance to improve your value for dollar spent.
Download Master Contract Review and Negotiation for Software Agreements
The Data Quadrant is a thorough evaluation and ranking of all software in an individual category to compare platforms across multiple dimensions.
Vendors are ranked by their Composite Score, based on individual feature evaluations, user satisfaction rankings, vendor capability comparisons, and likeliness to recommend the platform.
The Emotional Footprint is a powerful indicator of overall user sentiment toward the relationship with the vendor, capturing data across five dimensions.
Vendors are ranked by their Customer Experience (CX) Score, which combines the overall Emotional Footprint rating with a measure of the value delivered by the solution.
Fact-based reviews of business software from IT professionals.
Product and category reports with state-of-the-art data visualization.
Top-tier data quality backed by a rigorous quality assurance process.
User-experience insight that reveals the intangibles of working with a vendor.
SoftwareReviews is powered by Info-Tech
Technology coverage is a priority for Info-Tech, and SoftwareReviews provides the most comprehensive, unbiased data on today’s technology. Combined with the insight of our expert analysts, our members receive unparalleled support in their buying journey.
Click here to access SoftwareReviews
Comprehensive software reviews to make better IT decisions
We collect and analyze the most detailed reviews on enterprise software from real users to give you an unprecedented view into the product and vendor before you buy.
Est. 2003 | WA, USA | MSFT:NASDAQ
Bio
To accelerate your digital transformation, you need a new type of business application. One that breaks down the silos between CRM and ERP, that’s powered by data and intelligence, and helps capture new business opportunities. That’s Microsoft Dynamics 365.
Offices
Microsoft is located all over the world. For a full list, see Microsoft Worldwide Sites.
Stated Industry Specializations
SoftwareReviews’ CSM Enterprise Vendor Ranking
(out of 7)
Likeliness to Recommend
Plan to Renew
Satisfaction That Cost Is Fair Relative to Value
Strengths
Areas to Improve
History
Founded 2003 (as Microsoft Dynamics CRM)
2005 Second version branded Dynamics 3.0.
2009 Dynamics CRM 4.0 (Titan) passes 1 million user mark.
2015 Announces availability of CRM Cloud design for FedRAMP compliance.
2016 Dynamics 365 released as successor to Dynamics CRM.
2016 Microsoft’s acquisition of LinkedIn provides line of data to 500 million users.
2021 First-party voice channel added to Dynamics 365.
2022 Announces Digital Contact Center Platform powered with Nuance AI, MS Teams, and Dynamics 365.
Microsoft is rapidly innovating in the customer experience technology marketspace. Alongside Dynamics 365’s omnichannel offering, Microsoft is building out its own native contact center platform. This will provide new opportunities for centralization without multivendor management between Dynamics 365, Microsoft Teams, and an additional third-party telephony or contact-center-as-a-service (CCaaS) vendor. SoftwareReviews reports suggest that Microsoft is a market leader in the area of product innovation for CSM, and this area of voice channel capability is where I see most industry interest.
Of course, Dynamics 365 is not a platform to get only for CSM functionality. Users will typically be a strong Microsoft shop already (using Dynamics 365 for customer relationship management) and are looking for native CSM features to enhance customer service workflow management and self-service.
Thomas Randall
Research Director, Info-Tech Research Group
Info-Tech Insight
Pricing for Microsoft Dynamics 365 is often contextualized to an organization’s needs. However, this can create complicated licensing structures. Two Info-Tech resources to assist are:
*This service may be used for other enterprise CSM providers too, including Salesforce, ServiceNow, SAP, and Oracle.
Contact your account manager to review your access to this service.
Est. 2010 | CA, USA | FRSH:NASDAQ
Bio
Freshworks' cloud-based customer support software, Freshdesk, makes customer happiness refreshingly easy. With powerful features, an easy-to-use interface, and a freemium pricing model, Freshdesk enables companies of all sizes to provide a seamless multichannel support experience across email, phone, web, chat, forums, social media, and mobile apps. Freshdesk’s capabilities include robust ticketing, SLA management, smart automations, intelligent reporting, and game mechanics to motivate agents.
Offices
Stated Industry Specializations
SoftwareReviews’ CSM Enterprise Vendor Ranking
(out of 7)
Likeliness to Recommend
Plan to Renew
Satisfaction That Cost Is Fair Relative to Value
Strengths
Areas to Improve
History
Founded 2010
2011 Freshdesk forms a core component of product line.
2014 Raises significant capital in Series D round: $31M.
2016 Acquires Airwoot, enabling real-time customer support on social media.
2019 Raises $150M in Series H funding round.
2019 Acquires Natero, which predicts, analyzes, and drives customer behavior.
2021 Surpasses $300M in annual recurring revenues.
2021 Freshworks posts its IPO listing.
Freshworks stepped into the SaaS customer support marketspace in 2010 to attract dissatisfied Zendesk eSupport customers, following Zendesk’s large price increases that year (of 300%). After performing well during the pandemic, Freshworks has reinforced its global positioning in the CSM tool marketspace; SoftwareReviews data suggests Freshworks performs very well against its competitors for breadth and intuitiveness of its features.
Freshworks receives strong recommendations from Info-Tech’s members, boasting a broad product selection that enables opportunities for scaling and receiving a high rate of value return. Of note are Freshworks’ internal customer management solution and its native contact center offering, limiting multivendor management typically required for integrating separate IT service management (ITSM) and CCaaS solutions.
Thomas Randall
Research Director, Info-Tech Research Group
| Free | Growth | Pro | Enterprise |
|---|---|---|---|
|
|
|
|
*Pricing correct as of November 2022. Listed in USD and absent discounts.
See pricing on vendor’s website for latest information.
Est. 2006 | MA, USA | HUBS:NYSE
Bio
Help Scout is designed with your customers in mind. Provide email and live chat with a personal touch and deliver help content right where your customers need it, all in one place, all for one low price. The customer experience is simple and training staff is painless, but Help Scout still has all the powerful features you need to provide great support at scale. With best-in-class reporting, an integrated knowledge base, 50+ integrations, and a robust API, Help Scout lets your team focus on what really matters: your customers.
Offices
Stated Industry Specializations
SoftwareReviews’ CSM Enterprise Vendor Ranking
(out of 7)
Likeliness to Recommend
Plan to Renew
Satisfaction That Cost Is Fair Relative to Value
Strengths
Areas to Improve
History
Founded 2011
2015 Raised $6M in Series A funding.
2015 Rebrands from Brightwurks to Help Scout.
2015 Named by Appstorm as one of six CSM tools to delight Mac users.
2016 iOS app released.
2017 Android app released.
2020 All employees instructed to work remotely.
2021 Raises $15M in Series B funding.
Help Scout provides a simplified, standalone CSM tool that operates like a shared email inbox. Best suited for mid-sized organizations, customers can expect live chat, in-app messaging, and knowledge-base functionality. A particular strength is Help Scout’s integration capabilities, with a wide range of CRM, eCommerce, marketing, and communication APIs available. This strength is also reflected in the data: SoftwareReviews lists Help Scout as first in its CSM category for ease of data integrations.
Customers who are expecting a broader range of channels (including voice, video cobrowsing, and so on) will not find good return on investment with Help Scout. However, for mid-sized organizations looking to begin maturing their customer service management, Help Scout provides a strong foundation – especially for enhancing in-house collaboration between support staff.
Thomas Randall
Research Director, Info-Tech Research Group
| Standard | Plus | Pro |
|---|---|---|
|
|
|
*Pricing correct as of November 2022. Listed in USD and absent discounts.
See pricing on vendor’s website for latest information.
Est. 2006 | MA, USA | HUBS:NYSE
Bio
HubSpot’s Service Hub brings all your customer service data and channels together in one place and helps scale your support through automation and self-service. The result? More time for proactive service that delights, retains, and grows your customer base. HubSpot provides software and support to help businesses grow better. The overall platform includes marketing, sales, service, and website management products that start free and scale to meet our customers’ needs at any stage of growth.
Offices
Stated Industry Specializations
SoftwareReviews’ CSM Enterprise Vendor Ranking
(out of 7)
Likeliness to Recommend
Plan to Renew
Satisfaction That Cost Is Fair Relative to Value
Strengths:
Areas to Improve:
History
Founded 2006
2013 Opens first international office in Ireland.
2014 First IPO listing on NYSE, raising $140M.
2015 Milestone for acquiring 15,000 customers
2017 Acquires Kemvi for AI and ML support for sales teams.
2019 Acquires PieSync for customer data synchronization.
2021 Yamini Rangan is announced as new CEO.
2021 Records $1B in revenues.
HubSpot is a competitive player in the enterprise sales and marketing technology market. Offering an all-in-one platform, HubSpot allows users to leverage its CRM, marketing solutions, content management tool, and CSM tool. Across knowledge management, contact center integration, and customer self-service, SoftwareReviews data pits HubSpot as performing better than its enterprise competitors.
While customers can leverage HubSpot’s CSM tool independently, watch out for scope creep. HubSpot’s other offerings are tightly integrated and module extensions could quickly add up in price. HubSpot may not be affordable for most regional, mid-sized organizations, and a poor ROI may be expected. For instance, the Pro plan is required to get a knowledge base, which is typically a standard CSM feature – yet the same plan also comes with multicurrency support, which could remain unleveraged.
Thomas Randall
Research Director, Info-Tech Research Group
| Free | Starter | Pro | Enterprise |
|---|---|---|---|
|
|
|
|
*Pricing correct as of November 2022. Listed in USD and absent discounts.
See pricing on vendor’s website for latest information.
Est. 1999 | CA, USA | CRM:NYSE
Bio
Service Cloud customer service software gives you faster, smarter customer support. Salesforce provides customer relationship management software and applications focused on sales, customer service, marketing automation, analytics, and application development.
Offices
Stated Industry Specializations
SoftwareReviews’ CSM Enterprise Vendor Ranking
(out of 7)
Likeliness to Recommend
Plan to Renew
Satisfaction That Cost Is Fair Relative to Value
Strengths:
Areas to Improve:
History
Founded 1999
2000 Salesforce launches its cloud-based products.
2003 The first Dreamforce (a leading CX conference) happens.
2005 Salesforce unveils AppExchange.
2013 Salesforce acquires ExactTarget and expands Marketing Cloud offering.
2016 Salesforce acquires Demandware, launches Commerce Cloud.
2019 Salesforce acquires Tableau to expand business intelligence capabilities.
2021 Salesforce buys major collaboration vendor Slack.
Salesforce was an early disruptor in CRM marketspace, placing a strong emphasis on a SaaS delivery model and end-user experience. This allowed Salesforce to rapidly gain market share at the expense of complacent enterprise application vendors. A series of savvy acquisitions over the years has allowed Salesforce to augment its core Sales and Service Clouds with a wide variety of other solutions, from ecommerce to marketing automation – and recently Slack for internal collaboration.
Salesforce Service Cloud Voice is now available to take advantage of integrating telephony and voice channels into your CRM. This service is still maturing, though, with Salesforce selecting Amazon Connect as its preferred integrator. However, Connect is not necessarily plug-and-play – it is a communications platform as a service, requiring you to build your own contact center solution. This is either a fantastic opportunity for creativity or a time suck of already tied-up resources.
Thomas Randall
Research Director, Info-Tech Research Group
| Service Cloud Essentials | Service Cloud Professional | Service Cloud Enterprise | Service Cloud Unlimited |
|---|---|---|---|
|
|
|
|
*Pricing correct as of November 2022. Listed in USD and absent discounts.
See pricing on vendor’s website for latest information.
Est. 2007 | CA, USA | ZEN:NYSE
Bio
Zendesk streamlines your support with time-saving tools like ticket views, triggers, and automations. This helps you get straight to what matters most – better customer service and more meaningful conversations. Today, Zendesk is the champion of great service everywhere for everyone and powers billions of conversations, connecting more than 100,000 brands with hundreds of millions of customers over telephony, chat, email, messaging, social channels, communities, review sites, and help centers.
Offices
Stated Industry Specializations
SoftwareReviews’ CSM Enterprise Vendor Ranking
(out of 7)
Likeliness to Recommend
Plan to Renew
Satisfaction That Cost Is Fair Relative to Value
Strengths
Areas to Improve
History
Founded 2007
2008 Initial seed funding of $500,000.
2009 Receives $6M through Series B Funding.
2009 Relocates from Copenhagen to San Francisco.
2014 Acquires Zopin Technologies.
2014 Listed on NYSE.
2015 Acquires We Are Cloud SAS.
2018 Launches Zendesk Sell.
Zendesk is a global player in the CSM tool marketspace and works with enterprises across a wide variety of industries. Unlike some other CSM players, Zendesk provides more service channels at its lowest licensing offer, affording organizations a quicker expansion in customer service delivery without making enterprise-grade investments. However, the price of the lowest licensing offer starts much higher than Zendesk’s competitors; organizations will need to consider if the cost to try Zendesk over an annual contract is within budget.
Unfortunately, SoftwareReviews data suggests that Zendesk may not always provide that immediate value, especially to mid-sized organizations. Zendesk is rated lower for vendor support and business value created. However, Zendesk provides strong functionality that competes with other enterprise players, and mid-sized organizations are continually impressed with Zendesk’s automation workflows.
Thomas Randall
Research Director, Info-Tech Research Group
*Pricing correct as of November 2022. Listed in USD and absent discounts.
See pricing on vendor’s website for latest information.
| Team | Growth | Pro |
|---|---|---|
|
|
|
Est. 2002 | Poland | WSE:LVC
Bio
Manage all emails from customers in one app and save time on customer support. LiveChat is a real-time live-chat software tool for ecommerce sales and support that is helping ecommerce companies create a new sales channel. It serves more than 30,000 businesses in over 150 countries, including large brands like Adobe, Asus, LG, Acer, Better Business Bureau, and Air Asia and startups like SproutSocial, Animoto, and HasOffers.
Offices
Stated Industry Specializations
SoftwareReviews’ CSM Midmarket Vendor Ranking
(out of 8)
Likeliness to Recommend
Plan to Renew
Satisfaction That Cost Is Fair Relative to Value
Strengths
Areas to Improve
History
Founded 2002
2006 50% of company stock bought by Capital Partners.
2008 Capital Partners sells entire stake to Naspers.
2011 LiveChat buys back majority of stakeholder shares.
2013 Listed by Red Herring in group of most innovative companies across Europe.
2014 Listed on Warsaw Stock Exchange.
2019 HelpDesk is launched.
2020 Offered services for free to organizations helping mitigate the pandemic.
LiveChat’s HelpDesk solution for CSM is a relatively recent solution (2019) that is proving very popular for small to mid-sized businesses (SMBs) – especially across Western Europe. SoftwareReviews’ data shows that HelpDesk is well-rated for breadth of features, usability and intuitiveness, and rate of improvement. Indeed, LiveChat has won and been shortlisted for several awards over the past decade for customer feedback, innovation, and fast growth to IPO.
When shortlisting LiveChat’s HelpDesk, SMBs should be careful of scope creep. LiveChat offers a range of other solutions that are intended to work together. The LiveChat self-titled product is designed to integrate with HelpDesk to provide ticketing, email management, and chat management. Moreover, LiveChat’s AI-based ChatBot (for automated webchat) comes with additional cost (starting at $52 team/month).
Thomas Randall
Research Director, Info-Tech Research Group
| Team Plan | Enterprise |
|---|---|
|
|
*Pricing correct as of November 2022. Listed in USD and absent discounts.
See pricing on vendor’s website for latest information.
Est. 1996 | India | Privately Owned
Bio
SupportCenter Plus is a web-based customer support software that lets organizations effectively manage customer tickets, their account and contact information, and their service contracts, and in the process provide a superior customer experience. ManageEngine is a division of Zoho.
Offices
Stated Industry Specializations
SoftwareReviews’ CSM Midmarket Vendor Ranking
(out of 8)
Likeliness to Recommend
Plan to Renew
Satisfaction That Cost Is Fair Relative to Value
Strengths
Areas to Improve
History
Founded 1996
2002 Branches from Zoho to become division focused on IT management.
2004 Becomes an authorized MySQL Partner.
2009 Begins shift of offerings into the cloud.
2010 Tops 35,000 customers.
2011 Integration with Zoho Assist.
2015 Integration with Zoho Reports.
ManageEngine, as a division of Zoho, has its strengths in IT operations management (ITOM). SupportCenter thus scores well in our SoftwareReviews data for ease of customization, implementation, and administration. As ManageEngine is a frequently discussed low-cost vendor in the ITOM market, customers often get good scalability across IT, sales, and marketing teams. Although SupportCenter is aimed at the midmarket and is low cost, organizations have the benefit of ManageEngine’s global presence and backing by Zoho for viability.
However, because ManageEngine’s focus is ITOM, the breadth and quality of features for SupportCenter are not rated as well compared to its competitors. These features may be “good enough,” but usability and intuitiveness is not scored high. Organizations thinking about SupportCenter are recommended to identify their high-value use cases and perform user acceptance testing before adopting.
Thomas Randall
Research Director, Info-Tech Research Group
| Standard* | Pro* | Enterprise* |
|---|---|---|
|
|
|
*Pricing unavailable. Request quote.
See pricing on vendor’s website for latest information.
Est. 1996 | India | Privately Owned
Bio
Use the power of customer context to improve agent productivity, promote self-service, manage cross-functional service processes, and increase customer happiness. Zoho offers beautifully smart software to help you grow your business. With over 80 million users worldwide, Zoho's 55+ products (including Zoho Desk) aid your sales and marketing, support and collaboration, finance, and recruitment needs – letting you focus only on your business.
Offices
Stated Industry Specializations
SoftwareReviews’ CSM Midmarket Vendor Ranking
(out of 8)
Likeliness to Recommend
Plan to Renew
Satisfaction That Cost Is Fair Relative to Value
Strengths
Areas to Improve
History
Founded 1996
2001 Expands into Japan and shifts focus to SMBs.
2006 Zoho CRM is launched, alongside first Office suite.
2008 Reaches 1M users.
2009 Rebrands from AdventNet to Zoho Corp.
2011 Zoho Desk is built and launched.
2017 Zoho One, a suite of applications, is launched.
2020 Reaches 50M users.
Zoho Desk is one of the highest scoring CSM tool providers for likelihood to renew and recommend (98% and 90%, respectively). A major reason is that users receive a broad range of functionality for a lower-cost price model. There is also the capacity to scale with Zoho Desk as midmarket customers expand; companies can grow with Zoho and can receive high return on investment in the process.
However, while Zoho Desk can be used as a standalone CSM tool, there is danger of scope creep with other Zoho products. Zoho now has 50+ applications, all tied into one another. For Zoho Desk, customers may also lean into Zoho Assist (for troubleshooting customer problems via remote access) and Zoho Lens (for reality-based remote assistance, typically for plant machinery or servers). Consequently, customers should keep an eye on business value created if the scope of CSM grows wider.
Thomas Randall
Research Director, Info-Tech Research Group
| Standard | Pro | Enterprise |
|---|---|---|
|
|
|
*Pricing correct as of November 2022. Listed in USD and absent discounts.
See pricing on vendor’s website for latest information.
In this trends and buyer’s guide for CSM tool selection, we engaged in several activities to:
The result:
If you would like additional support, have our analysts guide you through an Info-Tech workshop or Guided Implementation
Contact your account representative for more information.
workshops@infotech.com
1-888-670-8889
Governance and Management of Enterprise Software Implementation
The Rapid Application Selection Framework
Build a Strong Technology Foundation for Customer Experience Management
Capers, Zach. “How the Pandemic Changed Customer Attitudes Toward Biometric Technology.” GetApp, 21 Feb. 2022. Accessed Nov. 2022.
Gomez, Jenny. “The Good, the Bad, and the Ugly: A History of Customer Service.” Lucidworks, 15 Jul. 2021. Accessed Nov. 2022.
Hoory. “History of Customer Service: How Did It All Begin?” Hoory, 24 Mar. 2022. Accessed Nov. 2022.
Patel, Snigdha. “Top 10 Customer Service Technology Trends to Follow in 2022.” Reve Chat, 21 Feb. 2021. Accessed Nov. 2022.
RingCentral. “The 2020 Customer Communications Review: A Survey of How Consumers Prefer to Communicate with Businesses.” RingCentral, 2020. Accessed Nov. 2022.
Robinson-Yu, Sarah. “What is a Knowledgebase? How Can It Help my Business?” Vanilla, 25 Feb. 2022. Accessed Nov. 2022.
Salesforce. “The Complete History of CRM.” Salesforce, n.d. Accessed Nov. 2022.
Salesforce. “State of the Connected Customer.” 5th ed. Salesforce, 2022. Accessed Nov. 2022.
Sprinklr. “How AzkoNobel UK Reduced Response Times and Increased Engagement.” Sprinklr, 2021. Accessed Nov. 2022.
Vermes, Krystle. “Study: 70% of Marketers Using Advanced Personalization Seeing 200% ROI.” KoMarketing, 2 Jun. 2020. Accessed Nov. 2022.
Colin Taylor
CEO
The Taylor Reach Group
Recognized as one of the leading contact/call center pioneers and experts, Colin has received 30 awards on two continents for excellence in contact center management and has been acknowledged as a leader and influencer on the topics of call/contact centers, customer service, and customer experience, in published rankings on Huffington Post, Call Center Helper, and MindShift. Colin was recognized as number 6 in the global 100 for customer service.
The Taylor Reach Group is a contact center, call center and customer experience (CX) consultancy specializing in CX consulting and call and contact center consulting, management, performance, technologies, site selection, tools, training development and center leadership training, center audits, benchmarking, and assessments.
David Thomas
Customer Service Specialist
Freedom Mobile
David Thomas has both managerial and hands-on experience with delivering quality service to Freedom Mobile customers. With several years being involved in training customer support and being at the forefront of retail during the pandemic, David has witnessed first-hand how to incentivize staff with the right metrics that create positive experiences for both staff and customers.
Freedom Mobile Inc. is a Canadian wireless telecommunications provider owned by Shaw Communications. It has 6% market share of Canada, mostly in urban areas of Ontario, British Columbia, and Alberta. Freedom Mobile is the fourth-largest wireless carrier in Canada.
A special thanks to three other anonymous contributors, all based in customer support and contact center roles for Canada’s National Park Booking Systems’ software provider.
The cloud permeates the enterprise technology discussion. It can be difficult to separate the hype from the value. Should everything go to the cloud, or is that sentiment stoked by vendors looking to boost their bottom lines? Not everything should go to the cloud, but coming up with a systematic way to determine what belongs where is increasingly difficult as offerings get more complex.
Don’t think about the cloud as an inevitable next step for all workloads. The cloud is merely another tool in the toolbox, ready to be used when appropriate and put away when it’s not needed. Cloud-first isn’t always the way to go.
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
The cloud vision storyboard walks readers through the process of generating, validating and formalizing a cloud vision, providing a framework and tools to assess workloads for their cloud suitability and risk.
The executive summary captures the results of the vision exercise, including decision criteria for moving to the cloud, risks, roadblocks, and mitigations.
The cloud vision workbook comprises several assessments that will help you understand what service model, delivery model, support model, and risks and roadblocks you can expect to encounter at the workload level.
Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.
Align organizational goals to cloud characteristics.
An understanding of how the characteristics particular to cloud can support organizational goals.
1.1 Generate corporate goals and cloud drivers.
1.2 Identify success indicators.
1.3 Explore cloud characteristics.
1.4 Explore cloud service and delivery models.
1.5 Define cloud support models and strategy components.
1.6 Create state summaries for the different service and delivery models.
1.7 Select workloads for further analysis.
Corporate cloud goals and drivers
Success indicators
Current state summaries
List of workloads for further analysis
Evaluate workloads for cloud value and action plan.
Action plan for each workload.
2.1 Conduct workload assessment using the Cloud Strategy Workbook tool.
2.2 Discuss assessments and make preliminary determinations about the workloads.
Completed workload assessments
Workload summary statements
Identify and plan to mitigate potential risks in the cloud project.
A list of potential risks and plans to mitigate them.
3.1 Generate a list of risks and potential roadblocks associated with the cloud.
3.2 Sort risks and roadblocks and define categories.
3.3 Identify mitigations for each identified risk and roadblock
3.4 Generate initiatives from the mitigations.
List of risks and roadblocks, categorized
List of mitigations
List of initiatives
Clarify your vision of how the organization can best make use of cloud and build a project roadmap.
A clear vision and a concrete action plan to move forward with the project.
4.1 Review and assign work items.
4.2 Finalize the decision framework for each of the following areas: service model, delivery model, and support model.
4.3 Create a cloud vision statement
Cloud roadmap
Finalized task list
Formal cloud decision rubric
Cloud vision statement
Complete your cloud vision by building a compelling executive-facing presentation.
Simple, straightforward communication of your cloud vision to key stakeholders.
5.1 Build the Cloud Vision Executive Presentation
Completed cloud strategy executive presentation
Completed Cloud Vision Workbook.
The cloud isn’t magic. It’s not necessarily cheaper, better, or even available for the thing you want it to do. It’s not mysterious or a cure-all, and it does take a bit of effort to systematize your approach and make consistent, defensible decisions about your cloud services. That’s where this blueprint comes in.
Your cloud vision is the culmination of this effort all boiled down into a single statement: “This is how we want to use the cloud.” That simple statement should, of course, be representative of – and built from – a broader, contextual strategy discussion that answers the following questions: What should go to the cloud? What kind of cloud makes sense? Should the cloud deployment be public, private, or hybrid? What does a migration look like? What risks and roadblocks need to be considered when exploring your cloud migration options? What are the “day 2” activities that you will need to undertake after you’ve gotten the ball rolling?
Taken as a whole, answering these questions is difficult task. But with the framework provided here, it’s as easy as – well, let’s just say it’s easier.
Jeremy Roberts
Research Director, Infrastructure and Operations
Info-Tech Research Group
Info-Tech Insight: 1) Base migration decisions on cloud characteristics. If your justification for the migration is simply getting your workload out of the data center, think again. 2) Address the risks up front in your migration plan. 3) The cloud changes roles and calls for different skill sets, but Ops is here to stay.
“We’re moving from a world where companies like Oracle and Microsoft and HP and Dell were all critically important to a world where Microsoft is still important, but Amazon is now really important, and Google also matters. The technology has changed, but most of the major vendors they’re betting their business on have also changed. And that’s super hard for people..” –David Chappell, Author and Speaker
30% of all cloud spend is self-reported as waste. Many workloads that end up in the cloud don’t belong there. Many workloads that do belong in the cloud aren’t properly migrated. (Flexera, 2021)
44% of respondents report themselves as under-skilled in the cloud management space. (Pluralsight, 2021)
Goals and drivers
Highlight risks and roadblocks
Formalize cloud vision
Document your cloud strategy
The Info-Tech difference:
Cloud Characteristics
Service Model:
Delivery Model
(National Institute of Standards and Technology)
A workload-first approach will allow you to take full advantage of the cloud’s strengths
In a 2016 blog post, Amazon introduced a framework for understanding cloud migration strategies. The framework presented here is slightly modified – including a “relocate” component rather than a “retire” component – but otherwise hews close to the standard.
These migration paths reflect organizational capabilities and desired outcomes in terms of service models – cloud or otherwise. Retention means keeping the workload where it is, in a datacenter or a colocation service, or relocating to a colocation or hosted software environment. These represent the “non-cloud” migration paths.
In the graphic on the right, the paths within the red box lead to the cloud. Rehosting means lifting and shifting to an infrastructure environment. Migrating a virtual machine from your VMware environment on premises to Azure Virtual machines is a quick way to realize some benefits from the cloud. Migrating from SQL Server on premises to a cloud-based SQL solution looks a bit more like changing platforms (replatforming). It involves basic infrastructure modification without a substantial architectural component.
Refactoring is the most expensive of the options and involves engaging the software development lifecycle to build a custom solution, fundamentally rewriting the solution to be cloud native and take advantage of cloud-native architectures. This can result in a PaaS or an IaaS solution.
Finally, repurchasing means simply going to market and procuring a new solution. This may involve migrating data, but it does not require the migration of components.
Migration Paths
Retain (Revisit)
Relocate
Rehost
Replatform
Refactor
Repurchase
| Duration of engagement | Specialization | Flexibility | |
|---|---|---|---|
| Internal IT | Indefinite | Varies based on nature of business | Fixed, permanent staff |
| Managed Service Provider | Contractually defined | General, some specialization | Standard offering |
| Consultant | Project-based | Specific, domain-based | Entirely negotiable |
IT services, including cloud services, can be delivered and managed in multiple ways depending on the nature of the workload and the organization’s intended path forward. Three high-level options are presented here and may be more or less valuable based on the duration of the expected engagement with the service (temporary or permanent), the skills specialization required, and the flexibility necessary to complete the job.
By way of example, a highly technical, short-term project with significant flexibility requirements might be a good fit for an expensive consultant, whereas post-implementation maintenance of a cloud email system requires relatively little specialization and flexibility and would therefore be a better fit for internal management.
There is no universally applicable rule here, but there are some workloads that are generally a good fit for the cloud and others that are not as effective, with that fit being conditional on the appropriate support model being employed.
No two cloud strategies are exactly alike, but all should address 14 key areas. A key step in defining your cloud vision is an assessment of these strategy components. Lower maturity does not preclude an aggressive cloud strategy, but it does indicate that higher effort will be required to make the transition.
| Component | Description | Component | Description |
|---|---|---|---|
| Monitoring | What will system owners/administrators need visibility into? How will they achieve this? | Vendor Management | What practices must change to ensure effective management of cloud vendors? |
| Provisioning | Who will be responsible for deploying cloud workloads? What governance will this process be subject to? | Finance Management | How will costs be managed with the transition away from capital expenditure? |
| Migration | How will cloud migrations be conducted? What best practices/standards must be employed? | Security | What steps must be taken to ensure that cloud services meet security requirements? |
| Operations management | What is the process for managing operations as they change in the cloud? | Data Controls | How will data residency, compliance, and protection requirements be met in the cloud? |
| Architecture | What general principles must apply in the cloud environment? | Skills and roles | What skills become necessary in the cloud? What steps must be taken to acquire those skills? |
| Integration and interoperability | How will services be integrated? What standards must apply? | Culture and adoption | Is there a cultural aversion to the cloud? What steps must be taken to ensure broad cloud acceptance? |
| Portfolio Management | Who will be responsible for managing the growth of the cloud portfolio? | Governing bodies | What formal governance must be put in place? Who will be responsible for setting standards? |
Once you understand the value of the cloud, your workloads’ general suitability for cloud, and your proposed risks and mitigations, the next step is to define your cloud archetype.
Your organization’s cloud archetype is the strategic posture that IT adopts to best support the organization’s goals. Info-Tech’s model recognizes seven archetypes, divided into three high-level archetypes.
After consultation with your stakeholders, and based on the results of the suitability and risk assessment activities, define your archetype. The archetype feeds into the overall cloud vision and provides simple insight into the cloud future state for all stakeholders.
The cloud vision itself is captured in a “vision statement,” a short summary of the overall approach that includes the overall cloud archetype.
| We can best support the organization's goals by: | |||
|---|---|---|---|
More Cloud ↑ Less Cloud |
Cloud Focused | Cloud-Centric | Providing all workloads through cloud delivery. |
| Cloud-First | Using the cloud as our default deployment model. For each workload, we should ask “why NOT cloud?” | ||
| Cloud Opportunistic | Hybrid | Enabling the ability to transition seamlessly between on-premises and cloud resources for many workloads. | |
| Integrated | Combining cloud and traditional infrastructure resources, integrating data and applications through APIs or middleware. | ||
| Split | Using the cloud for some workloads and traditional infrastructure resources for others. | ||
| Cloud Averse | Cloud-Light | Using traditional infrastructure resources and limiting our use of the cloud to when it is absolutely necessary. | |
| Anti-Cloud | Using traditional infrastructure resources and avoiding use of the cloud wherever possible. |
| 1. Understand the Cloud | 2. Assess Workloads | 3. Identify and Mitigate Risks | 4. Bridge the Gap and Create the Vision | |
|---|---|---|---|---|
| Phase Steps |
|
|
|
|
| Phase Outcomes |
|
|
|
|
The cloud may not be right for you – and that’s okay!
Don’t think about the cloud as an inevitable next step for all workloads. The cloud is merely another tool in the toolbox, ready to be used when appropriate and put away when it’s not needed. Cloud first isn’t always the way to go.
Not all clouds are equal
It’s not “should I go to the cloud?” but “what service and delivery models make sense based on my needs and risk tolerance?” Thinking about the cloud as a binary can force workloads into the cloud that don’t belong (and vice versa).
Bottom-up is best
A workload assessment is the only way to truly understand the cloud’s value. Work from the bottom up, not the top down, understand what characteristics make a workload cloud suitable, and strategize on that basis.
Your accountability doesn’t change
You are still accountable for maintaining available, secure, functional applications and services. Cloud providers share some responsibility, but the buck stops where it always has: with you.
Don’t customize for the sake of customization
SaaS providers make money selling the same thing to everyone. When migrating a workload to SaaS, work with stakeholders to pursue standardization around a selected platform and avoid customization where possible.
Best of both worlds, worst of both worlds
Hybrid clouds are in fashion, but true hybridity comes with additional cost, administration, and other constraints. A convoy moves at the speed of its slowest member.
The journey matters as much as the destination
How you get there is as important as what “there” actually is. Any strategy that focuses solely on the destination misses out on a key part of the value conversation: the migration strategy.
Cloud Vision Executive Presentation
This presentation captures the results of the exercises and presents a complete vision to stakeholders including a desired target state, a rubric for decision making, the results of the workload assessments, and an overall risk profile.
Cloud Vision Workbook
This workbook includes the standard cloud workload assessment questionnaire along with the results of the assessment. It also includes the milestone timeline for the implementation of the cloud vision.
9.8/10 Average reported satisfaction
17 Days Average reported time savings
$37, 613 Average cost savings (adj.)
Industry: Financial
Source: Info-Tech workshop
A small East Coast financial institution was required to develop a cloud strategy. This strategy had to meet several important requirements, including alignment with strategic priorities and best practices, along with regulatory compliance, including with the Office of the Comptroller of the Currency.
The bank already had a significant cloud footprint and was looking to organize and formalize the strategy going forward.
Leadership needed a comprehensive strategy that touched on key areas including the delivery model, service models, individual workload assessments, cost management, risk management and governance. The output had to be consumable by a variety of audiences with varying levels of technical expertise and had to speak to IT’s role in the broader strategic goals articulated earlier in the year.
Results
The bank engaged Info-Tech for a cloud vision workshop and worked through four days of exercises with various IT team members. The bank ultimately decided on a multi-cloud strategy that prioritized SaaS while also allowing for PaaS and IaaS solutions, along with some non-cloud hosted solutions, based on organizational circumstances.
Bank cloud vision
[Bank] will provide innovative financial and related services by taking advantage of the multiplicity of best-of-breed solutions available in the cloud. These solutions make it possible to benefit from industry-level innovations, while ensuring efficiency, redundancy, and enhanced security.
Bank cloud decision workflow
Non-cloud
Cloud
"Our team has already made this crticial project a priority, and we have the time and capability, but some guidance along the way would be helpful."
"Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track."
"We need to hit the ground running and get this project kicked off imediately. Our team has the ability to take this over once we get a framework and strategy in place."
"Our team does not have the time or the knowledge the take this project on. We need assistance through the entirety of this project."
Diagnostics and consistent frameworks are used throughout all four options.
A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization.
A typical GI is between 8 to 12 calls over the course of 4 to 6 months.
Phase 1
Phase 2
Phase 3
Phase 4
Contact your account representative for more information.
workshops@infotech.com 1-888-670-8889
| Day 1 | Day 2 | Day 3 | Day 4 | Offsite day | |
|---|---|---|---|---|---|
| Understand the cloud | Assess workloads | Identify and mitigate risks | Bridge the gap and create the strategy | Next steps and wrap-up (offsite) | |
| Activities | 1.1 Introduction 1.2 Generate corporate goals and cloud drivers 1.3 Identify success indicators 1.4 Explore cloud characteristics 1.5 Explore cloud service and delivery models 1.6 Define cloud support models and strategy components 1.7 Create current state summaries for the different service and delivery models 1.8 Select workloads for further analysis |
2.1 Conduct workload assessments using the cloud strategy workbook tool 2.2 Discuss assessments and make preliminary determinations about workloads |
3.1 Generate a list of risks and potential roadblocks associated with the cloud 3.2 Sort risks and roadblocks and define categories 3.3 Identify mitigations for each identified risk and roadblock 3.4 Generate initiatives from the mitigations |
4.1 Review and assign work items 4.2 Finalize the decision framework for each of the following areas:
4.3 Create a cloud vision statement |
5.1 Build the Cloud Vision Executive Presentation |
| Deliverables |
|
|
|
|
|
Phase 1
Phase 1
1.1 Generate goals and drivers
1.2 Explore cloud characteristics
1.3 Create a current state summary
1.4 Select workloads for analysis
Phase 2
2.1 Conduct workload assessments
2.2 Determine workload future states
Phase 3
3.1 Generate risks and roadblocks
3.2 Mitigate risks and roadblocks
3.3 Define roadmap initiatives
Phase 4
4.1 Review and assign work items
4.2 Finalize cloud decision framework
4.3 Create cloud vision
This phase will walk you through the following activities:
1.1.1 Generate organizational goals
1.1.2 Define cloud drivers
1.1.3 Define success indicators
1.3.1 Record your current state
1.4.1 Select workloads for further assessment
This phase involves the following participants:
IT management, the core working group, security, infrastructure, operations, architecture, engineering, applications, non-IT stakeholders.
The cloud is a nebulous term that can reasonably describe services ranging from infrastructure as a service as delivered by providers like Amazon Web Services and Microsoft through its Azure platform, right up to software as a service solutions like Jira or Salesforce. These solutions solve different problems – just because your CRM would be a good fit for a migration to Salesforce doesn’t mean the same system would make sense in Azure or AWS.
This is important because the language we use to talk about the cloud can color our approach to cloud services. A “cloud-first” strategy will mean something different to a CEO with a concept of the cloud rooted in Salesforce than it will to a system administrator who interprets it to mean a transition to cloud-hosted virtual machines.
Add to this the fact that not all cloud services are hosted externally by providers (public clouds) and the fact that multiple delivery models can be engaged at once through hybrid or multi-cloud approaches, and it’s apparent that a shared understanding of the cloud is necessary for a coherent strategy to take form.
This phase proceeds in four steps, each governed by the principle of shared understanding. The first requires a shared understanding of corporate goals and drivers. Step 2 involves coming to a shared understanding of the cloud’s unique characteristics. Step 3 requires a review of the current state. Finally, in Step 4, participants will identify workloads that are suitable for analysis as candidates for the cloud.
Activities
1.1.1 Define organizational goals
1.1.2 Define cloud drivers
1.1.3 Define success indicators
Generate goals and drivers
Explore cloud characteristics
Create a current state summary
Select workloads for analysis
This step involves the following participants:
Outcomes of this step
1-3 hours
30-60 minutes
1 hour
Activities
Understand the value of the cloud:
Understand the Cloud
Generate goals and drivers
Explore cloud characteristics
Create a current state summary
Select workloads for analysis
This step involves the following participants:
Outcomes of this step
Per NIST, the cloud has five fundamental characteristics. All clouds have these characteristics, even if they are executed in somewhat different ways between delivery models, service models, and even individual providers.
On-demand self-service
Cloud customers are capable of provisioning cloud resources without human interaction (e.g. contacting sales), generally through a web console.
Broad network access
Capabilities are designed to be delivered over a network and are generally intended for access by a wide variety of platform types (cloud services are generally device-agnostic).
Resource pooling
Multiple customers (internal, in the case of private clouds) make use of a highly abstracted shared infrastructure managed by the cloud provider.
Rapid elasticity
Customers are capable of provisioning additional resources as required, pulling from a functionally infinite pool of capacity. Cloud resources can be spun-down when no longer needed.
Measured service
Consumption is metered based on an appropriate unit of analysis (number of licenses, storage used, compute cycles, etc.) and billing is transparent and granular.
The NIST definition of cloud computing outlines four cloud delivery models: public, private, hybrid, and community clouds. A community cloud is like a private cloud, but it is provisioned for the exclusive use of a like-minded group of organizations, usually in a mutually beneficial, non-competitive arrangement. Universities and hospitals are examples of organizations that can pool their resources in this way without impacting competitiveness. The Info-Tech model covers three key delivery models – public, private, and hybrid, and an overarching model (multi-cloud) that can comprise more than one of the other models – public + public, public + hybrid, etc.
Public
The cloud service is provisioned for access by the general public (customers).
Private
A private cloud has the five key characteristics, but is provisioned for use by a single entity, like a company or organization.
Hybrid
Hybridity essentially refers to interoperability between multiple cloud delivery models (public +private).
Multi
A multi-cloud deployment requires only that multiple clouds are used without any necessary interoperability (Nutanix, 2019).
Prominent examples include:
AWS
Microsoft
Azure
Salesforce.com
Workday
SAP
VMware and Microsoft lead the pack among private cloud customers, with Amazon and Red Hat also substantially present across private cloud environments.
Hybrid cloud architectures combine multiple cloud delivery models and facilitate some level of interoperability. NIST suggests bursting and load balancing as examples of hybrid cloud use cases. Note: it is not sufficient to simply have multiple clouds running in parallel – there must be a toolset that allows for an element of cross-cloud functionality.
This delivery model is attractive because it allows users to take advantage of the strengths of multiple service models using a single management pane. Bursting across clouds to take advantage of additional capacity or disaster recovery capabilities are two obvious use cases that appeal to hybrid cloud users.
But while hybridity is all the rage (especially given the impact Covid-19 has had on the workplace), the reality is that any hybrid cloud user must take the good with the bad. Multiple clouds and a management layer can be technically complex, expensive, and require maintaining a physical infrastructure that is not especially valuable (“I thought we were moving to the cloud to get out of the datacenter!”).
Before selecting a hybrid approach through services like VMware Cloud on AWS or Microsoft’s Azure Stack, consider the cost, complexity, and actual expected benefit.
With its acquisition of Red Hat in 2019 for $34 billion, Big Blue put its money where its mouth is and acquired a substantial hybrid cloud business. At the time of the acquisition, Red Hat’s CEO, Jim Whitehurst, spoke about the benefit IBM expected to receive:
“Joining forces with IBM gives Red Hat the opportunity to bring more open source innovation to an even broader range of organizations and will enable us to scale to meet the need for hybrid cloud solutions that deliver true choice and agility” (Red Hat, 2019).
Multi-cloud is popular!
Multi-cloud solutions exist at a different layer of abstraction from public, private, and even hybrid cloud delivery models. A multi-cloud architecture, as the name suggests, requires the user to be a customer of more than one cloud provider, and it can certainly include a hybrid cloud deployment, but it is not bound by the same rules of interoperability.
Many organizations – especially those with fewer resources or a lack of a use case for a private cloud – rely on a multi-cloud architecture to build applications where they belong, and they manage each environment separately (or occasionally with the help of cloud management platforms).
If your data team wants to work in AWS and your enterprise services run on basic virtual machines in Azure, that might be the most effective architecture. As the Flexera 2021 State of the Cloud Report suggests, this architecture is far more common than the more complicated bursting or brokering architectures characteristic of hybrid clouds.
SaaS has exploded in popularity with consumers who wish to avail themselves of the cloud’s benefits without having to manage underlying infrastructure components. SaaS is simple, generally billed per-user per-month, and is almost entirely provider-managed.
PaaS providers offer a toolset for their customers to run custom applications and services without the requirement to manage underlying infrastructure components. This service model is ideal for custom applications/services that don’t benefit from highly granular infrastructure control.
IaaS represents the sale of components. Instead of a service, IaaS providers sell access to components, like compute, storage, and networking, allowing for customers to build anything they want on top of the providers’ infrastructure.
Info-Tech Insight
Not all workloads fit well in the cloud. Many environments will mix service models (e.g. SaaS for some workloads, some in IaaS, some on-premises), and this can be perfectly effective. It must be consistent and intentional, however.
| On-prem | Co-Lo | IaaS | PaaS | SaaS |
|---|---|---|---|---|
| Application | Application | Application | Application | Application |
| Database | Database | Database | Database | Database |
| Runtime/ Middleware | Runtime/ Middleware | Runtime/ Middleware | Runtime/ Middleware | Runtime/ Middleware |
| OS | OS | OS | OS | OS |
| Hypervisor | Hypervisor | Hypervisor | Hypervisor | Hypervisor |
| Server Network Storage | Server Network Storage | Server Network Storage | Server Network Storage | Server Network Storage |
| Facilities | Facilities | Facilities | Facilities | Facilities |
Organization has control
Organization or vendor may control
Vendor has control
Industry: Healthcare
Source: Info-Tech workshop
A healthcare analytics provider had already moved a significant number of “non-core workloads” to the cloud, including email, HRIS, and related services.
The company CEO was satisfied with the reduced effort required by IT to manage SaaS-based workloads and sought to extend the same benefits to the core analytics platform where there was an opportunity to reduce overhead.
Many components of the health analytics service were designed to run specifically in a datacenter and were not ready to be migrated to the cloud without significant effort/refactoring. SaaS was not an option because this was a core platform – a SaaS provider would have been the competition.
That left IaaS, which was expensive and would not bring the expected benefits (reduced overhead).
The organization determined that there were no short-term gains from migrating to the cloud. Due to the nature of the application (its extensive customization, the fact that it was a core product sold by the company) any steps to reduce operational overhead were not feasible.
The CEO recognized that the analytics platform was not a good candidate for the cloud and what distinguished the analytics platform from more suitable workloads.
In a 2016 blog post, Amazon Web Services articulated a framework for cloud migration that incorporates elements of the journey as well as the destination. If workload owners do not choose to retain or retire their workloads, there are four alternatives. These alternatives all stack up differently along five key dimensions:
Not all migration paths can lead to all destinations. Rehosting generally means IaaS, while repurchasing leads to SaaS. Refactoring and replatforming have some variety of outcomes, and it becomes possible to take advantage of new IaaS architectures or migrate workloads over fully to SaaS.
As part of the workload assessment process, use the five dimensions (expanded upon on the next slide) to determine what migration path makes sense. Preferred migration paths form an important part of the overall cloud vision process.
Retain (Revisit)
Retire
Rehost
Replatform
Refactor
Repurchase
| Migration path | Value | Effort | Cost | Time | Skills |
|---|---|---|---|---|---|
| Retain | No real change in the absolute value of the workload if it is retained. | No effort beyond ongoing workload maintenance. | No immediate hard dollar costs, but opportunity costs and technical debt abound. | No time required! (At least not right away…) | Retaining requires the same skills it has always required (which may be more difficult to acquire in the future). |
| Rehire | A retired workload can provide no value, but it is not a drain! | Spinning a service down requires engaging that part of the lifecycle. | N/A | Retiring the service may be simple or complicated depending on its current role. | N/A |
| Rehost | Some value comes with rehosting, but generally components stay the same (VM here vs. a VM there). | Minimal effort required, especially with automated tools. The effort will depend on the environment being migrated. | Relatively cheap compared to other options. | Rehosting infrastructure is the simplest cloud migration path and is useful for anyone in a hurry. | Rehosting is the simplest cloud migration path for most workloads, but it does require basic familiarity with cloud IaaS. |
Replatform |
Replatformed workloads can take advantage of cloud-native services (SQL vs. SQLaaS). | Replatforming is more effortful than rehosting, but less effortful than refactoring. | Moderate cost – does not require fundamental rearchitecture, just some tweaking. | Relatively more complicated than a simple rehost, but less demanding than a refactor. | Platform and workload expertise is required; more substantial than a simple rehost. |
| Refactor | A fully formed, customized cloud-based workload that can take advantage of cloud-native architectures is generally quite valuable. | Significant effort required based on the requirement to engage the full SDLC. | Significant cost required to engage SDLC and rebuild the application/service. | The most complicated and time-consuming. | The most complicated and time-consuming. |
| Repurchase | Repurchasing is the quickest way to achieve cloud-native value. There are compromises, however (high cost, vendor-lock-in). | Repurchasing is the quickest way to achieve cloud-native value. There are compromises, however (high cost, vendor-lock-in). | Repurchasing is the quickest way to achieve cloud-native value. There are compromises, however (high cost, vendor-lock-in). | Configuration – especially for massive projects – can be time consuming, but in general repurchasing can be quite fast. | Buying software does require knowledge of requirements and integrations, but is otherwise quite simple. |
Cloud skills are certainly top of mind right now. With the great upheaval in both work patterns and in the labor market more generally, expertise in cloud-related areas is simultaneously more valuable and more difficult to procure. According to Pluralsight’s 2021 “State of Upskilling” report, 44% of respondents report themselves under-skilled in the cloud management area, making cloud management the most significant skill gap reported on the survey.
Everyone left the office. Work as we know it is fundamentally altered for a generation or more. Cloud services shot up in popularity by enabling the transition. And yet there is a gap – a prominent gap – in skilling up for this critically important future. What is the cloud manager to do?
Per the framework presented here, that manager has three essential options. They may take somewhat different forms depending on specific requirements and the quirks of the local market, but the options are:
Each model makes sense to some degree. When evaluating individual workloads for cloud suitability, it is critical to consider the support model – both immediate and long term. What makes sense from a value perspective?
A key component of the Info-Tech cloud vision model is that it is multi-layered. Not every decision must be made at every level. At the workload level, it makes sense to select service models that make sense, but each workload does not need its own defined vision. Workload-level decisions should be guided by an overall strategy but applied tactically, based on individual workload characteristics and circumstances.
Conversely, some decisions will inevitably be applied at the environment level. With some exceptions, it is unlikely that cloud customers will build an entire private/hybrid cloud environment around a single solution; instead, they will define a broader strategy and fit individual workloads into that strategy.
Some considerations exist at both the workload and environment levels. Risks and roadblocks, as well as the preferred support model, are concerns that exist at both the environment level and at the workload level.
Activities
1.3.1 Record your current state
Understand the Cloud
Generate goals and drivers
Explore cloud characteristics
Create a current state summary
Select workloads for analysis
This step involves the following participants: Core working group
Outcomes of this step
30 minutes
Activities
1.4.1 Select workloads for assessment
This step involves the following participants:
Outcomes of this step
Understand the cloud
Generate goals and drivers
Explore cloud characteristics
Create a current state summary
Select workloads for analysis
30 minutes
Phase 2
Phase 1
1.1 Generate goals and drivers
1.2 Explore cloud characteristics
1.3 Create a current state summary
1.4 Select workloads for analysis
Phase 2
2.1 Conduct workload assessments
2.2 Determine workload future states
Phase 3
3.1 Generate risks and roadblocks
3.2 Mitigate risks and roadblocks
3.3 Define roadmap initiatives
Phase 4
4.1 Review and assign work items
4.2 Finalize cloud decision framework
4.3 Create cloud vision
This phase will walk you through the following activities:
This phase involves the following participants:
Define Your Cloud Vision
The concept of a cloud vision should unquestionably be informed by the nature of the workloads that IT is expected to provide for the wider organization. The overall cloud vision is no greater than the sum of its parts. You cannot migrate to the cloud in the abstract. Workloads need to go – and not all workloads are equally suitable for the transition.
It is therefore imperative to understand which workloads are a good fit for the cloud, which cloud service models make the most sense, how to execute the migration, what support should look like, and what risks and roadblocks you are likely to encounter as part of the process.
That’s where the Cloud Vision Workbook comes into play. You can use this tool to assess as many workloads as you’d like – most people get the idea after about four – and by the end of the exercise, you should have a pretty good idea about where your workloads belong, and you’ll have a tool to assess any net new or previously unconsidered workloads.
It’s not so much about the results of the assessment – though these are undeniably important – but about the learnings gleaned from the collaborative assessment exercise. While you can certainly fill out the assessment without any additional input, this exercise is most effective when completed as part of a group.
2.1.1 Conduct workload assessments
2.1.2 Interpret your results
Phase Title
Conduct workload assessments
Determine workload future state
This step involves the following participants:
Outcomes of this step
2 hours per workload
10 minutes
Each cloud strategy will take a slightly different form, but all should contain echoes of each of these components. This process will help you define your vision and direction, but you will need to take steps to execute on that vision. The remainder of the cloud strategy, covered in the related blueprint Document Your Cloud Strategy comprises these fourteen topics divided across three categories: people, governance, and technology. The workload assessment covers these under risks and roadblocks and highlights areas that may require specific additional attention. When interpreting the results, think of these areas as comprising things that you will need to do to make your vision a reality.
People form the core of any good strategy. As part of your cloud vision, you will need to understand the implications a cloud transition will have on your staff and users, whether those users are internal or external.
| Component | Description | Challenges |
|---|---|---|
| Skills and roles | The move to the cloud will require staff to learn how to handle new technology and new operational processes. The cloud is a different way of procuring IT resources and may require the definition of new roles to handle things like cost management and provisioning. | Staff may not have the necessary experience to migrate to a cloud environment or to effectively manage resources once the cloud transition is made. Cloud skills are difficult to hire for, and with the ever-changing nature of the platforms themselves, this shows no sign of abating. Redefining roles can also be politically challenging and should be done with due care and consideration. |
| Culture and adoption | If you build it, they will come…right? It is not always the case that a new service immediately attracts users. Ensuring that organizational culture aligns with the cloud vision is a critical success factor. Equally important is ensuring that cloud resources are used as intended. | Those unfamiliar with cloud resources may be less willing to learn to use them. If alternatives exist (e.g. a legacy service that has not been shut down), or if those detractors are influential, this resistance may impede your cloud execution. Also, if the cloud transition involves significant effort or a fundamental rework (e.g. a DevOps transition) this role redefinition could cause some internal turmoil. |
| Governing bodies | A large-scale cloud deployment requires formal governance. Formal governance requires a governing body that is ultimately responsible for designing the said governance. This could take the form of a “center of excellence” or may rest with a single cloud architect in a smaller, less complicated environment. | Governance is difficult. Defining responsibilities in a way that includes all relevant stakeholders without paralyzing the decision-making process is difficult. Implementing suggestions is a challenge. Navigating the changing nature of service provision (who can provision their own instances or assign licenses?) can be difficult as well. All these concerns must be addressed in a cloud strategy. |
Without guardrails, the cloud deployment will grow organically. This has strengths (people tend to adopt solutions that they select and deploy themselves), but these are more than balanced out by the drawbacks that come with inconsistency, poor administration, duplication of services, suboptimal costing, and any number of other unique challenges. The solution is to develop and deploy governance. The following list captures some of the necessary governance-related components of a cloud strategy.
| Component | Description | Challenges |
|---|---|---|
| Architecture | Enterprise architecture is an important function in any environment with more than one interacting workload component (read: any environment). The cloud strategy should include an approach to defining and implementing a standard cloud architecture and should assign responsibility to an individual or group. | Sometimes the cloud transition is inspired by the desire to rearchitect. The necessary skills and knowledge may not be readily available to design and transition to a microservices-based environment, for example, vs. a traditional monolithic application architecture. The appropriateness of a serverless environment may not be well understood, and it may be the case that architects are unfamiliar with cloud best practices and reference architectures. |
| Integration and interoperability | Many services are only highly functional when integrated with other services. What is a database without its front-end? What is an analytics platform without its data lake? For the cloud vision to be properly implemented, a strategy for handling integration and interoperability must be developed. It may be as simple as “all SaaS apps must be compatible with Okta” but it must be there. | Migration to the cloud may require a fundamentally new approach to integration, moving away from a point-to-point integrations and towards an ESB or data lake. In many cases, this is easier said than done. Centralization of management may be appealing, but legacy applications – or those acquired informally in a one-off fashion – might not be so easy to integrate into a central management platform. |
| Operations management | Service management (ITIL processes) must be aligned with your overall cloud strategy. Migrating to the cloud (where applicable) will require refining these processes, including incident, problem, request, change, and configuration management, to make them more suitable for the cloud environment. | Operations management doesn’t go away in the cloud, but it does change in line with the transition to shared responsibility. Responding to incidents may be more difficult on the cloud when troubleshooting is a vendor’s responsibility. Change management in a SaaS environment may be more receptive than staff are used to as cloud providers push changes out that cannot be rolled back. |
| Component | Description | Challenges |
|---|---|---|
| Cloud portfolio management | This component refers to the act of managing the portfolio of cloud services that is available to IT and to business users. What requirements must a SaaS service meet to be onboarded into the environment? How do we account for exceptions to our IaaS policy? What about services that are only available from a certain provider? | Rationalizing services offers administrative benefits, but may make some tasks more difficult for end users who have learned things a certain way or rely on niche toolsets. Managing access through a service catalog can also be challenging based on buy-in and ongoing administration. It is necessary to develop and implement policy. |
| Cloud vendor management | Who owns the vendor management function, and what do their duties entail? What contract language must be standard? What does due diligence look like? How should negotiations be conducted? What does a severing of the relationship look like? | Cloud service models are generally different from traditional hosted software and even from each other (e.g. SaaS vs. PaaS). There is a bit of a learning curve when it comes to dealing with vendors. Also relevant: the skills that it takes to build and maintain a system are not necessarily the same as those required to coherently interact with a cloud vendor. |
| Finance management | Cloud services are, by definition, subject to a kind of granular, operational billing that many shops might not be used to. Someone will need to accurately project and allocate costs, while ensuring that services are monitored for cost abnormalities. | Cloud cost challenges often relate to overall expense (“the cloud is more expensive than an alternative solution”), expense variability (“I don’t know what my budget needs to be this quarter”), and cost complexity (“I don’t understand what I’m paying for – what’s an Elastic Beanstalk?”). |
| Security | The cloud is not inherently more or less secure than a premises-based alternative, though the risk profile can be different. Applying appropriate security governance to ensure workloads are compliant with security requirements is an essential component of the strategy. | Technical security architecture can be a challenge, as well as navigating the shared responsibility that comes with a cloud transition. There are also a plethora of cloud-specific security tools like cloud access security brokers (CASBs), cloud security posture management (CSPM) solutions, and even secure access services edge (SASE) technology. |
| Data controls | Data residency, classification, quality, and protection are important considerations for any cloud strategy. With cloud providers taking on outsized responsibility, understanding and governing data is essential. | Cloud providers like to abstract away from the end user, and while some may be able to guarantee residency, others may not. Additionally, regulations may prevent some data from going to the cloud, and you may need to develop a new organizational backup strategy to account for the cloud. |
Good technology will never replace good people and effective process, but it remains important in its own right. A migration that neglects the undeniable technical components of a solid cloud strategy is doomed to mediocrity at best and failure at worst. Understanding the technical implications of the cloud vision – particularly in terms of monitoring, provisioning, and migration – makes all the difference. You can interpret the results of the cloud workload assessments by reviewing the details presented here.
| Component | Description | Challenges |
|---|---|---|
| Monitoring | The cloud must be monitored in line with performance requirements. Staff must ensure that appropriate tools are in place to properly monitor cloud workloads and that they are capturing adequate and relevant data. | Defining requirements for monitoring a potentially unfamiliar environment can be difficult, as can consolidating on a monitoring solution that both meets requirements and covers all relevant areas. There may be some upskilling and integration work required to ensure that monitoring works as required. |
| Provisioning | How will provisioning be done? Who will be responsible for ensuring the right people have access to the right resources? What tooling must be deployed to support provisioning goals? What technical steps must be taken to ensure that the provisioning is as seamless as possible? | There is the inevitable challenge of assigning responsibility and accountability in a changing infrastructure and operations environment, especially if the changes are substantial (e.g. a fundamental operating model shift, reoriented around the cloud). Staff may also need to familiarize themselves with cloud-based provisioning tools like Ansible, Terraform, or even CloudFormation. |
| Migration | The act of migrating is important as well. In some cases, the migration is as simple as configuring the new environment and turning it up (e.g. with a net new SaaS service). In other cases, the migration itself can be a substantial undertaking, involving large amounts of data, a complicated replatforming/refactoring, and/or a significant configuration exercise. | Not all migration journeys are created equal, and challenges include a general lack of understanding of the requirements of a migration, the techniques that might be necessary to migrate to a particular cloud (there are many) and the disruption/risk associated with moving large amounts of data. All of these challenges must be considered as part of the overall cloud strategy, whether in terms of architectural principles or skill acquisition (or both!). |
Activities
2.2.1 Determine workload future state
Conduct workload assessments
Determine workload future state
This step involves the following participants:
Outcomes of this step
1-3 hours
Info-Tech Insight
Keep your audience in mind. You may want to include some additional context in the presentation if the results are going to be presented to non-technical stakeholders or those who are not familiar with the terms or how to interpret the outputs.
PHASE 3
1.1 Generate goals and drivers
1.2 Explore cloud characteristics
1.3 Create a current state summary
1.4 Select workloads for analysis
2.1 Conduct workload assessments
2.2 Determine workload future states
Phase 3
3.1 Generate risks and roadblocks
3.2 Mitigate risks and roadblocks
3.3 Define roadmap initiatives
Phase 4
4.1 Review and assign work items
4.2 Finalize cloud decision framework
4.3 Create cloud vision
This phase will walk you through the following activities:
This phase involves the following participants:
There are workload-level risks and roadblocks, and there are environment-level risks. This phase is focused primarily on environment-level risks and roadblocks, or those that are likely to span multiple workloads (but this is not hard and fast rule – anything that you deem worth discussing is worth discussing). The framework here calls for an open forum where all stakeholders – technical and non-technical, pro-cloud and anti-cloud, management and individual contributor – have an opportunity to articulate their concerns, however specific or general, and receive feedback and possible mitigation.
Start by soliciting feedback. You can do this over time or in a single session. Encourage anyone with an opinion to share it. Focus on those who are likely to have a perspective that will become relevant at some point during the creation of the cloud strategy and the execution of any migration. Explain the preliminary direction; highlight any major changes that you foresee. Remind participants that you are not looking for solutions (yet), but that you want to make sure you hear any and every concern as early as possible. You will get feedback and it will all be valuable.
Before cutting your participants loose, remind them that, as with all business decisions, the cloud comes with trade-offs. Not everyone will have every wish fulfilled, and in some cases, significant effort may be needed to get around a roadblock, risks may need to be accepted, and workloads that looked like promising candidates for one service model or another may not be able to realize that potential. This is a normal and expected part of the cloud vision process.
Once the risks and roadblocks conversation is complete, it is the core working group’s job to propose and validate mitigations. Not every risk can be completely resolved, but the cloud has been around for decades – chances are someone else has faced a similar challenge and made it through relatively unscathed. That work will inevitably result in initiatives for immediate execution. Those initiatives will form the core of the initiative roadmap that accompanies the completed Cloud Vision Executive Presentation.
3.1.1 Generate risks and roadblocks
3.1.2 Generate mitigations
Generate risks and roadblocks
Mitigate risks and roadblocks
Define roadmap initiatives
This step involves the following participants:
Outcomes of this step
Risk
Roadblock
1.5 hours
3.2.1 Generate mitigations
Identify and mitigate risks
Generate risks and roadblocks
Mitigate risks and roadblocks
Define roadmap initiatives
This step involves the following participants:
Outcomes of this step
This is the key risk-related question that most cloud customers will have to answer at some point: does migrating to the cloud for some services increase their exposure and create a security problem?
As with all good questions, the answer is “it depends.” But what does it depend on? Consider these cloud risks and potential mitigations:
“The cloud is definitely more secure in that you have much more control, you have much more security tooling, much more visibility, and much more automation. So it is more secure. The caveat is that there is more risk. It is easier to accidentally expose data in the cloud than it is on-premises, but, especially for security, the amount of tooling and visibility you get in cloud is much more than anything we’ve had in our careers on-premises, and that’s why I think cloud in general is more secure.” –Abdul Kittana, Founder, ASecureCloud
Industry: Finance
Source: The New York Times, CNET
Capital One is a major Amazon Web Services customer and is even featured on Amazon’s site as a case study. That case study emphasizes the bank’s commitment to the cloud and highlights how central security and compliance were. From the CTO: “Before we moved a single workload, we engaged groups from across the company to build a risk framework for the cloud that met the same high bar for security and compliance that we meet in our on-premises environments. AWS worked with us every step of the way.”
The cloud migration was humming along until July 2019, when the bank suffered a serious breach at the hands of a hacker. That hacker was able to steal millions of credit card applications and hundreds of thousands of Social Security numbers, bank account numbers, and Canadian social insurance numbers.
According to investigators and to AWS, the breach was caused by an open reverse proxy attack against a misconfigured web app firewall, not by an underlying vulnerability in the cloud infrastructure.
Capital One reported that the breach was expected to cost it $150 million, and AWS fervently denied any blame. The US Senate got involved, as did national media, and Capital One’s CEO issued a public apology, writing, “I sincerely apologize for the understandable worry this incident must be causing those affected, and I am committed to making it right.”
It was a bad few months for IT at Capital One.
3-4.5 hours
3.3.1 Generate roadmap initiatives
Identify and mitigate risks
Generate risks and roadblocks
Mitigate risks and roadblocks
Define roadmap initiatives
This step involves the following participants:
Outcomes of this step
1 hour
1.1 Generate goals and drivers
1.2 Explore cloud characteristics
1.3 Create a current state summary
1.4 Select workloads for analysis
2.1 Conduct workload assessments
2.2 Determine workload future states
Phase 3
3.1 Generate risks and roadblocks
3.2 Mitigate risks and roadblocks
3.3 Define roadmap initiatives
Phase 4
4.1 Review and assign work items
4.2 Finalize cloud decision framework
4.3 Create cloud vision
This phase will walk you through the following activities:
This phase involves the following participants:
4.1.1 Assign initiatives and propose timelines
Bridge the gap and create the vision
Review and assign work items
Finalize cloud decision framework
Create cloud vision
This step involves the following participants:
Outcomes of this step
1 hour
4.2.1 Build a delivery model rubric
4.2.2 Build a service model rubric
4.2.3 Build a support model rubric
Bridge the gap and create the vision
Review and assign work items
Finalize cloud decision framework
Create cloud vision
This step involves the following participants:
Outcomes of this step
1 hour
| Delivery model | Decision criteria |
|---|---|
| Public cloud |
|
| Legacy datacenter |
|
Summary statement: Everything must go! Public cloud is a top priority. Anything that is not compatible (for whatever reason) with a public cloud deployment will be retained in a premises-based server closet (downgraded from a full datacenter). The private cloud does not align with the overall organizational vision, nor does a hybrid solution.
1 hour
| Service model | Decision criteria |
|---|---|
| SaaS | SaaS first; opt for SaaS when:
|
| PaaS |
|
| IaaS |
|
| On-premises | Anything that does not fit in the cloud for performance or other reasons (e.g. licensing key) |
Summary statement: SaaS will be the primary service model. All workloads will migrate to the public cloud where possible. Anything that cannot be migrated to SaaS will be migrated to PaaS. IaaS is a transitory step.
1 hour
| Support model | Decision criteria |
|---|---|
| Internal IT | The primary support model will be internal IT going forward
|
| Consultant |
|
| MSP |
|
Summary statement: Most workloads will be managed in house. A consultant will be employed to facilitate the transition to micro-services in a cloud container environment, but this will be transitioned to in-house staff. An MSP will continue to manage backups and telephony.
4.3.1 Create a cloud vision statement
4.3.2 Map cloud workloads
4.3.3 Complete the Cloud Vision Presentation
Review and assign work items
Finalize cloud decision framework
Create cloud vision
This step involves the following participants:
Outcomes of this step
Completed Cloud Vision Executive Presentation
1 hour
“IT at ACME Corp. hereby commits to providing clients and end users with an unparalleled, productivity-enabling technology experience, leveraging, insofar as it is possible and practical, cloud-based services.”
“At ACME Corp. our employees and customers are our first priority. Using new, agile cloud services, IT is devoted to eliminating inefficiency, providing cutting-edge solutions for a fast-paced world, and making a positive difference in the lives of our colleagues and the people we serve.”
“As a global leader in technology, ACME Corp. is committed to taking full advantage of new cloud services, looking first to agile cloud options to optimize internal processes wherever efficiency gaps exist. Improved efficiency will allow associates to spend more time on ACME’s core mission: providing an unrivalled customer experience.”
Scope
Goal
Key differentiator
1 hour
| Repurchase | Replatform | Rehost | Retain | |
|---|---|---|---|---|
| SaaS | Office suite AD |
|||
| PaaS | SQL Database | |||
| IaaS | File Storage | DR environment | ||
| Other | CCTV Door access |
1 hour
Cloud Vision Statement
[Organization] will leverage public cloud solutions and retire existing datacenter and colocation facilities. This transition will simplify infrastructure administration, support, and security, while modernizing legacy infrastructure and reducing the need for additional capital expenditure.
| Cloud Drivers | Retire the datacenter | Do more valuable work |
| Right-size the environment | Reduce CapEx | |
| Facilitate ease of mgmt. | Work from anywhere | |
| Reduce capital expenditure | Take advantage of elasticity | |
| Performance and availability | Governance | Risks and roadblocks |
| Security | Rationalization | |
| Cost | Skills | |
| Migration | Remaining premises resources | |
| BC, backup, and DR | Control |
Initiatives and next steps
Congratulations! If you’ve made it this far, you’ve successfully articulated a cloud vision, assessed workloads, developed an understanding (shared with your team and stakeholders) of cloud concepts, and mitigated risks and roadblocks that you may encounter along your cloud journey. From this exercise, you should understand your mission and vision, how your cloud plans will interact with any other relevant strategic plans, and what successful execution looks like, as well as developing a good understanding of overall guiding principles. These are several components of your overall strategy, but they do not comprise the strategy in its entirety.
How do you fix this?
First, validate the results of the vision exercise with your stakeholders. Socialize it and collect feedback. Make changes where you think changes should be made. This will become a key foundational piece. The next step is to formally document your cloud strategy. This is a separate project and is covered in the Info-Tech blueprint Document Your Cloud Strategy.
The vision exercise tells you where you want to go and offers some clues as to how to get there. The formal strategy exercise is a formal documentation of the target state, but also captures in detail the steps you’ll need to take, the processes you’ll need to refine, and the people you’ll need to hire.
A cloud strategy should comprise your organizational stance on how the cloud will change your approach to people and human resources, technology, and governance. Once you are confident that you can make and enforce decisions in these areas, you should consider moving on to Document Your Cloud Strategy. This blueprint, Define Your Cloud Vision, often serves as a prerequisite for the strategy documentation conversation(s).
Summary of Accomplishment
Additional Support
Research Contributors
Related Info-Tech Research
Vendor Resources
Bibliography
You have now documented what you want from the cloud, what you mean when you say “cloud,” and some preliminary steps you can take to make your vision a reality.
You now have at your disposal a framework for identifying and evaluating candidates for their cloud suitability, as well as a series of techniques for generating risks and mitigations associated with your cloud journey. The next step is to formalize your cloud strategy using the takeaways from this exercise. You’re well on your way to a completed cloud strategy!
If you would like additional support, have our analysts guide you through other phases as part of an Info-Tech workshop.
Contact your account representative for more information.
workshops@infotech.com
1-888-670-8889
Contact your account representative for more information.
workshops@infotech.com 1-888-670-8889
To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.
Info-Tech analysts will join you and your team at your location or welcome you to Info-Tech’s historic Toronto office to participate in an innovative onsite workshop.
The following are sample activities that will be conducted by Info-Tech analysts with your team:
Generate drivers for cloud adoption
Work with stakeholders to understand the expected benefits of the cloud migration and how these drivers will impact the overall vision.
Conduct workload assessments
Assess your individual cloud workloads for their suitability as candidates for the cloud migration.
“2021 State of the Cloud Report.” Flexera, 2021. Web.
“2021 State of Upskilling Report.” Pluralsight, 2021. Web.
“AWS Snowmobile.” Amazon Web Services, n.d. Web.
“Azure products.” Microsoft, n.d. Web.
“Azure Migrate Documentation.” Microsoft, n.d. Web.
Bell, Harold. “Multi-Cloud vs. Hybrid Cloud: What’s the Difference?” Nutanix, 2019. Web.
“Cloud Products.” Amazon Web Services, n.d. Web.
“COBIT 2019 Framework: Introduction and Methodology.” ISACA, 2019. Web.
Edmead, Mark T. “Using COBIT 2019 to Plan and Execute an Organization’s Transformation Strategy.” ISACA, 2020. Web.
Flitter, Emily, and Karen Weise. “Capital One Data Breach Compromises Data of Over 100 Million.” The New York Times, 29 July 2019. Web.
Gillis, Alexander S. “Cloud Security Posture Management (CSPM).” TechTarget, 2021. Web.
“’How to Cloud’ with Capital One.” Amazon Web Services, n.d. Web.
“IBM Closes Landmark Acquisition of Red Hat for $34 Billion; Defines Open, Hybrid Cloud Future.” Red Hat, 9 July 2019. Web.
Mell, Peter, and Timothy Grance. “The NIST Definition of Cloud Computing.” National Institute of Standards and Technology, Sept. 2011. Web.
Ng, Alfred. “Amazon Tells Senators it Isn't to Blame for Capital One Breach.” CNET, 2019. Web.
Orban, Stephen. “6 Strategies for Migrating Applications to the Cloud.” Amazon Web Services, 2016. Web.
Sullivan, Dan. “Cloud Access Security Broker (CASB).” TechTarget, 2021. Web.
“What Is Secure Access Service Edge (SASE)?” Cisco, n.d. Web.
Understand what your department’s purpose is through articulating its strategy in three steps:
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Consider and record your department’s values, principles, orientation, and capabilities.
Define your department’s strategy through your understanding of your department combined with everything that you do and are working to do.
Communicate your department’s strategy to your key stakeholders.
Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.
Understand what makes up your application department beyond the applications and services provided.
Articulating your guiding principles, values, capabilities, and orientation provides a foundation for expressing your department strategy.
1.1 Identify your team’s values and guiding principles.
1.2 Define your department’s orientation.
A summary of your department’s values and guiding principles
A clear view of your department’s orientation and supporting capabilities
Lay out all the details that make up your application department strategy.
A completed application department strategy canvas containing everything you need to communicate your strategy.
2.1 Write your application department vision statement.
2.2 Define your application department goals and metrics.
2.3 Specify your department capabilities and orientation.
2.4 Prioritize what is most important to your department.
Your department vision
Your department’s goals and metrics that contribute to achieving your department’s vision
Your department’s capabilities and orientation
A prioritized roadmap for your department
Lay out your strategy’s communication plan.
Your application department strategy presentation ready to be presented to your stakeholders.
3.1 Identify your stakeholders.
3.2 Develop a communication plan.
3.3 Wrap-up and next steps
List of prioritized stakeholders you want to communicate with
A plan for what to communicate to each stakeholder
Communication is only the first step – what comes next?
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Sponsor a mandate for innovation and assemble a small team to start sourcing ideas with IT staff.
Identify critical opportunities for innovation and brainstorm effective solutions.
Prototype ideas rapidly to gain user feedback, refine solutions, and make a compelling case for project investment.
Formalize the innovation process and implement a program to create a strong culture of innovation in IT.
Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.
Introduce innovation.
Assess overall IT maturity to understand what you want to achieve with innovation.
Define the innovation mandate.
Introduce ideation.
A set of shared objectives for innovation will be defined.
A mandate will be created to help focus innovation efforts on what is most critical to the advancement of IT's maturity.
The group will be introduced to ideation and prepared to begin addressing critical IT or business pains.
1.1 Define workshop goals and objectives.
1.2 Introduce innovation.
1.3 Assess IT maturity.
1.4 Define the innovation mandate.
1.5 Introduce ideation.
Workshop goals and objectives.
An understanding of innovation.
IT maturity assessment.
Sponsored innovation mandate.
An understanding of ideation.
Identify and prioritize opportunities for IT-led innovation.
Map critical processes to identify the pains that should be ideated around.
Brainstorm potential solutions.
Assess, pitch, and prioritize ideas that should be investigated further.
The team will learn best practices for ideation.
Critical pain points that might be addressed through innovation will be identified and well understood.
A number of ideas will be generated that can solve identified pains and potentially feed the project pipeline.
The team will prioritize the ideas that should be investigated further and prototyped after the workshop.
2.1 Identify processes that present opportunities for IT-led innovation.
2.2 Map selected processes.
2.3 Finalize problem statements.
2.4 Generate ideas.
2.5 Assess ideas.
2.6 Pitch and prioritize ideas.
A list of processes with high opportunity for IT-enablement.
Detailed process maps that highlight pain points and stakeholder needs.
Problem statements to ideate around.
A long list of ideas to address pain points.
Detailed idea documents.
A shortlist of prioritized ideas to investigate further.
Ideate around a more complex problem that presents opportunity for IT-led innovation.
Map the associated process to define pain points and stakeholder needs in detail.
Brainstorm potential solutions.
Assess, pitch, and prioritize ideas that should be investigated further.
Introduce prototyping.
Map the user journey for prioritized ideas.
The team will be ready to facilitate ideation independently with other staff after the workshop.
A critical problem that might be addressed through innovation will be defined and well understood.
A number of innovative ideas will be generated that can solve this problem and help IT position itself as a source of innovative projects.
Ideas will be assessed and prioritized for further investigation and prototyping after the workshop.
The team will learn best practices for prototyping.
The team will identify the assumptions that need to be tested when top ideas are prototyped.
3.1 Select an urgent opportunity for IT-led innovation.
3.2 Map the associated process.
3.3 Finalize the problem statement.
3.4 Generate ideas.
3.5 Assess ideas.
3.6 Pitch and prioritize ideas.
3.7 Introduce prototyping.
3.8 Map the user journey for top ideas.
Selection of a process which presents a critical opportunity for IT-enablement.
Detailed process map that highlights pain points and stakeholder needs.
Problem statement to ideate around.
A long list of ideas to solve the problem.
Detailed idea documents.
A shortlist of prioritized ideas to investigate further.
An understanding of effective prototyping techniques.
A user journey for at least one of the top ideas.
Establish a process for generating, managing, prototyping, prioritizing, and approving new ideas.
Create an action plan to operationalize your new process.
Develop a program to help support the innovation process and nurture your innovators.
Create an action plan to implement your innovation program.
Decide how innovation success will be measured.
The team will learn best practices for managing innovation.
The team will be ready to operationalize an effective process for IT-led innovation. You can start scheduling ideation sessions as soon as the workshop is complete.
The team will understand the current innovation ecosystem: drivers, barriers, and enablers.
The team will be ready to roll out an innovation program that will help generate wider engagement with IT-led innovation.
You will be ready to measure and report on the success of your program.
4.1 Design an IT-led innovation process.
4.2 Assign roles and responsibilities.
4.3 Generate an action plan to roll out the process.
4.4 Determine critical process metrics to track.
4.5 Identify innovation drivers, enablers, and barriers.
4.6 Develop a program to nurture a culture of innovation.
4.7 Create an action plan to jumpstart each of your program components.
4.8 Determine critical metrics to track.
4.9 Summarize findings and gather feedback.
A process for IT-led innovation.
Defined process roles and responsibilities.
An action plan for operationalizing the process.
Critical process metrics to measure success.
A list of innovation drivers, enablers, and barriers.
A program for innovation that will leverage enablers and minimize barriers.
An action plan to roll out your innovation program.
Critical program metrics to track.
Overview of workshop results and feedback.
Learn to use metrics in the right way. Avoid staff (subconciously) gaming the numbers, as it is only natural to try to achieve the objective. This is really a case of be careful what you wish for, you may just get it.
The service desk is a major function within IT. Small enterprises with constrained resources need to look at designing a service desk that enables consistency in supporting the business and finds the right balance of documentation.
Determining the right level of documentation to provide backup and getting the right level of data for good reporting may seem like a waste of time when the team is small, but this is key to knowing when to invest in more people, upgraded technology, and whether your efforts to improve service are successful.
It’s easy to lose sight of the client experience when working as a small team supporting a variety of end users. Changing from a help desk to a service desk requires a focus on what it means to be a customer centric service desk and a change to the way the technicians think about providing support.
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
This blueprint provides a framework to quickly identify a plan for service desk improvements. It also provides references to build out additional skills and functionality as a continual improvement initiative.
The maturity assessment will provide a baseline and identify areas of focus based on level of current and target maturity.
The SOP provides an excellent guide to quickly inform new team members or contractors of your support approach.
The categorization scheme template provides examples of asset-based categories, resolution codes and status.
This template provides a starting point for building your communications on planned improvements.
The service desk is a major function within IT. Small enterprises with constrained resources need to look at designing a service desk that enables consistency in supporting the business and finds the right balance of documentation.
Evaluate documentation to ensure there is always redundancy built in to cover absences. Determining coverage will be an important factor, especially if vendors will be brought into the organization to assist during shortages. They will not have the same level of knowledge as teammates and may have different requirements for documentation.
It is important to be customer centric, thinking about how services are delivered and communicated with a focus on providing self-serve at the appropriate level for your users and determining what information the business needs for expectation-setting and service level agreements, as well as communications on incidents and changes.
And finally, don’t discount the value of good reporting. There are many reasons to document issues besides just knowing the volume of workload and may become more important as the organization evolves or grows. Stakeholder reporting, regulatory reporting, trend spotting, and staff increases are all good reasons to ensure minimum documentation standards are defined and in use.
 |
Sandi Conrad
Principal Research Director Info-Tech Research Group |
| Title | Page | Title | Page |
| Blueprint benefits | 6 | Incident management | 25 |
| Start / Stop / Continue exercise | 10 | Prioritization scheme | 27 |
| Complete a maturity assessment | 11 | Define SLAs | 29 |
| Select an ITSM tool | 13 | Communications | 30 |
| Define roles & responsibilities | 15 | Reporting | 32 |
| Queue management | 17 | What can you do to improve? | 33 |
| Ticket handling best practices | 18 | Staffing | 34 |
| Customer satisfaction surveys | 19 | Knowledge base & self-serve | 35 |
| Categorization | 20 | Customer service | 36 |
| Separate ticket types | 22 | Ticket analysis | 37 |
| Service requests | 23 | Problem management | 38 |
| Roadmap | 39 |
Make the best use of the team
|
Build cross-training into your culture
|
Don’t discount the benefit of good tools
|
Standard Operating Procedures |
Maturity Assessment |
Categorization scheme |
Improvement Initiative |
| Create a standard operating procedure to ensure the support team has a consistent understanding of how they need to engage with the business. | |||
IT benefits
|
Business benefits
|
A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization.
A typical GI is six to ten calls over the course of three to four months.
The current state discussion will determine the path.
What does a typical GI on this topic look like?Current State & Vision |
Best Practices |
Service Requests & Incidents |
Communications |
Next Steps & Roadmap |
| Call #1: Discuss current state & create a vision
Call #2: Document roles & responsibilities |
Call #3:Review and define best practices for ticket handling | Call #4: Review categorization
Call #5: Discuss service requests & self-serve Call #6: Assess incident management processes |
Call #7: Assess and document reporting and metrics
Call #8: Discuss communications methods |
Call #9: Review next steps
Call #10: Build roadmap for updates |
| For a workshop on this topic, see the blueprint Standardize the Service Desk | ||||
Executive Brief Case StudySouthwest CARE Center |
 |
INDUSTRY |
Service Desk ProjectAfter relying on a managed service provider (MSP) for a number of years, the business hired Kevin to repatriate IT. As part of that mandate, his first strategic initiative was to build a service desk. SCC engaged Info-Tech Research Group to select and build a structure; assign roles and responsibilities; implement incident management, request fulfilment, and knowledge management processes; and integrate a recently purchased ITSM tool. Over the course of a four-day onsite engagement, SCC’s IT team worked with two Info-Tech analysts to create and document workflows, establish ticket handling guidelines, and review their technological requirements. ResultsThe team developed a service desk standard operating procedure and an implementation roadmap with clear service level agreements. |
Southwest CARE Center (SCC) is a leading specialty healthcare provider in New Mexico. They offer a variety of high-quality services with a focus on compassionate, patient-centered healthcare.
“Info-Tech helped me to successfully rebrand from an MSP help desk to an IT service desk. Sandi and Michel provided me with a customized service desk framework and SOP that quickly built trust within the organization. By not having to tweak and recalibrate my service desk processes through trial and error, I was able to save a year’s worth of work, resulting in cost savings of $30,000 to $40,000.” (Kevin Vigil, Director of Information Technology, Southwest CARE Center) |
|
N=63, small enterprise organizations from the End-User Satisfaction Diagnostic, at December 2021 Dissatisfied was classified as those organizations with an average score less than 7. Satisfied was classified as those organizations with an average score greater or equal to 8. |
|
STOP |
|
START |
|
CONTINUE |
|
| The Service Desk Maturity Assessment tool helps organizations assess their service desk process maturity and focus the project on the activities that matter most.
The tool will help guide improvement efforts and measure your progress.
|
 |
Consider service improvements and how those changes can be perceived by the organization. For example, offering multiple platforms, such as adding Macs to end-user devices, could translate to “Providing the right IT solutions for the way our employees want to work.”
To support new platforms, you might need to look at the following steps to get there:
|
Info-Tech InsightIdentify some high-level opportunities and plan out how these changes will impact the way you provide support today. Document steps you’ll need to follow to make it happen. This may include new offerings and product sourcing, training, and research. |
| You don’t need to spend a fortune. Many solutions are free or low-cost for a small number of users, and you don’t necessarily have to give up functionality to save money.
Encourage users to submit requests through email or self-serve to keep organized. Ensure that reporting will provide you with the basics without effort, but ensure report creation is easy enough if you need to add more. Consider tools that do more than just store tickets. ITSM tools for small enterprises can also assist with:
|
|
||||||||||||||||
| Consider engaging a partner for the installation and setup as they will have the expertise to troubleshoot and get you to value quickly.
Even with a partner, don’t rely on them to set up categories, prioritizations, and workflows. If you have unique requirements, you will need to bring your design work to the table to avoid getting a “standard install” that will need to be modified later. When we look at what makes a strong and happy product launch, it boils down to a few key elements:
|
To prepare for a quick time to value in setting up the new ITSM tool, prioritize in this order:
|
|
Note roles in the Incident Management and Service Desk – Standard Operating Procedure Template |
If ticket volume is too high or too dispersed to effectively have teams self-select tickets, assign a queue manager to review tickets throughout the day to ensure they’re assigned and on the technician’s schedule. This is particularly important for technicians who don’t regularly work out of the ticketing system. Follow up on approaching or missed SLAs.
Make sure your queue manager has an accurate escalation list and has the authority to assign tickets and engage with the technical team to manage SLAs; otherwise, SLAs will never be consistently managed.
Accurate data leads to good decisions. If working toward adding staff members, reducing recurring incidents, gaining access to better tools, or demonstrating value to the business, tickets will enable reporting and dashboards to manage your day-to-day business and provide reports to stakeholders.
|
Ticket templates (or quick tickets) for common incidents can lead to fast creation, data input, and categorizations. Templates can reduce the time it takes to create tickets from two minutes to 30 seconds.
 |
Review tickets and talk to the team to find out the most frequent requests and the most frequent incidents that could be solved by the end user if there were clear instructions. Check with your user community to see what they would like to see in the portal.
| A portal is only as attractive as it is useful. Enabling ticket creation and review is the bare minimum and may not entice users to the portal if email is just as easy to use for ticket creation. Consider opening the portal to groups other than IT. HR, finance, and others may have information they want to share or forms to fill in or download where an employee portal rather than an IT portal could be helpful. Work with other departments to see if they would find value. Make sure your solution is easy to use when adding content. Low-code options are useful for this. Portals could be built in the ITSM solution or SharePoint/Teams and should include:
Info-Tech InsightConsider using video capture software to create short how-to videos for common questions. Vendors such as TechSmith Snagit , Vimeo Screen Recorder, Screencast-O-Matic Video Recording, and Movavi Screen Recording may be quick and easy to learn. | 49%49% of employees have trouble finding information at work 35%Employees can cut time spent looking for information by 35% with quality intranet (Source: Liferay) |
Transactional surveys are tied to specific interactions and provide a means of communication to help users communicate satisfaction or dissatisfaction with single interactions.
|
Relationship surveys can be run annually to obtain feedback on the overall customer experience.
Inform yourself of how well you are doing or where you need improvement in the broad services provided. Provide a high-level perspective on the relationship between the business and IT. Help with strategic improvement decisions.
|
Too many options can cause confusion; too few options provide little value. Try to avoid using “miscellaneous” – it’s not useful information. Test your tickets against your new scheme to make sure it works for you. Effective classification schemes are concise, easy to use correctly, and easy to maintain.
Build out the categories with these questions:
Create resolution codes to further modify the data for deeper reporting. This is typically a separate field, as you could use the same code for many categories. Keep it simple, but make sure it’s descriptive enough to understand the type of work happening in IT. Create and define simple status fields to quickly review tickets and know what needs to be actioned. Don’t stop the clock for any status changes unless you’re waiting on users. The elapsed time is important to measure from a customer satisfaction perspective. Info-Tech InsightThink about how you will use the data to determine which components need to be included in reports. If components won’t be used for reporting, routing, or warranty, reporting down to the component level adds little value. |  |
Input: Existing tickets
Output: Categorization scheme
Materials: Whiteboard/Flip charts, Markers, Sample categorization scheme
Participants: CIO, Service desk manager, Technicians
Discuss:
Draft:
Download the Incident Management and Service Desk – Standard Operating Procedure Template
INCIDENTS |
SERVICE REQUESTS |
||
 |
PRIORITIZATION |
Incidents will be prioritized based on urgency and impact to the organization. | Service requests will be scheduled and only increase in prioritization if there is an issue with the request process (e.g. new hire start). |
 |
SLAs |
Did incidents get resolved according to prioritization rules? REPONSE & RESOLUTION | Did service requests get completed on time? SCHEDULING & FULFILMENT |
 |
TRIAGE & ROOT CAUSE ANALYSIS |
Incidents will typically need triage at the service desk unless something is set up to go directly to a specialist. | Service requests don’t need triage and can be routed automatically for approvals and fulfillment. |
“For me, the first key question is, is this keeping you from doing business? Is this a service request? Is it actually something that's broken? Well, okay. Now let's have the conversation about what's broken and keeping you from doing business.” (Anonymous CIO)
Service requests are not as urgent as incidents and should be scheduled.
Set the SLA based on time to fulfill, plus a buffer to schedule around more urgent service requests.
2-3 hours
Input: Ticket data, Existing workflow diagrams
Output: Workflow diagrams
Materials: Whiteboard/Flip charts, Markers, Visio
Participants: CIO, Service desk manager, Technicians
Identify:
Download the Incident Management and Service Desk – Standard Operating Procedure Template
| Critical incidents and normal incidents
Even with a small team, it’s important to define a priority for response and resolution time for SLA and uptime reporting and extracting insights for continual improvement efforts.
|
Go to incident management for SE
Super-specialization of knowledge is also a common factor in smaller teams and is caused by complex architectures. While helpful, if that knowledge isn’t documented, it can walk out the door with the resource and the rest of the team is left scrambling. Lessons learned may be gathered for critical incidents but often are not propagated, which impacts the ability to solve recurring incidents. Over time, repeated incidents can have a negative impact on the customer’s perception that the service desk is a credible and essential service to the business.
|
1 hour
Input: Ticket data, Business continuity plan
Output: Service desk SOP
Materials: Whiteboard/Flip charts, Markers
Participants: CIO, Service desk manager, Technicians
Discuss and document:
Download the Incident Runbook Prioritization Tool
|
 |
Depending on the size of the team, escalations may be mostly to internal technical colleagues or could be primarily to vendors.
 |
||||
| User doesn’t know who will fix the issue but expects to see it done in a reasonable time. | If issue cannot be resolved right away, set expectations for resolution time.
|
|
|
Validate user is happy with the experience |
Improving communications is the most effective way to improve customer service
|
Keep messaging simple
|
 |
PROACTIVE, PLANNED CHANGES |
From: Service Desk
Messaging provided by engineer or director, sent to all employees; proactive planning with business unit leaders. |
 |
OUTAGES & UPDATES |
From: Service Desk
Use templates to send out concise messaging and updates hourly, with input from technical team working on restoring services to all; director to liaise with business stakeholders. |
 |
UPDATES TO SERVICES, SELF-SERVE |
From: Director
Send announcements no more than monthly about new services and processes. |
 |
REGULAR STAKEHOLDER COMMUNICATIONS |
From: Director
Monthly reporting to business and IT stakeholders on strategic and project goals, manage escalations. |
2 hours
Input: Sample past communications
Output: Communications templates
Materials: Whiteboard/flip charts, Markers
Participants: CIO, Service desk manager, Technicians
Determine where templates are needed to ensure quick and consistent communications. Review sample templates and modify to suit your needs:
Download the communications templates
Create reports that are useful and actionableReporting serves two purposes:
To determine what reports are needed, ask yourself:
|
Determine which metrics will be most useful to suit your strategic and operational goals
|
|||||||||
Be agile in your approach to serviceIt’s easy for small teams to get overwhelmed when covering for vacations, illness, or leave. Determine where priorities may be adjusted during busy or short-staffed times.
|
Staff the service desk to meet demand
|
Create and manage a knowledge baseWith a small team, it may seem redundant to create a knowledge base, but without key system and process workflows and runbooks, an organization is still at risk of bottlenecks and knowledge failure.
Info-Tech InsightAppeal to a broad audience. Use non-technical language whenever possible to help less technical readers. Identify error messages and use screenshots where it makes sense. Take advantage of social features like voting buttons to increase use. | Optimize the service desk with a shift-left strategy
|
Customer service isn’t just about friendlinessYour team will all need to deal with end users at some point, and that may occur in times of high stress. Ensure the team has the skills they need to actively listen, stay positive, and de-escalate. Info-Tech’s customer service program is a modular approach to improve skills one area at a time. Delivering good customer service means being effective in these areas:
|
Deliver a customer service training program to your IT department
|
Improve your ticket analysisOnce you’ve got great data coming into the ticketing system, it’s important to rethink your metrics and determine if there are more insights to be found. Analyzing ticket data involves:
|
Analyze your service desk ticket dataProperly analyzing ticket data is challenging for the following reasons:
|
Start doing problem managementProactively focusing on root cause analysis will reduce the most disruptive incidents to the organization.
|
Problem managementProblem management can be challenging because it requires skills and knowledge to go deep into a problem and troubleshoot the root cause of an issue, but it also requires uninterrupted time.
|
Determine what tasks and projects need to be completed to meet your improvement goals. Create a high-level project plan and balance with existing resources.
Taylor, Sharon and Ivor Macfarlane. ITIL Small Scale Implementation. Office of Government Commerce, 2005.
“Share, Collaborate, and Communicate on One Consistent Platform.” Liferay, n.d. Accessed 19 July 2022.
Rodela, Jimmy. “A Beginner’s Guide to Customer Self-Service.” The Ascent, 18 May 2022. Web.
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Ensure the purchase is the lowest cost with fewest future headaches.
Select the most appropriate offering for business needs at a competitive price point.
Get the lowest priced feature set for the selected product.
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
This storyboard will help you build a strategy for your Microsoft licensing renewal from conducting a thorough needs assessment to examining your licensing position, evaluating Microsoft's licensing options, and negotiations.
The Microsoft Cloud Products Cost Modeler will provide a rough estimate of what you can expect to pay for Office 365 or Dynamics CRM licensing, before you enter into negotiations. This is not your final cost, but it will give you an idea.
The Microsoft Licensing Purchase Reference Guide can be used throughout the process of licensing review: from initial meetings to discuss compliance state and planned purchases, to negotiation meetings with resellers. Use it in conjunction with Info-Tech's Microsoft Licensing Effective License Position Template.
This tool will help you plot out your negotiation timeline, depending on where you are in your contract negotiation process.
This template helps organizations to determine the difference between the number of software licenses they own and the number of software copies deployed. This is known as the organization’s effective license position (ELP).
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Set up a successful change adoption.
Correctly identify which persona most closely resembles individual staff members.
Ensure enough time and effort is allocated in advance to people change management.
Ensure consistency and clarity in change messages to staff.
Ensure consistency and clarity in change messages to staff.
Improve people change management for future change initiatives.
IT is seen as a cost center in most organizations. Your IT spend is fuelled by negative sentiment instead of contributing to business value.
An effective IT budget complements the business story with how you will achieve the expected business targets.
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Our concise executive brief shows you why you should develop a budget based on value delivery. We'll show you our methodology and the ways we can help you in completing this.
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Capture a clear understanding of the target needs for the requirements process.
Develop best practices for conducting and structuring elicitation of business requirements.
Standardize frameworks for analysis and validation of business requirements.
Formalize change control and governance processes for requirements gathering.
Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.
Create a clear understanding of the target needs for the requirements gathering process.
A comprehensive review of the current state for requirements gathering across people, processes, and technology.
Identification of major challenges (and opportunity areas) that should be improved via the requirements gathering optimization project.
1.1 Understand current state and document existing requirement process steps.
1.2 Identify stakeholder, process, outcome, and training challenges.
1.3 Conduct target state analysis.
1.4 Establish requirements gathering metrics.
1.5 Identify project levels 1/2/3/4.
1.6 Match control points to project levels 1/2/3/4.
1.7 Conduct project scoping and identify stakeholders.
Requirements Gathering Maturity Assessment
Project Level Selection Tool
Requirements Gathering Documentation Tool
Create best practices for conducting and structuring elicitation of business requirements.
A repeatable framework for initial elicitation of requirements.
Prescribed, project-specific elicitation techniques.
2.1 Understand elicitation techniques and which ones to use.
2.2 Document and confirm elicitation techniques.
2.3 Create a requirements gathering elicitation plan for your project.
2.4 Build the operating model for your project.
2.5 Define SIPOC-MC for your selected project.
2.6 Practice using interviews with business stakeholders to build use case models.
2.7 Practice using table-top testing with business stakeholders to build use case models.
Project Elicitation Schedule
Project Operating Model
Project SIPOC-MC Sub-Processes
Project Use Cases
Build a standardized framework for analysis and validation of business requirements.
Policies for requirements categorization, prioritization, and validation.
Improved project value as a result of better prioritization using the MOSCOW model.
3.1 Categorize gathered requirements for use.
3.2 Consolidate similar requirements and eliminate redundancies.
3.3 Practice prioritizing requirements.
3.4 Build the business process model for the project.
3.5 Rightsize the requirements documentation template.
3.6 Present the business requirements document to business stakeholders.
3.7 Identify testing opportunities.
Requirements Gathering Documentation Tool
Requirements Gathering Testing Checklist
Create formalized change control processes for requirements gathering.
Reduced interjections and rework – strengthened formal evaluation and control of change requests to project requirements.
4.1 Review existing CR process.
4.2 Review change control process best practices and optimization opportunities.
4.3 Build guidelines for escalating changes.
4.4 Confirm your requirements gathering process for project levels 1/2/3/4.
Requirements Traceability Matrix
Requirements Gathering Communication Tracking Template
Establish governance structures and ongoing oversight for business requirements gathering.
Consistent governance and oversight of the requirements gathering process, resulting in fewer “wild west” scenarios.
Better repeatability for the new requirements gathering process, resulting in less wasted time and effort at the outset of projects.
5.1 Define RACI for the requirements gathering process.
5.2 Define the requirements gathering steering committee purpose.
5.3 Define RACI for requirements gathering steering committee.
5.4 Define the agenda and cadence for the requirements gathering steering committee.
5.5 Identify and analyze stakeholders for communication plan.
5.6 Create communication management plan.
5.7 Build the action plan.
Requirements Gathering Action Plan
Back to basics: great products are built on great requirements.
A strong process for business requirements gathering is essential for application project success. However, most organizations do not take a strategic approach to optimizing how they conduct business analysis and requirements definition.
"Robust business requirements are the basis of a successful project. Without requirements that correctly articulate the underlying needs of your business stakeholders, projects will fail to deliver value and involve significant rework. In fact, an Info-Tech study found that of projects that fail over two-thirds fail due to poorly defined business requirements.
Despite the importance of good business requirements to project success, many organizations struggle to define a consistent and repeatable process for requirements gathering. This results in wasted time and effort from both IT and the business, and generates requirements that are incomplete and of dubious value. Additionally, many business analysts lack the competencies and analytical techniques needed to properly execute the requirements gathering process.
This research will help you get requirements gathering right by developing a set of standard operating procedures across requirements elicitation, analysis, and validation. It will also help you identify and fine-tune the business analyst competencies necessary to make requirements gathering a success."
– Ben Dickie, Director, Enterprise Applications, Info-Tech Research Group
A business requirement is a statement that clearly outlines the functional capability that the business needs from a system or application. There are several attributes to look at in requirements:
Verifiable
Stated in a way that can be easily tested
Unambiguous
Free of subjective terms and can only be interpreted in one way
Complete
Contains all relevant information
Consistent
Does not conflict with other requirements
Achievable
Possible to accomplish with budgetary and technological constraints
Traceable
Trackable from inception through to testing
Unitary
Addresses only one thing and cannot be decomposed into multiple requirements
Agnostic
Doesn’t pre-suppose a specific vendor or product
In some situations, an insight will reveal new requirements. This requirement will not follow all of the attributes listed above and that’s okay. If a new insight changes the direction of the project, re-evaluate the scope of the project.
Depending on the scope of the project, certain attributes will carry more weight than others. Weigh the value of each attribute before elicitation and adjust as required. For example, verifiable will be a less-valued attribute when developing a client-facing website with no established measuring method/software.
Proper requirements gathering is critical for delivering business value from IT projects, but it remains an elusive and perplexing task for most organizations. You need to have a strategy for end-to-end requirements gathering, or your projects will consistently fail to meet business expectations.
50% of project rework is attributable to problems with requirements. (Info-Tech Research Group)
45% of delivered features are utilized by end users. (The Standish Group)
78% of IT professionals believe the business is “usually” or “always” out of sync with project requirements. (Blueprint Software Systems)
45% of IT professionals admit to being “fuzzy” about the details of a project’s business objectives. (Blueprint Software Systems)
Requirements gathering is truly an organization-spanning issue, and it falls directly on the IT directors who oversee projects to put prudent SOPs in place for managing the requirements gathering process. Despite its importance, the majority of organizations have challenges with requirements gathering.
What happens when requirements are no longer effective?
PMBOK’s Five Phase Project Lifecycle
Initiate – Plan: Requirements Gathering Lives Here – Execute – Control – Close
Inaccurate requirements is the 2nd most common cause of project failure (Project Management Institute ‒ Smartsheet).
Requirements gathering is a critical stage of project planning.
Depending on whether you take an Agile or Waterfall project management approach, it can be extended into the initiate and execute phases of the project lifecycle.
Organizations that had high satisfaction with requirements gathering were more likely to be highly satisfied with the other areas of IT. In fact, 72% of organizations that had high satisfaction with requirements gathering were also highly satisfied with the availability of IT capacity to complete projects.
Note: High satisfaction was classified as organizations with a score greater or equal to 8. Not high satisfaction was every other organization that scored below 8 on the area questions.
N=395 organizations from Info-Tech’s CIO Business Vision diagnostic
The challenges that afflict requirements gathering are multifaceted and often systemic in nature. There isn’t a single cure that will fix all of your requirements gathering problems, but an awareness of frequently encountered challenges will give you a basis for where to consider establishing better SOPs. Commonly encountered challenges include:
70% of projects fail due to poor requirements. (Info-Tech Research Group)
Root Causes of Poor Requirements Gathering:
Outcomes of Poor Requirements Gathering:
Info-Tech Insight
Requirements gathering is the number one failure point for most development or procurement projects that don’t deliver value. This has been and continues to be the case as most organizations still don't get requirements gathering right. Overcoming organizational cynicism can be a major obstacle when it is time to optimize the requirements gathering process.
You can reduce the amount of wasted work by making sure you have clear business goals. In fact, you could see an improvement of as much as 50% by going from a low level of satisfaction with clarity of business goals (<2) to a high level of satisfaction (≥5).
Likewise, you could see an improvement of as much as 43% by going from a low level of satisfaction with analysis of requirements (less than 2) to a high level of satisfaction (greater than or equal to 5).
Note: Waste is measured by the amount of cancelled projects; suboptimal assignment of resources; analyzing, fixing, and re-deploying; inefficiency, and unassigned resources.
N=200 teams from the Project Portfolio Management diagnostic
Good intentions and hard work aren’t enough to make a project successful. As you proceed with a project, step back and assess the critical success factors. Make sure that the important inputs and critical activities of requirements gathering are supporting, not inhibiting, project success.
Creating a unified SOP guide for requirements elicitation, analysis, and validation is a critical step for requirements optimization; it gives your BAs a common frame of reference for conducting requirements gathering.
Info-Tech Insight
Having a standardized approach to requirements management is critical, and SOPs should be the responsibility of a group. The SOP guide should cover all of the major bases of requirements management. In addition to providing a walk-through of the process, an SOP also clarifies requirements governance.
Info-Tech’s Requirements Gathering Framework is a comprehensive approach to requirements management that can be scaled to any size of project or organization. This framework has been extensively road-tested with our clients to ensure that it balances the needs of IT and business stakeholders to give a holistic, end-to-end approach for requirements gathering. It covers the foundational issues (elicitation, analysis, and validation) and prescribes techniques for planning, monitoring, communicating, and managing the requirements gathering process.
When creating the process for requirements gathering, think about how it will be executed by your BAs, and what the composition of your BA team should look like. A strong BA needs to serve as an effective translator, being able to speak the language of both the business and IT.
What are some core competencies of a good BA?
Throughout this blueprint, look for the “BA Insight” box to learn how steps in the requirements gathering process relate to the skills needed by BAs to facilitate the process effectively.
Government
Info-Tech Research Group Workshop
The Client
The organization was a local government responsible for providing services to approximately 600,000 citizens in the southern US. Its IT department is tasked with deploying applications and systems (such as HRIS) that support the various initiatives and mandate of the local government.
The Requirements Gathering Challenge
The IT department recognized that a strong requirements gathering process was essential to delivering value to its stakeholders. However, there was no codified process in place – each BA unilaterally decided how they would conduct requirements gathering at the start of each project. IT recognized that to enhance both the effectiveness and efficiency of requirements gathering, it needed to put in place a strong, prescriptive set of SOPs.
The Improvement
Working with a team from Info-Tech, the IT leadership and BA team conducted a workshop to develop a new set of SOPs that provided clear guidance for each stage of the requirements process: elicitation, analysis, and validation. As a result, business satisfaction and value alignment increased.
The Requirements Gathering SOP and BA Playbook offers a codified set of SOPs for requirements gathering gave BAs a clear playbook.
“Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful.”
“Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track.”
“We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place.”
“Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project.”
Diagnostics and consistent frameworks used throughout all four options
| 1. Build the Target State for Requirements Gathering | 2. Define the Elicitation Process | 3. Analyze and Validate Requirements | 4. Create a Requirements Governance Action Plan | |
|---|---|---|---|---|
| Best-Practice Toolkit |
1.1 Understand the Benefits of Requirements Optimization 1.2 Determine Your Target State for Requirements Gathering |
2.1 Determine Elicitation Techniques 2.2 Structure Elicitation Output |
3.1 Create Analysis Framework 3.2 Validate Business Requirements |
4.1 Create Control Processes for Requirements Changes 4.2 Build Requirements Governance and Communication Plan |
| Guided Implementations |
|
|
|
|
| Onsite Workshop | Module 1: Define the Current and Target State | Module 2: Define the Elicitation Process | Module 3: Analyze and Validate Requirements | Module 4: Governance and Continuous Improvement Process |
| Phase 1 Results: Clear understanding of target needs for the requirements process. | Phase 2 Results: Best practices for conducting and structuring elicitation. | Phase 3 Results: Standardized frameworks for analysis and validation of business requirements. | Phase 4 Results: Formalized change control and governance processes for requirements. |
Contact your account representative or email Workshops@InfoTech.com for more information.
| Workshop Day 1 | Workshop Day 2 | Workshop Day 3 | Workshop Day 4 | Workshop Day 5 | |
|---|---|---|---|---|---|
| Activities |
Define Current State and Target State for Requirements Gathering
|
Define the Elicitation Process
|
Analyze and Validate Requirements
|
Establish Change Control Processes
|
Establish Ongoing Governance for Requirements Gathering
|
| Deliverables |
|
|
|
|
|
Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.
Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.
Proposed Time to Completion: 2 weeks
Start with an analyst kick off call:
Then complete these activities…
With these tools & templates:
Requirements Gathering SOP and BA Playbook
Review findings with analyst:
Then complete these activities…
With these tools & templates:
Phase 1 Results & Insights:
Clear understanding of target needs for the requirements process.
1.1 Understand the Benefits of Requirements Optimization
1.2 Determine Your Target State for Requirements Gathering
2.1 Determine Elicitation Techniques
2.2 Structure Elicitation Output
3.1 Create Analysis Framework
3.2 Validate Business Requirements
4.1 Create Control Processes for Requirements Changes
4.2 Build Requirements Governance and Communication Plan
Optimizing requirements management is not something that can be done in isolation, and it’s not necessarily going to be easy. Improving your requirements will translate into better value delivery, but it takes real commitment from IT and its business partners.
There are four “pillars of commitment” that will be necessary to succeed with requirements optimization:
When gathering business requirements, it’s critical not to assume that layering on technology to a process will automatically solve your problems.
Proper requirements gathering views projects holistically (i.e. not just as an attempt to deploy an application or technology, but as an endeavor to enable new or re-engineered business processes). Neglecting to see requirements gathering in the context of business process enablement leads to failure.
Info-Tech’s Requirements Gathering Framework is a comprehensive approach to requirements management that can be scaled to any size of project or organization. This framework has been extensively road-tested with our clients to ensure that it balances the needs of IT and business stakeholders to give a holistic, end-to-end approach for requirements gathering. It covers both the foundational issues (elicitation, analysis, and validation) as well as prescribing techniques for planning, monitoring, communicating, and managing the requirements gathering process.
Identify the challenges you’re experiencing with requirements gathering, and identify objectives.
Creating a unified SOP guide for requirements elicitation, analysis, and validation is a critical step for requirements optimization; it gives your BAs a common frame of reference for conducting requirements gathering.
Info-Tech Insight
Having a standardized approach to requirements management is critical, and SOPs should be the responsibility of a group. The SOP guide should cover all of the major bases of requirements management. In addition to providing a walk-through of the process, an SOP also clarifies requirements governance.
Info-Tech’s Requirements Gathering SOP and BA Playbook template forms the basis of this blueprint. It’s a structured document that you can fill out with defined procedures for how requirements should be gathered at your organization.
Info-Tech’s Requirements Gathering SOP and BA Playbook template provides a number of sections that you can populate to provide direction for requirements gathering practitioners. Sections provided include: Organizational Context Governance Procedures Resourcing Model Technology Strategy Knowledge Management Elicitation SOPs Analysis SOPs Validation SOPs.
The template has been pre-populated with an example of requirements management procedures. Feel free to customize it to fit your specific needs.
Download the Requirements Gathering SOP and BA Playbook template.
1.1 Understand the Benefits of Requirements Optimization
1.2 Determine Your Target State for Requirements Gathering
2.1 Determine Elicitation Techniques
2.2 Structure Elicitation Output
3.1 Create Analysis Framework
3.2 Validate Business Requirements
4.1 Create Control Processes for Requirements Changes
4.2 Build Requirements Governance and Communication Plan
Establishing an overarching plan for requirements governance is the first step in building an SOP. You must also decide who will actually execute the requirements gathering processes, and what technology they will use to accomplish this. Planning for governance, resourcing, and technology is something that should be done repeatedly and at a higher strategic level than the more sequential steps of elicitation, analysis, and validation.
Visualize how you want requirements to be gathered in your organization. Do not let elements of the current process restrict your thinking.
For example:
Refrain from only making small changes to improve the existing process. Think about the optimal way to structure the requirements gathering process.
Verifiable – It is stated in a way that can be tested.
Unambiguous – It is free of subjective terms and can only be interpreted in one way.
Complete – It contains all relevant information.
Consistent – It does not conflict with other requirements.
Achievable – It is possible to accomplish given the budgetary and technological constraints.
Traceable – It can tracked from inception to testing.
Unitary – It addresses only one thing and cannot be decomposed into multiple requirements.
Accurate – It is based on proven facts and correct information.
Other Considerations:
Organizations can also track a requirement owner, rationale, priority level (must have vs. nice to have), and current status (approved, tested, etc.).
Info-Tech Insight
Requirements must be solution agnostic – they should focus on the underlying need rather than the technology required to satisfy the need as it can be really easy to fall into the technology solution trap.
Use the Requirements Gathering Maturity Assessment tool to help assess the maturity of your requirements gathering function in your organization, and identify the gaps between the current state and the target state. This will help focus your organization's efforts in closing the gaps that represent high-value opportunities.
Complete the Requirements Gathering Maturity Assessment tool to define your target state, and identify the gaps in your current state.
You need to ensure your requirements gathering procedures are having the desired effect and adjust course when necessary. Establishing an upfront list of key performance indicators that will be benchmarked and tracked is a crucial step.
Document the output from this exercise in section 2.2 of the Requirements Gathering SOP and BA Playbook.
A business process model (BPM) is a simplified depiction of a complex process. These visual representations allow all types of stakeholders to quickly understand a process, how it affects them, and enables more effective decision making. Consider these areas for your model:
Stakeholder Analysis
Elicitation Techniques
Documentation
Validation & Traceability
Managing Requirements
Supporting Tools
It’s important to determine the project levels up front, as each project level will have a specific degree of elicitation, analysis, and validation that will need to be completed. That being said, not all organizations will have four levels.
The Project Level Selection Tool will classify your projects into four levels, enabling you to evaluate the risk and complexity of a particular project and match it with an appropriate requirements gathering process.
Project Level Input
Project Level Selection
Define the project levels to determine the appropriate requirements gathering process for each.
Document the output from this exercise in section 2.3 of the Requirements Gathering SOP and BA Playbook.
| Category | Level 4 | Level 3 | Level 2 | Level 1 |
|---|---|---|---|---|
| Scope of Change | Full system update | Full system update | Multiple modules | Minor change |
| Expected Duration | 12 months + | 6 months + | 3-6 months | 0-3 months |
| Impact | Enterprise-wide, globally dispersed | Enterprise-wide | Department-wide | Low users/single division |
| Budget | $1,000,000+ | $500,000-1,000,000 | $100,000-500,000 | $0-100,000 |
| Services Affected | Mission critical, revenue impacting | Mission critical, revenue impacting | Pervasive but not mission critical | Isolated, non-essential |
| Confidentiality | Yes | Yes | No | No |
The tool is comprised of six questions, each of which is linked to at least one type of project risk.
Using the answers provided, the tool will calculate a level for each risk category. Overall project level is a weighted average of the individual risk levels, based on the importance weighting of each type of risk set by the project manager.
This tool is an excerpt from Info-Tech’s exhaustive Project Level Assessment Tool.
Brainstorm the ideal target business process flows for your requirements gathering process (by project level).
Document the output from this exercise in section 2.4 of the Requirements Gathering SOP and BA Playbook.
Having an SOP is important, but it should be the basis for training the people who will actually execute the requirements gathering process. Your BA team is critical for requirements gathering – they need to know the SOPs in detail, and you need to have a plan for recruiting those with an excellent skill set.
The ideal candidates for requirements gathering are technically savvy analysts (but not necessarily computer science majors) from the business who are already fluent with the business’ language and cognizant of the day-to-day challenges that take place. Organizationally, these BAs should be in a group that bridges IT and the business (such as an RGCOE or PMO) and be specialists rather than generalists in the requirements management space.
A BA resourcing strategy is included in the SOP. Customize it to suit your needs.
"Make sure your people understand the business they are trying to provide the solution for as well if not better than the business folks themselves." – Ken Piddington, CIO, MRE Consulting
If you don’t have a trained group of in-house BAs who can execute your requirements gathering process, consider sourcing the talent from internal candidates or calling for qualified applicants. Our Business Requirements Analyst job description template can help you quickly get the word out.
Info-Tech Deliverable
Download the Business Requirements Analyst job description template.
Industry Government
Source Info-Tech Workshop
A mid-sized US municipality was challenged with managing stakeholder expectations for projects, including the collection and analysis of business requirements.
The lack of a consistent approach to requirements gathering was causing the IT department to lose credibility with department level executives, impacting the ability of the team to engage project stakeholders in defining project needs.
The City contracted Info-Tech to help build an SOP to govern and train all BAs on a consistent requirements gathering process.
The teams first set about establishing a consistent approach to defining project levels, defining six questions to be asked for each project. This framework would be used to assess the complexity, risk, and scope of each project, thereby defining the appropriate level of rigor and documentation required for each initiative.
Once the project levels were defined, the team established a formalized set of steps, tools, and artifacts to be created for each phase of the project. These tools helped the team present a consistent approach to each project to the stakeholders, helping improve credibility and engagement for eliciting requirements.
Choose a level of control that facilitates success without slowing progress.
| No control | Right-sized control | Over-engineered control |
|---|---|---|
| Final deliverable may not satisfy business or user requirements. | Control points and communication are set at appropriate stage-gates to allow for deliverables to be evaluated and assessed before proceeding to the next phase. | Excessive controls can result in too much time spent on stage-gates and approvals, which creates delays in the schedule and causes milestones to be missed. |
Info-Tech Insight
Throughout the requirements gathering process, you need checks and balances to ensure that the projects are going according to plan. Now that we know our stakeholder, elicitation, and prioritization processes, we will set up the control points for each project level.
Determine how you want to receive and distribute messages to stakeholders.
| Communication Milestones | Audience | Artifact | Final Goal |
|---|---|---|---|
| Project Initiation | Project Sponsor | Project Charter | Communicate Goals and Scope of Project |
| Elicitation Scheduling | Selected Stakeholders (SMEs, Power Users) | Proposed Solution | Schedule Elicitation Sessions |
| Elicitation Follow-Up | Selected Stakeholders | Elicitation Notes | Confirm Accuracy of Notes |
| First Pass Validation | Selected Stakeholders | Consolidated Requirements | Validate Aggregated Requirements |
| Second Pass Validation | Selected Stakeholders | Prioritized Requirements | Validate Requirements Priority |
| Eliminated Requirements | Affected Stakeholders | Out of Scope Requirements | Affected Stakeholders Understand Impact of Eliminated Requirements |
| Solution Selection | High Authority/Expertise Stakeholders | Modeled Solutions | Select Solution |
| Selected Solution | High Authority/Expertise Stakeholders and Project Sponsor | Requirements Package | Communicate Solution |
| Requirements Sign-Off | Project Sponsor | Requirements Package | Obtain Sign-Off |
# – Control Point: A decision requiring specific approval or sign-off from defined stakeholders involved with the project. Control points result in accepted or rejected deliverables/documents.
A – Plan Approval: This control point requires a review of the requirements gathering plan, stakeholders, and elicitation techniques.
B – Requirements Validation: This control point requires a review of the requirements documentation that indicates project and product requirements.
C – Prioritization Sign-Off: This requires sign-off from the business and/or user groups. This might be sign-off to approve a document, prioritization, or confirm that testing is complete.
D – IT or Peer Sign-Off: This requires sign-off from IT to approve technical requirements or confirm that IT is ready to accept a change.
Define all of the key control points, required documentation, and involved stakeholders.
Document the output from this exercise in section 6.1 of the Requirements Gathering SOP and BA Playbook.
Before commencing requirements gathering, it’s critical that your practitioners have a clear understanding of the initial business case and rationale for the project that they’re supporting. This is vital for providing the business context that elicitation activities must be geared towards.
During requirements gathering, BAs should steer clear of solutions and focus on capturing requirements. Focus on traceable, hierarchical, and testable requirements. Focusing on solution design means you are out of requirements mode.
Constraints come in many forms (i.e. financial, regulatory, and technological). Identifying these constraints prior to entering requirements gathering enables you to remain alert; you can separate what is possible from what is impossible, and set stakeholder expectations accordingly.
Stakeholder management is a critical aspect of the BA’s role. Part of the BA’s responsibility is prioritizing solutions and demonstrating to stakeholders the level of effort required and the value attained.
Begin the requirements gathering process by conducting some initial scoping on why we are doing the project, the goals, and the constraints.
Before you can dive into most elicitation techniques, you need to know who you’re going to speak with – not all stakeholders hold the same value.
There are two broad categories of stakeholders:
Customers: Those who ask for a system/project/change but do not necessarily use it. These are typically executive sponsors, project managers, or interested stakeholders. They are customers in the sense that they may provide the funding or budget for a project, and may have requests for features and functionality, but they won’t have to use it in their own workflows.
Users: Those who may not ask for a system but must use it in their routine workflows. These are your end users, those who will actually interact with the system. Users don’t necessarily have to be people – they can also be other systems that will require inputs or outputs from the proposed solution. Understand their needs to best drive more granular functional requirements.
"The people you need to make happy at the end of the day are the people who are going to help you identify and prioritize requirements." – Director of IT, Municipal Utilities Provider
Need a hand with stakeholder identification? Leverage Info-Tech’s Stakeholder Planning Tool to catalog and prioritize the stakeholders your BAs will need to contact during the elicitation phase.
Practice the process for identifying and analyzing key stakeholders for requirements gathering.
Use the Requirements Gathering Communication Tracking Template for structuring and managing ongoing communications among key requirements gathering implementation stakeholders.
Use the Stakeholder Power Map tab to:
Use the Communication Management Plan tab to:
Recording and analyzing requirements needs some kind of tool, but don’t overinvest in a dedicated suite if you can manage with a more inexpensive solution (such as Word, Excel, and/or Visio). Top-tier solutions may be necessary for an enterprise ERP deployment, but you can use a low-cost solution for low-level productivity application.
Your SOP guide should specify the technology platform that your analysts are expected to use for initial elicitation as well as analysis and validation. You don’t want them to use Word if you’ve invested in a full-out IBM RM solution.
Dedicated requirements management suites are a great (although pricey) way to have full control over recording, analysis, and hierarchical categorization of requirements. Consider some of the major vendors in the space if Word, Excel, and Visio aren’t suitable for you.
Industry Consulting
Source Jama Software
ArcherPoint is a leading Microsoft Partner responsible for providing business solutions to its clients. Its varied customer base now requires a more sophisticated requirements gathering software.
Its process was centered around emailing Word documents, creating versions, and merging issues. ArcherPoint recognized the need to enhance effectiveness, efficiency, and accuracy of requirements gathering through a prescriptive set of elicitation procedures.
The IT department at ArcherPoint recognized that a strong requirements gathering process was essential to delivering value to stakeholders. It needed more scalable and flexible requirements gathering software to enhance requirements traceability. The company implemented SaaS solutions that included traceability and seamless integration features.
These features reduced the incidences of repetition, allowed for tracing of requirements relationships, and ultimately led to an exhaustive understanding of stakeholders’ needs.
Projects are now vetted upon an understanding of the business client’s needs with a thorough requirements gathering collection and analysis.
A deeper understanding of the business needs also allows ArcherPoint to better understand the roles and responsibilities of stakeholders. This allows for the implementation of structures and policies which makes the requirements gathering process rigorous.
Solution options or preferences are not requirements. Be sure to identify these quickly to avoid being forced into untimely discussions and sub-optimal solution decisions.
Solution Requirements: Describe the characteristics of a solution that meet business requirements and stakeholder requirements. They are frequently divided into sub-categories, particularly when the requirements describe a software solution:
Functional Requirements
Non-Functional Requirements
Remember that solution requirements are distinct from solution specifications; in time, specifications will be developed from the requirements. Don’t get ahead of the process.
An analyst will facilitate a discussion to assess the maturity of your requirements gathering process and identify any gaps in the current state.
Speak to an analyst to discuss and determine key metrics for measuring the effectiveness of your requirements gathering processes.
An analyst will facilitate a discussion to determine the ideal target business process flow for your requirements gathering.
An analyst will assist you with determining the appropriate requirements gathering approach for different project levels. The discussion will highlight key control points and define stakeholders who will be involved in each one.
An analyst will facilitate a discussion to highlight the scope of the requirements gathering optimization project as well as identify and analyze key stakeholders in the process.
Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.
Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.
Proposed Time to Completion: 2 weeks
Start with an analyst kick off call:
Then complete these activities…
Review findings with analyst:
Then complete these activities…
With these tools & templates:
1.1 Understand the Benefits of Requirements Optimization
1.2 Determine Your Target State for Requirements Gathering
2.1 Determine Elicitation Techniques
2.2 Structure Elicitation Output
3.1 Create Analysis Framework
3.2 Validate Business Requirements
4.1 Create Control Processes for Requirements Changes
4.2 Build Requirements Governance and Communication Plan
The elicitation phase is where the BAs actually meet with project stakeholders and uncover the requirements for the application. Major tasks within this phase include stakeholder identification, selecting elicitation techniques, and conducting the elicitation sessions. This phase involves the most information gathering and therefore requires a significant amount of time to be done properly.
A mediocre requirements practitioner takes an order taker approach to elicitation: they elicit requirements by showing up to a meeting with the stakeholder and asking, “What do you want?” This approach frequently results in gaps in requirements, as most stakeholders cannot free-form spit out an accurate inventory of their needs.
A strong requirements practitioner first decides on an elicitation framework – a mechanism to anchor the discussion about the business requirements. Info-Tech recommends using business process modelling (BPM) as the most effective framework. The BA can now work through several key questions:
The second key element to elicitation is using the right blend of elicitation techniques: the tactical approach used to actually collect the requirements. Interviews are the most popular means, but focus groups, JAD sessions, and observational techniques can often yield better results – faster. This section will touch on BPM/BPI as an elicitation framework, then do deep dive on different elicitation techniques.
Stakeholders must be identified, and elicitation frameworks and techniques selected. Each technique requires different preparation. For example, brainstorming requires ground rules; focus groups require invitations, specific focus areas, and meeting rooms (perhaps even cameras). Look at each of these techniques and discuss how you would prepare.
A good elicitor has the following underlying competencies: analytical thinking, problem solving, behavioral characteristics, business knowledge, communication skills, interaction skills, and proficiency in BA tools. In both group and individual elicitation techniques, interpersonal proficiency and strong facilitation is a must. A good BA has an intuitive sense of how to manage the flow of conversations, keep them results-oriented, and prevent stakeholder tangents or gripe sessions.
How you document will depend on the technique you use. For example, recording and transcribing a focus group is probably a good idea, but you still need to analyze the results and determine the actual requirements. Use cases demand a software tool – without one, they become cumbersome and unwieldy. Consider how you would document the results before you choose the technique. Some analysts prefer to use solutions like OneNote or Evernote for capturing the raw initial notes, others prefer pen and paper: it’s what works best for the BA at hand.
Review the documentation with your stakeholder and confirm the understanding of each requirement via active listening skills. Revise requirements as necessary. Circulating the initial notes of a requirements interview or focus group is a great practice to get into – it ensures jargon and acronyms are correctly captured, and that nothing has been lost in the initial translation.
BPMs can take multiple forms, but they are created as visual process flows that depict a series of events. They can be customized at the discretion of the requirements gathering team (swim lanes, legends, etc.) based on the level of detail needed from the input.
BPMs can be used as the basis for further process improvement or re-engineering efforts for IT and applications projects. When the requirements gathering process owner needs to validate whether or not a specific step involved in the process is necessary, BPM provides the necessary breakdown.
Different individuals absorb information in a variety of ways. Visual representations of a process or set of steps tend to be well received by a large sub-set of individuals, making BPMs an effective analysis technique.
This related Info-Tech blueprint provides an extremely thorough overview of how to leverage BPM and process improvement approaches.
| Build a Sales Report | |
|---|---|
|
|
|
|
|
|
|
|
Source: iSixSigma
Look at an example for a claims process, and focus on the Record Claim task (event).
| Task | Input | Output | Risks | Opportunities | Condition | Sample Requirements |
|---|---|---|---|---|---|---|
| Record Claim | Customer Email | Case Record |
|
|
|
Business:
Non-Functional:
Functional:
|
Conducting elicitation typically takes the greatest part of the requirements management process. During elicitation, the designated BA(s) should be reviewing documentation, and conducting individual and group sessions with key stakeholders.
Elicitation is an iterative process – requirements should be refined in successive steps. If you need more information in the analysis phases, don’t be afraid to go back and conduct more elicitation.
Document any changes to the elicitation techniques in section 4.0 of the Requirements Gathering SOP and BA Playbook.
| Technique | Description | Assessment and Best Practices | Stakeholder Effort | BA Effort |
|---|---|---|---|---|
| Structured One-on-One Interview | In a structured one-on-one interview, the BA has a fixed list of questions to ask the stakeholder and follows up where necessary. | Structured interviews provide the opportunity to quickly home in on areas of concern that were identified during process mapping or group elicitation techniques. They should be employed with purpose, i.e. to receive specific stakeholder feedback on proposed requirements or to help identify systemic constraints. Generally speaking, they should be 30 minutes or less. | Low | Medium |
| Unstructured One-on-One Interview | In an unstructured one-on-one interview, the BA allows the conversation to flow free form. The BA may have broad themes to touch on but does not run down a specific question list. | Unstructured interviews are most useful for initial elicitation, when brainstorming a draft list of potential requirements is paramount. Unstructured interviews work best with senior stakeholders (sponsors or power users), since they can be time consuming if they’re applied to a large sample size. It’s important for BAs not to stifle open dialogue and allow the participants to speak openly. They should be 60 minutes or less. | Medium | Low |
Interviews should be used with high-value targets. Those who receive one-on-one face time can help generate good requirements, as well as allow effective communication around requirements at a later point (i.e. during the analysis and validation phases).
Use a clear interview approach to guide the preparation, facilitation styles, participants, and interview schedules you manage for a specific project.
Depending on your stakeholder audience and interview objectives, apply one or more of the following approaches to interviews.
Fosters direct engagement
IT is able to hear directly from stakeholders about what they are looking to do with a solution and the level of functionality that they expect from it.
Offers greater detail
With interviews, a greater degree of insight can be gained by leveraging information that wouldn’t be collected through traditional surveys. Face-to-face interactions provide thorough answers and context that helps inform requirements.
Removes ambiguity
Face-to-face interactions allow opportunities for follow-up around ambiguous answers. Clarify what stakeholders are looking for and expect in a project.
Enables stakeholder management
Interviews are a direct line of communication with a project stakeholder. They provide input and insight, and help to maintain alignment, plan next steps, and increase awareness within the IT organization.
Consider stakeholder types and characteristics, in conjunction with the best way to maximize time, when selecting which of the three interview structures to leverage during the elicitation phase of requirements gathering.
Review the following questions to determine what interview structure you should utilize. If you answer the question with “Yes,” then follow the corresponding recommendations for the interview elements.
| Question | Structure Type | Facilitation Technique | # of Participants |
|---|---|---|---|
| Do you have to interview multiple participants at once because of time constraints? | Semi-structured | Discussion | 1+ |
| Does the business or stakeholders want you to ask specific questions? | Structured | Q&A | 1 |
| Have you already tried an unsuccessful survey to gather information? | Semi-structured | Discussion | 1+ |
| Are you utilizing interviews to understand the area? | Unstructured | Discussion | 1+ |
| Do you need to gather requirements for an immediate project? | Structured | Q&A | 1+ |
Interviews should be used with high-value targets. Those who receive one-on-one face time can help generate good requirements and allow for effective communication around requirements during the analysis and validation stages.
Interviews generally follow the same workflow regardless of which structure you select. You must manage the process to ensure that the interview runs smoothly and results in an effective gathering requirements process.
The interview process may grind to a halt due to challenging situations. Below are common scenarios and corresponding troubleshooting techniques to get your interview back on track.
| Scenario | Technique |
|---|---|
| Quiet interviewee | Begin all interviews by asking courteous and welcoming questions. This technique will warm the interviewee up and make them feel more comfortable. Ask prompting questions during periods of silence in the interview. Take note of the answers provided by the interviewee in your interview guide, along with observations and impact statements that occur throughout the duration of the interview process. |
| Disgruntled interviewee | Avoid creating a hostile environment by eliminating the interviewee’s perception that you are choosing to focus on issues that the interviewee feels will not be resolved. Ask questions to contextualize the issue. For example, ask why they feel a particular way about the issue, and determine whether they have valid concerns that you can resolve. |
| Interviewee has issues articulating their answer | Encourage the interviewee to use a whiteboard or pen and paper to kick start their thought process. Make sure you book a room with these resources readily available. |
| Technique | Description | Assessment and Best Practices | Stakeholder Effort | BA Effort |
|---|---|---|---|---|
| Casual Observation | The process of observing stakeholders performing tasks where the stakeholders are unaware they are being observed. | Capture true behavior through observation of stakeholders performing tasks without informing them they are being observed. This information can be valuable for mapping business process; however, it is difficult to isolate the core business activities from unnecessary actions. | Low | Medium |
| Formal Observation | The process of observing stakeholders performing tasks where the stakeholders are aware they are being observed. | Formal observation allows BAs to isolate and study the core activities in a business process because the stakeholder is aware they are being observed. Stakeholders may become distrusting of the BA and modify their behavior if they feel their job responsibilities or job security are at risk | Low | Medium |
Info-Tech Insight
Observing stakeholders does not uncover any information about the target state. Be sure to use contextual observation in conjunction with other techniques to discover the target state.
| Technique | Description | Assessment and Best Practices | Stakeholder Effort | BA Effort |
|---|---|---|---|---|
| Closed-Response Survey | A survey that has fixed responses for each answer. A Likert-scale (or similar measures) can be used to have respondents evaluate and prioritize possible requirements. | Closed response surveys can be sent to large groups and used to quickly gauge user interest in different functional areas. They are easy for users to fill out and don’t require a high investment of time. However, their main deficit is that they are likely to miss novel requirements not listed. As such, closed response surveys are best used after initial elicitation or brainstorming to validate feature groups. | Low | Medium |
| Open-Response Survey | A survey that has open-ended response fields. Questions are fixed, but respondents are free to populate the field in their own words. Open-response surveys take longer to fill out than closed, but can garner deeper insights. | Open-response surveys are a useful supplement (and occasionally replacement) for group elicitation techniques, like focus groups, when you need to receive an initial list of requirements from a broad cross-section of stakeholders. Their primary shortcoming is the analyst can’t immediately follow up on interesting points. However, they are particularly useful for reaching stakeholders who are unavailable for individual one-on-ones or group meetings. | Low | Medium |
Info-Tech Insight
Surveys can be useful mechanisms for initial drafting of raw requirements (open-response) and gauging user interest in proposed requirements or feature sets (closed-response). However, they should not be the sole focus of your elicitation program due to lack of interactivity and two-way dialogue with the BA.
What are surveys?
Surveys take a sample population’s written responses for data collection. Survey respondents can identify themselves or choose to remain anonymous. Anonymity removes the fear of repercussions for giving critical responses to sensitive topics.
Who needs to be involved?
Participants of a survey include the survey writer, respondent(s), and results compiler. There is a moderate amount of work that comes from both the writer and compiler, with little work involved on the end of the respondent.
What are the benefits?
The main benefit of surveys is their ability to reach large population groups and segments without requiring personal interaction, thus saving money. Surveys are also very responsive and can be created and modified rapidly to address needs as they arise on an on-going basis.
Surveys are most valuable when completed early in the requirements gathering stage.
Intake and Scoping → Requirements Gathering → Solution Design → Development/ Procurement → Implementation/ Deployment
When a project is announced, develop surveys to gauge what users consider must-have, should-have, and could-have requirements.
Use surveys to profile the demand for specific requirements.
It is often difficult to determine if requirements are must haves or should haves. Surveys are a strong method to assist in narrowing down a wide range of requirements.
Are surveys worth the time and effort? Most of the time.
Surveys can generate insights. However, there are potential barriers:
Surveys should only be done if the above barriers can easily be overcome.
Scenario
There is an unclear picture of the business needs and functional requirements for a solution.
Survey Approach
Use open-ended questions to allow respondents to propose requirements they see as necessary.
Sample questions
What to do with your results
Take a step back
If you are using surveys to elicit a large number of requirements, there is probably a lack of clear scope and vision. Focus on scope clarification. Joint development sessions are a great technique for defining your scope with SMEs.
Moving ahead
Proper survey design determines how valuable the responses will be. Review survey principles released by the University of Wisconsin-Madison.
Provide context
Include enough detail to contextualize questions to the employee’s job duties.
Where necessary:
Give clear instructions
When introducing a question identify if it should be answered by giving one answer, multiple answers, or a ranking of answers.
Avoid IT jargon
Ensure the survey’s language is easily understood.
When surveying colleagues from the business use their own terms, not IT’s.
E.g. laptops vs. hardware
Saying “laptops” is more detailed and is a universal term.
Use ranges
Recommended:
In a month your Outlook fails:
Not Recommended:
Your Outlook fails:
Keep surveys short
Improve responses and maintain stakeholder interest by only including relevant questions that have corresponding actions.
Recommended: Keep surveys to ten or less prompts.
Scenario
There is a large list of requirements and the business is unsure of which ones to further pursue.
Survey Approach
Use closed-ended questions to give degrees of importance and rank requirements.
Sample questions
What to do with your results
Determine which requirements to further explore
Avoid simply aggregating average importance and using the highest average as the number-one priority. Group the highest average importance requirements to be further explored with other elicitation techniques.
Moving ahead
The group of highly important requirements needs to be further explored during interviews, joint development sessions, and rapid development sessions.
Scenario
The business wanted a closer look into a specific process to determine if the project could be improved to better address process issues.
Survey Approach
Use open-ended questions to allow employees to articulate very specific details of a process.
Sample questions
What to do with your results
Set up prototyping
Prototype a portion with the new requirement to see if it meets the user’s needs. Joint application development and rapid development sessions pair developers and users together to collaboratively build a solution.
Next steps
Free online surveys offer quick survey templates but may lack customization. Paid options include customizable features. Studies show that most participants find web-based surveys more appealing, as web surveys tend to have a higher rate of completion.
Potential Services (Not a comprehensive list)
SurveyMonkey – free and paid options
Good Forms – free options
Ideal for:
Paper surveys offer complete customizability. However, paper surveys take longer to distribute and record, and are also more expensive to administer.
Ideal for:
Internally-developed surveys can be distributed via the intranet or email. Internal surveys offer the most customization. Cost is the creator’s time, but cost can be saved on distribution versus paper and paid online surveys.
Ideal for:
| Technique | Description | Assessment and Best Practices | Stakeholder Effort | BA Effort |
|---|---|---|---|---|
| Focus Group | Focus groups are sessions held between a small group (typically ten individuals or less) and an experienced facilitator who leads the conversation in a productive direction. | Focus groups are highly effective for initial requirements brainstorming. The best practice is to structure them in a cross-functional manner to ensure multiple viewpoints are represented, and the conversation doesn’t become dominated by one particular individual. Facilitators must be wary of groupthink in these meetings (i.e. the tendency to converge on a single POV). | Medium | Medium |
| Workshop | Workshops are larger sessions (typically ten people or more) that are led by a facilitator, and are dependent on targeted exercises. Workshops may be occasionally decomposed into smaller group sessions. | Workshops are highly versatile: they can be used for initial brainstorming, requirement prioritization, constraint identification, and business process mapping. Typically, the facilitator will use exercises or activities (such as whiteboarding, sticky note prioritization, role-playing, etc.) to get participants to share and evaluate sets of requirements. The main downside to workshops is a high time commitment from both stakeholders and the BA. | Medium | High |
Info-Tech Insight
Group elicitation techniques are most useful for gathering a wide spectrum of requirements from a broad group of stakeholders. Individual or observational techniques are typically needed for further follow-up and in-depth analysis with critical power users or sponsors.
There are two specific types of group interviews that can be utilized to elicit requirements: focus groups and workshops. Understand each type’s strengths and weaknesses to determine which is better to use in certain situations.
| Focus Groups | Workshops | |
|---|---|---|
| Description |
|
|
| Strengths |
|
|
| Weaknesses |
|
|
| Facilitation Guidance |
|
|
| Technique | Description | Assessment and Best Practices | Stakeholder Effort | BA Effort |
|---|---|---|---|---|
| Solution Mapping Session | A one-on-one session to outline business processes. BPM methods are used to write possible target states for the solution on a whiteboard and to engineer requirements based on steps in the model. | Solution mapping should be done with technically savvy stakeholders with a firm understanding of BPM methodologies and nomenclature. Generally, this type of elicitation method should be done with stakeholders who participated in tier one elicitation techniques who can assist with reverse-engineering business models into requirement lists. | Medium | Medium |
| Joint Requirements Review Session | This elicitation method is sometimes used as a last step prior to moving to formal requirements analysis. During the review session, the rough list of requirements is vetted and confirmed with stakeholders. | A one-on-one (or small group) requirements review session gives your BAs the opportunity to ensure that what was recorded/transcribed during previous one-on-ones (or group elicitation sessions) is materially accurate and representative of the intent of the stakeholder. This elicitation step allows you to do a preliminary clean up of the requirements list before entering the formal analysis phase. | Low | Low |
Info-Tech Insight
Solution mapping and joint requirements review sessions are more advanced elicitation techniques that should be employed after preliminary techniques have been utilized. They should be reserved for technically sophisticated, high-value stakeholders.
| Technique | Description | Assessment and Best Practices | Stakeholder Effort | BA Effort |
|---|---|---|---|---|
| Interactive White- boarding | A group session where either a) requirements are converted to BPM diagrams and process flows, or b) these flows are reverse engineered to distil requirement sets. | While the focus of workshops and focus groups is more on direct requirements elicitation, interactive whiteboarding sessions are used to assist with creating initial solution maps (or reverse engineering proposed solutions into requirements). By bringing stakeholders into the process, the BA benefits from a greater depth of experience and access to SMEs. | Medium | Medium |
| Joint Application Development (JAD) | JAD sessions pair end-user teams together with developers (and BA facilitators) to collect requirements and begin mapping and developing prototypes directly on the spot. | JAD sessions fit well with organizations that use Agile processes. They are particularly useful when the overall project scope is ambiguous; they can be used for project scoping, requirements definition, and initial prototyping. JAD techniques are heavily dependent on having SMEs in the room – they should preference knowledge power users over the “rank and file.” | High | High |
Info-Tech Insight
Interactive whiteboarding should be heavily BPM-centric, creating models that link requirements to specific workflow activities. Joint development sessions are time-consuming but create greater cohesion and understanding between BAs, developers, and SMEs.
| Technique | Description | Assessment and Best Practices | Stakeholder Effort | BA Effort |
|---|---|---|---|---|
| Rapid Application Development | A form of prototyping, RAD sessions are akin to joint development sessions but with greater emphasis on back-and-forth mock-ups of the proposed solution. | RAD sessions are highly iterative – requirements are gathered in sessions, developers create prototypes offline, and the results are validated by stakeholders in the next meeting. This approach should only be employed in highly Agile-centric environments. | High | High |
For more information specific to using the Agile development methodology, refer to the project blueprint Implement Agile Practices That Work.
The role of the BA differs with an Agile approach to requirements gathering. A traditional BA is a subset of the Agile BA, who typically serves as product owner. Agile BAs have elevated responsibilities that include bridging communication between stakeholders and developers, prioritizing and detailing the requirements, and testing solutions.
Use the following slides to gain a thorough understanding of both JAD and rapid development sessions (RDS) to decide which fits your project best.
| Joint Application Development | Rapid Development Sessions | |
|---|---|---|
| Description | JAD pairs end users and developers with a facilitator to collect requirements and begin solution mapping to create an initial prototype. | RDS is an advanced approach to JAD. After an initial meeting, prototypes are developed and validated by stakeholders. Improvements are suggested by stakeholders and another prototype is created. This process is iterated until a complete solution is created. |
| Who is involved? | End users, SMEs, developers, and a facilitator (you). | |
| Who should use this technique? | JAD is best employed in an Agile organization. Agile organizations can take advantage of the high amount of collaboration involved. RDS requires a more Agile organization that can effectively and efficiently handle impromptu meetings to improve iterations. | |
| Time/effort versus value | JAD is a time/effort-intensive activity, requiring different parties at the same time. However, the value is well worth it. JAD provides clarity for the project’s scope, justifies the requirements gathered, and could result in an initial prototype. | RDS is even more time/effort intensive than JAD. While it is more resource intensive, the reward is a more quickly developed full solution that is more customized with fewer bugs. |
Projects that use JAD should not expect dramatically quicker solution development. JAD is a thorough look at the elicitation process to make sure that the right requirements are found for the final solution’s needs. If done well, JAD eliminates rework.
Employees vary in their project engagement. Certain employees leverage JAD because they care about the solution. Others are asked for their expertise (SMEs) or because they perform the process often and understand it well.
JAD’s thorough process guarantees that requirements gathering is done well.
Projects that use RDS can either expect quicker or slower requirements gathering depending on the quality of iteration. If each iteration solves a requirement issue, then one can expect that the solution will be developed fairly rapidly. If the iterations fail to meet requirements the process will be quite lengthy.
Employees doing RDS are typically very engaged in the project and play a large role in helping to create the solution.
RDS success is tied to the organization’s ability to collaborate. Strong collaboration will lead to:
Poor collaboration will lead to RDS losing its full value.
JAD is best employed in an Agile organization for application development and selection. This technique best serves relatively complicated, large-scale projects that require rapid or sequential iterations on a prototype or solution as a part of requirements gathering elicitation. JAD effectuates each step in the elicitation process well, from initial elicitation to narrowing down requirements.
Most requirement gathering professionals will use their experience with project type standards to establish key requirements. Avoid only relying on standards when tackling a new project type. Apply JAD’s structured approach to a new project type to be thorough during the elicitation phase.
While JAD is an overarching requirements elicitation technique, it should not be the only one used. Combine the strengths of other elicitation techniques for the best results.
RDS is best utilized when one, but preferably both, of the below criteria is met.
RDS’ strengths lie in being able to tailor-make certain aspects of the solution. If the solution is too large, tailor-made sections are impossible as multiple user groups have different needs or there is insufficient resources. When a project is small to medium sized, developers can take the time to custom make sections for a specific user group.
RDS requires developers spending a large amount of time with users, leaving less time for development. Having developers at the ready to take on users’ improvement maintains the effectiveness of RDS. If the same developer who speaks to users develops the entire iteration, the process would be slowed down dramatically, losing effectiveness.
JAD relies on unstructured conversations to clarify scope, gain insights, and discuss prototyping. However, a structure must exist to guarantee that all topics are discussed and meetings are not wasted.
JAD often involves visually illustrating how high-level concepts connect as well as prototypes. Use solution mapping and interactive whiteboarding to help users and participants better understand the solution.
Having a group development session provides all the benefits of focus groups while reducing time spent in the typically time-intensive JAD process.
1. Prepare for the meeting
Email all parties a meeting overview of topics that will be discussed.
2. Discussion
3. Wrap-up
4. Follow-up
JAD provides a detail-oriented view into the elicitation process. As a facilitator, take detailed notes to maximize the outputs of JAD.
1. Prepare for the meeting
2. Hold the discussion
3. Wrap-up
4. Follow-up
RDS is best done in quick succession. Keep in constant contact with both employees and developers to maintain positive momentum from a successful iteration improvement.
JAD/RDS are both collaborative activities, and as with all group activities, issues are bound to arise. Be proactive and resolve issues using the following guidelines.
| Scenario | Technique |
|---|---|
| Employee and developer visions for the solution don’t match up | Focus on what both solutions have in common first to dissolve any tension. Next, understand the reason why both parties have differences. Was it a difference in assumptions? Difference in what is a requirement? Once the answer has been determined, work on bridging the gaps. If there is no resolution, appoint a credible authority (or yourself) to become the final decision maker. |
| Employee has difficulty understanding the technical aspect of the developer’s solution | Translate the developer’s technical terms into a language that the employee understands. Encourage the employee to ask questions to further their understanding. |
| Employee was told that their requirement or proposed solution is not feasible | Have a high-level member of the development team explain how the requirement/solution is not feasible. If it’s possible, tell the employee that the requirement can be done in a future release and keep them updated. |
| Technique | Description | Assessment and Best Practices | Stakeholder Effort | BA Effort |
|---|---|---|---|---|
| Legacy System Manuals | The process of reviewing documentation and manuals associated with legacy systems to identify constraints and exact requirements for reuse. | Reviewing legacy systems and accompanying documentation is an excellent way to gain a preliminary understanding of the requirements for the upcoming application. Be careful not to overly rely on requirements from legacy systems; if legacy systems have a feature set up one way, this does not mean it should be set up the same way on the upcoming application. If an upcoming application must interact with other systems, it is ideal to understand the integration points early. | None | High |
| Historical Projects | The process of reviewing documentation from historical projects to extract reusable requirements. | Previous project documentation can be a great source of information and historical lessons learned. Unfortunately, historical projects may not be well documented. Historical mining can save a great deal of time; however, the fact that it was done historically does not mean that it was done properly. | None | High |
Info-Tech Insight
Document mining is a laborious process, and as the term “mining” suggests the yield will vary. Regardless of the outcome, document mining must be performed and should be viewed as an investment in the requirements gathering process.
| Technique | Description | Assessment and Best Practices | Stakeholder Effort | BA Effort |
|---|---|---|---|---|
| Rules | The process of extracting business logic from pre-existing business rules (e.g. explicit or implied workflows). | Stakeholders may not be fully aware of all of the business rules or the underlying rationale for the rules. Unfortunately, business rule documents can be lengthy and the number of rules relevant to the project will vary. | None | High |
| Glossary | The process of extracting terminology and definitions from glossaries. | Terminology and definitions do not directly lead to the generation of requirements. However, reviewing glossaries will allow BAs to better understand domain SMEs and interpret their requirements. | None | High |
| Policy | The process of extracting business logic from business policy documents (e.g. security policy and acceptable use). | Stakeholders may not be fully aware of the different policies or the underlying rationale for why they were created. Going directly to the source is an excellent way to identify constraints and requirements. Unfortunately, policies can be lengthy and the number of items relevant to the project will vary. | None | High |
Info-Tech Insight
Document mining should be the first type of elicitation activity that is conducted because it allows the BA to become familiar with organizational terminology and processes. As a result, the stakeholder facing elicitation sessions will be more productive.
1. Glossary
Extract terminology and definitions from glossaries. A glossary is an excellent source to understand the terminology that SMEs will use.
2. Policy
Pull business logic from policy documents (e.g. security policy and acceptable use). Policies generally have mandatory requirements for projects, such as standard compliance requirements.
3. Rules
Review and reuse business logic that comes from pre-existing rules (e.g. explicit or implied workflows). Like policies, rules often have mandatory requirements or at least will require significant change for something to no longer be a requirement.
4. Legacy System
Review documents and manuals of legacy systems, and identify reusable constraints and requirements. Benefits include:
Remember to not use all of the basic requirements of a legacy system. Always strive to find a better, more productive solution.
5. Historical Projects
Review documents from historical projects to extract reusable requirements. Lessons learned from the company’s previous projects are more applicable than case studies. While historical projects can be of great use, consider that previous projects may not be well documented.
Project managers frequently state that aligning projects to the business goals is a key objective of effective project management; however, it is rarely carried out throughout the project itself. This gap is often due to a lack of understanding around how to create true alignment between individual projects and the business needs.
Extract business wants and needs from official statements and reports (e.g. press releases, yearly reports). Statements and reports outline where the organization wants to go which helps to unearth relevant project requirements.
Documented requirements should always align with the scope of the project and the business objectives. Refer back frequently to your set of gathered requirements to check if they are properly aligned and ensure the project is not veering away from the original scope and business objectives.
The largest problem with documentation review is that requirements gathering professionals do it for the sake of saying they did it. As a result, projects often go off course due to not aligning to business objectives following the review sessions.
There is a time and place for each technique. Don’t become too reliant on the same ones. Diversify your approach based on the elicitation goal.
This table shows the relative strengths and weaknesses of each elicitation technique compared against the five basic elicitation scenarios.
A typical project will encounter most of the elicitation scenarios. Therefore, it is important to utilize a healthy mix of techniques to optimize effectiveness.
Very Strong = Very Effective
Strong = Effective
Medium = Somewhat Effective
Weak = Minimally Effective
Very Weak = Not Effective
Record the approved elicitation methods and best practices for each technique in the SOP.
Identify which techniques should be utilized with the different stakeholder classes.
Segment the different techniques based by project complexity level.
Use the following chart to record the approved techniques.
| Stakeholder | L1 Projects | L2 Projects | L3 Projects | L4 Projects |
|---|---|---|---|---|
| Senior Management | Structured Interviews | |||
| Project Sponsor | Unstructured Interviews | |||
| SME (Business) | Focus Groups | Unstructured Interviews | ||
| Functional Manager | Focus Groups | Structured Interviews | ||
| End Users | Surveys; Focus Groups; Follow-Up Interviews; Observational Techniques | |||
Document the output from this exercise in section 4.0 of the Requirements Gathering SOP and BA Playbook.
Open lines of communication with stakeholders and keep them involved in the requirements gathering process; confirm the initial elicitation before proceeding.
Confirming the notes from the elicitation session with stakeholders will result in three benefits:
This is the Confirm stage of the Confirm, Verify, Approve process.
“Are these notes accurate and complete?”
An analyst will walk you through the different elicitation techniques including observations, document reviews, surveys, focus groups, and interviews, and highlight the level of effort required for each.
An analyst will facilitate the discussion to determine which techniques should be utilized with the different stakeholder classes.
1.1 Understand the Benefits of Requirements Optimization
1.2 Determine Your Target State for Requirements Gathering
2.1 Determine Elicitation Techniques
2.2 Structure Elicitation Output
3.1 Create Analysis Framework
3.2 Validate Business Requirements
4.1 Create Control Processes for Requirements Changes
4.2 Build Requirements Governance and Communication Plan
Unstructured notes for each requirement are difficult to manage and create ambiguity. Using solution-oriented formats during elicitation sessions ensures that the content can be digested by IT and business users.
This table shows common solution-oriented formats for recording requirements. Determine which formats the development team and BAs are comfortable using and create a list of acceptable formats to use in projects.
| Format | Description | Examples |
|---|---|---|
| Behavior Diagrams | These diagrams describe what must happen in the system. | Business Process Models, Swim Lane Diagram, Use Case Diagram |
| Interaction Diagrams | These diagrams describe the flow and control of data within a system. | Sequence Diagrams, Entity Diagrams |
| Stories | These text-based representations take the perspective of a user and describe the activities and benefits of a process. | Scenarios, User Stories |
Info-Tech Insight
Business process modeling is an excellent way to visually represent intricate processes for both IT and business users. For complex projects with high business significance, business process modeling is the best way to capture requirements and create transformational gains.
Define Use Cases for Each Stakeholder
Define Applications for Each Use Case
Consider the following guidelines:
Use cases can conflict with each other. In certain situations, specific requirements of these use cases may clash with one another even though they are functionally sound. Evaluate use-case requirements and determine how they satisfy the overall business need.
Use cases are not necessarily isolated; they can be nested. Certain functionalities are dependent on the results of another action, often in a hierarchical fashion. By mapping out the expected workflows, BAs can determine the most appropriate way to implement.
Use cases can be functionally implemented in many ways. There could be multiple ways to accomplish the same use case. Each of these needs to be documented so that functional testing and user documentation can be based on them.
| Log Into Account | ← Depends on (Nested) | Ordering Products Online |
|---|---|---|
| Enter username and password | Complete order form | |
| Verify user is a real person | Process order | |
| Send user forgotten password message | Check user’s account | |
| Send order confirmation to user |
Inspector: Log into system → Search for case → Identify recipient → Determine letter type → Print letter
Admin: Receive letter from inspector → Package and mail letter
Citizen: Receive letter from inspector
What are they?
User stories describe what requirement a user wants in the solution and why they want it. The end goal of a user story is to create a simple description of a requirement for developers.
When to use them
User stories should always be used in requirements gathering. User stories should be collected throughout the elicitation process. Try to recapture user stories as new project information is released to capture any changes in end-customer needs.
What’s the benefit?
User stories help capture target users, customers, and stakeholders. They also create a “face” for individual user requirements by providing user context. This detail enables IT leaders to associate goals and end objectives with each persona.
Takeaway
To better understand the characteristics driving user requirements, begin to map objectives to separate user personas that represent each of the project stakeholders.
Are user stories worth the time and effort?
Absolutely.
A user’s wants and needs serve as a constant reminder to developers. Developers can use this information to focus on how a solution needs to accomplish a goal instead of only focusing on what goals need to be completed.
Instructions
| As a | I want to | So that | Size | Priority |
|---|---|---|---|---|
| Developer | Learn network and system constraints | The churn between Operations and I will be reduced. | 1 point | Low |
|
Team member |
Increase the number of demonstrations | I can achieve greater alignment with business stakeholders. | 3 points | High |
| Product owner | Implement a user story prioritization technique | I can delegate stories in my product backlog to multiple Agile teams. | 3 points | Medium |
Keep your user stories short and impactful to ensure that they retain their impact.
As a [stakeholder title], I want to [one requirement] so that [reason for wanting that requirement].
Use this template for all user stories. Other formats will undermine the point of a user story. Multiple requirements from a single user must be made into multiple stories and given to the appropriate developer. User stories should fit onto a sticky note or small card.
| As an: | I want to: | So that: | |
|---|---|---|---|
| ✓ | Administrator | Integrate with Excel | File transfer won’t possibly lose information |
| X | Administrator | Integrate with Excel and Word | File transfer won’t possibly lose information |
While the difference between the two may be small, it would still undermine the effectiveness of a user story. Different developers may work on the integration of Excel or Word and may not receive this user story.
Size is an estimate of how many resources must be dedicated to accomplish the want. Assign a size to each user story to help determine resource allocation.
Based on how important the requirement is to project success, assign each user story a rating of high, medium, or low. The priority given will dictate which requirements are completed first.
Example:
Scope: Design software to simplify financial reporting
| User Story | Estimated Size | Priority |
|---|---|---|
| As an administrator, I want to integrate with Excel so that file transfer won’t possibly lose information. | Low | High |
| As an administrator, I want to simplify graph construction so that I can more easily display information for stakeholders. | High | Medium |
Combine both size and priority to decide resource allocation. Low-size, high-priority tasks should always be done first.
When collecting user stories, many will be centered around the same requirement. Group similar user stories together to show the need for that requirement’s inclusion in the solution.
Even if it isn’t a must-have requirement, if the number of similar user stories is high enough, it would become the most important should-have requirement.
| As an | I want | So that |
|---|---|---|
| Administrator | To be able to create bar graphs | Information can be more easily illustrated |
| Accountant | To be able to make pie charts | Budget information can be visually represented |
Both user stories are about creating charts and would be developed similarly.
| As an | I want | So that |
|---|---|---|
| Administrator | The program to auto-save | Information won’t be lost during power outages |
| Accountant | To be able to save to SharePoint | My colleagues can easily view and edit my work |
While both stories are about saving documents, the development of each feature is vastly different.
User profiles are a way of grouping users based on a significant shared details (e.g. in the finance department, website user).
Go beyond the user profile
When creating the profile, consider more than the group’s name. Ask yourself the following questions:
For example, if a user profile has low expertise but interacts and depends heavily on the program, a more thorough tutorial of the FAQ section is needed.
Profiles put developers in user’s shoes
Grouping users together helps developers put a face to the name. Developers can then more easily empathize with users and develop an end solution that is directly catered to their needs.
Work in groups to run through the following story-sizing activities.
Planning Poker: This approach uses the Delphi method where members estimate the size of each user story by revealing numbered cards. These estimates are then discussed and agreed upon as a group.
Team Sort: This approach can assist in expediting estimation when you are handling numerous user stories.
Use the product backlog to capture expected work and create a roadmap for the project by showing what requirements need to be delivered.
How is the product owner involved?
How do I create a product backlog?
What are the approaches to generate my backlog?
Epics and Themes
As you begin to take on larger projects, it may be advantageous to organize and group your user stories to simplify your release plan:
To avoid confusion, the pilot product backlog will be solely composed of user stories.
Example:
| Theme: Increase user exposure to corporate services through mobile devices | |
|---|---|
| Epic: Access corporate services through a mobile application | Epic: Access corporate services through mobile website |
| User Story: As a user, I want to find the closest office so that I can minimize travel time As a user, I want to find the closest office so that I can minimize travel time | User Story: As a user, I want to submit a complaint so that I can improve company processes |
Overview
Leverage Info-Tech’s Scrum Documentation Template, using the Backlog and Planning tab, to help walk you through this activity.
Instructions
Examples:
As a citizen, I want to know about road construction so that I can save time when driving. Business Value: High
As a customer, I want to find the nearest government office so that I can register for benefits. Business Value: Medium
As a voter, I want to know what each candidate believes in so that I can make an informed decision. Business Value: High
2.2.1 Build use-case models
An analyst will assist in demonstrating how to use elicitation techniques to build use-case models. The analyst will walk you through the table testing to visually map out and design process flows for each use case.
Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.
Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.
Start with an analyst kick off call:
Then complete these activities…
With these tools & templates:
Review findings with analyst:
Then complete these activities…
With these tools & templates:
Phase 3 Results & Insights:
1.1 Understand the Benefits of Requirements Optimization
1.2 Determine Your Target State for Requirements Gathering
2.1 Determine Elicitation Techniques
2.2 Structure Elicitation Output
3.1 Create Analysis Framework
3.2 Validate Business Requirements
4.1 Create Control Processes for Requirements Changes
4.2 Build Requirements Governance and Communication Plan
The analysis phase is where requirements are compiled, categorized, and prioritized to make managing large volumes easier. Many organizations prematurely celebrate being finished the elicitation phase and do not perform adequate diligence in this phase; however, the analysis phase is crucial for a smooth transition into validation and application development or procurement.
Eliciting requirements is an important step in the process, but turning endless pages of notes into something meaningful to all stakeholders is the major challenge.
Begin the analysis phase by categorizing requirements to make locating, reconciling, and managing them much easier. There are often complex relationships and dependencies among requirements that do not get noted or emphasized to the development team and as a result get overlooked.
Typically, requirements are classified as functional and non-functional at the high level. Functional requirements specify WHAT the system or component needs to do and non-functional requirements explain HOW the system must behave.
Examples
Functional Requirement: The application must produce a sales report at the end of the month.
Non-Functional Requirement: The report must be available within one minute after midnight (EST) of the last day of the month. The report will be available for five years after the report is produced. All numbers in the report will be displayed to two decimal places.
Further sub-categorization of requirements is necessary to realize the full benefit of categorization. Proficient BAs will even work backwards from the categories to drive the elicitation sessions. The categories used will depend on the type of project, but for categorizing non-functional requirements, the Volere Requirements Resources has created an exhaustive list of sub-categories.
| Requirements Category | Elements |
Example |
|---|---|---|
| Look & Feel | Appearance, Style |
User Experience |
| Usability & Humanity | Ease of Use, Personalization, Internationalization, Learning, Understandability, Accessibility | Language Support |
| Performance | Speed, Latency, Safety, Precision, Reliability, Availability, Robustness, Capacity, Scalability, Longevity | Bandwidth |
| Operational & Environmental | Expected Physical Environment, Interfacing With Adjacent Systems, Productization, Release | Heating and Cooling |
| Maintainability & Support | Maintenance, Supportability, Adaptability | Warranty SLAs |
|
Security |
Access, Integrity, Privacy, Audit, Immunity | Intrusion Prevention |
| Cultural & Political | Global Differentiation | Different Statutory Holidays |
| Legal | Compliance, Standards | Hosting Regulations |
Complete – Expressed a whole idea or statement.
Correct – Technically and legally possible.
Clear – Unambiguous and not confusing.
Verifiable – It can be determined that the system meets the requirement.
Necessary – Should support one of the project goals.
Feasible – Can be accomplished within cost and schedule.
Prioritized – Tracked according to business need levels.
Consistent – Not in conflict with other requirements.
Traceable – Uniquely identified and tracked.
Modular – Can be changed without excessive impact.
Design-independent – Does not pose specific solutions on design.
Document any changes to the requirements categories in section 5.1 of the Requirements Gathering SOP and BA Playbook.
After elicitation, it is very common for an organization to end up with redundant, complementary, and conflicting requirements. Consolidation will make managing a large volume of requirements much easier.
| Redundant Requirements | Owner | Priority | |
|---|---|---|---|
| 1. | The application shall feed employee information into the payroll system. | Payroll | High |
| 2. | The application shall feed employee information into the payroll system. | HR | Low |
| Result | The application shall feed employee information into the payroll system. | Payroll & HR | High |
| Complementary Requirements | Owner | Priority | |
|---|---|---|---|
| 1. | The application shall export reports in XLS and PDF format. | Marketing | High |
| 2. | The application shall export reports in CSV and PDF format. | Finance | High |
| Result | The application shall export reports in XLS, CSV, and PDF format. | Marketing & Finance | High |
Info-Tech Insight
When collapsing redundant or complementary requirements, it is imperative that the ownership and priority metadata be preserved for future reference. Avoid consolidating complementary requirements with drastically different priority levels.
Conflicting requirements are unavoidable; identify and resolve them as early as possible to minimize rework and grief.
Conflicting requirements occur when stakeholders have requirements that either partially or fully contradict one another, and as a result, it is not possible or practical to implement all of the requirements.
Steps to Resolving Conflict:
Info-Tech Insight
Resolve conflicts whenever possible during the elicitation phase by using cross-functional workshops to facilitate discussions that address and settle conflicts in the room.
Review the outputs from the last exercise and ensure that the list is mutually exclusive by consolidating similar requirements and eliminating redundancies.
Prioritization is the process of ranking each requirement based on its importance to project success. Hold a separate meeting for the domain SMEs, implementation SMEs, project managers, and project sponsors to prioritize the requirements list. At the conclusion of the meeting, each requirement should be assigned a priority level. The implementation SMEs will use these priority levels to ensure efforts are targeted towards the proper requirements as well as to plan features available on each release. Use the MoSCoW Model of Prioritization to effectively order requirements.
The MoSCoW Model of Prioritization
The MoSCoW model was introduced by Dai Clegg of Oracle UK in 1994 (Source: ProductPlan).
Effective Prioritization Criteria
| Criteria |
Description |
|---|---|
| Regulatory & Legal Compliance | These requirements will be considered mandatory. |
| Policy Compliance | Unless an internal policy can be altered or an exception can be made, these requirements will be considered mandatory. |
| Business Value Significance | Give a higher priority to high-value requirements. |
| Business Risk | Any requirement with the potential to jeopardize the entire project should be given a high priority and implemented early. |
| Likelihood of Success | Especially in proof-of-concept projects, it is recommended that requirements have good odds. |
| Implementation Complexity | Give a higher priority to low implementation difficulty requirements. |
| Alignment With Strategy | Give a higher priority to requirements that enable the corporate strategy. |
| Urgency | Prioritize requirements based on time sensitivity. |
| Dependencies | A requirement on its own may be low priority, but if it supports a high-priority requirement, then its priority must match it. |
Info-Tech Insight
It is easier to prioritize requirements if they have already been collapsed, resolved, and rewritten. There is no point in prioritizing every requirement that is elicited up front when some of them will eventually be eliminated.
Use the Requirements Gathering Documentation Tool to identify and track stakeholder involvement, elicitation techniques, and scheduling, as well as to track categorization and prioritization of requirements.
Using the output from the MoSCoW model, prioritize the requirements according to those you must have, should have, could have, and won’t have.
3.1.1 Create functional requirements categories
An analyst will facilitate the discussion to brainstorm and determine criteria for requirements categories.
3.1.2 Consolidate similar requirements and eliminate redundancies
An analyst will facilitate a session to review the requirements categories to ensure the list is mutually exclusive by consolidating similar requirements and eliminating redundancies.
3.1.3 Prioritize requirements
An analyst will facilitate the discussion on how to prioritize requirements according to the MoSCoW prioritization framework. The analyst will also walk you through the exercise of determining dependencies for each requirement.
1.1 Understand the Benefits of Requirements Optimization
1.2 Determine Your Target State for Requirements Gathering
2.1 Determine Elicitation Techniques
2.2 Structure Elicitation Output
3.1 Create Analysis Framework
3.2 Validate Business Requirements
4.1 Create Control Processes for Requirements Changes
4.2 Build Requirements Governance and Communication Plan
This step involves the following participants:
Outcomes of this step
The validation phase involves translating the requirements, modeling the solutions, allocating features across the phased deployment plan, preparing the requirements package, and getting requirement sign-off. This is the last step in the Info-Tech Requirements Gathering Framework.
Before going for final sign-off, ensure that you have pulled together all of the relevant documentation.
The requirements package is a compilation of all of the business analysis and requirements gathering that occurred. The document will be distributed among major stakeholders for review and sign-off.
Some may argue that the biggest challenge in the validation phase is getting the stakeholders to sign off on the requirements package; however, the real challenge is getting them to actually read it. Often, stakeholders sign the requirements document without fully understanding the scope of the application, details of deployment, and how it affects them.
Remember, this document is not for the BAs; it’s for the stakeholders. Make the package with the stakeholders in mind. Create multiple versions of the requirements package where the length and level of technical details is tailored to the audience. Consider creating a supplementary PowerPoint version of the requirements package to present to senior management.
Contents of Requirements Package:
"Sit down with your stakeholders, read them the document line by line, and have them paraphrase it back to you so you’re on the same page." – Anonymous City Manager of IT Project Planning Info-Tech Interview
The BRD captures the original business objectives and high-level business requirements for the system/process. The system requirements document (SRD) captures the more detailed functional and technical requirements.
The Business Requirements Document Template can be used to record the functional, quality, and usability requirements into formats that are easily consumable for future analysis, architectural and design activities, and most importantly in a format that is understandable by all business partners.
The BRD is designed to take the reader from a high-level understanding of the business processes down to the detailed automation requirements. It should capture the following:
Build the required documentation for requirements gathering.
Document the output from this exercise in section 6 of the Requirements Gathering SOP and BA Playbook.
Practice presenting the requirements document to business stakeholders.
Example:
| Typical Requirements Gathering Validation Meeting Agenda | |
|---|---|
| Project overview | 5 minutes |
| Project operating model | 10 minutes |
| Prioritized requirements list | 5 minutes |
| Business process model | 30 minutes |
| Implementation considerations | 5 minutes |
Practice translating business requirements into system requirements.
Download the Requirements Gathering Testing Checklist template.
Identify how to test the effectiveness of different requirements.
Keep the stakeholders involved in the process in between elicitation and sign-off to ensure that nothing gets lost in transition.
After an organization’s requirements have been aggregated, categorized, and consolidated, the business requirements package will begin to take shape. However, there is still a great deal of work to complete. Prior to proceeding with the process, requirements should be verified by domain SMEs to ensure that the analyzed requirements continue to meet their needs. This step is often overlooked because it is laborious and can create additional work; however, the workload associated with verification is much less than the eventual rework stemming from poor requirements.
All errors in the requirements gathering process eventually surface; it is only a matter of time. Control when these errors appear and minimize costs by soliciting feedback from stakeholders early and often.
This is the Verify stage of the Confirm, Verify, Approve process.
“Do these requirements still meet your needs?”
Use the sign-off process as one last opportunity to manage expectations, obtain commitment from the stakeholders, and minimize change requests.
Development or procurement of the application cannot begin until the requirements package has been approved by all of the key stakeholders. This will be the third time that the stakeholders are asked to review the requirements; however, this will be the first time that the stakeholders are asked to sign off on them.
It is important that the stakeholders understand the significance of their signatures. This is their last opportunity to see exactly what the solution will look like and to make change requests. Ensure that the stakeholders also recognize which requirements were omitted from the solution that may affect them.
The sign-off process needs to mean something to the stakeholders. Once a signature is given, that stakeholder must be accountable for it and should not be able to make change requests. Note that there are some requests from senior stakeholders that can’t be refused; use discretion when declining requests.
This is the Approve stage of the Confirm, Verify, Approve process.
"Once requirements are signed off, stay firm on them!" – Anonymous Hospital Business Systems Analyst Info-Tech Interview
3.2.1; 3.2.2 Rightsize the BRD and present it to business stakeholders
An analyst will facilitate the discussion to gather the required documentation for building the BRD. The analyst will also assist with practicing the presenting of each section of the document to business stakeholders.
3.2.3; 3.2.4 Translate business requirements into technical requirements and identify testing opportunities
An analyst will facilitate the session to practice translating business requirements into testing requirements and assist in determining how to test the effectiveness of different requirements.
Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.
Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.
Proposed Time to Completion: 3 weeks
Start with an analyst kick off call:
Then complete these activities…
With these tools & templates:
Review findings with analyst:
Then complete these activities…
With these tools & templates:
Requirements Gathering Communication Tracking Template
1.1 Understand the Benefits of Requirements Optimization
1.2 Determine Your Target State for Requirements Gathering
2.1 Determine Elicitation Techniques
2.2 Structure Elicitation Output
3.1 Create Analysis Framework
3.2 Validate Business Requirements
4.1 Create Control Processes for Requirements Changes
4.2 Build Requirements Governance and Communication Plan
Although the manage, communicate, and test requirements section chronologically falls as the last section of this blueprint, that does not imply that this section is to be performed only at the end. These tasks are meant to be completed iteratively throughout the project to support the core requirements gathering tasks.
Once the stakeholders sign off on the requirements document, any changes need to be tracked and managed. To do that, you need a change control process.
Thoroughly validating requirements should reduce the amount of change requests you receive. However, eliminating all changes is unavoidable.
The BAs, sponsor, and stakeholders should have agreed upon a clearly defined scope for the project during the planning phase, but there will almost always be requests for change as the project progresses. Even a high number of small changes can negatively impact the project schedule and budget.
To avoid scope creep, route all changes, including small ones, through a formal change control process that will be adapted depending on the level of project and impact of the change.
Document any changes from this exercise in section 7.1 of the Requirements Gathering SOP and BA Playbook.
Determine how changes will be escalated for level 1/2/3/4 projects.
Document any changes from this exercise in section 7.2 of the Requirements Gathering SOP and BA Playbook.
| Impact Category | Final Decision Rests With Project Manager If: | Escalate to Steering Committee If: | Escalate to Change Control Board If: | Escalate to Sponsor If: |
|---|---|---|---|---|
| Scope |
|
|
||
| Budget |
|
|
|
|
| Schedule |
|
|
|
|
| Requirements |
|
|
| Impact Category | Final Decision Rests With Project Manager If: | Escalate to Steering Committee If: | Escalate to Sponsor If: |
|---|---|---|---|
| Scope |
|
| |
| Budget |
|
| |
| Schedule |
|
| |
| Requirements |
|
|
Info-Tech Deliverable
Take advantage of Info-Tech’s Requirements Traceability Matrix to track requirements from inception through to testing.
Review the requirements gathering process and control levels for project levels 1/2/3/4 and add as much detail as possible to each process.
Document the output from this exercise in section 2.4 of the Requirements Gathering SOP and BA Playbook.
Understand who is responsible, accountable, consulted, and informed for key elements of the requirements gathering process for project levels 1/2/3/4.
| Project Requestor | Project Sponsor | Customers | Suppliers | Subject Matter Experts | Vendors | Executives | Project Management | IT Management | Developer/ Business Analyst | Network Services | Support | |
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Intake Form | A | C | C | I | R | |||||||
| High-Level Business Case | R | A | C | C | C | C | I | I | C | |||
| Project Classification | I | I | C | I | R | A | R | |||||
| Project Approval | R | R | I | I | I | I | I | I | A | I | I | |
| Project Charter | R | C | R | R | C | R | I | A | I | R | C | C |
| Develop BRD | R | I | R | C | C | C | R | A | C | C | ||
| Sign-Off on BRD/ Project Charter | R | A | R | R | R | R | ||||||
| Develop System Requirements | C | C | C | R | I | C | A | R | R | |||
| Sign-Off on SRD | R | R | R | I | A | R | R | |||||
| Testing/Validation | A | I | R | C | R | C | R | I | R | R | ||
| Change Requests | R | R | C | C | A | I | R | C | ||||
| Sign-Off on Change Request | R | A | R | R | R | R | ||||||
| Final Acceptance | R | A | R | I | I | I | I | R | R | R | I | I |
4.1.1; 4.1.2 Develop a change control process and guidelines for escalating changes
An analyst will facilitate the discussion on how to improve upon your organization’s change control processes and how changes will be escalated to ensure effective tracking and management of changes.
4.1.3 Confirm your requirements gathering process
With the group, an analyst will review the requirements gathering process and control levels for the different project levels.
4.1.4 Define the RACI for the requirements gathering process
An analyst will facilitate a whiteboard exercise to understand who is responsible, accountable, informed, and consulted for key elements of the requirements gathering process.
1.1 Understand the Benefits of Requirements Optimization
1.2 Determine Your Target State for Requirements Gathering
2.1 Determine Elicitation Techniques
2.2 Structure Elicitation Output
3.1 Create Analysis Framework
3.2 Validate Business Requirements
4.1 Create Control Processes for Requirements Changes
4.2 Build Requirements Governance and Communication Plan
Requirements Governance Responsibilities
1. Provide oversight and review of SOPs pertaining to requirements elicitation, analysis, and validation.
2. Establish corporate policies with respect to requirements gathering SOP training and education of analysts.
3. Prioritize efforts for requirements optimization.
4. Determine and track metrics that will be used to gauge the success (or failure) of requirements optimization efforts and make process and policy changes as needed.
Use a power map to determine which governance model best fits your organization.
This exercise will help to define the purpose statement for the applicable requirements gathering governance team.
Example:
The requirements gathering governance team oversees the procedures that are employed by BAs and other requirements gathering practitioners for [insert company name]. Members of the team are appointed by [insert role] and are accountable to [typically the chair of the committee].
Day-to-day operations of the requirements gathering team are expected to be at the practitioner (i.e. BA) level. The team is not responsible for conducting elicitation on its own, although members of the team may be involved from a project perspective.
Document the output from this exercise in section 3.1 of the Requirements Gathering SOP and BA Playbook.
Industry Not-for-Profit
Source Info-Tech Workshop
This organization is a not-for-profit benefits provider that offers dental coverage to more than 1.5 million people across three states.
With a wide ranging application portfolio that includes in-house, custom developed applications as well as commercial off-the-shelf solutions, the company had no consistent method of gathering requirements.
The organization contracted Info-Tech to help build an SOP to put in place a rigorous and efficient methodology for requirements elicitation, analysis, and validation.
One of the key realizations in the workshop was the need for governance and oversight over the requirements gathering process. As a result, the organization developed a Requirements Management Steering Committee to provide strategic oversight and governance over requirements gathering processes.
The Requirements Management Steering Committee introduced accountability and oversight into the procedures that are employed by BAs. The Committee’s mandate included:
R – Responsible
The one responsible for getting the job done.
A – Accountable
Only one person can be accountable for each task.
C – Consulted
Involvement through input of knowledge and information.
I – Informed
Receiving information about process execution and quality.
Build the participation list and authority matrix for the requirements gathering governance team.
Document any changes from this exercise in section 3.1 of the Requirements Gathering SOP and BA Playbook.
Define your governance team procedures, cadence, and agenda.
| Meeting call to order | [Committee Chair] | [Time] |
|---|---|---|
| Roll call | [Committee Chair] | [Time] |
| Review of SOPs | ||
| A. Requirements gathering dashboard review | [Presenters, department] | [Time] |
| B. Review targets | [Presenters, department] | [Time] |
| C. Policy Review | [Presenters, department] | [Time] |
Document any changes from this exercise in section 3.1 of the Requirements Gathering SOP and BA Playbook.
A successful communication plan involves making the initiative visible and creating staff awareness around it. Educate the organization on how the requirements gathering process will differ.
People can be adverse to change and may be unreceptive to being told they must “comply” to new policies and procedures. Demonstrate the value in requirements gathering and show how it will assist people in their day-to-day activities.
By demonstrating how an improved requirements gathering process will impact staff directly, you create a deeper level of understanding across lines-of-business, and ultimately a higher level of acceptance for new processes, rules, and guidelines.
Stakeholder:
Key Stakeholder:
User Group Representatives:
Unwilling – Individuals who are unwilling to change may need additional encouragement. For these individuals, you’ll need to reframe the situation and emphasize how the change will benefit them specifically.
Unable – All involved requirements gathering will need some form of training on the process, committee roles, and responsibilities. Be sure to have training and support available for employees who need it and communicate this to staff.
Unaware – Until people understand exactly what is going on, they will not be able to conform to the process. Communicate change regularly at the appropriate detail to encourage stakeholder support.
Info-Tech Insight
Resisters who have influence present a high risk to the implementation as they may encourage others to resist as well. Know where and why each stakeholder is likely to resist to mitigate risk. A detailed plan will ensure you have the needed documentation and communications to successfully manage stakeholder resistance.
Identify the impact and level of resistance of all stakeholders to come up with the right communication plan.
Use a power map to plot key stakeholders according to influence and involvement.
Use a power map to plot key stakeholders according to influence and involvement.
High Risk:
Stakeholders with high influence who are not as involved in the project or are heavily impacted by the project are less likely to give feedback throughout the project lifecycle and need to be engaged. They are not as involved but have the ability to impact project success, so stay one step ahead.
Do not limit your engagement to kick-off and close – you need to continue seeking input and support at all stages of the project.
Mid Risk:
Key players have high influence, but they are also more involved with the project or impacted by its outcomes and are thus easier to engage.
Stakeholders who are heavily impacted by project outcomes will be essential to your organizational change management strategy. Do not wait until implementation to engage them in preparing the organization to accept the project – make them change champions.
Low Risk:
Stakeholders with low influence who are not impacted by the project do not pose as great of a risk, but you need to keep them consistently informed of the project and involve them at the appropriate control points to collect feedback and approval.
Leaders of successful change spend considerable time developing a powerful change message: a compelling narrative that articulates the desired end state and makes the change concrete and meaningful to staff. They create the change vision with staff to build ownership and commitment.
The change message should:
The five elements of communicating the reason for the change:
COMMUNICATING THE CHANGE
What is the change?
Why are we doing it?
How are we going to go about it?
How long will it take us?
What will the role be for each department and individual?
Build the communications management plan around your stakeholders’ needs.
Sample communications plan: Status reports
| Vehicle | Audience | Purpose | Frequency | Owner | Distribution | Level of Detail |
|---|---|---|---|---|---|---|
Sample communications plan: Status reports
| Vehicle | Audience | Purpose | Frequency | Owner | Distribution | Level of Detail |
|---|---|---|---|---|---|---|
| Status Report | Sponsor | Project progress and deliverable status | Weekly | Project Manager |
Details for
|
|
| Status Report | Line of Business VP | Project progress | Monthly | Project Manager |
High Level for
|
Build a high-level timeline for the implementation.
Major KPIs typically used for benchmarking include:
Revisit the requirements gathering metrics selected in the planning phase and recalculate them after requirements gathering optimization has been attempted.
4.2.1; 4.2.2; 4.2.3 – Build a requirements gathering steering committee
The analyst will facilitate the discussion to define the purpose statement of the steering committee, build the participation list and authority matrix for its members, and define the procedures and agenda.
4.2.4 Identify and analyze stakeholders
An analyst will facilitate the discussion on how to identify the impact and level of resistance of all stakeholders to come up with the communication plan.
4.2.5 Create a communications management plan
An analyst will assist the team in building the communications management plan based on the stakeholders’ needs that were outlined in the stakeholder analysis exercise.
4.2.6 Build a requirements gathering implementation timeline
An analyst will facilitate a session to brainstorm and document any action items and build a high-level timeline for implementation.
Note: This research also incorporates extensive insights and feedback from our advisory service and related research projects.
“10 Ways Requirements Can Sabotage Your Projects Right From the Start.” Blueprint Software Systems, 2012. Web.
“BPM Definition.” BPMInstitute.org, n.d. Web.
“Capturing the Value of Project Management.” PMI’s Pulse of the Profession, 2015. Web.
Eby, Kate. “Demystifying the 5 Phases of Project Management.” Smartsheet, 29 May 2019. Web.
“Product Management: MoSCoW Prioritization.” ProductPlan, n.d. Web.
“Projects Delivered on Time & on Budget Result in Larger Market Opportunities.” Jama Software, 2015. Web.
“SIPOC Table.” iSixSigma, n.d. Web.
“Survey Principles.” University of Wisconsin-Madison, n.d. Web.
“The Standish Group 2015 Chaos Report.” The Standish Group, 2015. Web.
There are many challenges for I&O when it comes to digital transformation, including:
These and many more will hinder your progress, which demonstrates the need to invest in modernizing your infrastructure, investing in training and hiring talent, and cultivating a culture that supports digital transformation.
By using the framework of culture, competencies, collaboration and capabilities, organizations can create dimensions in their I&O structure in order to shift from traditional infrastructure management to becoming a strategic enabler, driving agility, innovation, and operational excellence though the effective integration of people, process, and technology.
By driving a customer-centric approach, delivering a successful transformation can be tailored to the business goals and drive adoption and engagement. Refining your roadmap through data and analytics will drive this change. Use third-party expertise to guide your transformation and help build that vision of the future.
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Unlock the full potential of your infrastructure with a digital transformation strategy and clear the barriers to success.
Many businesses fail in their endeavors to complete a digital transformation, but the reasons are complex, and there are many ways to fail, whether it is people, process, or technology. In fact, according to many surveys, 70% of digital transformations fail, and it’s mainly down to strategy – or the lack thereof.
A lot of organizations think of digital transformation as just an investment in technology, with no vision of what they are trying to achieve or transform. So, out of the gate, many organizations fail to undergo a meaningful transformation, change their business model, or bring about a culture of digital transformation needed to be seriously competitive in their given market.
When it comes to I&O leaders who have been given a mandate to drive digital transformation projects, they still must align to the vision and mission of the organization; they must still train and hire staff that will be experts in their field; they must still drive process improvements and align the right technology to meet the needs of a digital transformation.
Principal Research Director, I&O
Info-Tech Research Group
Digital transformation requires I&O teams to shift from traditional infrastructure management to becoming a strategic enabler, driving agility, innovation, and operational excellence through effective integration of people, process, and technology.
Collaboration is a key component of I&O – Promote strong collaboration between I&O and other business functions. When doing a digital transformation, it is clear that this is a cross-functional effort. Business leaders and IT teams need to align their objectives, prioritize initiatives, and ensure that you are seamlessly integrating technologies with the new business functions.
Embrace agility and adaptability as core principles – As the digital landscape continues to evolve, it is paramount that I&O leaders are agile and adaptable to changing business needs, adopting new technology and implementing new innovative solutions. The culture of continuous improvement and openness to experimentation and learning will assist the I&O leaders in their journey.
Future-proof your infrastructure and operations – By anticipating emerging technologies and trends, you can proactively plan and organize your team for future needs. By investing in scalable, flexible infrastructure such as cloud services, automation, AI technologies, and continuously upskilling the IT staff, you can stay relevant and forward-looking in the digital space.
An IT infrastructure maturity assessment is a foundational step in the journey of digital transformation. The demand will be on performance, resilience, and scalability. IT infrastructure must be able to support innovation and rapid deployment of services.
Having a clear strategy, with leadership commitment along with hiring and training the right people, monitoring and measuring your progress, and ensuring it is a business-led journey will increase your chances of success.
Your ChallengeThere are a lot of challenges for I&O when it comes to digital transformation, including:
These and many more will hinder your progress, which demonstrates the need to invest in modernizing your infrastructure, investing in training and hiring talent, and cultivating a culture that supports digital transformation. |
Common ObstaclesMany obstacles to digital transformation begin with non-I&O activities, including:
By addressing these obstacles, I&O will have a better chance of a successful transformation and delivering the full potential of digital technologies. |
Info-Tech's ApproachBuilding a culture of innovation by developing clear goals and creating a vision will be key.
By completing the Info-Tech digital readiness questionnaire, you will see where you are in terms of maturity and areas you need to concentrate on. |
By driving a customer-centric approach, delivering a successful transformation can be tailored to the business goals and drive adoption and engagement. Refining your roadmap through data and analytics will drive this change. Use third-party expertise to guide your transformation and help build that vision of the future.
The challenges that stand in the way of your success, and what is needed to reverse the risk
26% of those CIOs surveyed cite resistance to change, with entrenched viewpoints demonstrating a real need for a cultural shift to enhance the digital transformation journey.
Source: Prophet, 2019.
70% of digital transformation projects fall short of their objectives – even when their leadership is aligned, often with serious consequences.
Source: BCG, 2020.
Having a clear strategy and commitment from leadership, hiring and training the right people, monitoring and measuring your progress, and ensuring it is a business-led journey will increase your chances of success.
Info-Tech InsightCultural change, business alignment, skills training, and setting a clear strategy with KPIs to demonstrate success are all key to being successful in your digital journey.
57% of small business owners feel they must improve their IT infrastructure to optimize their operations.
Source: SMB Story, 2023.
64% of CEOs believe driving digital transformation at a rapid pace is critical to attracting and retaining talent and customers.
Source: KPMG, 2022.
An IT infrastructure maturity assessment is a foundational step in the journey of digital transformation. The demand will be on performance, resilience, and scalability. IT infrastructure must be able to support innovation and rapid deployments.
TY services, advice, materials, products, websites, and networks (collectively the "Services") are to be used for the User (meaning a named individual user that uses the publicly available Services or is authorized by TY in a service agreement to use the Services that require paid access) use and benefit only pursuant to the terms and limitations of the paid subscription and may not be disclosed, disseminated or distributed to any other party, except as TY otherwise agrees in writing. The User will not circumvent any encryption or otherwise gain access to Services for which the User has not been expressly granted the appropriate rights of access.
The User will not use the Services for or knowingly transmit to TY or upload to any TY site or network any illegal, improper, or unacceptable material or use them for illegal, improper, or unacceptable practices, including without limitation the dissemination of any defamatory, fraudulent, infringing, abusive, lewd, obscene or pornographic material, viruses, trojan horses, time bombs, worms, or other harmful code designed to interrupt, destroy, or limit the functionality of any software, hardware or communications equipment, unsolicited mass email or other internet-based advertising campaigns, privacy breaches, denial of use attacks, spoofing, or impersonation.
The Services are © Tymans Group BV. All rights reserved.
The Services are owned by and copyrighted by TY and other parties and may contain trademarks of TY or others. They are protected by Canadian, US, and international copyright and trademark laws and conventions.
User may use the Services solely for his or their own information purposes pursuant to the terms and limitations of the paid subscription. The User may download any of the Service's tools or templates for his or her individual use but may not distribute any articles, tools, templates, or blueprints internally, subject to the exceptions below. The User may create derivative works from the Service's tools or templates and distribute these for internal use but may not distribute these derivative works externally for any commercial or resale purposes.
Any other reproduction or dissemination of the Services in any form or by any means is forbidden without TY's written permission, and without limiting the generality of the foregoing, the User will not:
Users must be authorized to use the Services by TY. Users must maintain and protect the confidentiality of any password(s) and are responsible for ensuring that the passwords are effective. Users shall advise TY immediately if they discover that their password has been compromised at the following number: 1-888-670-8889. If you are an organization that is party to a service agreement with TY, references in these Terms of Use to "User(s)" include you, and you are responsible for compliance by named individual Users within your organization with these Terms of Use.
For the benefit of all Users, TY's research services include the ability for Users to (i) participate in the creation of research by contributing User perspectives for publication on TY's websites and (ii) participate in industry-specific community groups and other forums by contributing discussion posts. All such contributions are voluntary with the full consent of the User. If your account is used to contribute content to TY's websites (collectively, "User Contributions"), you agree to accept sole responsibility for those User Contributions, including the information, statements, facts, and material contained in any form or medium (e.g., text, audio, video, and photographic) therein. To the extent Users contribute any feedback to TY (as User Contributions or otherwise), TY may use that feedback to assess, improve, and market its products. To the extent Users contribute to research, TY may incorporate those contributions within the research Services without the necessity of attribution. You grant us and our affiliates a worldwide, irrevocable, royalty-free, nonexclusive license to use, reproduce, create derivative works of, distribute publicly display, and publish User Contributions. You agree you will not attempt to enforce any so-called "moral rights" in User Contributions against us or our affiliates.
By using TY's research services, you agree that none of your User Contributions will:
BecauseTY's Web sites are available to the public, User Contributions on TY's Web sites are not Confidential Information.
Although you are solely responsible for the content you provide, and we do not have a policy of reviewing or monitoring all User Contributions, we reserve the right to pre-screen and/or monitor User Contributions. If we become aware of User Contributions that violate these Terms of Service or that we believe to be otherwise objectionable, we may reject or delete them or take other action without notice to you and at our sole discretion.
If you believe that any User Contributions appear to violate these Terms of Service, or if you believe any other user is engaged in illegal, harassing, or objectionable behavior, please contact us.
In these Terms of Use, "Confidential Information" means information of a commercially sensitive or proprietary character that is marked as confidential or that a reasonable person would understand to be confidential. The "Disclosing Party" is the party disclosing Confidential Information, and the "Receiving Party" is the party receiving Confidential Information. However, Confidential Information does not include information that:
The Receiving Party shall not disclose, publish or communicate the Confidential Information to any third party without the prior written consent of the Disclosing Party. However, the Receiving Party may disclose the Confidential Information to a third party who has a need to know the Confidential Information and (i) is an accountant, attorney, underwriter, or advisor under a duty of confidentiality; or (ii) is under a written obligation of confidentiality at least as restrictive as this Agreement and to the extent required by law.
TY may create or use anonymized data for purposes such as benchmarking, analytics, and other good-faith business purposes. Anonymized data is not the Confidential Information of Users.
Many of the Services are "subscription" services that have a fixed Term and must be renewed in writing at the end of the term for services to continue. The contractual term of membership is generally one (1) to three (3) years in length and is agreed to by the parties in writing. Workshops purchased as part of membership expire without refund or credit at the end of the membership period covered by the purchase. Workshops purchased outside membership expire without refund or credit one (1) year after purchase. TY may terminate a User's access at any time if the User or the entity paying for the User's access violates the terms of use or subscription or any other agreement with TY.
As the Services are paid in advance for a committed membership term, a service agreement or membership cannot be terminated by a User for convenience during a contractual term.
TY strives to innovate. TY may update, upgrade or otherwise change or discontinue content, features, or other aspects of its Services. TY will not make changes that cumulatively degrade the quality of a paid subscription to the Services. TY also reserves the right to change the terms and conditions applicable to your use of the Services unless TY has otherwise agreed in a service agreement. Use of the Services after such changes shall be deemed to be acceptance by the User of such changes. These terms were last revised on June 8, 2022.
The information contained in the Services has been obtained from sources believed to be reliable, but TY does not warrant the completeness, timeliness, or accuracy of any information contained in the Services. The Services are intended to: help identify business risks; provide insights based on industry research; and help you focus on certain matters which may be affecting your business. TY does not provide legal, accounting, or other professional advice, nor should any advice from TY be construed as such. We encourage you to seek professional advice whenever necessary.
TY expressly excludes and disclaims all express or implied conditions, representations, and warranties, including, without limitation, any implied warranties or conditions of merchantability or fitness for a particular purpose, to the extent allowable by law.
Although TY takes reasonable steps to screen Services for infection by viruses, worms, Trojan horses, or other code manifesting contaminating or destructive properties before making the Services available, TY cannot guarantee that any Service will be free of infection.
User assumes sole responsibility for the selection of the Services to achieve its intended results. The opinions expressed in the Services are subject to change without notice.
TY does not endorse third-party products or services. TY assesses and analyzes the effectiveness and appropriateness of information technology in the context of a general business environment only unless specifically hired by a User to assess in the context of their own environment.
In no event is TY liable for any special, indirect, consequential, incidental, punitive, or other damages however caused, whether in contract, tort, negligence, strict liability, operation of law, or otherwise (including without limitation damages for lost profits, business interruption or loss arising out of the use of or inability to use the Services, or any information provided in the Services, or claims attributable to errors, omissions or other inaccuracies in the Service or interpretations thereof), even if TY has been advised of the possibility of such damages. TY's total liability shall in no event exceed the amount paid by the User for the Service in question.
The User acknowledges that TY has set its prices and sold the Services to it in reliance on the limitations of liability and disclaimers of warranties and damages set forth herein and that the same form a fundamental and essential basis of the bargain between the parties. They shall apply even if the contract between the User and TY is found to have failed in its fundamental or essential purpose or has been fundamentally breached.
Any third-party sites that are linked to the Services are not under TY's control. TY is not responsible for anything on the linked sites, including without limitation any content, links to other sites, any changes to those sites, or any policies those sites may have. TY provides links as a convenience only, and such links do not imply any endorsement by TY of those sites.
The Services are not intended to be used for the purpose of, or as a basis for, making investment decisions or recommendations with respect to securities of any company or industry, and TY assumes no liability for decisions made, in whole or in part, on the basis of any information contained in the Services.
This site and any service agreement are governed by the laws of the Province of Ontario, Canada, excluding any conflicts of law provisions and excluding the United Nations Convention on Contracts for the International Sale of Goods. Any legal action against TY shall take place in the courts of the province of Antwerp, Belgium. The parties attorn to the non-exclusive jurisdiction of the courts of Ontario.
These standard terms of use, together with any service agreements and statements of work signed by the parties, contains the complete and exclusive statement of Agreement between the parties and supersedes all purchase order terms and conditions, understandings, proposals, negotiations, representations, or warranties of any kind whether written or oral.
A User's right to privacy is of paramount importance to TY. See our Privacy Policy for more detail. The identity of our research clients is not considered personal or confidential information, and we may disclose that information for promotion and marketing purposes.
Attn: General Counsel
(US): 1-917-473-8669
(BE): 32-468-142-754
To remain competitive, enterprises must deliver products and services like a startup or a digital native enterprise. This requires enterprises to:
Organizations that implement this project will draw benefits in the following aspects:
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Collect data and stats that will help build a narrative for digital factory.
Discuss purpose, mission, organizational support, and leadership.
Discuss organizational structure, management, culture, teams, environment, technology, and KPIs.
Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.
Understand and gather data and stats for factors impacting digital transformation.
Develop a narrative for the digital factory.
Identification of key pain points and data collected
Narrative to support the digital factory
1.1 Understand the importance and urgency of digital transformation (DX).
1.2 Collect data and stats on the progress of DX initiatives.
1.3 Identify the factors that hamper DX and tie them to data/stats.
1.4 Build the narrative for the digital factory (DF) using the data/stats.
Identification of factors that hamper DX
Data and stats on progress of DX
Narrative for the digital factory
Discuss the factors that impact the success of establishing a digital factory.
A solid understanding and awareness that successful digital factories have clarity of purpose, organizational support, and sound leadership.
2.1 Discuss
2.2 Discuss what organizational support the digital factory will require and align and commit to it.
2.3 Discuss reference models to understand the dynamics and the strategic investment.
2.4 Discuss leadership for the digital age.
DF purpose and mission statements
Alignment and commitment on organizational support
Understanding of competitive dynamics and investment spread
Develop the profile of a digital leader
Understand the fundamentals of the operating model.
Understand the gaps and formulate the strategies.
Design of structure and organization
Design of culture aligned with organizational goals
Management practices aligned with the goals of the digital factory
3.1 Discuss structure and organization and associated organizational pathologies, with focus on hierarchy and silos, size and complexity, and project-centered mindset.
3.2 Discuss the importance of culture and its impact on productivity and what shifts will be required.
3.3 Discuss management for the digital factory, with focus on governance, rewards and compensation, and talent management.
Organizational design in the context of identified pathologies
Cultural design for the DF
Management practices and governance for the digital factory
Roles/responsibilities for governance
Understand the fundamentals of the operating model.
Understand the gaps and formulate the strategies.
Discuss agile teams and the roles for DF
Environment design that supports productivity
Understanding of existing and new platforms
4.1 Discuss teams and various roles for the DF.
4.2 Discuss the impact of the environment on productivity and satisfaction and discuss design factors.
4.3 Discuss technology and tools, focusing on existing and future platforms, platform components, and organization.
4.4 Discuss design of meaningful metrics and KPIs.
Roles for DF teams
Environment design factors
Platforms and technology components
Meaningful metrics and KPIs
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Confirm the “why” of the IT update presentation by determining its scope and goals.
Confirm the “what” of the presentation by focusing on business requirements, metrics, presentation creation, and stakeholder validation.
Confirm the “how” of the presentation by focusing on engaging your audience, getting what you need, and creating a feedback cycle.
Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.
Determine the IT update’s scope and goals and identify stakeholder requirements
IT update scope and goals
Business stakeholder goals and requirements
1.1 Determine/validate the IT update scope
1.2 Determine/validate the IT update goals
1.3 Business context analysis
1.4 Determine stakeholder needs and expectations
1.5 Confirm business goals and requirements
Documented IT update scope
Documented IT update goals
Validated business context
Stakeholder requirements analysis
Confirmed business goals and requirements
Analyze metrics and content and validate against business needs
Selection of key metrics
Metrics and content validated to business needs
2.1 Analyze current IT metrics
2.2 Review industry best-practice metrics
2.3 Align metrics and content to business stakeholder needs
Identification of key metrics
Finalization of key metrics
Metrics and content validated to business stakeholder needs
Create an IT update presentation that is optimized to business needs
Optimized IT update presentation
3.1 Understand the audience and how to best engage them
3.2 Determine how to present the pertinent data
3.3 IT update review with key business stakeholders
3.4 Final edits and review of IT update presentation
3.5 Pre-presentation checklist
Clarity on update audience
Draft IT update presentation
Business stakeholder feedback
Finalized IT update presentation
Confirmation on IT update presentation readiness
IT communications are often considered ineffective and unengaging. This is demonstrated by the:
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
This blueprint not only provides the tools and techniques for planning, composing, and delivering effective communications, but also walks you through practical exercises. Practice and perfect your communication, composition, and delivery skills for any IT initiative.
Communication concepts and exercises that teach you how to plan, compose, and deliver effective communications. The deck includes practical tools, techniques, and skills practice.
This communications planner is a tool that accompanies the Effective IT Communications blueprint and the Communicate Any IT Initiative Facilitation Deck so that you can plan your communications, view your deliverables, and compose your pitch all in one document.
A tool for identifying stakeholders and conducting an analysis to understand their degree of influence or impact.
| Your Challenge | Common Obstacles | Info-Tech’s Approach |
Communicating about your initiative is when the work really begins. Many organizations struggle with:
|
Some of the challenges IT faces when it comes to communicating its initiatives includes:
|
For every IT initiative you have going forward, focus on following these three steps:
|
Info-Tech Insight
Every IT employee can be a great communicator; it just takes a few consistent steps, the right tools, and a dedication to practicing communicating your message.
The Info-Tech difference:
27.8% of organizations are not satisfied with IT communications.
25.8% of business stakeholders are not satisfied with IT communications.
Source: Info-Tech Diagnostic Programs; n=34,345 business stakeholders within 604 organizations
The bottom line? Stakeholders for any initiative need to be communicated with often and well. When stakeholders become dissatisfied with IT’s communication, it can lead to an overall decrease in satisfaction with IT.
“Nothing gets done properly if it's not communicated well.”
-- Nastaran Bisheban, CTO KFC Canada
Introduction
Review effective communications.
Plan
Plan your communications using a strategic tool.
Compose
Create your own message.
Deliver
Practice delivering your own message.
| 1. Plan Strategic Communications | 2. Compose a Compelling Message | 3. Deliver Messages Effectively | |
|---|---|---|---|
| Step Activities |
|
|
|
| Step Outcomes | Establish an easy-to-read view of the key communications that need to take place related to your initiative or change. | Practice writing a pitch that conveys the message in a compelling and easy-to-understand way. | Practice delivering the pitch. Ensure there is authenticity in the delivery while still maintaining the audience’s attention. |
We recommend considering this blueprint a natural add-on to any completed Info-Tech blueprint, whether it is completed in the DIY fashion or through a Guided Implementation or workshop.
Communication Planner
A single place to plan and compose all communications related to your IT initiative.
Each step of this blueprint is accompanied by supporting deliverables to help you accomplish your goals.
Facilitation Guide
A step-by-step guide to help your IT organization develop a communication plan and practice composing and delivering key messages.
Stakeholder Analysis
An ability to assess all stakeholders based on impact, influence, and involvement.
| Morning | Afternoon | |
|---|---|---|
| Activities | Plan Strategic Communications for Your Initiative
| Compose and Deliver a Compelling Message
|
| Deliverables |
|
|
Contact your account representative for more information.
workshops@infotech.com 1-888-670-8889
| Goal | Key Performance Indicator (KPI) | Related Resource |
| Obtain board buy-in for IT strategic initiatives. | X% of IT initiatives that were approved to be funded. Number of times that technical initiatives were asked to be explained further. |
Using our Board Presentation Review |
| Ensure stakeholders feel engaged during initiatives. | X% of business leadership satisfied with the statement “IT communicates with your group effectively.” | Using the CIO Business Vision Diagnostic |
| End users know what IT initiatives are going to impact the products or services they use. | X% of end users that are satisfied with communications around changing services or applications. | Using the End-User Satisfaction Survey |
| Project stakeholders receive sufficient communication throughout the initiative. | X% overall satisfaction with the quality of the project communications. | Using the PPM Customer Satisfaction Diagnostic |
| Employees are empowered to perform on IT initiatives. | X% satisfaction employees have with statement “I have all the resources and information I need to do a great job.” | Using the Employee Engagement Diagnostic Program |
Activities
1.1 Define the Change
1.2 Determine Target Audience
1.3 Communication Outcomes
1.4 Clarify the Key Message(s)
1.5 Identify the Owner and Messenger(s)
1.6 Select the Right Channels
1.7 Establish a Frequency and Time Frame
1.8 Obtain Feedback and Improve
1.9 Finalize the Calendar
Communicate Any IT Initiative Effectively
Phase1 > Phase 2 > Phase 3
This step involves the following participants:
Varies based on those who would be relevant to your initiative.
Outcomes of this step
Create an easy-to-follow communications plan to ensure that the right message is sent to the right audience using the right medium and frequency.
Incremental Change:
|
Transitional Change:
|
Transformational Change:
|
Examples:
|
Examples:
|
Examples:
|
Invest time at the start of the project to develop a detailed understanding of the impact of the change. This will help to create a plan that will simplify the change and save time in the end. Evaluate the impact from a people, process, and technology perspective.
Leverage a design thinking principle: Empathize with the stakeholder – what will change?
People
Process
Technology
30 minutes
| Input | Output |
|---|---|
|
|
| Materials | Participants |
|
|
Download the Communication Planner Tool
Audience
Stakeholders (either groups or individuals) who will receive the communication.
Message
Information communicated to impacted stakeholders. Must be rooted in a purpose or intent.
Messenger
Person who delivers the communication to the audience. The communicator and owner are two different things.
Channel
Method or channel used to communicate to the audience.
The target audience always includes groups and individuals who are directly impacted by the change and may also include those who are change adjacent.
Define the target audience: Identify which stakeholders will be the target audience of communications related to the initiative. Stakeholders can be single individuals (CFO) or groups (Applications Team).
Stakeholders to consider:
20 minutes
| Input | Output |
|---|---|
|
|
| Materials | Participants |
|
|
Download the Communication Planner Tool
1 hour
| Input | Output |
|---|---|
|
|
| Materials | Participants |
|
|
Download the Stakeholder Management Analysis Tool
For each target audience, there will be an overall goal on why they need to be communicated with. This outcome or purpose is often dependent on the type of influence the stakeholder wields within the organization as well as the type of impact the change or initiative will have. Depending on the target audience, consider each of the communication outcomes listed below.
| Communicating Across the Organization | Communicating Up to Board or Executives | Communicating Within IT |
|---|---|---|
|
|
|
30 minutes
| Input | Output |
|---|---|
|
|
| Materials | Participants |
|
|
Download the Communication Planner Tool
| What are key messages? |
|
| How to establish key messages: | Ground key messages in organizational strategy and culture. These should be the first places you look to determine the organization’s key messages:
|
Key messages should be clear, concise, and consistent (Porter, 2014). The intent is to convey important information in a way that is relatable and memorable, to promote reinforcement, and ultimately, to drive action.
Info-Tech Insight
Empathizing with the audience is key to anticipating and addressing objections as well as identifying benefits. Customize messaging based on audience attributes such as work model (e.g. hybrid), anticipated objections, what's in it for me? (WIIFM), and specific expectations.
25 minutes
| Input | Output |
|---|---|
|
|
| Materials | Participants |
|
|
Download the Communication Planner Tool
Messages must be communicated by a variety of individuals across the organization. Select the messenger depending on the message characteristics (e.g. audience, message, medium). The same messenger can be used for a variety of messages across different mediums.
Personal impact messages should be delivered by an employee's direct supervisor.
Organizational impact messages and rationale should be delivered by senior leaders in the affected areas.
Recent research by Prosci found employees prefer to hear personal messages from their direct manager and organizational messages from the executive leadership team.
Fifty percent of respondents indicated the CEO as the preferred messenger for organizational change messages.
For each audience, message, and medium, review whether the message is personal or organizational to determine which messengers are best.
The number and seniority of messengers involved depends on the size of the change:
Communication Owner
Single person
Accountable for the communication message and activities
Oversees that the communication does not contradict other communications
Validates the key messages to be made
Communication Messenger(s)
Single person or many people
Responsible for delivering the intended message
Engages the target audience in the communication
Ensures the key messages are made in a consistent and clear manner
30 minutes
| Input | Output |
|---|---|
|
|
| Materials | Participants |
|
|
Download the Communication Planner Tool
| First question: Should the communication be delivered in-person or not? | ||
|---|---|---|
| Types of channels | In-Person | Paper-Based or Tech-Enabled |
| Questions to consider |
|
|
| Two-way interaction | Supplement in-person communications with paper-based or tech-enabled communications to provide follow-up and consistency (Government of Nova Scotia). | Tech-enabled communications allow the sender to deliver messages when they do not co-locate with the receiver. That said, make sure paper-based communications are provided to those without regular access to a computer. |
Consider accessibility when communicating change – not all employees will have access to the same mediums. To ensure inclusivity, strategically plan which mediums to use to reach the entire audience.
| Medium | Description | Key Messages | When to Use |
|---|---|---|---|
| One-on-One Meetings | Individual meetings between managers and their direct reports to ensure they understand the change, can express any concerns, and obtain feedback or recommendations. |
|
|
| Team Meeting | A meeting of a work unit or department. Can be virtual, in person, or a combination. Led by the work unit or department head/manager. |
|
|
| Electronic communication sent to the audience’s company emails, or in the absence of that, to their personal emails. |
|
|
| Medium | Description | Key Messages | When to Use |
|---|---|---|---|
| Town Hall | Virtual or in-person meeting where senior leadership shares information with a wide audience about the change and answers questions. |
|
|
| Roadshow | A series of meetings where senior leadership or the change champion travels to different geographic locations to hold town halls adapted to each location’s audience. |
|
|
| Medium | Description | Key Messages | When to Use |
|---|---|---|---|
| Intranet | An internal company website that a large number of employees can access at any time. |
|
|
| Training | Scheduled blocks of time for the team to learn new skills and behaviors needed to successfully adapt to the change. |
|
|
| Video Message | A prerecorded short video clip designed for either simultaneous broadcast or just-in-time viewing. Can be sent over email or mobile or uploaded to a company portal/intranet. |
|
|
| Medium | Description | Key Messages | When to Use |
|---|---|---|---|
| Shift Turnover Meeting | A meeting between teams or departments when a shift changes over; sometimes called a shift report. Used to communicate any relevant information from the outgoing shift to the incoming shift members. |
|
|
| Company Newsletter | Electronic or hardcopy newsletter published by the company. Contains timely updates on company information. |
|
|
| Sign/Poster | Digital or paper-based sign, graphic, or image. Includes posters, screensavers, etc. |
|
|
20 minutes
| Input | Output |
|---|---|
|
|
| Materials | Participants |
|
|
Download the Communication Planner Tool
| 01 Identify and prioritize | 02 Prepare for initiative | 03 Create a communication plan | 04 Implement change | 05 Sustain the desired outcome |
|---|---|---|---|---|
| Before | During | After | ||
|
|
|
|
|
| Where communication needs to happen | ||||
Don’t forget: Cascade messages down through the organization to ensure those who need to deliver messages have time to internalize the change before communicating it to others. Include a mix of personal and organizational messages, but where possible, separate personal and organizational content into different communications.
“When goals are talked about weekly, teams are nearly 3X more likely to feel confident hitting them.”
– Hypercontext, 2022
Info-Tech Insight
Communications made once will always fail. Ensure there is a frequency appropriate for every communication — or do not expect the desired outcome.
30 minutes
| Input | Output |
|---|---|
|
|
| Materials | Participants |
|
|
Download the Communication Planner Tool
Prior to the strategy rollout, make sure you have also established feedback mechanisms to collect feedback on both the messages delivered and how they were delivered. Some ways to collect feedback include:
Feedback Mechanisms:
There are two types of metrics that can be used to measure the impact of an internal communications strategy and progress toward strategy goals. These metrics are used to measure both outputs and outcomes.
| Select metrics measuring both: | |
|---|---|
| Tactical Effectiveness (Outputs) | Strategic Effectiveness (Outcomes) |
|
|
20 minutes
| Input | Output |
|---|---|
|
|
| Materials | Participants |
|
|
Download the Communication Planner Tool
2 hours
| Input | Output |
|---|---|
|
|
| Materials | Participants |
|
|
Download the Communication Planner Tool
Activities
2.1 Craft a Pitch
2.2 Revise the Pitch
This step involves the following participants:
Varies based on those who would be relevant to your initiative.
Outcomes of this step
Ability to create a clear, concise, and consistent message using best practices and a pitch framework.
Communication Any IT Initiative Effectively
Phase 1 > Phase 2 > Phase 3
Info-Tech Insight
Time is a non-renewable resource. The message crafted must be considered a value-add communication to your audience.
| Be Consistent | Be Clear |
|---|---|
|
|
| Be Relevant | Be Concise |
|
|
Draft core messages communicating information consistent with the high-level communications plan. This includes the overall goal of communications, key messaging, specifics related to the change action, and customizations for each audience. It’s also important to:
| Key Components of a Good Pitch | |
| Purpose of the pitch | What are you asking for? What is the desired outcome of the conversation? What three things do you want the audience to take away? |
| Speak to what matters to them | Who is your audience and what are their biggest challenges today? What do they care? What is the “so what”? Humanize it. Start with an example of a real person. |
| Sell the improvement | How is your solution going to solve that problem? Is your solution a pain killer or vitamin? |
| Show real value | How will your solution create real value? How can that be measured? Give an example. |
| Discuss potential fears | Identify and alleviate fears the stakeholder may have in working with you. Think about what they think now and what you want them to think. |
| Have a call to action | Identify what your ask is. What are you looking for from the stakeholder? Listen and respond. |
| Follow up with a thank-you | Did you ensure that the participants’ time was respected and appreciated? Be genuine and sincere. |
To effectively communicate change, answer questions before they’re asked, whenever possible. To do this, outline at each stage of the change process what’s happening next for the audience and answer other anticipated questions. Pair key questions with core messages in change communications.
Examples of key questions by change stage include:
| What is changing? When is the change expected? Who will be championing the change? What are the change expectations? Will I have input into how the change is happening? What’s happening next? |
Why are we changing? Why is the change happening now? What are the risks of not changing? What will be new? What’s in it for me? What training will be available? Who will be impacted? How will I be impacted? How will my team be impacted? What’s happening next? |
Who should I contact with questions or concerns? How will I be updated? How can I access more information? Will the previous process be available throughout the new process implementation? What needs to be done and what needs to stop to succeed? Will I be measured on this change? What’s happening next? |
How can I access more information? Will this change be added to key performance indicators? How did the change implementation go? What’s happening next? |
| Before change | During change | After change | |
|---|---|---|---|
| Prepare for change | Create change action and communication plan | Implement change | Sustain the change |
20 minutes
| Input | Output |
|---|---|
|
|
| Materials | Participants |
|
|
Download the Communication Planner Tool
10 minutes
| Input | Output |
|---|---|
|
|
| Materials | Participants |
|
|
Download the Communication Planner Tool
Activities
3.1 Deliver Your Pitch
3.2 Refine and Deliver Again
This step involves the following participants:
Varies based on those who would be relevant to your initiative.
Outcomes of this step
Ability to deliver the pitch in a manner that is clear and would be understood by the specific stakeholder the pitch is intended for.
Communicate Any IT Initiative Effectively
Phase 1 > Phase 2 > Phase 3
Using voice and body
Think about the message you are trying to convey and how your body can support that delivery. Hands, stance, and frame all have an impact on what might be conveyed.
If you want your audience to lean in and be eager about your next point, consider using a pause or softer voice and volume.
Be professional and confident
State the main points of your presentation confidently. While this should be obvious, it is essential. Your audience should be able to clearly see that you believe the points you are stating.
Present in a way that is genuine to you and your voice. Whether you have an energetic personality or a calm and composed personality, the presentation should be authentic to you.
Connect with your audience
Look each member of the audience in the eye at least once during your presentation. Avoid looking at the ceiling, the back wall, or the floor. Your audience should feel engaged – this is essential to keeping their attention.
Avoid reading from your slides. If there is text on a slide, paraphrase it while maintaining eye contact.
Info-Tech Insight
You are responsible for the response of your audience. If they aren’t engaged, it is on you as the communicator.
Sample A:
Sample B:
20 minutes
| Input | Output |
|---|---|
|
|
| Materials | Participants |
|
|
1 hour
| Input | Output |
|---|---|
|
|
| Materials | Participants |
|
|
Info-Tech Insight
Whether the CIO or a service desk technician, delivering a presentation is a fear for every role in IT. Prepare your communication to help overcome the fears that are within your control.
Anuja Agrawal
National Communications Director
PwC
Anuja is an accomplished global communications professional, with extensive experience in the insurance, banking, financial, and professional services industry in Asia, the US, and Canada. She is currently the National Communications Director at PwC Canada. Her prior work experience includes communication leadership roles at Deutsche Bank, GE, Aviva, and Veritas. Anuja works closely with senior business leaders and key stakeholders to deliver measurable results and effective change and culture building programs. Anuja has experience in both internal and external communications, including strategic leadership communication, employee engagement, PR and media management, digital and social media, M&A/change and crisis management. Anuja believes in leveraging digital tools and technology-enabled solutions combined with in-person engagement to help improve the quality of dialogue and increase interactive communication within the organization to help build an inclusive culture of belonging.
Nastaran Bisheban
Chief Technology Officer
KFC Canada
A passionate technologist and seasoned transformational leader. A software engineer and computer scientist by education, a certified Project Manager that holds an MBA in Leadership with Honors and Distinction from University of Liverpool. A public speaker on various disciplines of technology and data strategy with a Harvard Business School executive leadership program training to round it all. Challenges status quo and conventional practices; is an advocate for taking calculated risk and following the principle of continuous improvement. With multiple computer software and project management publications she is a strategic mentor and board member on various non-profit organizations. Nastaran sees the world as a better place only when everyone has a seat at the table and is an active advocate for diversity and inclusion.
Heidi Davidson
Co-founder & CEO
Galvanize Worldwide and Galvanize On Demand
Dr. Heidi Davidson is the Co-Founder and CEO of Galvanize Worldwide, the largest distributed network of marketing and communications experts in the world. She also is the Co-Founder and CEO of Galvanize On Demand, a tech platform that matches marketing and communications freelancers with client projects. Now with 167 active experts, the Galvanize team delivers startup advisory work, outsourced marketing, training, and crisis communications to organizations of all sizes. Before Galvanize, Heidi spent four years as part of the turnaround team at BlackBerry as the Chief Communications Officer and SVP of Corporate Marketing, where she helped the company move from a device manufacturer to a security software provider.
Eli Gladstone
Co-Founder
Speaker Labs
Eli is a Co-Founder of Speaker Labs. He has spent over 6 years helping countless individuals overcome their public speaking fears and communicate with clarity and confidence. When he's not coaching others on how to build and deliver the perfect presentation, you'll probably find him reading some weird books, teaching his kids how to ski or play tennis, or trying to develop a good enough jumpshot to avoid being a liability on the basketball court.
Francisco Mahfuz
Keynote Speaker & Storytelling Coach
Francisco Mahfuz has been telling stories in front of audiences for a decade, and even became a National Champion of public speaking. Today, Francisco is a keynote speaker and storytelling coach and offers communication training to individuals and international organisations, and has worked with organisations like Pepsi, HP, the United Nations, Santander and Cornell University. He's the author of Bare: A Guide to Brutally Honest Public Speaking, the host of The Storypowers Podcast, and he’s been part of the IESE MBA communications course since 2020. He's received a BA in English Literature from Birkbeck University in London.
Sarah Shortreed
EVP & CTO
ATCO Ltd.
Sarah Shortreed is ATCO’s Executive Vice President and Chief Technology Officer. Her responsibilities include leading ATCO’s Information Technology (IT) function as it continues to drive agility and collaboration throughout ATCO’s global businesses and expanding and enhancing its enterprise IT strategy, including establishing ATCO’s technology roadmap for the future. Ms. Shortreed's skill and expertise are drawn from her more than 30-year career that spans many industries and includes executive roles in business consulting, complex multi-stakeholder programs, operations, sales, customer relationship management and product management. She was recently the Chief Information Officer at Bruce Power and has previously worked at BlackBerry, IBM and Union Gas. She sits on the Board of Governors for the University of Western Ontario and is the current Chair of the Chief Information Officer (CIO) Committee at the Conference Board of Canada.
Eric Silverberg
Co-Founder
Speaker Labs
Eric is a Co-Founder of Speaker Labs and has helped thousands of people build their public speaking confidence and become more dynamic and engaging communicators. When he's not running workshops to help people grow in their careers, there's a good chance you'll find him with his wife and dog, drinking Diet Coke and rewatching iconic episodes of the reality TV show Survivor! He's such a die-hard fan, that you'll probably see him playing the game one day.
Stephanie Stewart
Communications Officer & DR Coordinator
Info Security Services Simon Fraser University
Steve Strout
President
Miovision Technologies
Mr. Strout is a recognized and experienced technology leader with extensive experience in delivering value. He has successfully led business and technology transformations by leveraging many dozens of complex global SFDC, Oracle and/or SAP projects. He is especially adept at leading what some call “Project Rescues” – saving people’s careers where projects have gone awry; always driving "on-time and on-budget.“ Mr. Strout is the current President of Miovision Technologies and the former CEO and board member of the Americas’ SAP Users’ Group (ASUG). His wealth of practical knowledge comes from 30 years of extensive experience in many CxO and executive roles at some prestigious organizations such as Vonage, Sabre, BlackBerry, Shred-it, The Thomson Corporation (now Thomson Reuters) and Morris Communications. Served on Boards including Customer Advisory Boards of Apple, AgriSource Data, Dell, Edgewise, EMC, LogiSense, Socrates.ai, Spiro Carbon Group, and Unifi.
Info-Tech Research Group Contributors:
Sanchia Benedict, Research Lead
Koula Bouloukos, Production Manager
Antony Chan, Executive Counsellor
Janice Clatterbuck, Executive Counsellor
Ahmed Jowar, Research Specialist
Dave Kish, Practice Lead
Nick Kozlo, Senior Research Analyst
Heather Leier Murray, Senior Research Analyst
Amanda Mathieson, Research Director
Carlene McCubbin, Practice Lead
Joe Meier, Executive Counsellor
Andy Neill, AVP, Research
Thomas Randall, Research Director
Plus an additional two contributors who wish to remain anonymous.
During a crisis it is important to communicate to employees through messages that convey calm and are transparent and tailored to your audience. Use the Crisis Communication Guides to:
Use this guide to equip leadership to communicate in times of crisis.
Gallo, Carmine. "How Great Leaders Communicate." Harvard Business Review. 23 November 2022.
Gallup. State of the American Workplace Report. Washington, D.C.: Gallup, 6 February 2020.
Guthrie, Georgina. “Why Good Internal Communications Matter Now More than Ever.” Nulab. 15 Dec. 2021.
Hypercontext. “The State of High Performing Teams in Tech 2022.” Hypercontext. 2022.
Lambden, Duncan. “The Importance of Effective Workplace Communication – Statistics for 2022.” Expert Market. 13 June 2022.
McCreary, Gale & WikiHow. “How to Measure the Effectiveness of Communication: 14 Steps.” WikiHow.
Nowak, Marcin. “Top 7 Communication Problems in the Workplace.” MIT Enterprise Forum CEE, 2021.
Nunn, Philip. “Messaging That Works: A Unique Framework to Maximize Communication Success.” iabc.
Picincu, Andra. “How to Measure Effective Communications.” Small Business Chron. 12 January 2021.
Price. David A. “Pixar Story Rules.”
Prosci. “Best Practices in Change Management 2020 Edition.” Prosci, 2020.
Roberts, Dan. “How CIOs Become Visionary Communicators.” CIO, 2019.
Schlesinger, Mark. “Why building effective communication skill in IT is incredibly important.”
Skills Framework for the Information Age, “Mapping SFIA Levels of Responsibilities to Behavioural Factors.” Skills Framework for the Information Age, 2021.
St. James, Halina. Talk It Out. Podium, 2005.
TeamState. “Communication in the Workplace Statistics: Importance and Effectiveness in 2022.” TeamStage, 2022.
Walters, Katlin. “Top 5 Ways to Measure Internal Communication.” Intranet Connections, 30 May 2019.
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
This phase of the blueprint will help in understanding the organization's business priorities, documenting the current SDLC process, and identifing current SDLC challenges.
This phase of the blueprint, will help with defining root causes, determining potential optimization initiatives, and defining the target state of the SDLC.
This phase of the blueprint will help with prioritizing initiatives in order to develop a rollout strategy, roadmap, and communication plan for the SDLC optimization.
Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.
Understand SDLC current state.
Understanding of your current SDLC state and metrics to measure the success of your SDLC optimization initiative.
1.1 Document the key business objectives that your SDLC delivers upon.
1.2 Document your current SDLC process using a SIPOC process map.
1.3 Identify appropriate metrics in order to track the effectiveness of your SDLC optimization.
1.4 Document the current state process flow of each SDLC phase.
1.5 Document the control points and tools used within each phase.
Documented business objectives
Documented SIPOC process map
Identified metrics to measure the effectiveness of your SDLC optimization
Documented current state process flows of each SDLC phase
Documented control points and tools used within each SDLC phase
Understand current SDLC challenges and root causes.
Understand the core areas of your SDLC that require optimization.
2.1 Identify the current challenges that exist within each SDLC phase.
2.2 Determine the root cause of the challenges that exist within each SDLC phase.
Identified current challenges
Identified root causes of your SDLC challenges
Understand common best practices and the best possible optimization initiatives to help optimize your current SDLC.
Understand the best ways to address your SDLC challenges.
3.1 Define optimization initiatives to address the challenges in each SDLC phase.
Defined list of potential optimization initiatives to address SDLC challenges
Define your SDLC target state while maintaining traceability across your overall SDLC process.
Understand what will be required to reach your optimized SDLC.
4.1 Determine the target state of your SDLC.
4.2 Determine the people, tools, and control points necessary to achieve your target state.
4.3 Assess the traceability between phases to ensure a seamlessly optimized SDLC.
Determined SDLC target state
Identified people, processes, and tools necessary to achieve target state
Completed traceability alignment map and prioritized list of initiatives
Define how you will reach your target state.
Create a plan of action to achieve your desired target state.
5.1 Gain the full scope of effort required to implement your SDLC optimization initiatives.Gain the full scope of effort required to implement your SDLC optimization initiatives.
5.2 Identify the enablers and blockers of your SDLC optimization.
5.3 Define your SDLC optimization roadmap.
5.4 Create a communication plan to share initiatives with the business.
Level of effort required to implement your SDLC optimization initiatives
Identified enablers and blockers of your SDLC optimization
Defined optimization roadmap
Completed communication plan to present your optimization strategy to stakeholders
Consistent, high-quality disclosure of ESG practices is the means by which organizations can demonstrate they are acting responsibly and in the best interest of their customers and society. Organizations may struggle with these challenges when implementing an ESG reporting program:
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
This storyboard provides a three-phased approach to establishing a comprehensive ESG reporting framework to drive sustainable corporate performance. It will help you identify what to report, understand how to implement your reporting program, and review in-house and external software and tooling options.
The workbook allows IT and business leaders to document decisions as they work through the steps to establish a comprehensive ESG reporting framework.
This planning tool guides IT and business leaders in planning, prioritizing, and addressing gaps to build an ESG reporting program.
Use this template to create a presentation that explains the drivers behind the strategy, communicates metrics, demonstrates gaps and costs, and lays out the timeline for the implementation plan.
Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.
Determine material ESG factors.
Learn how to identify your key stakeholders and material ESG risks.
1.1 Create a list of stakeholders and applicable ESG factors.
1.2 Create a materiality map.
List of stakeholders and applicable ESG factors
Materiality map
Define performance and reporting metrics.
Align your ESG strategy with key performance metrics.
2.1 Create a list of SMART metrics.
2.2 Create a list of reporting obligations.
SMART metrics
List of reporting obligations
Assess data and implementation gaps.
Surface data and technology gaps.
3.1 Create a list of high-priority data gaps.
3.2 Summarize high-level implementation considerations.
List of high-priority data gaps
Summary of high-level implementation considerations
Select software and tooling options and develop implementation plan.
Complete your roadmap and internal communication document.
4.1 Review tooling and technology options.
4.2 Prepare ESG reporting implementation plan.
4.3 Prepare the ESG reporting program presentation.
Selected tooling and technology
ESG reporting implementation plan
ESG reporting strategy presentation
The shift toward stakeholder capitalism cannot be pinned on one thing; rather, it is a convergence of forces that has reshaped attitudes toward the corporation. Investor attention on responsible investing has pushed corporations to give greater weight to the achievement of corporate goals beyond financial performance.
Reacting to the new investor paradigm and to the wider systemic risk to the financial system of climate change, global regulators have rapidly mobilized toward mandatory climate-related disclosure.
IT will be instrumental in meeting the immediate regulatory mandate, but their role is much more far-reaching. IT has a role to play at the leadership table shaping strategy and assisting the organization to deliver on purpose-driven goals.
Delivering high-quality, relevant, and consistent disclosure is the key to unlocking and driving sustainable corporate performance. IT leaders should not underestimate the influence they have in selecting the right technology and data model to support ESG reporting and ultimately support top-line growth.
Yaz Palanichamy
Senior Research Analyst
Info-Tech Research Group
Donna Bales
Principal Research Director
Info-Tech Research Group
Your ChallengeYour organization needs to define a ESG reporting strategy that is driven by corporate purpose. Climate-related disclosure mandates are imminent; you need to prepare for them by building a sustainable reporting program now. There are many technologies available to support your ESG program plans. How do you choose the one that is right for your organization? |
Common ObstaclesKnowing how to narrow down ESG efforts to material ESG issues for your organization. Understanding the key steps to build a sustainable ESG reporting program. Assessing and solving for data gaps and data quality issues. Being aware of the tools and best practices available to support regulatory and performance reporting. |
Info-Tech’s ApproachLearn best-practice approaches to develop and adopt an ESG reporting program approach to suit your organization’s unique needs. Understand the key features, tooling options, and vendors in the ESG software market. Learn through analyst insights, case studies, and software reviews on best-practice approaches and tool options. |
Implementing a robust reporting program takes time. Start early, remain focused, and plan to continually improve data quality and collection and performance metrics
Environmental, social, and governance are the components of a sustainability framework that is used to understand and measure how an organization impacts or is affected by society as a whole.
Human activities, particularly fossil fuel burning since the middle of the twentieth century, have increased greenhouse gas concentration, resulting in observable changes to the atmosphere, ocean, cryosphere, and biosphere. The “E” in ESG relates to the positive and negative impacts an organization may have on the environment, such as the energy it takes in and the waste it discharges.
The “S” in ESG is the most ambiguous component in the framework, as social impact relates not only to risks but also to prosocial behavior. It’s the most difficult to measure but can have significant financial and reputational impact on corporations if material and poorly managed.
The “G” in ESG is foundational to the realization of “S” and “E.” It encompasses how well an organization integrates these considerations into the business and how well the organization engages with key stakeholders, receives feedback, and is transparent with its intentions.
Organizational Reputation: Seventy-four percent of those surveyed were concerned that failing to improve their corporate ESG performance would negatively impact their organization’s branding and overall reputation in the market (Intelex, 2022).
Ethical Business Compliance: Adherence to well-defined codes of business conduct and implementation of anti-corruption and anti-bribery practices is a great way to distinguish between organizations with good/poor governance intentions.
Shifting Consumer Preferences: ESG metrics can also largely influence consumer preferences in buying behavior intentions. Research from McKinsey shows that “upward of 70 percent” of consumers surveyed on purchases in multiple industries said they would pay an additional 5 percent for a green product if it met the same performance standards as a nongreen alternative (McKinsey, 2019).
Responsible Supply Chain Management: The successful alignment of ESG criteria with supply chain operations can lead to several benefits (e.g. producing more sustainable product offerings, maintaining constructive relationships with more sustainability-focused suppliers).
Environmental Stewardship: The growing climate crisis has forced companies of all sizes to rethink how they plan their corporate environmental sustainability practices.
Compliance With Regulatory Guidelines: An increasing emphasis on regulations surrounding ESG disclosure rates may result in some institutional investors taking a more proactive stance toward ESG-related initiatives.
Sustaining Competitive Advantage: Given today’s globalized economy, many businesses are constantly confronted with environmental issues (e.g. water scarcity, air pollution) as well as social problems (e.g. workplace wellness issues). Thus, investment in ESG factors is simply a part of maintaining competitive advantage.
The perceived importance of ESG has dramatically increased from 2020 to 2023
In a survey commissioned by Schneider Electric, researchers categorized the relative importance of ESG planning initiatives for global IT business leaders. ESG was largely identified as a critical factor in sustaining competitive advantage against competitors and maintaining positive investor/public relations.
Source: S&P Market Intelligence, 2020; N=825 IT decision makers
“74% of finance leaders say investors increasingly use nonfinancial information in their decision-making.”
Source: EY, 2020
The Evolving Regulatory Landscape
Canada
United States
Europe
New Zealand
ESG reporting is the disclosure of environmental, social, and governance (ESG) data via qualitative and quantitative reports.
It is how organizations make their sustainability commitments and strategies transparent to stakeholders.
For investors it provides visibility into a company's ESG activities, enabling them to align investments to their values and avoid companies that cause damage to the environment or are offside on social and governance issues.
Despite the growing practice of ESG reporting, reporting standards and frameworks are still evolving and the regulatory approach for climate-related disclosure is inconsistent across jurisdictions, making it challenging for organizations to develop a robust reporting program.
|
“Environmental, social and governance (ESG) commitments are at the core a data problem.” Source: EY, 2022 |
Despite the commitment to support an ESG Initiative, less than a quarter of IT professionals say their organization can accurately report on the impact of its ESG initiatives, and 44% say their reporting on impacts is not accurate.
Reporting accuracy was even worse for reporting on carbon footprint with 46% saying their organization could not report on its carbon footprint accurately. This despite most IT professionals saying they are working to support environmental mandates.
Country Sustainability Scores (CSR) as of October 2021
Scores range from 1 (poor) to 10 (best)
Source: Robeco, 2021
Finland has ranked consistently as a leading sustainability performer in recent years. Finland's strongest ESG pillar is the environment, and its environmental ranking of 9.63/10 is the highest out of all 150 countries.
Brazil, France, and India are among the countries whose ESG score rankings have deteriorated significantly in the past three years.
Increasing political tensions and risks as well as aftershock effects of the COVID-19 pandemic (e.g. high inequality and insufficient access to healthcare and education) have severely impacted Brazil’s performance across the governance and social pillars of the ESG framework, ultimately causing its overall ESG score to drop to a CSR value of 5.31.
Canada has received worse scores for corruption, political risk, income inequality, and poverty over the past three years.
Taiwan has seen its rankings improve in terms of overall ESG scores. Government effectiveness, innovation, a strong semiconductor manufacturing market presence, and stronger governance initiatives have been sufficient to compensate for a setback in income and economic inequality.
Source: Robeco, 2021
Business Benefits
IT Benefits
Each step of this blueprint is accompanied by supporting deliverables to help you accomplish your goals:
|
Key deliverable: Executive PresentationLeverage this presentation deck to improve corporate performance by implementing a holistic and proactive ESG reporting program. |
|
WorkbookAs you work through the activities, use this workbook to document decisions and rationale and to sketch your materiality map. |
|
Implementation PlanUse this implementation plan to address organizational, technology, and tooling gaps. |
|
RFP TemplateLeverage Info-Tech’s RFP Template to source vendors to fill technology gaps. |
DIY Toolkit
"Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful."
Guided Implementation
"Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track."
Workshop
"We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place."
Consulting
"Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project."
A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization.
A typical GI is 8 to 12 calls over the course of 4 to 6 months.
Day 1 |
Day 2 |
Day 3 |
Day 4 |
Day 5 |
|
Activities |
Determine Material ESG Factors 1.1 Review ESG drivers. |
Define Performance and Reporting Metrics 2.1 Understand common program metrics for each ESG component. |
Assess Data and Implementation Gaps 3.1 Assess magnitude and prioritize data gaps. |
Software and Tooling Options 4.1 Review technology options. |
Next Steps and Wrap-Up (offsite) 5.1 Complete in-progress deliverables from previous four days. |
Deliverables |
1. Customized list of key stakeholders and material ESG risks
|
1. SMART metrics
|
1. High-priority data gaps
|
1. Technology and tooling opportunities
|
1. ESG Reporting Workbook
|
Contact your account representative for more information.
workshops@infotech.com
1-888-670-8889
This phase will walk you through the following:
This phase involves the following participants: CIO, CCO, CSO, business leaders, legal, marketing and communications, head of ESG reporting, and any dedicated ESG team members
Measuring and tracking incremental change among dimensions such as carbon emissions reporting, governance, and diversity, equity, and inclusion (DEI) requires organizations to acquire, analyze, and synthesize data from beyond their internal organizational ecosystems
This section will walk you through some key considerations for establishing your ESG reporting strategy. The first step in this process is to identify the scope of your reporting program.
Evaluate your stakeholder landscape
Consider each of these areas of the ESG Stakeholder Wheel and identify your stakeholders. Once stakeholders are identified, consider how the ESG factors might be perceived by delving into the ESG factors that matter to each stakeholder and what drives their behavior.
Determine ESG impact on stakeholders
Review materiality assessment frameworks for your industry to surface ESG factors for your segment and stakeholder group(s).
Perform research and analysis of the competition and stakeholder trends, patterns, and behavior
Support your findings with stakeholder interviews.
27%: Support for social and environmental proposals at shareholder meetings of US companies rose to 27% in 2020 (up from 21% in 2017).
Source: Sustainable Investments Institute, 2020.
79%: of investors consider ESG risks and opportunities an important factor in investment decision making.
Source: “Global Investor Survey,” PwC, 2021.
33%: of survey respondents cited that a lack of attention or support from senior leadership was one of the major barriers preventing their companies from making any progress on ESG issues.
Source: “Consumer Intelligence Survey,” PwC, 2021.
To succeed with ESG reporting it is essential to understand who we hold ourselves accountable to and to focus ESG efforts in areas with the optimal balance between people, the planet, and profits
Input: Internal documentation (e.g. strategy, annual reports), ESG Stakeholder Wheel
Output: List of key stakeholders and applicable ESG factors
Materials: Whiteboard/flip charts, ESG Reporting Workbook
Participants: Chief Sustainability Officer, Chief Compliance Officer, Head of ESG Reporting, Business leaders
Download the ESG Reporting Workbook
The concept of materiality as it relates to ESG is the process of gaining different perspectives on ESG issues and risks that may have significant impact (both positive and negative) on or relevance to company performance.
The objective of a materiality assessment is to identify material ESG issues most critical to your organization by looking at a broad range of social and environmental factors. Its purpose is to narrow strategic focus and enable an organization to assess the impact of financial and non-financial risks aggregately.
It helps to make the case for ESG action and strategy, assess financial impact, get ahead of long-term risks, and inform communication strategies.
Organizations can use assessment tools from Sustainalytics or GRI, SASB Standards, or guidance and benchmarking information from industry associations to help assess ESG risks .
The materiality assessment informs your risk management approach. Material ESG risks identified should be integrated into your organization’s risk reporting framework.
|
How you communicate the results of your ESG assessment may vary depending on whether you’re communicating to internal or external stakeholders and their communication delivery preferences. |
Using the results from your materiality assessment, narrow down your key stakeholders list. Enhance your strategy for disclosure and performance measurement through direct and indirect stakeholder engagement. Decide on the most suitable format to reach out to these stakeholders. Smaller groups lend themselves to interviews and forums, while surveys and questionnaires work well for larger groups. Develop relevant questions tailored to your company and the industry and geography you are in. Once you receive the results, decide how and when you will communicate them. Determine how they will be used to inform your strategy. |
Step 1Select framework
Review reporting frameworks and any industry guidance and select a baseline reporting framework to begin your materiality assessment. |
Step 2Begin to narrow down
Work with stakeholders to narrow down your list to a shortlist of high-priority material ESG issues. |
Step 3Consolidate and group
Group ESG issues under ESG components, your company’s strategic goals, or the UN’s Sustainable Development Goals. |
Step 4Rate the risks of ESG factors
Assign an impact and likelihood scale for each risk and assign your risk threshold. |
Step 5Map
Use a material map framework such as GRI or SASB or Info-Tech’s materiality map to visualize your material ESG risks. |
The materiality assessment is a strategic tool used to help identify, refine, and assess the numerous ESG issues in the context of your organization.
There is no universally accepted approach to materiality assessments. Although the concept of materiality is often embedded within a reporting standard, your approach to conducting the materiality assessment does not need to link to a specific reporting standard. Rather, it can be used as a baseline to develop your own.
To arrive at the appropriate outcome for your organization, careful consideration is needed to tailor the materiality assessment to meet your organization’s objectives.
When defining the scope of your materiality assessment consider:
Consider your stakeholders and your industry when selecting your materiality assessment tool – this will ensure you provide relevant disclosure information to the stakeholders that need it.
Double materiality is an extension of the financial concept of materiality and considers the broader impact of an organization on the world at large – particularly to people and climate.
Using internal information (e.g. strategy, surveys) and external information (e.g. competitors, industry best practices), create a longlist of ESG issues.
Discuss and narrow down the list. Be sure to consider opportunities – not just material risks!
Group the issues under ESG components or defined strategic goals for your organization. Another option is to use the UN’s Sustainable Development Goals to categorize.
Differentiate ESG factors that you already measure and report.
The benefit of clustering is that it shows related topics and how they may positively or negatively influence one another.
ESG risks are good predictors of future risks and are therefore key inputs to ensure long-term corporate success.
Regardless of the size of your organization, it’s important to build resilience against ESG risks.
To protect an organization against an ESG incident and potential liability risk, ESG risks should be treated like any other risk type and incorporated into risk management and internal reporting practices, including climate scenario analysis.
Some regulated entities will be required to meet climate-related financial disclosure expectations, and sound risk management practices will be prescribed through regulatory guidance. However, all organizations should instill sound risk practices.
ESG risk management done right will help protect against ESG mishaps that can be expensive and damaging while demonstrating commitment to stakeholders that have influence over all corporate performance.
Source: GreenBiz, 2022.
IT has a role to play to provide the underlying data and technology to support good risk decisions.
|
GRI’s Materiality Matrix
|
SASB’s Materiality Map
|
Info-Tech’s Materiality Map
|
Input: ESG corporate purpose or any current ESG metrics; Customer satisfaction or employee engagement surveys; Materiality assessment tools from SASB, Sustainalytics, GRI, or industry frameworks; Outputs from stakeholder outreach/surveys
Output: Materiality map, a list of material ESG issues
Materials: Whiteboard/flip charts, ESG Reporting Workbook
Participants: Chief Sustainability Officer, Chief Compliance Officer, Head of ESG Reporting, Business leaders, Participants from marketing and communications
Download the ESG Reporting Workbook
Novartis, a leading global healthcare company based in Switzerland, stands out as a leader in providing medical consultancy services to address the evolving needs of patients worldwide. As such, its purpose is to use science and technologically innovative solutions to address some of society’s most debilitating, challenging, and ethically significant healthcare issues.
The application of Novartis’ materiality assessment process in understanding critical ESG topics important to their shareholders, stakeholder groups, and society at large enables the company to better quantify references to its ESG sustainability metrics.
Novartis applies its materiality assessment process to better understand relevant issues affecting its underlying business operations across its entire value chain. Overall, employing Novartis’s materiality assessment process helps the company to better manage its societal, environmental, and economic impacts, thus engaging in more socially responsible governance practices.
In 2021, Novartis had completed its most recent materiality assessment. From this engagement, both internal and external stakeholders had ranked as important eight clusters that Novartis is impacting on from an economic, societal, and environmental standpoint. The top four clusters were patient health and safety, access to healthcare, innovation, and ethical business practices.
Another benefit of the materiality assessment is that it helps to make the case for ESG action and provides key information for developing a purpose-led strategy.
An internal ESG strategy should drive toward company-specific goals such as green-house gas emission targets, use of carbon neutral technologies, focus on reusable products, or investment in DEI programs.
Most organizations focus on incremental goals of reducing negative impacts to existing operations or improving the value to existing stakeholders rather than transformative goals.
Yet, a strategy that is authentic and aligned with key stakeholders and long-term goals will bring sustainable value.
The strategy must be supported by an accountability and performance measurement framework such as SMART metrics.
Input: ESG corporate purpose or any current ESG metrics, Outputs from activities 1 and 2, Internally defined metrics (i.e. risk metrics or internal reporting requirements)
Output: SMART metrics
Materials: Whiteboard/flip charts, ESG Reporting Workbook
Participants: Chief Sustainability Officer, Chief Compliance Officer, Chief Risk officer/Risk leaders, Head of ESG Reporting, Business leaders, Participants from marketing and communications
Download the ESG Reporting Workbook
Environmental
Social
Governance
Attach metrics to your goals to gauge the success of the ESG program.
Sample Metrics
High-level overview of reporting requirements:
Refer to your legal and compliance team for the most up-to-date and comprehensive requirements.
The focus of regulators is to move to mandatory reporting of material climate-related financial information.
There is some alignment to the TCFD* framework, but there is a lack of standardization in terms of scope across jurisdictions.
*TCFD is the Task Force on Climate-Related Financial Disclosures.
Input: Corporate strategy documents; Compliance registry or internal governance, risk, and compliance (GRC) tool
Output: A list of regulatory obligations
Materials: Whiteboard/flip charts, ESG Reporting Workbook
Participants: Chief Sustainability Officer, Chief Compliance Officer, Chief Legal Officer, Head of ESG Reporting, Business leaders
Download the ESG Reporting Workbook
Once the scope of your ESG reporting framework has been identified, further assessment is needed to determine program direction and to understand and respond to organizational impact.
Reporting standards are available to enable relevant, high-quality, and comparable information. It’s the job of the reporting entity to decide on the most suitable framework for their organization.
The most established standard for sustainability reporting is the Global Reporting Initiative (GRI), which has supported sustainability reporting for over 20 years.
The Task Force on Climate-Related Financial Disclosures (TCFD) was created by the Financial Stability Board to align ESG disclosure with financial reporting. Many global regulators support this framework.
The International Sustainability Standards Board (ISSB) is developing high-quality, understandable, and enforceable global standards using the Sustainability Accounting Standards Board (SASB) as a baseline. It is good practice to use SASB Standards until the ISSB standards are available.
ESG ratings are provided by third-party agencies and are increasingly being used for financing and transparency to investors. ESG ratings provide both qualitative and quantitative information.
However, there are multiple providers, so organizations need to consider which ones are the most important and how many they want to use.
Some of the most popular rating agencies include Sustainalytics, MSCI, Bloomberg, Moody's, S&P Global, and CDP.
Reference Appendix Below
To meet ESG objectives, corporations are challenged with collecting non-financial data from across functional business and geographical locations and from their supplier base and supply chains.
One of the biggest impediments to ESG implementation is the lack of high-quality data and of mature processes and tools to support data collection.
An important step for delivering reporting requirements is to perform a gap analysis early on to surface gaps in the primary data needed to deliver your reporting strategy.
The output of this exercise will also inform and help prioritize implementation, as it may show that new data sets need to be sourced or tools purchased to collect and aggregate data.
Conduct a gap analysis to determine gaps in primary data
Input: Business (ESG) strategy, Data inventory (if exists), Output from Activity 1: Key stakeholders, Output from Activity 2: Materiality map, Output of Activity 3: SMART metrics, Output of Activity 4: Regulatory obligations
Output: List of high-priority data gaps
Materials: Whiteboard/flip charts, ESG Reporting Workbook
Participants: Chief Sustainability Officer, Chief Compliance Officer, Chief Legal Officer, Head of ESG Reporting, Business leaders, Data analysts
Download the ESG Reporting Workbook
Source: “2023 Canadian ESG Reporting Insights,” PwC.
When implementing an ESG reporting framework, it is important not to implement in silos but to take a strategic approach that considers the evolving nature of ESG and the link to value creation and sound decision making.
“The future of sustainability reporting is digital – and tagged.”
Source: “XBRL Is Coming,” Novisto, 2022.
In the last few years, global regulators have proposed or effected legislation requiring public companies to disclose climate-related information.
Yet according to Info-Tech’s 2023 Trends and Priorities survey, most IT professionals expect to support environmental mandates but are not prepared to accurately report on their organization’s carbon footprint.
IT groups have a critical role to play in helping organizations develop strategic plans to meet ESG goals, measure performance, monitor risks, and deliver on disclosure requirements.
To future-proof your reporting structure, your data should be readable by humans and machines.
eXtensible Business Reporting Language (XBRL) tagging is mandated in several jurisdictions for financial reporting, and several reporting frameworks are adopting XBRL for sustainability reporting so that non-financial and financial disclosure frameworks are aligned.
Example environmental metrics
“59% of businesses only talk about their positive performance, missing opportunities to build trust with stakeholders through balanced and verifiable ESG reporting.”
Source: “2023 Canadian ESG Reporting Insights,” PwC.
To date, regulatory focus has been on climate-related disclosure, although we are beginning to see signals in Europe and the UK that they are turning their attention to social issues.
Social reporting focuses on the socioeconomic impacts of an organization’s initiatives or activities on society (indirect or direct).
The “social” component of ESG can be the most difficult to quantify, but if left unmonitored it can leave your organization open to litigation from consumers, employees, and activists.
Although organizations have been disclosing mandated metrics such as occupational health and safety and non-mandated activities such as community involvement for years, the scope of reporting is typically narrow and hard to measure in financial terms.
This is now changing with the recognition by companies of the value of social reporting to brand image, traceability, and overall corporate performance.
Example social metrics
McDonald’s Corporation is the leading global food service retailer. Its purpose is not only providing burgers to dinner tables around the world but also serving its communities, customers, crew, farmers, franchisees, and suppliers alike. As such, not only is the company committed to having a positive impact on communities and in maintaining the growth and success of the McDonald's system, but it is also committed to conducting its business operations in a way that is mindful of its ESG commitments.
McDonald’s Better Together: Gender Balance & Diversity strategy and Women in Tech initiative
In 2019, MCD launched its Better Together: Gender Balance & Diversity strategy as part of a commitment to improving the representation and visibility of women at all levels of the corporate structure by 2023.
In conjunction with the Better Together strategy, MCD piloted a “Women in Tech” initiative through its education and tuition assistance program, Archways to Opportunity. The initiative enabled women from company-owned restaurants and participating franchisee restaurants to learn skills in areas such as data science, cybersecurity, artificial intelligence. MCD partnered with Microsoft and Colorado Technical University to carry out the initiative (McDonald’s, 2019).
Both initiatives directly correlate to the “S” of the ESG framework, as the benefits of gender-diverse leadership continue to be paramount in assessing the core strengths of a company’s overreaching ESG portfolio. Hence, public companies will continue to face pressure from investors to act in accordance with these social initiatives.
MCD’s Better Together and Women in Tech programs ultimately helped improve recruitment and retention rates among its female employee base. After the initialization of the gender balance and diversification strategy, McDonald’s signed on to the UN Women’s Empowerment Principles to help accelerate global efforts in addressing the gender disparity problem.
Strong governance is foundational element of a ESG program, yet governance reporting is nascent and is often embedded in umbrella legislation pertaining to a particular risk factor.
A good example of this is the recent proposal by the Securities and Exchange Commission in the US (CFR Parts 229, 232, 239, 240, and 249, Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure), which will require public companies to:
The "G” component includes more than traditional governance factors and acts as a catch-all for other important ESG factors such as fraud, cybersecurity, and data hygiene. Make sure you understand how risk may manifest in your organization and put safeguards in place.
Example governance metrics
The "G" in ESG may not be capturing the limelight under ESG legislation yet, but there are key governance factors that are that are under regulatory radar, including data, cybersecurity, fraud, and DEI. Be sure you stay on top of these issues and include performance metrics into your internal and external reporting frameworks.
48% of investment decision makers, including 58% of institutional investors, say companies’ self-reported ESG performance data is “much more important” than companies’ conventional financial data when informing their investment decisions (Benchmark ESG, 2021). |
Due to the nascent nature of climate-related reporting, data challenges such as the availability, usability, comparability, and workflow integration surface early in the ESG program journey when sourcing and organizing data:
In addition to good, reliable inputs, organizations need to have the infrastructure to access new data sets and convert raw data into actionable insights.
The establishment of data model and workflow processes to track data lineage is essential to support an ESG program. To be successful, it is critical that flexibility, scalability, and transparency exist in the architectural design. Data architecture must scale to capture rapidly growing volumes of unstructured raw data with the associated file formats.
Download Info-Tech’s Create and Manage Enterprise Data Models blueprint
Building and operating an ESG program requires the execution of a large number of complex tasks.
IT leaders have an important role to play in selecting the right technology approach to support a long-term strategy that will sustain and grow corporate performance.
The decision to buy a vendor solution or build capabilities in-house will largely depend on your organization’s ESG ambitions and the maturity of in-house business and IT capabilities.
For large, heavily regulated entities an integrated platform for ESG reporting can provide organizations with improved risk management and internal controls.
Example considerations when deciding to meet ESG reporting obligations in-house
Executive leadership should take a more holistic and proactive stance to not only accurately reporting upon baseline corporate financial metrics but also capturing and disclosing relevant ESG performance metrics to drive alternative streams of valuation across their respective organizational environments.
Input: Business (ESG) strategy, Data inventory (if exists), Asset inventory (if exists), Output from Activity 5
Output: Summary of high-level implementation considerations
Materials: Whiteboard/flip charts, ESG Reporting Workbook
Participants: Chief Sustainability Officer, Head of ESG Reporting, Business leaders, Data analysts, Data and IT architect/leaders,
Download the ESG Reporting Workbook
Communication: Teams must have some type of communication strategy. This can be broken into:
Proximity: Distributed teams create complexity as communication can break down. This can be mitigated by:
Trust: Members should trust other members are contributing to the project and completing their required tasks on time. Trust can be developed and maintained by:
Your communication of ESG performance is intricately linked to corporate value creation. When designing your communications strategy, consider:
A recent BDC survey of 121 large companies and public-sector buyers found that 82% require some disclosure from their suppliers on ESG, and that's expected to grow to 92% by 2024.
Source: BDC, 2023
ESG's link to corporate performance means that organizations must stay on top of ESG issues that may impact the long-term sustainability of their business.
ESG components will continue to evolve, and as they do so will stakeholder views. It is important to continually survey your stakeholders to ensure you are optimally managing ESG risks and opportunities.
To keep ESG on the strategy agenda, we recommend that organizations:
Download The ESG Imperative and Its Impact on Organizations
This phase will walk you through the following activities:
This phase involves the following participants: CIO, CCO, CSO, EA, IT application and data leaders, procurement, business leaders, marketing and communications, head of ESG reporting, and any dedicated ESG team members
Before sourcing any technology, it’s important to have a good understanding of your requirements.
Key elements to consider:
The importance of ESG is something that will need to be considered for most, if not every decision in the future, and having reliable and available information is essential. While the industry will continue to see investment and innovation that drives operational efficiency and productivity, we will also see strong ESG themes in these emerging technologies to ensure they support both sustainable and socially responsible operations.
With the breadth of technology Datamine already has addressing the ESG needs for the mining industry combined with our new technology, our customers can make effective and timely decisions through incorporating ESG data into their planning and scheduling activities to meet customer demands, while staying within the confines of their chosen ESG targets.
Chris Parry
VP of ESG, Datamine
Technological Solutions Feature Bucket |
Basic Feature Description |
Advanced Feature Description |
Natural language processing (NLP) tools |
Ability to use NLP tools to track and monitor sentiment data from news and social media outlets. |
Leveraging NLP toolsets can provide organizations granular insights into workplace sentiment levels, which is a core component of any ESG strategy. A recent study by MarketPsych, a company that uses NLP technologies to analyze sentiment data from news and social media feeds, linked stock price performance to workplace sentiment levels. |
Distributed ledger technologies (DLTs) |
DLTs can help ensure greater reporting transparency, in line with stringent regulatory reporting requirements. |
DLT as an ESG enabler, with advanced capabilities such as an option to provide demand response services linked to electricity usage and supply forecasting. |
Cloud-based data management and reporting systems |
Cloud-based data management and reporting can support ESG initiatives by providing increased reporting transparency and a better understanding of diverse social and environmental risks. |
Leverage newfound toolsets such as Microsoft Cloud for Sustainability – a SaaS offering that enables organizations to seamlessly record, report, and reduce their emissions on a path toward net zero. |
IoT technologies |
Integration of IoT devices can help enhance the integrity of ESG reporting through the collection of descriptive and accurate ESG metrics (e.g. energy efficiency, indoor air quality, water quality and usage). |
Advanced management of real-time occupancy monitoring: for example, the ability to reduce energy consumption rates by ensuring energy is only used when spaces and individual cubicles are occupied. |
In a recent survey of over 1,000 global public- and private-sector leaders, 87% said they see AI as a helpful tool to fight climate change.
Source: Boston Consulting Group
Technology providers are part of the solution and can be leveraged to collect, analyze, disclose, track, and report on the vast amount of data.
Increasingly organizations are using artificial intelligence to build climate resiliency:
And protect organizations from vulnerabilities:
Our definition: ESG reporting software helps organizations improve the transparency and accountability of their ESG program and track, measure, and report their sustainability efforts.
Key considerations for reporting software selection:
Adoption of ESG reporting software has historically been low, but these tools will become critical as organizations strive to meet increasing ESG reporting requirements.
In a recent ESG planning and performance survey conducted by ESG SaaS company Diligent Corporation, it was found that over half of all organizations surveyed do not publish ESG metrics of any kind, and only 9% of participants are actively using software that supports ESG data collection, analysis, and reporting.
Source: Diligent, 2021.
Understanding business needs through requirements gathering is the key to defining everything about what is being purchased. However, it is an area where people often make critical mistakes.
Poorly scoped requirementsFail to be comprehensive and miss certain areas of scope. Focus on how the solution should work instead of what it must accomplish. Have multiple levels of detail within the requirements that are inconsistent and confusing. Drill all the way down into system-level detail. Add unnecessary constraints based on what is done today rather than focusing on what is needed for tomorrow. Omit constraints or preferences that buyers think are obvious. |
Best practicesGet a clear understanding of what the system needs to do and what it is expected to produce. Test against the principle of MECE – requirements should be “mutually exclusive and collectively exhaustive.” Explicitly state the obvious and assume nothing. Investigate what is sold on the market and how it is sold. Use language that is consistent with that of the market and focus on key differentiators – not table stakes. Contain the appropriate level of detail – the level should be suitable for procurement and sufficient for differentiating vendors. |
Download Info-Tech's Improve Requirements Gathering blueprint
Central Data Repository: Collection of stored data from existing databases merged into one location that can then be shared, analyzed, or updated.
Automatic Data Collection: Ability to automate data flows, collect responses from multiple sources at specified intervals, and check them against acceptance criteria.
Automatic KPI Calculations, Conversions, and Updates: Company-specific metrics can be automatically calculated, converted, and tracked.
Built-In Indicator Catalogs and Benchmarking: Provides common recognized frameworks or can integrate a catalog of ESG indicators.
Custom Reporting: Ability to create reports on company emissions, energy, and asset data in company-branded templates.
User-Based Access and Permissions: Ability to control access to specific content or data sets based on the end user’s roles.
Real-Time Capabilities: Ability to analyze and visualize data as soon as it becomes available in underlying systems.
Version Control: Tracking of document versions with each iteration of document changes.
Intelligent Alerts and Notifications: Ability to create, manage, send, and receive notifications, enhancing efficiency and productivity.
Audit Trail: View all previous activity including any recent edits and user access.
Encrypted File Storage and Transfer: Ability to encrypt a file before transmitting it over the network to hide content from being viewed or extracted.
Input: Business (ESG) strategy, Data inventory (if exists), Asset inventory (if exists), Output from Activity 5, Output from Activity 6,
Output: List of tooling options
Materials: Whiteboard/flip charts, ESG Reporting Workbook
Participants: Chief Sustainability Officer, Head of ESG Reporting, Business leaders, Data analysts, Data and IT architect/leaders
Download the ESG Reporting Workbook
Input: Business (ESG) strategy, Output from Activity 5, Output from Activity 6, Output from Activity 7
Output: ESG Reporting Implementation Plan
Materials: Whiteboard/flip charts, ESG Reporting Implementation Plan Template
Participants: Chief Sustainability Officer, Head of ESG Reporting, Business leaders, Data analysts, PMO, Data and IT architect/leaders
Download the ESG Reporting Implementation Plan Template
Input: Business (ESG) strategy, ESG Reporting Workbook, ESG reporting implementation plan
Output: ESG Reporting Presentation Template
Materials: Whiteboard/flip charts, ESG Reporting Presentation Template, Internal communication templates
Participants: Chief Sustainability Officer, Head of Marketing/ Communications, Business leaders, PMO
Since a purpose-driven ESG program presents a significant change in how organizations operate, the goals and intentions need to be understood throughout the organization. Once you have developed your ESG reporting strategy it is important that it is communicated, understood, and accepted. Use the ESG Reporting Presentation Template as a guide to deliver your story.
Download the ESG Reporting Presentation Template
This phase will provide additional material on Info-Tech’s expertise in the following areas:
Review Info-Tech’s process and understand how you can prevent your organization from leaking negotiation leverage while preventing vendors from taking control of your RFP.
Expert Analyst Guidance over5 weeks on average to select and negotiate software.
Save Money, Align Stakeholders, Speed Up the Process & make better decisions.
Use a Repeatable, Formal Methodology to improve your application selection process.
Better, Faster Results, guaranteed, included in membership.
You may be faced with multiple products, services, master service agreements, licensing models, service agreements, and more.
Use the Contract Review Service to gain insights on your agreements.
Consider the aspects of a contract review:
Validate that a contract meets IT’s and the business’ needs by looking beyond the legal terminology. Use a practical set of questions, rules, and guidance to improve your value for dollar spent.
Click here to book The Contract Review Service
Download blueprint Master Contract Review and Negotiation for Software Agreements
The purpose of this section is to showcase various vendors and companies that provide software solutions to help users manage and prioritize their ESG reporting initiatives.
This section showcases the core capabilities of each software platform to provide Info-Tech members with industry insights regarding some of the key service providers that operate within the ESG vendor market landscape.
Info-Tech members who are concerned with risks stemming from the inability to sort and disseminate unstructured ESG data reporting metrics or interested in learning more about software offerings that can help automate the data collection, processing, and management of ESG metrics will find high-level insights into the ESG vendor market space.
The establishment of the Datamine ESG unit comes at the same time the mining sector is showing an increased interest in managing ESG and its component systems as part of a single scope.
With miners collecting and dealing with ever-increasing quantities of data and looking for ways to leverage it to make data-driven decisions that enhance risk management and increase profitability, integrated software solutions are – now more than ever – essential in supporting continuous improvement and maintaining data fidelity and data integrity across the entire mining value chain.
Key Features:
Benchmark ESG provides industry-leading ESG data management and reporting software that can assist organizations in managing operational risk and compliance, sustainability, product stewardship, and ensuring responsible sourcing across complex global operations.
Key Features:
PwC’s ESG Management Solution provides quick insights into ways to improve reporting transparency surrounding your organization’s ESG commitments.
According to PwC’s most recent CEO survey, the number one motivator for CEOs in mitigating climate change risks is their own desire to help solve this global problem and drive transparency with stakeholders.
Source: “Annual Global CEO Survey,” PwC, 2022.
Key Features:
ServiceNow ESG Management (ESGM) and reporting platform helps organizations transform the way they manage, visualize, and report on issues across the ESG spectrum.
The platform automates the data collection process and the organization and storage of information in an easy-to-use system. ServiceNow’s ESGM solution also develops dashboards and reports for internal user groups and ensures that external disclosure reports are aligned with mainstream ESG standards and frameworks.
We know that doing well as a business is about more than profits. One workflow at a time, we believe we can change the world – to be more sustainable, equitable, and ethical.
Source: ServiceNow, 2021.
Key Features:
|
The ESG Imperative and Its Impact on OrganizationsUse this blueprint to educate yourself on ESG factors and the broader concept of sustainability. Identify changes that may be needed in your organizational operating model, strategy, governance, and risk management approach. Learn about Info-Tech’s ESG program approach and use it as a framework to begin your ESG program journey. |
|
Private Equity and Venture Capital Growing Impact of ESG ReportIncreasingly, new capital has a social mandate attached to it due to the rise of ESG investment principles. Learn about how the growing impact of ESG affects both your organization and IT specifically, including challenges and opportunities, with expert assistance. |
Terms |
Definition |
Corporate Social Responsibility |
Management concept whereby organizations integrate social and environmental concerns in their operations and interactions with their stakeholders. |
Chief Sustainability Officer |
Steers sustainability commitments, helps with compliance, and helps ensure internal commitments are met. Responsibilities may extend to acting as a liaison with government and public affairs, fostering an internal culture, acting as a change agent, and leading delivery. |
ESG |
An acronym that stands for environment, social, and governance. These are the three components of a sustainability program. |
ESG Standard |
Contains detailed disclosure criteria including performance measures or metrics. Standards provide clear, consistent criteria and specifications for reporting. Typically created through consultation process. |
ESG Framework |
A broad contextual model for information that provides guidance and shapes the understanding of a certain topic. It sets direction but does not typically delve into the methodology. Frameworks are often used in conjunction with standards. |
ESG Factors |
The factors or issues that fall under the three ESG components. Measures the sustainability performance of an organization. |
ESG Rating |
An aggregated score based on the magnitude of an organization’s unmanaged ESG risk. Ratings are provided by third-party rating agencies and are increasingly being used for financing, transparency to investors, etc. |
ESG Questionnaire |
ESG surveys or questionnaires are administered by third parties and used to assess an organization’s sustainability performance. Participation is voluntary. |
Key Risk Indicator (KRI) |
A measure to indicate the potential presence, level, or trend of a risk. |
Key Performance Indicator (KPI) |
A measure of deviation from expected outcomes to help a firm see how it is performing. |
Materiality |
Material topics are topics that have a direct or indirect impact on an organization's ability to create, preserve, or erode economic, environmental, and social impact for itself and its stakeholder and society as a whole. |
Materiality Assessment |
A tool to identify and prioritize the ESG issues most critical to the organization. |
Risk Sensing |
The range of activities carried out to identify and understand evolving sources of risk that could have a significant impact on the organization (e.g. social listening). |
Sustainability |
The ability of an organization and broader society to endure and survive over the long term by managing adverse impacts well and promoting positive opportunities. |
Sustainalytics |
Now part of Morningstar. Sustainalytics provides ESG research, ratings, and data to institutional investors and companies. |
UN Guiding Principles on Business and Human Rights (UNGPs) |
An essential methodological foundation for how impacts across all dimensions should be assessed. |
Standard |
Definition and focus |
|
CDP |
CDP has created standards and metrics for comparing sustainability impact. Focuses on environmental data (e.g. carbon, water, and forests) and on data disclosure and benchmarking. Audience: All stakeholders |
|
Dow Jones Sustainability Indices (DJSI) |
Heavy on corporate governance and company performance. Equal balance of economic, environmental, and social. Audience: All stakeholders |
|
Global Reporting Initiative (GRI) |
International standards organization that has a set of standards to help organizations understand and communicate their impacts on climate change and social responsibility. The standard has a strong emphasis on transparency and materiality, especially on social issues. Audience: All stakeholders |
|
International Sustainability Standards Board (ISSB) |
Standard-setting board that sits within the International Financial Reporting Standards (IFRS) Foundation. The IFRS Foundation is a not-for-profit, public-interest organization established to develop high-quality, understandable, enforceable, and globally accepted accounting and sustainability disclosure standards. Audience: Investor-focused |
|
United Nations Sustainable Development Goals (SDGs) |
Global partnership across sectors and industries that sets out 17 goals to achieve sustainable development for all. Audience: All stakeholders |
|
Sustainability Accounting Standards Board (SASB) |
Industry-specific standards to help corporations select topics that may impact their financial performance. Focus on material impacts on financial condition or operating performance. Audience: Investor-focused |
|
Task Force on Climate-Related Financial Disclosures (TCFD; created by the Financial Stability Board) |
Standards framework focused on the impact of climate risk on financial and operating performance. More broadly the disclosures inform investors of positive and negative measures taken to build climate resilience and make transparent the exposure to climate-related risk. Audience: Investors, financial stakeholders |
"2021 Global Investor Survey: The Economic Realities of ESG." PwC, Dec. 2021. Accessed May 2022.
"2023 Canadian ESG Reporting Insights." PwC, Nov. 2022. Accessed Dec. 2022.
Althoff, Judson. "Microsoft Cloud for Sustainability: Empowering Organizations On Their Path To Net Zero." Microsoft Blog, 14 July 2021. Accessed May 2022.
"Balancing Sustainability and Profitability." IBM, Feb. 2022. Accessed June. 2022.
"Beyond Compliance: Consumers and Employees Want Business to Do More on ESG." PwC, Nov. 2021. Accessed July 2022.
Bizo, Daniel. "Multi-Tenant Datacenters and Sustainability: Ambitions and Reality." S&P Market Intelligence, Sept. 2020. Web.
Bolden, Kyle. "Aligning nonfinancial reporting with your ESG strategy to communicate long-term value." EY, 18 Dec. 2020. Web.
Carril, Christopher, et al. "Looking at Restaurants Through an ESG Lens: ESG Stratify – Equity Research Report." RBC Capital Markets, 5 Jan. 2021. Accessed Jun. 2022.
"Celebrating and Advancing Women." McDonald’s, 8 March 2019. Web.
Clark, Anna. "Get your ESG story straight: A sustainability communication starter kit." GreenBiz, 20 Dec. 2022, Accessed Dec. 2022.
Courtnell, Jane. “ESG Reporting Framework, Standards, and Requirements.” Corporate Compliance Insights, Sept. 2022. Accessed Dec. 2022.
“Country Sustainability Ranking. Country Sustainability: Visibly Harmed by Covid-19.” Robeco, Oct. 2021. Accessed June 2022.
“Defining the “G” in ESG Governance Factors at the Heart of Sustainable Business.” World Economic Forum, June 2022. Web.
“Digital Assets: Laying ESG Foundations.” Global Digital Finance, Nov. 2021. Accessed April 2022.
“Dow Jones Sustainability Indices (DJCI) Index Family.” S&P Global Intelligence, n.d. Accessed June 2022.
"ESG in Your Business: The Edge You Need to Land Large Contracts." BDC, March 2023, Accessed April 2023.
“ESG Performance and Its Impact on Corporate Reputation.” Intelex Technologies, May 2022. Accessed July 2022.
“ESG Use Cases. IoT – Real-Time Occupancy Monitoring.” Metrikus, March 2021. Accessed April 2022.
Fanter, Tom, et al. “The History & Evolution of ESG.” RMB Capital, Dec. 2021. Accessed May 2022.
Flynn, Hillary, et al. “A guide to ESG materiality assessments.” Wellington Management, June 2022, Accessed September 2022
“From ‘Disclose’ to ‘Disclose What Matters.’” Global Reporting Initiative, Dec. 2018. Accessed July 2022.
“Getting Started with ESG.” Sustainalytics, 2022. Web.
“Global Impact ESG Fact Sheet.” ServiceNow, Dec. 2021. Accessed June 2022.
Gorley, Adam. “What is ESG and Why It’s Important for Risk Management.” Sustainalytics, March 2022. Accessed May 2022.
Hall, Lindsey. “You Need Near-Term Accountability to Meet Long-Term Climate Goals.” S&P Global Sustainable1, Oct. 2021. Accessed April 2022.
Henisz, Witold, et al. “Five Ways That ESG Creates Value.” McKinsey, Nov. 2019. Accessed July 2022.
“Integrating ESG Factors in the Investment Decision-Making Process of Institutional Investors.” OECD iLibrary, n.d. Accessed July 2022.
“Investor Survey.” Benchmark ESG, Nov. 2021. Accessed July 2022.
Jackson, Brian. Tech Trends 2023, Info-Tech Research Group, Dec. 2022, Accessed Dec. 2022.
Keet, Lior. “What Is the CIO’s Role in the ESG Equation?” EY, 2 Feb. 2022. Accessed May 2022.
Lev, Helee, “Understanding ESG risks and why they matter” GreenBiz, June 2022. Accessed Dec 2022.
Marsh, Chris, and Simon Robinson. “ESG and Technology: Impacts and Implications.” S&P Global Market Intelligence, March 2021. Accessed April 2022.
Martini, A. “Socially Responsible Investing: From the Ethical Origins to the Sustainable Development Framework of the European Union.” Environment, Development and Sustainability, vol. 23, Nov. 2021. Web.
Maher, Hamid, et al. “AI Is Essential for Solving the Climate Crisis.” Boston Consulting Group, 7 July 2022. Web.
“Materiality Assessment. Identifying and Taking Action on What Matters Most.” Novartis, n.d. Accessed June. 2022.
Morrow, Doug, et al. “Understanding ESG Incidents: Key Lessons for Investors.” Sustainalytics, July 2017. Accessed May 2022.
“Navigating Climate Data Disclosure.” Novisto, July 2022. Accessed Nov. 2022.
Nuttall, Robin, et al. “Why ESG Scores Are Here to Stay.” McKinsey & Company, May 2020. Accessed July 2022.
“Opportunities in Sustainability – 451 Research’s Analysis of Sustainability Perspectives in the Data Center Industry.” Schneider Electric, Sept. 2020. Accessed May 2022.
Peterson, Richard. “How Can NLP Be Used to Quantify ESG Analytics?” Refinitiv, Feb. 2021. Accessed June 2022.
“PwC’s 25th Annual Global CEO Survey: Reimagining the Outcomes That Matter.” PwC, Jan. 2022. Accessed June 2022.
“SEC Proposes Rules on Cybersecurity, Risk Management, Strategy, Governance, and Incident Disclosure by Public Companies.” Securities and Exchange Commission, 9 May 2022. Press release.
Serafeim, George. “Social-Impact Efforts That Create Real Value.” Harvard Business Review, Sept. 2020. Accessed May 2022.
Sherrie, Gonzalez. “ESG Planning and Performance Survey.” Diligent, 24 Sept. 2021. Accessed July 2022.
“Special Reports Showcase, Special Report: Mid-Year Report on Proposed SEC Rule 14-8 Change.” Sustainable Investments Institute, July 2020. Accessed April 2022.
“State of European Tech. Executive Summary Report.” Atomico, Nov. 2021. Accessed June 2022.
“Top Challenges in ESG Reporting, and How ESG Management Solution Can Help.” Novisto, Sept. 2022. Accessed Nov. 2022.
Vaughan-Smith, Gary. “Navigating ESG data sets and ‘scores’.” Silverstreet Capital, 23 March 2022. Accessed Dec. 2022.
Waters, Lorraine. “ESG is not an environmental issue, it’s a data one.” The Stack, 20 May 2021. Web.
Wells, Todd. “Why ESG, and Why Now? New Data Reveals How Companies Can Meet ESG Demands – And Innovate Supply Chain Management.” Diginomica, April 2022. Accessed July 2022.
“XBRL is coming to corporate sustainability Reporting.” Novisto, Aug. 2022. Accessed Dec. 2022.
Chris Parry
VP of ESG, Datamine
Chris Parry has recently been appointed as the VP of ESG at Datamine Software. Datamine’s dedicated ESG division provides specialized ESG technology for sustainability management by supporting key business processes necessary to drive sustainable outcomes.
Chris has 15 years of experience building and developing business for enterprise applications and solutions in both domestic and international markets.
Chris has a true passion for business-led sustainable development and is focused on helping organizations achieve their sustainable business outcomes through business transformation and digital software solutions.
Datamine’s comprehensive ESG capability supports ESG issues such as the environment, occupational health and safety, and medical health and wellbeing. The tool assists with risk management, stakeholder management and business intelligence.
Operations... make sure that the services and products you offer your clients are delivered in the most efficient way possible. IT Operations makes sure that the applications and infrastructure that your delivery depends on is solid.
Gert Taeymans has over 20 years experience in directing the implementation and management of mission-critical services for businesses in high-volume international markets. Strong track record in risk management, crisis management including disaster recovery, service delivery and change & config management.
Analysts do not feel empowered to challenge requirements to deliver a better outcome. This alongside underlying data quality issues prevents the creation of accurate and helpful information. Graphic representations do not provide meaningful and actionable insights.
As organizations strive to become more data-driven, good storytelling with data visualization supports growing corporate data literacy and helps analysts in providing insights that improves organization's decision-making and value-driving processes, which ultimately boosts business performance.
Follow a step-by-step guide to address the business bias of tacet experience over data facts and increase audience's understanding and acceptance toward data solutions.
Save the lost hours and remove the challenges of reports and dashboards being disregarded due to ineffective usage.
Gain insights from data-driven recommendations and have decision support to make informed decisions.
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Here is our step-by-step process of getting value out of effective storytelling with data visualization:
This storytelling whiteboard canvas is a template that will help you create your visualization story narrative by:
Data visualization refers to graphical representations of data which help an audience understand. Without good storytelling, however, these representations can distract an audience with enormous amounts of data or even lead them to incorrect conclusions.
Good storytelling with data visualization involves identifying the business problem, exploring potential drivers, formulating a hypothesis, and creating meaningful narratives and powerful visuals that resonate with all audiences and ultimately lead to clear actionable insights.
Follow Info-Tech's step-by-step approach to address the business bias of tacit experience over data facts, improve analysts' effectiveness and support better decision making.
Ibrahim Abdel-Kader
Research Analyst,
Data, Analytics, and Enterprise Architecture
Nikitha Patel
Research Specialist,
Data, Analytics, and Enterprise Architecture
Ruyi Sun
Research Specialist,
Data, Analytics, and Enterprise Architecture
This research is designed for
This research will also assist
This research will help you
This research will help them
| Your Challenge | Common Obstacles | Info-Tech's Approach |
As analysts, you may experience some critical challenges when presenting a data story.
|
Some common roadblocks may prevent you from addressing these challenges.
|
|
Info-Tech Insight
As organizations strive to become more data-driven, good storytelling with data visualization supports growing corporate data literacy and helps analysts provide insights that improve organizational decision-making and value-driving processes, which ultimately boosts business performance.
Data storytelling is gaining wide recognition as a tool for supporting businesses in driving data insights and making better strategic decisions.
92% of respondents agreed that data storytelling is an effective way of communicating or delivering data and analytics results.
87% of respondents agreed that if insights were presented in a simpler/clearer manner, their organization's leadership team would make more data-driven decisions.
93% of respondents agreed that decisions made based on successful data storytelling could potentially help increase revenue.
Source: Exasol, 2021
Despite organizations recognizing the value of data storytelling, issues remain which cannot be remedied solely with better technology.
61% Top challenges of conveying important insights through dashboards are lack of context (61%), over-communication (54%), and inability to customize contents for intended audiences (46%).
49% of respondents feel their organizations lack storytelling skills, regardless of whether employees are data literate.
Source: Exasol, 2021
Info-Tech Insight
Storytelling is a key component of data literacy. Although enterprises are increasingly investing in data analytics software, only 21% of employees are confident with their data literacy skills. (Accenture, 2020)
To get a complete view of the field you want to explore, please refer to the following Info-Tech resources:
Select and Implement a Reporting and Analytics Solution
Build a Data Architecture Roadmap
Info-Tech Insight
As organizations strive to become more data-driven, good storytelling with data visualization supports growing corporate data literacy and helps analysts provide insights that improve organizational decision-making and value-driving processes, which ultimately boosts business performance.
| Member Benefits | Business Benefits |
|---|---|
|
|
| DIY Toolkit | Guided Implementation | Workshop | Consulting |
|---|---|---|---|
| "Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful." | "Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track." | "We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place." | "Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project." |
Diagnostics and consistent frameworks are used throughout all four options.
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Use Info-Tech’s licensing best practices to avoid overspending on Adobe licensing and to remain compliant in case of audit.
"Adobe has designed and executed the most comprehensive evolution to the subscription model of pre-cloud software publishers with Creative Cloud. Adobe's release of Document Cloud (replacement for the Acrobat series of software) is the final nail in the coffin for legacy licensing for Adobe. Technology procurement functions have run out of time in which to act while they still retain leverage, with the exception of some late adopter organizations that were able to run on legacy versions (e.g. CS6) for the past five years. Procuring Adobe software is not the same game as it was just a few years ago. Adopt a comprehensive approach to understanding Adobe licensing, contract, and delivery models in order to accurately forecast your software needs, transact against the optimal purchase plan, and maximize negotiation leverage. "
Scott Bickley
Research Lead, Vendor Practice
Info-Tech Research Group
In 2011 Adobe took the strategic but radical move toward converting its legacy on-premises licensing to a cloud-based subscription model, in spite of material pushback from its customer base. While revenues initially dipped, Adobe’s resolve paid off; the transition is mostly complete and revenues have doubled. This was the first enterprise software offering to effect the transition to the cloud in a holistic manner. It now serves as a case study for those following suit, such as Microsoft, Autodesk, and Oracle.
Adobe elected to make this market pivot in a dramatic fashion, foregoing a gradual transition process. Enterprise clients were temporarily allowed to survive on legacy on-premises editions of Adobe software; however, as the Adobe Creative Cloud functionality was quickly enhanced and new applications were launched, customer capitulation to the new subscription model was assured.
Adobe is now leveraging the power of connected customers, the availability of massive data streams, and the ongoing digitalization trend globally to supplement the core Creative Cloud products with online services and analytics in the areas of Creative Cloud for content, Marketing Cloud for marketers, and Document Cloud for document management and workflows. This blueprint focuses on Adobe's Creative Cloud and Document Cloud solutions and the enterprise term license agreement (ETLA).
Beware of your contract being auto-renewed and getting locked into the quantities and product subset that you have in your current agreement. Determining the number of licenses you need is critical. If you overestimate, you're locked in for three years. If you underestimate, you have to pay a big premium in the true-up process.
Adobe estimates the total addressable market for creative and document cloud to be $21 billion. With no sign of growth slowing down, Adobe customers must learn how to work within the current design monopoly.
Source: Adobe, 2017
"Adobe is not only witnessing a steady increase in Creative Cloud subscriptions, but it also gained more visibility into customers’ product usage, which enables it to consistently push out software updates relevant to user needs. The company also successfully transformed its sales organization to support the recurring revenue model."
– Omid Razavi, Global Head of Success, ServiceNow
☑ Implement a user profile to assign licenses by version and limit expenditures. Alternatives can include existing legacy perpetual and Acrobat classic versions that may already be owned by the organization.
☑ Examine the suitability and/or dependency on Document Cloud functions, such as existing business workflows and e-signature integration.
☑ Involve stakeholders in the evaluation of alternate products for use cases where dependency on Acrobat-specific functionality is limited.
☑ Identify not just the installs and active use of the applications but also the depth and breadth of use across the various features so that the appropriate products can be selected.
Use Info-Tech’s Adobe toolkit to prepare for your new purchases or contract renewal
Info-Tech Insight
IT asset management (ITAM) and software asset management (SAM) are critical! An error made in a true-up can cost the organization for the remaining years of the ETLA. Info-Tech worked with one client that incurred a $600k error in the true-up that they were not able to recoup from Adobe.
Time and resource disruption to business if audited
Lost estimated synergies in M&A
Cost of new licensing
Cost of software audit, penalties, and back support
Lost resource allocation and time
Third party, legal/SAM partners
Cost of poor negotiation tactics
Lost discount percentage
Terms and conditions improved
Establish Licensing Requirements |
Evaluate Licensing Options |
Evaluate Agreement Options |
Purchase and Manage Licenses |
|
|---|---|---|---|---|
Best-Practice Toolkit |
|
|
|
|
Guided Implementations |
|
|
|
|
Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.
Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.
|
Guided Implementation 1: Managing Adobe Contracts Proposed Time to Completion: 3-6 weeks |
||
|---|---|---|
|
Step 1.1: Establish Licensing Requirements Start with a kick-off call:
Then complete these activities…
With these tools & templates: Adobe ETLA Deployment Forecast |
Step 1.2: Determine Licensing Options Review findings with analyst:
Then complete these activities…
With these tools & templates: Adobe ETLA vs. VIP Pricing Table Adobe ETLA Forecasted Costs and Benefits |
Step 1.3: Purchase and Manage Licenses Review findings with analyst:
Then complete these activities…
With these tools & templates: Adobe ETLA Deployment Forecast |
Adobe’s move from a perpetual license to a per-user subscription model can be positive in some scenarios for organizations that experienced challenges with deployment, management of named users vs. devices, and license tracking.
Adobe has been systematically reducing discounts on ETLAs as they enter the second renewal cycle of the original three-year terms.
Adobe cloud services are being bundled with ETLAs with a mandate that companies that do not accept the services at the proposed cost have Adobe management’s approval to unbundle the deal, generally with no price relief.
The option for custom bundling of legacy Creative Suite component applications has been removed, effectively raising the price across the board for licensees that require more than two Adobe applications who must now purchase the full Creative Cloud suite.
Higher education/public education agreements have been revamped over the past couple of years, increasing prices for campus-wide agreements by double-digit percentages (~10-30%+). While they still receive an 80% discount over list price, IT departments in this industry are not prepared to absorb the budget increase.
Adobe has moved to an all-or-one bundle model. If you need more than two application products, you will likely need to purchase the full Creative Cloud suite. Therefore, it is important to focus on creating accurate user profiles to identify usage needs.
Use Info-Tech’s Adobe ETLA vs. VIP Pricing Table tool to compare ETLA costs against VIP costs.
Use Info-Tech’s ETLA Forecasted Costs and Benefits tool to forecast your ETLA costs and document benefits.
The subscription model forces customers to an annuity-based pricing model, so Adobe has recurring revenue from a subscription-based product. This increases customer lifetime value (CLTV) for Adobe while providing ongoing functionality updates that are not version/edition dependent.
Key Characteristics:
Adobe Digital Publishing Suite, Single Edition
Bundle Name |
Target Customer |
Included Applications |
Features |
|---|---|---|---|
CC (for Individuals) |
Individual users |
The individual chooses |
|
CC for Teams (CCT) |
Small to midsize organizations with a small number of Adobe users who are all within the same team |
Depends on your team’s requirements. You can select all applications or specific applications. |
Everything that CC (for individuals) does, plus
|
CC for Enterprise (CCE) |
Large organizations with users who regularly use multiple Adobe products on multiple machines |
All applications including Adobe Stock for images and Adobe Enterprise Dashboard for managing user accounts |
Everything that CCT does, plus
|
For further information on specific functionality differences, reference Adobe’s comparison table.
☑ True cloud products are typically service-based, scalable and elastic, shared resources, have usage metering, and rely upon internet technologies. Currently, Adobe’s Creative Cloud and Document Cloud products lack these characteristics. In fact, the core products are still downloaded and physically installed on endpoint devices, then anchored to the cloud provisioning system, where the software can be automatically updated and continuously verified for compliance by ensuring the subscription is active.
☑ Adobe Cloud allows Adobe to increase end-user productivity by releasing new features and products to market faster, but the customer will increase lock-in to the Adobe product suite. The fast-release approach poses a different challenge for IT departments, as they must prepare to test and support new functionality and ensure compatibility with endpoint devices.
☑ There are options at the enterprise level that enable IT to exert more granular control over new feature releases, but these are tied to the ETLA and the provided enterprise portal and are not available on other subscription plans. This is another mechanism by which Adobe has been able to spur ETLA adoption.
☑ Not all CIOs consider SaaS/subscription applications their first choice, but the Adobe’s dominant position in the content and document management marketplace is forcing the shift regardless. It is significant that Adobe bypassed the typical hybrid transition model by effectively disrupting the ability to continue with perpetual licensing without falling behind the functionality curve.
☑ VIP plans do allow for annual terms and payment, but you lose the price elasticity that comes with multi-year terms.
Download Info-Tech’s Adobe ETLA vs. VIP Pricing Table tool to compare ETLA costs against VIP costs.
Step 1: Make sure you have a software asset management (SAM) tool to determine Adobe installs and usage within your environment.
Step 2: Look at the current Adobe install base and usage. We recommend reviewing three months’ worth of reliable usage data to decide which users should have which licenses going forward.
Step 3: Understand the changes in Adobe packages for Creative Cloud (CC). Also, take into account that the license types are based on users, not devices.
Step 4: Identify those users who only need a single license for a single application (e.g. Photoshop, InDesign, Muse).
Step 5: Identify the users who require CC suites. Look at their usage of previous Adobe suites to get an idea of which CC suite they require. Did they have Design Suite Standard installed but only use one or two elements? This is a good way to ensure you do not overspend on Adobe licenses.
Download Info-Tech’s Adobe ETLA Deployment Forecast tool to track Adobe installs within your environment and to determine usage needs.
Most common purchasing models |
Points for consideration |
|---|---|
|
|
"Customers are not even obliged to manage all the licenses themselves. The reseller partners have access to the cloud console and can manage licenses on behalf of their customers. Even better, they can seize cross and upsell opportunities and provide good insight into the environment. Additionally, Adobe itself provides optimization services."
– B-lay
The CLP and TLP are transactional agreements generally used for the purchase of perpetual licenses. For example, they could be used for making Acrobat purchases if Creative Suite products are purchased on the ETLA.
Source: “Adobe Buying Programs Comparison Guide for Commercial and Government Organizations”
The Value Incentive Plan is aimed at small- to medium-sized organizations with no minimum quantity required. However, there is limited flexibility to reduce licenses and limited price protection for future purchases. The ETLA is aimed at large organizations who wish to have new functionality as it comes out, license management portal, services, and security/IT control aspects.
Source: “Adobe Buying Programs Comparison Guide for Commercial and Government Organizations”
The Adobe ETLA’s rigid contract parameters, true-up process, and unique deployment/provisioning mechanisms give technology/IT procurement leaders fewer options to maximize cost-usage alignment and to streamline opex costs.
☑ No ETLA price book is publicly published; pricing is controlled by the Adobe enterprise sales team.
☑ Adobe's retail pricing is a good starting point for negotiating discounted pricing.
☑ ETLA commitments are usually for three years, and the lack of a true-down option increases the risk involved in overbuying licenses should the organization encounter a business downturn or adverse event.
☑ Pricing discounts are the highest at the initial ETLA signing for the upfront volume commitment. The true-up pricing is discounted from retail but still higher than the signing cost per license.
☑ Technical support is included in the ETLA.
☑ While purchases typically go through value-added resellers (VARs), procurement can negotiate directly with Adobe.
"For cloud products, it is less complex when it comes to purchasing and pricing. If larger quantities are purchased on a longer term, the discount may reach up to 15%. As soon as you enroll in the VIP program, you can control all your licenses from an ‘admin console’. Any updates or new functionalities are included in the original price. When the licenses expire, you may choose to renew your subscriptions or remove them. Partial renewal is also accepted. Of course, you can also re-negotiate your price if more subscriptions are added to your console."
– B-lay
INFO-TECH TIP: For further guidance on ETLAs and pricing, contact your Info-Tech representative to set up a call with an analyst.
Use Info-Tech’s Adobe ETLA Deployment Forecast tool to match licensees with Adobe product SKUs.
When adding a license, the true-up price will be prorated to 50% of the license cost for previous year’s usage plus 100% of the license cost for the next year. This back-charging adds up to 150% of the overall true-up license cost. In some rare cases, Adobe has provided an “unlimited” quantity for certain SKUs; these Unlimited ETLAs generally align with FTE counts and limit FTE increases to about 5%. Procurement must monitor and work with SAM/ITAM and stakeholder groups to restrain unnecessary growth during the term of an Unlimited ETLA to avoid the risk of cost escalation at renewal time.
Higher-education clients can license under the ETLA based on a prescribed number of user and classroom/lab devices and/or on a FTE basis. In these cases, the combination of Creative Cloud and Acrobat Pro volume must equal the FTE total, creating an enterprise footprint. FTE calculations establish the full-time faculty plus one-third of part-time faculty plus one-half of part-time staff.
Compliance takes a different form in terms of the ETLA true-up process. The completion of Adobe's transition to cloud-based licensing and verification has improved compliance rates via phone home telemetry such that pirated software is less available and more easily detected. Adobe has actually decommissioned its audit arm in the Americas and EMEA.
Determine License Entitlements
Obtain documentation from internal records and Adobe to track licenses and upgrades to determine what licenses you own and have the right to use.
Gather Deployment Information
Leverage a software asset management tool or process to determine what software is deployed and what is/is not being used.
Determine Effective License Position
Compare license entitlements with deployment data to uncover surpluses and deficits in licensing. Look for opportunities.
Plan Changes to License Position
Meet with IT stakeholders to discuss the enterprise license program (ELP), short- and long-term project plans, and budget allocation. Plan and document licensing requirements.
Option |
What is it? |
What’s included? |
For |
Term |
|---|---|---|---|---|
CLP (Cumulative Licensing Program) |
10,000 plus points, support and maintenance optional |
Select Adobe perpetual desktop products |
Business |
2 years |
EA (Adobe Enterprise Agreement) |
100 licenses plus maintenance and support for eligible Adobe products |
All applications |
100+ users requirement |
3 years |
EEA (Adobe Enterprise Education Agreement) |
Creative Cloud enterprise agreement for education establishments |
Creative Cloud applications without services |
Education |
1 or 2 years |
ETLA (Enterprise Term License Agreement) |
Licensing program designed for Adobe’s top commercial, government, and education customers |
All Creative Cloud applications |
Large enterprise companies |
3 years |
K-12 – Enterprise Agreement |
Enterprise agreement for primary and secondary schools |
Creative Cloud applications without services |
Education |
1 year |
K-12 – School Site License |
Allows a school to install a Creative Cloud on up to 500 school-owned computers regardless of school size |
Creative Cloud applications without services |
Education |
1 year |
TLP (Transactional Licensing Program) |
Agreement for SMBs that want volume licensing bonuses |
Perpetual desktop products only |
Aimed at SMBs, but Enterprise customers can use the TLP for smaller requirements |
N/A |
Upgrade Plan |
Insurance program for software purchased under a perpetual license program such as CLP or TLP for Creative Cloud upgrade |
Dependent on the existing perpetual estate |
Anyone |
N/A |
VIP (Value Incentive Plan) |
VIP allows customers to purchase, deploy, and manage software through a term-based subscription license model |
Creative Cloud of teams |
Business, government, and education |
Adobe operates in its own niche in the creative space, and Adobe users have grown accustomed to their products, making switching very difficult.
Adobe has transitioned the vast majority of its software offerings to the cloud-based subscription model. Active management of licenses, software provisioning, and consumption of cloud services is now an ongoing job.
With the vendor lock-in process nearly complete via the transition to a SaaS subscription model, Adobe is raising prices on an annual basis. Advance planning and strategic use of the ETLA is key to avoid budget-breaking surprises.
Take Control of Microsoft Licensing and Optimize Spend
Create an Effective Plan to Implement IT Asset Management
Establish an Effective System of Internal IT Controls to Mitigate Risks
Optimize Software Asset Management
Take Control of Compliance Improvement to Conquer Every Audit
“Adobe Buying Programs: At-a-glance comparison guide for Commercial and government organizations.” Adobe Systems Incorporated, 2014. Web. 1 Feb. 2018.
“Adobe Buying Programs Comparison Guide for Commercial and Government Organizations.” Adobe Systems Incorporated, 2018. Web.
“Adobe Buying Programs Comparison Guide for Education.” Adobe Systems Incorporated, 2018. Web. 1 Feb 2018.
“Adobe Education Enterprise Agreement: Give your school access to the latest industry-leading creative tools.” Adobe Systems Incorporated, 2014. Web. 1 Feb. 2018.
“Adobe Enterprise Term License Agreement for commercial and government organizations.” Adobe Systems Incorporated, 2016. Web. 1 Feb. 2018.
Adobe Investor Presentation – October 2017. Adobe Systems Incorporated, 2017. Web. 1 Feb. 2018.
Cabral, Amanda. “Students react to end of UConn-Adobe contract.” The Daily Campus (Uconn), 5 April 2017. Web. 1 Feb. 2018.
de Veer, Patrick and Alecsandra Vintilescu. “Quick Guide to Adobe Licensing.” B-lay, Web. 1 Feb. 2018.
“Find the best program for your organization.” Adobe, Web. 1 Feb 2018.
Foxen, David. “Adobe Upgrade Simplified.” Snow Software, 7 Oct. 2016. Web.
Frazer, Bryant. “Adobe Stops Reporting Subscription Figures for Creative Cloud.” Studio Daily. Access Intelligence, LLC. 17 March 2016. Web.
“Give your students the power to create bright futures.” Adobe, Web. 1 Feb 2018.
Jones, Noah. “Adobe changes subscription prices, colleges forced to pay more.” BG Falcon Media. Bowling Green State University, 18 Feb. 2015. Web. 1 Feb. 2018.
Mansfield, Adam. “Is Your Organization Prepared for Adobe’s Enterprise Term License Agreements (ETLA)?” UpperEdge,30 April 2013. Web. 1 Feb. 2018.
Murray, Corey. “6 Things Every School Should Know About Adobe’s Move to Creative Cloud.” EdTech: Focus on K-12. CDW LLC, 10 June 2013. Web.
“Navigating an Adobe Software Audit: Tips for Emerging Unscathed.” Nitro, Web. 1 Feb. 2018.
Razavi, Omid. “Challenges of Traditional Software Companies Transitioning to SaaS.” Sand Hill, 12 May 2015. Web. 1 Feb. 2018.
Rivard, Ry. “Confusion in the Cloud.” Inside Higher Ed. 22 May 2013. Web. 1 Feb. 2018.
Sharwood, Simon. “Adobe stops software licence audits in Americas, Europe.” The Register. Situation Publishing. 12 Aug. 2016. Web. 1 Feb. 2018.
“Software Licensing Challenges Faced In The Cloud: How Can The Cloud Benefit You?” The ITAM Review. Enterprise Opinions Limited. 20 Nov. 2015. Web.
White, Stephen. “Understanding the Impacts of Adobe’s Cloud Strategy and Subscriptions Before Negotiating an ETLA.” Gartner, 22 Feb. 2016. Web.
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Define and align your team on target persona, outline steps to capture and document a robust buyer persona and journey, and capture current team buyer knowledge.
Hold initial buyer interviews, test initial results, and continue with interviews.
Consolidate interview findings, present to product, marketing, and sales teams. Work with them to apply to product design, marketing launch/campaigning, and sales and customer success enablement.
Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.
Organize, drive alignment on target persona, and capture initial views.
Steering committee and project team roles and responsibilities clarified.
Product, marketing, and sales aligned on target persona.
Build initial team understanding of persona.
1.1 Outline a vision for buyer persona and journey creation and identify stakeholders.
1.2 Identify buyer persona choices and settle on an initial target.
1.3 Document team knowledge about buyer persona (and journey where possible).
Documented steering committee and working team
Executive Brief on personas and journey
Personas and initial targets
Documented team knowledge
Build list of buyer interviewees, finalize interview guide, and validate current findings with analyst input.
Interview efficiently using 75-question interview guide.
Gain analyst help in persona validation, reducing workload.
2.1 Share initial insights with covering industry analyst.
2.2 Hear from industry analyst their perspectives on the buyer persona attributes.
2.3 Reconcile differences; update “current understanding.”
2.4 Identify interviewee types by segment, region, etc.
Analyst-validated initial findings
Target interviewee types
Validate current persona hypothesis and flush out those attributes only derived from interviews.
Get to a critical mass of persona and journey understanding quickly.
3.1 Identify actual list of 15-20 interviewees.
3.2 Hold interviews and use interview guides over the course of weeks.
3.3 Hold review session after initial 3-4 interviews to make adjustments.
3.4 Complete interviews.
List of interviewees; calls scheduled
Initial review – “are you going in the right direction?”
Completed interviews
Summarize persona and journey attributes and provide activation guidance to team.
Understanding of product market fit requirements, messaging, and marketing, and sales asset content.
4.1 Summarize findings.
4.2 Create action items for supporting team, e.g. messaging, touch points, media spend, assets.
4.3 Convene steering committee/executives and working team for final review.
4.4 Schedule meetings with colleagues to action results.
Complete findings
Action items for team members
Plan for activation
Measure results, adjust, and improve.
Activation of outcomes; measured results.
5.1 Review final copy, assets, launch/campaign plans, etc.
5.2 Develop/review implementation plan.
5.3 Reconvene team to review results.
Activation review
List of suggested next steps
B2B marketers without documented personas and journeys often experience the following:
Without a deeper understanding of buyer needs and how they buy, B2B marketers will waste time and precious resources targeting the incorrect personas.
Despite being critical elements, organizations struggle to build personas due to:
In today’s Agile development environment, combined with the pressure to generate revenues quickly, high tech marketers often skip the steps necessary to go deeper to build buyer understanding.
With a common framework and target output, clients will:
Clients who activate findings from buyer personas and journeys will see a 50% results improvement.
SoftwareReviews Insight:
Buyer personas and buyer journeys are essential ingredients in go-to-market success, as they inform for product, marketing, sales, and customer success who we are targeting and how to engage with them successfully.
Jeff Golterman, Managing Director, SoftwareReviews Advisory
“44% of B2B marketers have already discovered the power of Personas.”
– Hasse Jansen, Boardview.io!, 2016
“It’s easier buying gifts for your best friend or partner than it is for a stranger, right? You know their likes and dislikes, you know the kind of gifts they’ll have use for, or the kinds of gifts they’ll get a kick out of. Customer personas work the same way, by knowing what your customer wants and needs, you can present them with content targeted specifically to their wants and needs.”
– Emma Bilardi, Product Marketing Alliance, 2020
“Marketing eutopia is striking the all-critical sweet spot that adds real value and makes customers feel recognized and appreciated, while not going so far as to appear ‘big brother’. To do this, you need a deep understanding of your audience coming from a range of different data sets and the capability to extract meaning.”
– Plexure, 2020
SoftwareReviews Advisory Insight:
Marketers developing buyer personas and journeys that lack agreement among Marketing, Sales, and Product of personas to target will squander precious time and resources throughout the customer targeting and acquisition process.
| 1. Document Team Knowledge of Buyer Persona and Drive Alignment | 2. Interview Target Buyer Prospects and Customers | 3. Create Outputs and Apply to Marketing, Sales, and Product | |
|---|---|---|---|
| Phase Steps |
|
|
|
| Phase Outcomes |
|
|
|
Our methodology will enable you to align your team on why it’s important to capture the most important attributes of buyer persona including:
| Functional – “to find them” | ||||||
| Job Role | Title | Org. Chart Dynamics | Buying Center | Firmographics | ||
| Emotive – “what they do and jobs to be done” | ||||||
| Initiatives: What programs/projects the persona is tasked with and their feelings and aspirations about these initiatives. Motivations? Build credibility? Get promoted? | Challenges: Identify the business issues, problems, and pain points that impede attainment of objectives. What are their fears, uncertainties, and doubts about these challenges? | Buyer Need: They may have multiple needs; which need is most likely met with the offering? | Terminology: What are the keywords/phrases they organically use to discuss the buyer need or business issue? | |||
| Decision Criteria – “how they decide” | ||||||
| Buyer Role: List decision-making criteria and power level. The five common buyer roles are champion, influencer, decision maker, user, and ratifier (purchaser/negotiator). | Evaluation and Decision Criteria: Which lens – strategic, financial, or operational – does the persona evaluate the impact of purchase through? | |||||
| Solution Attributes – “what does the ideal solution look like” | ||||||
| Steps in “Jobs to Be Done” | Elements of the “Ideal Solution” | Business outcomes from ideal solution | Opportunity scope; other potential users | Acceptable price for value delivered | Alternatives that see consideration | Solution sourcing: channel, where to buy |
| Behavioral Attributes – “how to approach them successfully” | ||||||
| Content Preferences: List the persona’s content preferences – blog, infographic, demo, video – vs. long-form assets (e.g. white paper, presentation, analyst report). | Interaction Preferences: Which are preferred among in-person meetings, phone calls, emails, videoconferencing, conducting research via Web, mobile, and social? | Watering Holes: Which physical or virtual places do they go to network or exchange info with peers (e.g. LinkedIn)? | ||||
“~2/3 of [B2B] buyers prefer remote human interactions or digital self-service.” And during Aug. ‘20 to Feb. ‘21, use of digital self-service to interact with sales reps leapt by more than 10% for both researching and evaluating new suppliers.”
– Liz Harrison, Dennis Spillecke, Jennifer Stanley, and Jenny Tsai McKinsey & Company, 2021
SoftwareReviews Advisory Insight:
Marketers are advised to update their buyer journey annually and with greater frequency when the human vs. digital mix is affected due to events such as COVID-19 and as emerging media such as AR shifts asset-type usage and engagement options.
Because marketing leaders need to reach buyers through the right channel with the right message at the right time during their decision cycle, you’ll benefit by using questionnaires that enable you to build the below easily and quickly.
Buyer personas and buyer journeys are essential ingredients in go-to-market success, as they inform for product, marketing, sales, and customer success who we are targeting and how to engage with them successfully.
Marketers developing buyer personas and journeys that lack agreement among Marketing, Sales, and Product of personas to target will squander precious time and resources throughout the customer targeting and acquisition process.
Marketing leaders leverage the buyer persona knowledge not only from in-house experts in areas such as sales and executives but from analysts that speak with their buyers each and every day.
While leaders will get a fast start by interviewing sellers, executives, and analysts, you will fail to craft the right messages, build the right marketing assets, and design the best buyer journey if you skip buyer interviews.
Leaders will update their buyer journey annually and with greater frequency when the human vs. digital mix is effected due to events such as COVID-19 and as emerging media such as AR and VR shifts the way buyers engage.
Digital marketers that ramp up lead gen engine capabilities to capture “wins” and measure engagement back through the lead gen and nurturing engines will build a more data-driven view of the buyer journey. Target to build this advanced capability in your initial design.
This blueprint is accompanied by supporting deliverables to help you gather team insights, interview customers and prospects, and summarize results for ease in communications.
To support your buyer persona and journey creation, we’ve created the enclosed tools
A PowerPoint template to aid the capture and summarizing of your team’s insights on the buyer persona.
For interviewing customers and prospects, this tool is designed to help you interview personas and summarize results for up to 15 interviewees.
A PowerPoint template into which you can drop your buyer persona and journey interviewees list and summary findings.
"Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful."
The "do-it-yourself" step-by-step instructions begin with Phase 1.
"Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track."
A Guided Implementation is a series of analysts inquiries with you and your team.
Diagnostics and consistent frameworks are used throughout each option.
A Guided Implementation (GI) is series of calls with a SoftwareReviews Advisory analyst to help implement our best practices in your organization.
For guidance on marketing applications, we can arrange a discussion with an Info-Tech analyst.
Your engagement managers will work with you to schedule analyst calls.
Drive an Aligned Initial Draft of Buyer Persona
Interview Buyers and Validate Persona and Journey
Prepare Communications and Educate Stakeholders
Contact your account representative for more information. workshops@infotech.com 1-888-670-8889
| Day1 | Day 2 | Day 3 | Day 4 | Day 5 | |
|---|---|---|---|---|---|
| Align Team, Identify Persona, and Document Current Knowledge | Validate Initial Work and Identify Buyer Interviewees | Schedule and Hold Buyer interviews | Summarize Findings and Provide Actionable Guidance to Colleagues | Measure Impact and Results | |
| Activities |
1.1 Outline a vision for buyer persona and journey creation and identify stakeholders. 1.2 Identify buyer persona choices and settle on an initial target. 1.3 Document team knowledge about buyer persona (and journey where possible). |
2.1 Share initial insights with covering industry analyst. 2.2 Hear from industry analyst their perspectives on the buyer persona attributes. 2.3 Reconcile differences; update “current understanding.” 2.4 Identify interviewee types by segment, region, etc. |
3.1 Identify actual list of 15-20 interviewees. A gap of up to a week for scheduling of interviews. 3.2 Hold interviews and use interview guides (over the course of weeks). 3.3 Hold review session after initial 3-4 interviews to make adjustments. 3.4 Complete interviews. |
4.1 Summarize findings. 4.2 Create action items for supporting team, e.g. messaging, touch points, media spend, assets. 4.3 Convene steering committee/exec. and working team for final review. 4.4 Schedule meetings with colleagues to action results. |
5.1 Review final copy, assets, launch/campaign plans, etc. 5.2 Develop/review implementation plan. A period of weeks will likely intervene to execute and gather results. 5.3 Reconvene team to review results. |
| Deliverables |
|
|
|
|
|
This Phase walks you through the following activities:
This Phase involves the following stakeholders:
Review the Create a Buyer Persona Executive Brief (Slides 3-14)
Download the Buyer Persona Creation Template
Download the Buyer Persona and Journey Interview Guide and Data Capture Tool
This Phase walks you through the following activities:
This Phase involves the following stakeholders:
Download the Buyer Persona and Journey Interview Guide and Data Capture Tool
Download the Buyer Persona and Journey Interview Guide and Data Capture Tool
Test that you are on the right track:
| Functional – “to find them” | ||||||
| Job Role | Title | Org. Chart Dynamics | Buying Center | Firmographics | ||
| Emotive – “what they do and jobs to be done” | ||||||
| Initiatives: What programs/projects the persona is tasked with and their feelings and aspirations about these initiatives. Motivations? Build credibility? Get promoted? | Challenges: Identify the business issues, problems, and pain points that impede attainment of objectives. What are their fears, uncertainties, and doubts about these challenges? | Buyer Need: They may have multiple needs; which need is most likely met with the offering? | Terminology: What are the keywords/phrases they organically use to discuss the buyer need or business issue? | |||
| Decision Criteria – “how they decide” | ||||||
| Buyer Role: List decision-making criteria and power level. The five common buyer roles are champion, influencer, decision maker, user, and ratifier (purchaser/negotiator). | Evaluation and Decision Criteria: Which lens – strategic, financial, or operational – does the persona evaluate the impact of purchase through? | |||||
| Solution Attributes – “what does the ideal solution look like” | ||||||
| Steps in “Jobs to Be Done” | Elements of the “Ideal Solution” | Business outcomes from ideal solution | Opportunity scope; other potential users | Acceptable price for value delivered | Alternatives that see consideration | Solution sourcing: channel, where to buy |
| Behavioral Attributes – “how to approach them successfully” | ||||||
| Content Preferences: List the persona’s content preferences – blog, infographic, demo, video – vs. long-form assets (e.g. white paper, presentation, analyst report). | Interaction Preferences: Which are preferred among in-person meetings, phone calls, emails, videoconferencing, conducting research via Web, mobile, and social? | Watering Holes: Which physical or virtual places do they go to network or exchange info with peers (e.g. LinkedIn)? | ||||
Because marketing leaders need to reach buyers through the right channel with the right message at the right time during their decision cycle, you’ll benefit by using questionnaires that enable you to build the below easily and quickly.
Download the Buyer Persona and Journey Interview Guide and Data Capture Tool
This Phase walks you through the following activities:
This Phase involves the following stakeholders:
Download the Buyer Persona and Journey Interview Guide and Data Capture Tool
Download the Buyer Persona and Journey Summary Template
Download the Buyer Persona and Journey Summary Template
Activation of key learnings to drive:
Present final persona and journey results to each stakeholder team. Key presentations include:
Download the Buyer Persona and Journey Summary Template
With the help of this blueprint, you have deepened your and your colleagues’ buyer understanding at both the persona “who they are” level and the buyer journey “how do they buy” level. You are among the minority of marketing leaders that have fully documented a buyer persona and journey – congratulations!
The benefits of having led your team through the process are significant and include the following:
And by capturing and documenting your buyer persona and journey even for a single buyer type, you have started to build the “institutional strength” to apply the process to other roles in the decision-making process or for when you go after new and different buyer types for new products. And finally, by bringing your team along with you in this process, you have also led your team in becoming a more customer-focused organization – a strategic shift that all organizations should pursue.
Contact your account representative for more information.
info@softwarereviews.com
1-888-670-8889
Optimize Lead Generation With Lead Scoring
Bilardi, Emma. “How to Create Buyer Personas.” Product Marketing Alliance, July 2020. Accessed Dec. 2021.
Harrison, Liz, Dennis Spillecke, Jennifer Stanley, and Jenny Tsai. “Omnichannel in B2B sales: The new normal in a year that has been anything but.” McKinsey & Company, 15 March 2021. Accessed Dec. 2021.
Jansen, Hasse. “Buyer Personas – 33 Mind Blowing Stats.” Boardview.io!, 19 Feb. 2016. Accessed Jan. 2022.
Raynor, Lilah. “Understanding The Changing B2B Buyer Journey.” Forbes Agency Council, 18 July 2021. Accessed Dec. 2021.
Simpson, Jon. “Finding Your Audience: The Importance of Developing a Buyer Persona.” Forbes Agency Council, 16 May 2017. Accessed Dec. 2021.
“Successfully Executing Personalized Marketing Campaigns at Scale.” Plexure, 6 Jan. 2020. Accessed Dec 2020.
Ulwick, Anthony W. JOBS TO BE DONE: Theory to Practice. E-book, Strategyn, 1 Jan. 2017. Accessed Jan. 2022.
This research is designed to help organizations who are preparing for a merger or acquisition and need help with:
The goal of M&A cybersecurity due diligence is to assess security risks and the potential for compromise. To succeed, you need to look deeper.
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Read our concise Executive Brief to find out how to master M&A cyber security due diligence, review Info-Tech’s methodology, and understand how we can support you in completing this project.
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Use Info-Tech’s best practices for setting out a selection roadmap and evaluative criteria for narrowing down vendors – both enterprise and specialized providers.
Cut through Gen AI buzzwords to achieve market clarity.
The urge to be fast-moving to leverage the potential benefits of Gen AI is understandable. There are plenty of opportunities for Gen AI to enrich an organization’s use cases – from commercial to R&D to entertainment. However, there are requisites an organization needs to get right before Gen AI can be effectively applied. Part of this is ensuring data and AI governance is well established and mature within the organization. The other part is contextualizing Gen AI to know what components of this market the organization needs to invest in.
Owing to its popularity surge, OpenAI’s ChatGPT has become near synonymous with Gen AI. However, Gen AI is an umbrella concept that encompasses a variety of infrastructural architecture. Organizations need to ask themselves probing questions if they are looking to work with OpenAI: Does ChatGPT rest on the right foundational model for us? Does ChatGPT offer the right modalities to support our organization’s use cases? How much fine-tuning and prompt engineering will we need to perform? Do we require investment in on-premises infrastructure to support significant data processing and high-volume events? And do we require FTEs to enable all this infrastructure?
Use this market primer to quickly get up to speed on the elements your organization might need to make the most of Gen AI.
Advisory Director, Info-Tech Research Group
Your Challenge
|
Common Obstacles
|
Info-Tech's SolutionThis market primer for Gen AI will help you:
|
“We are entering the era of generative AI.
This is a unique time in our history where the benefits of AI are easily accessible and becoming pervasive with co-pilots emerging in the major business tools we use today. The disruptive capabilities that can potentially drive dramatic benefits also introduces risks that need to be planned for.”
Bill Wong, Principal Research Director – Data and BI, Info-Tech Research Group
Organizations with (1) FTEs devoted to making Gen AI work (including developers and business intelligence analysts), (2) trustworthy and regularly updated data, and (3) AI governance are just now reaching PoC testing.
Gen AI platforms will be built on different foundational models, be trained in different ways, and provide varying modalities. Do not expect to compare Gen AI platforms to the same parameters in a vendor quadrant.
While Gen AI success will be heavily reliant on the quality of data it is fine-tuned on, there are independent risks organizations must prepare for: from Gen AI hallucinations and output reliability to infrastructure feasibility to handle high-volume events.
If you plan to use Gen AI in a commercial setting, review your sales team’s KPIs. They are rewarded for sales velocity; if they are the human-in-the-loop to check for hallucinations, you must change incentives to ensure quality management.
If your organization is unsure about where to start with Gen AI, the secure route is to examine what your enterprise providers are offering. Use this as a learning platform to confidently navigate which specialized Gen AI provider will be viable for meeting your use cases.
The market trend has been for organizations to move to cloud-based products. Yet, for Gen AI, effective data processing and fine-tuning may call for organizations to invest in on-premises infrastructure (such as more GPUs) to enable their Gen AI to function effectively.
Phase Steps |
1. Contextualize the Gen AI marketplace
|
2. Prepare for and understand Gen AI platform offerings
|
Phase Outcomes |
|
|
Phase 1 |
Phase 2 |
|
|
A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization.
The Gen AI market evaluation process should be broken into segments:
"Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful"
"Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track."
"We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place."
"Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project."
Five advisory calls over a five-week period to accelerate your selection process
Click here to book your selection engagement.
40 hours of advisory assistance delivered online.
Select better software, faster.
Click here to book your workshop engagement.
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Assist your employees in setting appropriate development goals.
Review existing and identify new development activities that employees can undertake to achieve their goals.
Establish manager and employee follow-up accountabilities.
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Valence Howden Principal Research Director, CIO Practice |
Petar Hristov Research Director, Security, Privacy, Risk & Compliance |
Ian Mulholland Research Director, Security, Risk & Compliance |
Brittany Lutes Senior Research Analyst, CIO Practice |
Ibrahim Abdel-Kader Research Analyst, CIO Practice |
Every organization has a threshold for risk that should not be exceeded, whether that threshold is defined or not.
In the age of digital, information and technology will undoubtedly continue to expand beyond the confines of the IT department. As such, different areas of the organization cannot address these risks in silos. A siloed approach will produce different ways of identifying, assessing, responding to, and reporting on risk events. Integrated risk management is about embedding IT uncertainty to inform good decision making across the organization.
When risk is integrated into the organization's enterprise risk management program, it enables a single view of all risks and the potential impact of each risk event. More importantly, it provides a consistent view of the risk event in relation to uncertainty that might have once been seemingly unrelated to IT.
And all this can be achieved while remaining within the enterprise’s clearly defined risk appetite.
Most organizations fail to integrate IT risks into enterprise risks:
IT leaders have to overcome these obstacles when it comes to integrating risk:
By leveraging the Info-Tech Integrated Risk approach, your business can better address and embed risk by:
Stop avoiding risk – integrate it. This provides a holistic view of uncertainty for the organization to drive innovative new approaches to optimize its ability to respond to risk.
Enterprise risk management is the practice of identifying and addressing risks to your organization and using risk information to drive better decisions and better opportunities.
|
IT risks have a direct and often aggregated impact on enterprise risks and opportunities in the same way other business risks can. This relationship must be understood and addressed through integrated risk management to ensure a consistent approach to risk. |
Risk-mature organizations have a unique benefit in that they often have established an overarching governance framework and embedded risk awareness into the culture.
35% — Only 35% of organizations had embraced ERM in 2020. (Source: AICPA and NC State Poole College of Management)
12% — Only 12% of organizations are leveraging risk as a tool to their strategic advantage. (Source: AICPA and NC State Poole College of Management)
62% — Accessing and disseminating information is the main challenge for 62% of organizations maturing their organizational risk management. (Source: OECD)
20-28% — Organizations with access to machine learning and analytics to address future risk events have 20 to 28% more satisfaction. (Source: Accenture)
Accelerate and optimize your organization by leveraging meaningful risk data to make intelligent enterprise risk decisions.
Risk Drivers
|
|
Only 7% of organizations are in a “leading” or “aspirational” level of risk maturity. (OECD, 2021) | 63% of organizations struggle when it comes to defining their appetite toward strategy related risks. (“Global Risk Management Survey,” Deloitte, 2021) | Late adopters of risk management were 70% more likely to use instinct over data or facts to inform an efficient process. (Clear Risk, 2020) | 55% of organizations have little to no training on ERM to properly implement such practices. (AICPA, NC State Poole College of Management, 2021) |
| 1. Assess Enterprise Risk Maturity | 3. Build a Risk Management Program Plan | 4. Establish Risk Management Processes | 5. Implement a Risk Management Program | ||
| 2. Determine Authority with Governance
Unfortunately, less than 50% of those in risk focused roles are also in a governance role where they have the authority to provide risk oversight. (Governance Institute of Australia, 2020) |
|||||
| IT can improve the maturity of the organization’s risk governance and help identify risk owners who have authority and accountability.
Governance and related decision making is optimized with integrated and aligned risk data. |
|
ERM incorporates the different types of risk, including IT, security, digital, vendor, and other risk types. The program plan is meant to consider all the major risk types in a unified approach. |
|
Implementation of an integrated risk management program requires ongoing access to risk data by those with decision making authority who can take action. | |
Stop fearing risk – integrate it. Integration leads to opportunities for organizations to embrace innovation and new digital technologies as well as reducing operational costs and simplifying reporting.
Governance of risk management for information- and technology-related events is often misplaced. Just because it's classified as an IT risk does not mean it shouldn’t be owned by the board or business executive.
Integrating risk requires a baseline of risk maturity at the enterprise level. IT can push integrating risks, but only if the enterprise is willing to adopt the attitudes and behaviors that will drive the integrated risk approach.
It is not a strategic decision to have different areas of the organization manage the risks perceived to be in their department. It’s the easy choice, but not the strategic one.
Different areas of an enterprise apply risk management processes differently. Determining a single method for identification, assessment, response, and monitoring can ensure successful implementation of enterprise risk management.
Good risk management will consider both the positives and negatives associated with a risk management program by recognizing both the upside and downside of risk event impact and likelihood.
IT Benefits
|
Business Benefits
|
“31% of CIO’s expected their role to expand and include risk management responsibilities.” (IDG “2021 State of the CIO,” 2021)
58%Focus not just on the preventive risk management but also the value-creating opportunities. With 58% of organizations concerned about disruptive technology, it’s an opportunity to take the concern and transform it into innovation. (Accenture) |
70%Invest in tools that have data and analytics features. Currently, “gut feelings” or “experience” inform the risk management decisions for 70% of late adopters. (Clear Risk) |
54%Align to the strategic vision of the board and CEO, given that these two roles account for 54% of the accountability associated with extended enterprise risk management. (Extended Enterprise Risk Management Survey, 2020,” Deloitte) |
63%Include IT leaders in the risk committee to help informed decision making. Currently 63% of chief technology officers are included in the C‑suite risk committee. (AICPA & NC State Poole College of Management) |
| Successful adoption of integrated risk management is often associated with these key elements. | |||
Mature or not, integrated risk management should be a consideration for all organizationsThe first step to integrating risk management within the enterprise is to understand the organization’s readiness to adopt practices that will enable it to successfully integrate information. In 2021, we saw enterprise risk management assessments become one of the most common trends, particularly as a method by which the organization can consolidate the potential impacts of uncertainties or threats (Lawton, 2021). A major driver for this initiative was the recognition that information and technology not only have enterprise-wide impacts on the organization’s risk management but that IT has a critical role in supporting processes that enable effective access to data/information. A maturity assessment has several benefits for an organization: It ensures there is alignment throughout the organization on why integrated risk is the right approach to take, it recognizes the organization’s current risk maturity, and it supports the organization in defining where it would like to go. |
|
Integrated Risk Maturity Categories |
|
1 |
Context & Strategic Direction | Understand the organization’s main objectives and how risk can support or enhance those objectives. |
2 |
Risk Culture and Authority | Examine if risk-based decisions are being made by those with the right level of authority and if the organization’s risk appetite is embedded in the culture. | ||
3 |
Risk Management Process | Determine if the current process to identify, assess, respond to, monitor, and report on risks is benefitting the organization. | ||
4 |
Risk Program Optimization | Consider opportunities where risk-related data is being gathered, reported, and used to make informed decisions across the enterprise. |
For organizations with a low maturity, remaining superficial with risk will offer more benefits and align to the enterprise’s risk tolerance and appetite. This might mean no integrated risk is taking place.
However, organizations that have higher risk maturity should begin to integrate risk information. These organizations can identify the nuances that would affect the severity and impact of risk events.
The purpose of the Integrated Risk Maturity Assessment is to assess the organization's current maturity and readiness for integrated risk management (IRM).
Frequently and continually assessing your organization’s maturity toward integrated risk ensures the right risk management program can be adopted by your organization.
| Integrated Risk Maturity Assessment
A simple tool to understand if your organization is ready to embrace integrated risk management by measuring maturity across four key categories: Context & Strategic Direction, Risk Culture & Authority, Risk Management Process, and Risk Program Optimization |
|
Use the results from this integrated risk maturity assessment to determine the type of risk management program that can and should be adopted by your organization.
Some organizations will need to remain siloed and focused on IT risk management only, while others will be able to integrate risk-related information to start enabling automatic controls that respond to this data.
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Understand Workday’s business model, competitive options, and what to know when conducting due diligence and requirements gathering.
Review product options and licensing rules. Determine negotiation points. Evaluate and finalize the contract.
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Determining SAP’s fit within your organization is critical. Start off by building a business case to assess overarching drivers and justification for change, any net new business benefits and long-term sustainability. Oftentimes the ROI is negative, but the investment sets the stage for long-term growth.
Your deployment model is more important than you think. Selecting a deployment model will dictate your licensing options followed by your contractual pathways forward.
Know what’s in the contract. Each customer agreement is different and there may be existing terms that are beneficial. Depending on how much is spent, anything can be up for negation.
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Identify and prioritize stakeholder and IT/networking concerns.
Learn about emerging technologies and identify essential features of a modernized network solution.
Compose a presentation for stakeholders and prepare the RFP for vendors.
Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.
Understand current stakeholder and IT needs pertaining to the network.
Prioritized lists of stakeholder and IT needs.
1.1 Assess and prioritize stakeholder concerns.
1.2 Assess and prioritize design considerations.
1.3 Assess and prioritize use cases.
1.4 Assess and prioritize network infrastructure concerns.
1.5 Assess and prioritize care and control concerns.
Current State Register
Analyze emerging technologies to determine whether or not to include them in the network modernization.
Identify and shortlist networking features that will be part of the network modernization.
An understanding of what emerging technologies are suitable for including in your network modernization.
A prioritized list of features, aligned with business needs, that your modernized network must or should have.
2.1 Analyze emerging technologies.
2.2 Identify features to support drivers, practices, and pain points.
Emerging technology assessment
Prioritize lists of modernized network features
Estimate future port, bandwidth, and latency requirements for all sites on the network.
Planning for capacity ensures the network is capable of delivering until the next refresh cycle and beyond.
3.1 Estimate port, bandwidth, and latency requirements.
3.2 Group sites according to capacity requirements.
3.3 Create standardized capacity plans for each group.
A summary of capacity requirements for each site in the network
Create a presentation to pitch the project to executives.
Compose key elements of RFP.
Communication to executives, summarizing the elements of the modernization project that business decision makers will want to know, in order to gain approval.
Communication to vendors detailing the network solution requirements so that proposed solutions are aligned to business and IT needs.
4.1 Build the executive presentation.
4.2 Compose the scope of work.
4.3 Compose technical requirements.
Executive Presentation
Request for Proposal/Quotation
Notice what is missing in this list?
During the first reactions to an event, stick to the facts of what is happening and the symptoms. If the symptoms are bad, attend to people first, no matter the financial losses occurring.
Remember that financial losses are typically insured. Human life is not. Only loss of income and ability to pay is insured! Not the person's life.
The WHY, HOW, WHO and other root cause questions are asked in the aftermath of the incident and after you have stabilized the situation.
In ITIL terms, those are Problem Management and Root Cause Analysis stage questions.
88% of marketing professionals are unsatisfied with their ability to convert leads (Convince & Convert), but poor lead conversion is just a symptom of much deeper problems.
Globally, B2B SaaS marketers without a well-running lead gen engine will experience:
If treated without a root cause analysis, these symptoms often result in higher-than-average marketing spend and wasted resources. Without an accurate lead gen engine diagnostic tool and a strategy to fix the misfires, marketers will continue to waste valuable time and resources.
The lead gen engine is foundational in building profitable long-term customer relationships. It is the process through which marketers build awareness, trust, and loyalty. Without the ability to continually diagnose lead gen engine flaws, marketers will fail to optimize new customer relationship creation and long-term satisfaction and loyalty.
With a targeted set of diagnostic tools and an optimization strategy, you will:
Organizations who activate the findings from their lead generation diagnostic and optimization strategy will decrease the time and budget spent on lead generation by 25% to 50%. They will quickly uncover inefficiencies in their lead gen engine and develop a proven lead generation optimization strategy based on the diagnostic findings.
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Organizations who activate the findings from their lead generation diagnostic and optimization strategy will decrease the time and budget spent on lead generation by 25% to 50%. They will quickly uncover inefficiencies in their lead gen engine and develop a proven lead generation optimization strategy based on the diagnostic findings.
The diagnostic tool allows digital marketers to quickly and easily diagnose weakness within your lead gen engine.
Develop a best-in-class lead gen engine optimization strategy that builds relationships, creates awareness, and establishes trust and loyalty with prospects.
Senior digital marketing leaders are accountable for building relationships, creating awareness, and developing trust and loyalty with website visitors, thereby delivering high-quality, high-value leads that Sales can easily convert to wins. Unfortunately, many marketing leaders report that their website visitors are low-quality and either disengage quickly or, when they engage further with lead gen engine components, they just don’t convert. These marketing leaders urgently need to diagnose what’s not working in three key areas in their lead gen engine to quickly remedy the issue and get back on track, building new customer relationships and driving loyalty. This blueprint will provide you with a tool to quickly and easily diagnose weakness within your lead gen engine. You can use the results to create a strategy that builds relationships, creates awareness, and establishes trust and loyalty with prospects.
Terra Higginson
Marketing Research Director
SoftwareReviews
Globally, business-to-business (B2B) software-as-a-service (SaaS) marketers without a well-running lead gen engine will experience:
88% of marketing professionals are unsatisfied with their ability to convert leads (Convince & Convert), but poor lead conversion is just a symptom of a much larger problem with the lead gen engine. Without an accurate lead gen engine diagnostic tool and a strategy to fix the leaks, marketers will continue to waste valuable time and resources.
Even though lead generation is a critical element of marketing success, marketers struggle to fix the problems with their lead gen engine due to:
Most marketers spend too much on acquiring leads and not enough on converting and keeping them. For every $92 spent acquiring customers, only $1 is spent converting them (Econsultancy, cited in Outgrow). Marketers are increasingly under pressure to deliver high-quality leads to sales but work under tight budgets with inadequate or inexperienced staff who don’t understand the importance of optimizing the lead generation process.
With a targeted set of diagnostic tools and an optimization strategy, you will:
Organizations who activate the findings from their lead generation diagnostic and optimization strategy will decrease the time and budget spent on lead generation by 25% to 50%. They will quickly uncover inefficiencies in their lead gen engine and develop a proven lead generation optimization strategy based on the diagnostic findings.
The lead gen engine is foundational in building profitable long-term customer relationships. It is the process through which marketers build awareness, trust, and loyalty. Without the ability to continually diagnose lead gen engine flaws, marketers will fail to optimize new customer relationship creation and long-term satisfaction and loyalty.
Globally, B2B SaaS marketers without a well-running lead gen engine will experience:
If treated without a root-cause analysis, these symptoms often result in higher-than-average marketing spend and wasted resources. Without an accurate lead gen engine diagnostic tool and a strategy to fix the misfires, marketers will continue to waste valuable time and resources.
88% of marketers are unsatisfied with lead conversion (Convince & Convert).
|
For every 10,000 people that visit your website, 210 will become leads. |
For every 210 leads, 101 will become marketing qualified leads (MQLs). |
For every 101 MQLs, 47 will become sales qualified leads (SQLs). |
For every 47 SQLs, 23 will become opportunities. |
For every 23 opportunities, nine will become customers. |
|
.9% to 2.1% |
36% to 48% |
28% to 46% |
39% to 48% |
32% to 40% |
|
Leads Benchmark |
MQL Benchmark |
SQL Benchmark |
Opportunity Benchmark |
Closing Benchmark |
|
The percentage of website visitors that convert to leads. |
The percentage of leads that convert to marketing qualified leads. |
The percentage of MQLs that convert to sales qualified leads. |
The percentage of SQLs that convert to opportunities. |
The percentage of opportunities that are closed. |
Midmarket B2B SaaS Industry
Lack of Clear Starting Point
The lead gen engine is complex, with many moving parts, and marketers and marketing ops are often overwhelmed about where to begin diagnosis.
Lack of Benchmarks
Marketers often call out metrics such as increasing website visitors, contact-to-lead conversions, numbers of qualified leads delivered to Sales, etc., without a proven benchmark to compare their results against.
Lack of Alignment Between Marketing and Sales
Definitions of a contact, a marketing qualified lead, a sales qualified lead, and a marketing influenced win often vary.
Lack of Measurement Tools
Integration gaps between the website, marketing automation, sales enablement, and analytics exist within some 70% of enterprises. The elements of the marketing (and sales) tech stack change constantly. It’s hard to keep up.
Lack of Understanding of Marketing ROI
This drives many marketers to push the “more” button – more assets, more emails, more ad spend – without first focusing on optimization and effectiveness.
Lack of Resources
Marketers have an endless list of to-dos that drive them to produce daily results. Especially among software startups and mid-sized companies, there are just not enough staff with the right skills to diagnose and fix today’s sophisticated lead gen engines.
Most marketers are spending too much on acquiring leads and not enough on converting and keeping them. For every $92 spent acquiring customers, only $1 is spent converting them.
Lead gen engine optimization increases the efficiency of your marketing efforts and has a 223% ROI.
“It’s much easier to double your business by doubling your conversion rate than by doubling your traffic. Correct targeting and testing methods can increase conversion rates up to 300 percent.” – Jeff Eisenberg, IterateStudio
175%
Buyer Personas Increase Revenue
Source: Illumin8
202%
Personalized CTAs Increase Conversions
Source: HubSpot
50%
Lead Magnets Increase Conversions
Source: ClickyDrip
79%
Lead Scoring Increases Conversions
Source: Bloominari
50%
Lead Nurturing Increases Conversions
Source: KevinTPayne.com
80%
Personalized Landing Pages Increase Conversions
Source: HubSpot
Identifying any areas of weakness within your lead gen engine is a fundamental first step in improving conversions, ROI, and lead quality.
Optimize your lead gen strategy with an easily customizable template that will provide your roadmap for future growth.
|
1. Lead Gen Engine Diagnostic |
2. Lead Gen Engine Optimization Strategy |
|
|
Phase Steps |
|
|
|
Phase Outcomes |
|
|
The lead gen engine is the foundation of marketing
The lead gen engine is critical to building relationships. It is the foundation upon which marketers build awareness, trust, and loyalty.
Misalignment between Sales and Marketing is costly
Digital marketing leaders need to ensure agreement with Sales on the definition of a marketing qualified lead (MQL), as it is the most essential element of stakeholder alignment.
Prioritization is necessary for today’s marketer
By prioritizing the fixes within the lead gen engine that have the highest impact, a marketing leader will be able to focus their optimization efforts in the right place.
Stop, your engine is broken
Any advertising or effort expended while running marketing on a broken lead gen engine is time and money wasted. It is only once the lead gen engine is fixed that marketers will see the true results of their efforts.
Tactical insight
Without a well-functioning lead gen engine, marketers risk wasting valuable time and money because they aren’t creating relationships with prospects that will increase the quality of leads, conversion rate, and lifetime value.
Tactical insight
The foundational lead relationship must be built at the marketing level, or else Sales will be entirely responsible for creating these relationships with low-quality leads, risking product failure.
Each step of this blueprint is accompanied by supporting deliverables to help you accomplish your goals:
Lead Gen Engine Diagnostic
An efficient and easy-to-use diagnostic tool that uncovers weakness in your lead gen engine.
Lead Gen Engine Optimization Strategy Template
A comprehensive strategy for optimizing conversions and increasing the quality of leads.
Included within Advisory Membership:
“Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful.”
“Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track.”
Optional add-ons:
“We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place.”
“Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project.”
Diagnose Your Lead Gen Engine
Call #1: Scope requirements, objectives, and specific challenges with your lead gen engine.
Call #2: Gather baseline metrics and discuss the steering committee and working team.
Call #3: Review results from baseline metrics and answer questions.
Call #4: Discuss the lead gen engine diagnostic tool and your steering committee.
Call #5: Review results from the diagnostic tool and answer questions.
Develop Your Lead Gen Engine Optimization Strategy
Call #6: Identify components to include in the lead gen engine optimization strategy.
Call #7: Discuss the roadmap for continued optimization.
Call #8: Review final lead gen engine optimization strategy.
Call #9: (optional) Follow-up quarterly to check in on progress and answer questions.
A Guided Implementation (GI) is series of calls with a SoftwareReviews Advisory analyst to help implement our best practices in your organization. For guidance on marketing applications, we can arrange a discussion with an Info-Tech analyst. Your engagement managers will work with you to schedule analyst calls.
|
Day 1 |
Day 2 |
|
|---|---|---|
|
Activities |
Complete Lead Gen Engine Diagnostic 1.1 Identify the previously selected lead gen engine steering committee and working team. 1.2 Share the baseline metrics that were gathered in preparation for the workshop. 1.3 Run the lead gen engine diagnostic. 1.4 Identify low-scoring areas and prioritize lead gen engine fixes. |
Create Lead Gen Engine Optimization Strategy 2.1 Define the roadmap. 2.2 Create a lead gen engine optimization strategy. 2.3 Present the strategy to the steering committee. |
|
Deliverables |
1. Lead gen engine diagnostic scorecard |
1. Lead gen engine optimization strategy |
Contact your account representative for more information.
workshops@infotech.com1-888-670-8889
|
Phase 1 |
Phase 2 |
|
1.1 Select lead gen engine steering committee & working team 1.2 Gather baseline metrics 1.3 Run the lead gen engine diagnostic 1.4 Identify & prioritize low-scoring areas |
2.1 Define the roadmap 2.2 Create lead gen engine optimization strategy 2.3 Present strategy to steering committee |
The diagnostic tool will allow you to quickly and easily identify the areas of weakness in the lead gen engine by answering some simple questions. The steps include:
Activities
1.1.1 Identify the lead gen engine optimization steering committee and document in the Lead Gen Engine Optimization Strategy Template
1.1.2 Identify the lead gen engine optimization working team document in the Lead Gen Engine Optimization Strategy Template
This step will walk you through the following activities:
Identify the lead gen engine optimization steering committee.
This step involves the following participants:
Outcomes of this step
An understanding of who will be responsible and who will be accountable for accomplishing the lead gen engine diagnostic and optimization strategy.
1-2 hours
|
Input |
Output |
|
|
|
Materials |
Participants |
|
|
Download the Lead Gen Engine Optimization Strategy Template
Consider the skills and knowledge required for the diagnostic and the implementation of the strategy. Constructing a cross-functional steering committee will be essential for the optimization of the lead gen engine. At least one stakeholder from each relevant department should be included in the steering committee.
|
Required Skills/Knowledge |
Suggested Functions |
|
|
For small and mid-sized businesses (SMB), because employees wear many different hats, assign people that have the requisite skills and knowledge, not the role title.
Input | Output |
|
|
Materials | Participants |
|
|
Download the Lead Gen Engine Optimization Strategy Template
Consider the working skills required for the diagnostic and implementation of the strategy and assign the working team.
|
Required Skills/Knowledge |
Suggested Titles |
|---|---|
|
|
Activities
1.2.1 Gather baseline metrics and document in the Lead Gen Engine Optimization Strategy Template
Gather baseline metrics.
Understand and document baseline marketing metrics.
Recording the baseline data allows you to measure the impact your lead gen engine optimization strategy has over the baseline.
Input | Output |
|
|
Materials | Participants |
|
|
Unique Monthly Visitors
Industry standard is 5% to 10% growth month over month.
Visitor to Lead Conversion
Industry standard is between 0.9% to 2.1%.
Lead to MQL Conversion
Industry standard is between 36% to 48%.
CAC
Industry standard is a cost of $400 to $850 per customer acquired.
LTV to CAC Ratio
Industry standard is an LTV:CAC ratio between 3 to 6.
Campaign ROI
Email: 201%
Pay-Per-Click (PPC): 36%
LinkedIn Ads: 94%
Update the Lead Gen Optimization Strategy Template with your company’s baseline metrics.
Download the Lead Gen Engine Optimization Strategy Template
Activities
1.3.1 Gather steering committee and working team to complete the Lead Gen Engine Diagnostic Tool
Gather the steering committee and answer the questions within the Lead Gen Engine Diagnostic Tool.
Lead gen engine diagnostic and scorecard
Input | Output |
|
|
Materials | Participants |
|
|
Download the Lead Gen Engine Diagnostic Tool
Activities
1.4.1 Identify and prioritize low-scoring areas from the diagnostic scorecard
Identify and prioritize the low-scoring areas from the diagnostic scorecard.
A prioritized list of the lead gen engine problems to include in the Lead Gen Engine Optimization Strategy Template
Input | Output |
|
|
Materials | Participants |
|
|
Download the Lead Gen Engine Diagnostic Tool
Phase 1 | Phase 2 |
1.1 Select lead gen engine steering committee & working team 1.2 Gather baseline metrics 1.3 Run the lead gen engine diagnostic 1.4 Identify & prioritize low-scoring areas | 2.1 Define the roadmap 2.2 Create lead gen engine optimization strategy 2.3 Present strategy to steering committee |
Create a best-in-class lead gen optimization strategy and roadmap based on the weaknesses found in the diagnostic tool. The steps include:
Activities
2.1.1 Create the roadmap for the lead gen optimization strategy
Create the optimization roadmap for your lead gen engine strategy.
Strategy roadmap
Input | Output |
|
|
Materials | Participants |
|
|
Download the Lead Gen Engine Optimization Strategy Template
Activities
2.2.1 Customize your lead gen engine optimization strategy using the template
Create a lead gen engine optimization strategy based on the results of your diagnostic scorecard.
Marketing director
A leadership-facing lead gen optimization strategy
Review the strategy template:
Input | Output |
|
|
Materials | Participants |
|
|
Download the Lead Gen Engine Optimization Strategy Template
Activities
2.3.1 Present the findings of the diagnostic and the lead gen optimization strategy to the steering committee.
Get executive buy-in on the lead gen engine optimization strategy.
| Input | Output |
|
|
Materials | Participants |
|
|
Download the Lead Gen Engine Optimization Strategy Template
Make it easier to market, sell, and achieve product-market fit with deeper buyer understanding.
In today’s competitive environment, optimizing Sales’ resources by giving them qualified leads is key to B2B marketing success.
Creating a compelling go-to-market strategy and keeping it current is a critical software company function – as important as financial strategy, sales operations, and even corporate business development – given its huge impact on the many drivers of sustainable growth.
“11 Lead Magnet Statistics That Might Surprise You.” ClickyDrip, 28 Dec. 2020. Accessed April 2022.
“45 Conversion Rate Optimization Statistics Every Marketer Should Know.” Outgrow, n.d. Accessed April 2022.
Bailyn, Evan. “B2B SaaS Funnel Conversion Benchmarks.” First Page Sage, 24 Feb. 2021. Accessed April 2022.
Bailyn, Evan. “B2B SaaS Marketing KPIs: Behind the Numbers.” First Page Sage, 1 Sept. 2021. Accessed April 2022.
Conversion Optimization.” Lift Division, n.d. Accessed April 2022.
Corson, Sean. “LTV:CAC Ratio [2022 Guide] | Benchmarks, Formula, Tactics.” Daasity, 3 Nov. 2021. Accessed April 2022.
Dudley, Carrie. “What are personas?” Illumin8, 26 Jan. 2018. Accessed April 2022.
Godin, Seth. “Permission Marketing.” Accenture, Oct. 2009. Accessed April 2022.
Lebo, T. “Lead Conversion Statistics All B2B Marketers Need to Know.” Convince & Convert, n.d. Accessed April 2022.
Lister, Mary. “33 CRO & Landing Page Optimization Stats to Fuel Your Strategy.” WordStream, 24 Nov. 2021. [Accessed April 2022].
Nacach, Jamie. “How to Determine How Much Money to Spend on Lead Generation Software Per Month.” Bloominari, 18 Sept. 2018. Accessed April 2022.
Needle, Flori. “11 Stats That Make a Case for Landing Pages.” HubSpot, 10 June 2021. Accessed April 2022.
Payne, Kevin. “10 Effective Lead Nurturing Tactics to Boost Your Sales.” Kevintpayne.com, n.d. Accessed April 2022.
Tam, Edwin. “ROI in Marketing: Lifetime Value (LTV) & Customer Acquisition Cost (CAC).” Construct Digital, 19 Jan. 2016. Accessed April 2022.
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Explore how the cloud changes the required controls and implementation strategies for a variety of different security domains.
Develop your organizational approach to various domains of security in the cloud, considering the cloud’s unique risks and challenges.
Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.
Define your unique approach to improving security in the cloud.
An understanding of the organization’s requirements for cloud security.
1.1 Define your approach to cloud security.
1.2 Define your governance requirements.
1.3 Define your cloud security management requirements.
Defined cloud security approach
Defined governance requirements
Explore challenges posed by the cloud in various areas of security.
An understanding of how the organization needs to evolve to combat the unique security challenges of the cloud.
2.1 Explore cloud asset management.
2.2 Explore cloud network security.
2.3 Explore cloud application security.
2.4 Explore log and event management.
2.5 Explore cloud incident response.
2.6 Explore cloud eDiscovery and forensics.
2.7 Explore cloud backup and recovery.
Understanding of cloud security strategy components (cont.).
Identify initiatives to mitigate challenges posed by the cloud in various areas of security.
A roadmap for improving security in the cloud.
3.1 Define tasks and initiatives.
3.2 Finalize your task list
3.3 Consolidate gap closure actions into initiatives.
3.4 Finalize initiative list.
3.5 Conduct a cost-benefit analysis.
3.6 Prioritize initiatives and construct a roadmap.
3.7 Create effort map.
3.8 Assign initiative execution waves.
3.9 Finalize prioritization.
3.10 Incorporate initiatives into a roadmap.
3.11 Schedule initiatives.
3.12 Review your results.
Defined task list.
Cost-benefit analysis
Roadmap
Effort map
Initiative schedule
CIOs are facing these challenges in 2023:
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Understand the five priorities that will help navigate the opportunities and risks of the year ahead.
In our Tech Trends 2023 report, we called on CIOs to think of themselves as chess grandmasters. To view strategy as playing both sides of the board, simultaneously attacking the opponent's king while defending your own. In our CIO Priorities 2023 report, we'll continue with that metaphor as we reflect on IT's capability to respond to trends.
If the trends report is a study of the board state that CIOs are playing with, the priorities report is about what move they should make next. We must consider all the pieces we have at our disposal and determine which ones we can afford to use to seize on opportunity. Other pieces are best used by staying put to defend their position.
In examining the different capabilities that CIOs will require to succeed in the year ahead, it's apparent that a siloed view of IT isn't going to work. Just like a chess player in a competitive match would never limit themselves to only using their knights or their rooks, a CIO's responsibility is to deploy each of their pieces to win the day. While functional leaders may only see their next move, as head of the organization with a complete view of all the pieces, the CIO has full awareness of the board state.
It's up to them to assess their gaps, consider the present scenario, and then make their next move.
Brian Jackson
Principal Research Director, Research – CIO
Info-Tech Research Group
Info-Tech's Tech Trends 2023 report and State of Hybrid Work in IT: A Trend Report inform the externalities faced by organizations in the year ahead. They imply opportunities and risks that organizations face. Leadership must determine if they will respond and how to do so. CIOs then determine how to support those responses by creating or improving their IT capabilities. The priorities are the initiatives that will deliver the most value across the capabilities that are most in demand. The CIO Priorities 2023 report draws on data from several different Info-Tech surveys and diagnostic benchmarks.
2023 Tech Trends and Priorities Survey; N=813 (partial), n=521 (completed)
Info-Tech's Trends and Priorities 2023 Survey was conducted between August 9 and September 9, 2022. We received 813 total responses with 521 completed surveys. More than 90% of respondents work in IT departments. More than 84% of respondents are at a manager level of seniority or higher.
2023 The State of Hybrid Work in IT Survey; N=518
The State of Hybrid Work in IT Survey was conducted between July 11 and July 29 and received 518 responses. Nine in ten respondents were at a manager level of seniority or higher.
Every organization will have its own custom list of priorities based on its internal context. Organizational goals, IT maturity level, and effectiveness of capabilities are some of the important factors to consider. To provide CIOs with a starting point for their list of priorities for 2023, we used aggregate data collected in our diagnostic benchmark tools between August 1, 2021, and October 31, 2022.
Info-Tech's CEO-CIO Alignment Program is intended to be completed by CIOs and their supervisors (CEO or other executive position [CxO]) and will provide the average maturity level and budget expectations (N=107). The IT Management and Governance Diagnostic will provide the average capability effectiveness and importance ranking to CIOs (N=271). The CIO Business Vision Diagnostic will provide stakeholder satisfaction feedback (N=259).
The 2023 CIO priorities are based on that data, internal collaboration sessions at Info-Tech, and external interviews with CIOs and subject matter experts.
Slightly more than half of CIOs using Info-Tech's CEO-CIO Alignment Program rated themselves at a Support level of maturity in 2022. That aligns with IT professionals' view of their organizations from our Tech Trends and Priorities Survey, where organizations are rated at the Support level on average. At this level, IT departments can provide reliable infrastructure and support a responsive IT service desk that reasonably satisfies stakeholders.
In the future, CIOs aspire to attain the Transform level of maturity. Nearly half of CIOs select this future state in our diagnostic, indicating a desire to deliver reliable innovation and lead the organization to become a technology-driven firm. However, we see that fewer CxOs aspire for that level of maturity from IT. CxOs are more likely than CIOs to say that IT should aim for the Optimize level of maturity. At this level, IT will help other departments become more efficient and lower costs across the organization.
Whether a CIO is aiming for the top of the maturity scale in the future or not, IT maturity is achieved one step at a time. Aiming for outcomes at the Optimize level will be a realistic goal for most CIOs in 2023 and will satisfy many stakeholders.
Trends imply new opportunities and risks that an organization must decide on. Organizational leadership determines if action will be taken to respond to the new external context based on its importance compared to current internal context. To support their organizations, IT must use its capabilities to deliver on initiatives. But if a capability's effectiveness is poor, it could hamper the effort.
To determine what capabilities IT departments may need to improve or create to support their organizations in 2023, we conducted an analysis of our trends data. Using the opportunities and risks implied by the Tech Trends 2023 report and the State of Hybrid Work in IT: A Trend Report, we've determined the top capabilities IT will need to respond. Capabilities are defined by Info-Tech's IT Management and Governance Framework.
|
Enterprise Application Selection & Implementation Manage the selection and implementation of enterprise applications, off-the-shelf software, and software as a service to ensure that IT provides the business with the most appropriate applications at an acceptable cost. |
 |
|
Leadership, Culture, and Values Ensure that the IT department reflects the values of your organization. Improve the leadership skills of your team to generate top performance. |
 |
|
Data Architecture Manage the business' databases, including the technology, the governance processes, and the people that manage them. Establish the principles, policies, and guidelines relevant to the effective use of data within the organization. |
 |
|
Organizational Change Management Implement or optimize the organization's capabilities for managing the impact of new business processes, new IT systems, and changes in organizational structure or culture. |
 |
|
External Compliance Ensure that IT processes and IT-supported business processes are compliant with laws, regulations, and contractual requirements. |
 |
Info-Tech's Management and Diagnostic Benchmark
Ten more capabilities surfaced as important compared to others but not as important as the capabilities in tier 1.
|
Asset Management Track IT assets through their lifecycle to make sure that they deliver value at optimal cost, remain operational, and are accounted for and physically protected. Ensure that the assets are reliable and available as needed. |
 |
|
Business Intelligence and Reporting Develop a set of capabilities, including people, processes, and technology, to enable the transformation of raw data into meaningful and useful information for the purpose of business analysis. |
 |
|
Business Value Secure optimal value from IT-enabled initiatives, services, and assets by delivering cost-efficient solutions and services and by providing a reliable and accurate picture of costs and benefits. |
 |
|
Cost and Budget Management Manage the IT-related financial activities and prioritize spending through the use of formal budgeting practices. Provide transparency and accountability for the cost and business value of IT solutions and services. |
 |
|
Data Quality Put policies, processes, and capabilities in place to ensure that appropriate targets for data quality are set and achieved to match the needs of the business. |
 |
|
Enterprise Architecture Establish a management practice to create and maintain a coherent set of principles, methods, and models that are used in the design and implementation of the enterprise's business processes, information systems, and infrastructure. |
 |
|
IT Organizational Design Set up the structure of IT's people, processes, and technology as well as roles and responsibilities to ensure that it's best meeting the needs of the business. |
 |
|
Performance Measurement Manage IT and process goals and metrics. Monitor and communicate that processes are performing against expectations and provide transparency for performance and conformance. |
 |
|
Stakeholder Relations Manage the relationship between the business and IT to ensure that the stakeholders are satisfied with the services they need from IT and have visibility into IT processes. |
 |
|
Vendor Management Manage IT-related services provided by all suppliers, including selecting suppliers, managing relationships and contracts, and reviewing and monitoring supplier performance. |
 |
Understand the CIO priorities by analyzing both how CIOs respond to trends in general and how a specific CIO responded in the context of their organization.
Recognize the relative impact of higher inflation on IT's spending power and adjust accordingly.
Two-thirds of IT professionals are expecting their budgets to increase in 2023, according to our survey. But not every increase is keeping up with the pace of inflation. The International Monetary Fund forecasts that global inflation rose to 8.8% in 2022. It projects it will decline to 6.5% in 2023 and 4.1% by 2024 (IMF, 2022).
CIOs must account for the impact of inflation on their IT budgets and realize that what looks like an increase on paper is effectively a flat budget or worse. Applied to our survey takers, an IT budget increase of more than 6.5% would be required to keep pace with inflation in 2023. Only 40% of survey takers are expecting that level of increase. For the 27% expecting an increase between 1-5%, they are facing an effective decrease in budget after the impact of inflation. Those expecting no change in budget or a decrease will be even worse off.
| 2022 | 8.8% |
| 2023 | 6.5% |
| 2024 | 4.1% |
International Monetary Fund, 2022
Data from Info-Tech's CEO-CIO Alignment Diagnostic benchmark also shows that CIOs and their supervisors are planning for increases to the budget. This diagnostic is designed for a CIO to use with their direct supervisor, whether it's the CEO or otherwise (CxO). Results show that on average, CIOs are more optimistic than their supervisors that they will receive budget increases and headcount increases in the years ahead.
While 14% of CxOs estimated the IT budget would see no change or a decrease in the next three to five years, only 3% of CIOs said the same. A larger discrepancy is seen in headcount, where nearly one-quarter of CXOs estimated no change or decrease in the years ahead, versus only 10% of CIOs estimating the same.
When we account for the impact of inflation in 2023, this misalignment between CIOs and their supervisors increases. When adjusting for inflation, we need to view the responses projecting an increase of between 1-5% as an effective decrease. With the inflation adjustment, 26% of CXOs are predicting IT budgets to stay flat or see a decrease compared to only 10% of CIOs.
CIOs should consider how inflation has affected their projected spending power over the past year and take into account projected inflation rates over the next couple of years. Given that the past decade has seen inflation rates between 2-3%, the higher rates projected will have more of an impact on organizational budgets than usual.
Expect headcount to stay flat or decline over 3-5 years
IT budget expectations to stay flat or decrease before inflation
IT budget expectations to stay flat or decrease adjusted for inflation
Info-Tech's CEO-CIO Alignment Program
Organizations that migrated from on-premises data centers to infrastructure as a service shifted their capital expenditures on server racks to operational expenditures on paying the monthly service bill. Managing that monthly bill so that it is in line with desired performance levels now becomes crucial. The expected benefit of the cloud is that an organization can turn the dial up to meet higher demand and turn it down when demand slows. In practice this is sometimes more difficult to execute than anticipated. Some IT departments realize their cloud-based data flows aren't always connected to the revenue-generating activity seen in the business. As a result, a "cloud economist" is needed to closely monitor cloud usage and adjust it to financial expectations. Especially during any recessionary period, IT departments will want to avoid a "bill shock" incident.
Keep your friends close and your vendors closer. Look for opportunities to create leverage with your strategic vendors to unlock new opportunities. Identify if a vendor you work with is not entrenched in your industry and offer them the credibility of working with you in exchange for a favorable contract. Offering up your logo for a website listing clients or giving your own time to speak in a customer session at a conference can go a long way to building up some goodwill with your vendors. That's goodwill you'll need when you ask for a new multi-year contract on your software license without annual increases built into the structure.
An IT department that operates at the Optimize level of Info-Tech's maturity scale can deliver outcomes that lower costs for other departments. IT can defend its own budget if it's able to demonstrate that its initiatives will automate or augment business activities in a way that improves margins. The argument becomes even more compelling if IT can demonstrate it is supporting a revenue-generating initiative or customer-facing experience. CIOs will need to find business champions to vouch for the important contributions IT is making to their area.
In some jurisdictions, the largest companies will be required to start collecting information on carbon emissions emitted as a result of business activities by the end of next year. Smaller sized organizations will be next on the list to determine how to meet new requirements issued by various regulators. Risks of failure include facing fines or being shunned by investors. CIOs will need to support their financial reporting teams in collecting the new required data accurately. This will incur new costs as well.
Acquiring IT equipment is becoming more expensive due to overall inflation and specific pressures around semiconductor supply chains. As a result, more CIOs are extending their device refresh policies to last another year or two. Still, demands for new devices to support new hybrid work models could put pressure on budgets as IT teams are asked to modernize conferencing rooms. For organizations adopting mixed reality headsets, cutting-edge capabilities will come at a premium. Operating costs of devices may also increase as inflation increases costs of the electricity and bandwidth they depend on.
Denise Cornish, Associate VP of IT and Deputy COO,
Western University of Health Sciences
Since taking on the lead IT role at Western University in 2020, Denise Cornish has approached vendor management like an auditable activity. She evaluates the value she gets from each vendor relationship and creates a list of critical vendors that she relies upon to deliver core business services. "The trick is to send a message to the vendor that they also need us as a customer that's willing to act as a reference," she says. Cornish has managed to renegotiate a contract with her ERP vendor, locking in a multi-year contract with a very small escalator in exchange for presenting as a customer at conferences. She's also working with them on developing a new integration to another piece of software popular in the education space.
Western University even negotiated a partnership approach with Apple for a program run with its College of Osteopathic Medicine of the Pacific (COMP) called the Digital Doctor Bag. The partnership saw Apple agree to pre-package a customer application developed by Western that delivered the curriculum to students and facilitated communications across students and faculty. Apple recognized Western as an Apple Distinguished School, a program that recognizes innovative schools that use Apple products.
"I like when negotiations are difficult.
I don't necessarily expect a zero-sum game. We each need to get something out of this and having the conversation and really digging into what's in it for you and what's in it for me, I enjoy that. So usually when I negotiate a vendor contract, it's rare that it doesn't work out."
As an online publisher and a digital marketing platform for technology products and services companies, IT World Canada (ITWC) has observed that there are differences in how small and large companies adopt the cloud as their computing infrastructure. For smaller companies, even though adoption is accelerating, there may still be some reluctance to fully embrace cloud platforms and services. While larger companies often have a multi-cloud approach, this might not be practical for smaller IT shops that may struggle to master the skills necessary to effectively manage one cloud platform. While Love acknowledges that the cloud is the future of corporate computing, he also notes that not all applications or workloads may be well suited to run in the cloud. As well, moving data into the cloud is cheap but moving it back out can be more expensive. That is why it is critical to understand your applications and the data you're working with to control costs and have a successful cloud implementation.
"Standardization is the friend of IT. So, if you can standardize on one platform, you're going to do better in terms of costs."
Go deeper on pursuing your priorities by improving the associated capabilities.
Take control of your cloud costs by providing central financial oversight on the infrastructure-as-a-service provider your organization uses. Create visibility into your operational costs and define policies to control them. Right-size the use of cloud services to stay within organizational budget expectations.
Take Control of Cloud Costs on AWS
Take Control of Cloud Costs on Microsoft Azure
Reduce the funds allocated to ongoing support and impose tougher discipline around change requests to lighten your maintenance burden and make room for investment in net-new initiatives to support the business.
Free up funds for new initiatives
Lay the foundation for a vendor management process with long-term benefits. Position yourself as a valuable client with your strategic vendors and leverage your position to improve your contract terms.
Keep pace as the market adopts AI capabilities, and be ready to create competitive advantage.
During 2022, some compelling examples of generative-AI-based products took the world by storm. Images from AI-generating bots Midjourney and Stable Diffusion went viral, flooding social media and artistic communities with images generated from text prompts. Exchanges with OpenAI's ChatGPT bot also caught attention, as the bot was able to do everything from write poetry, to provide directions on a cooking recipe and then create a shopping list for it, to generate working code in a variety of languages. The foundation models are trained with AI techniques that include generative adversarial networks, transformers, and variational autoencoders. The end result is an algorithm that can produce content that's meaningful to people based on some simple direction. The industry is only beginning to come to grips with how this sort of capability will disrupt the enterprise.
Slightly more than one-third of IT professionals say their organization has already invested in AI or machine learning. It's the sixth-most popular technology to have already invested in after cloud computing (82%), application programming interfaces (64%), workforce management solutions (44%), data lakes (36%), and next-gen cybersecurity (36%). It's ahead of 12 other technologies that IT is already invested in.
When we asked what technologies organizations planned to invest in for next year, AI rocketed up the list to second place, as it's selected by 44% of IT professionals. It falls behind only cloud computing. This jump up the list makes AI the fastest growing technology for new investment from organizations.
Many AI capabilities seem cutting edge now, but organizations are prioritizing it as a technology investment. In a couple of years, access to foundational models that produce images, text, or code will become easy to access with a commercial license and an API integration. AI will become embedded in off-the-shelf software and drive many new features that will quickly become commonplace.
To stay even with the competition and meet customer expectations, organizations will have to work to at least adopt these AI-enhanced products and services. For those that want to create a competitive advantage, they will have to build a data pipeline that is capable of training their own custom AI models based on their unique data sets.
Tech Trends 2023 Survey
Data collection and analysis are on the minds of both CIOs and their supervisors. When asked what technologies the business should adopt in the next three to five years, big data (analytics) ranked as most critical to adopt among CIOs and their supervisors. Big data (collection) ranked fourth out of 11 options.
Organizations that want to drive a competitive advantage from generative AI will need to train these large, versatile models on their own data sets. But at the same time, IT organizations are struggling to provide clean data. The second-most critical gap for IT organizations on average is data quality, behind only organizational change management. Organizations know that data quality is important to support analytics goals, as algorithms can suffer in their integrity if they don't have reliable data to work with. As they say, garbage in, garbage out.
Another challenge to overcome is the gap seen in IT governance, the sixth largest gap on average. Using data toward training custom generative models will hold new compliance and ethical implications for IT departments to contend with. How user data can be leveraged is already the subject of privacy legislation in many different jurisdictions, and new AI legislation is being developed in various places around the world that could create further demands. In some cases, users are reacting negatively to AI-generated content.
IT Management and Governance Diagnostic
CEO-CIO Alignment Program
Many organizations still cobble together knowledgebases in SharePoint or some other shared corporate drive, full of resources that no one quite knows how to find. A generative AI chatbot holds potential to be trained on an organization's content and produce content based on an employee's queries. Trained properly, it could point employees to the right resource they need to answer their question or just provide the answer directly.
After Hurricane Ian shut down a Walmart distribution hub, the retailer used AI to simulate the effects on its supply chain. It rerouted deliveries from other hubs based on the predictions and planned for how to respond to demand for goods and services after the storm. Such forecasts would typically take a team of analysts days to compose, but thanks to AI, Walmart had it done in a matter of hours (The Economist, 2022).
New generative AI models of sufficient scale offer advantages over previous AI models in their versatility. Just as ChatGPT can write poetry or dialogue for a play or perhaps a section of a research report (not this one, this human author promises), large models can be deployed for multiple use cases in the enterprise. One AI researcher says this could reduce the costs of an AI project by 20-30% (The Economist, 2022).
Multiple jurisdictions around the world are pursuing new legislation that imposes requirements on organizations that use AI, including the US, Europe, and Canada. Some uses of AI will be banned outright, such as the real-time use of facial recognition in public spaces, while in other situations people can opt out of using AI and work with a human instead. Regulations will take the risk of the possible outcomes created by AI into consideration, and organizations will often be required to disclose when and how AI is used to reach decisions (Science | Business, 2022). Questions around whether creators can prevent their content from being used for training AI are being raised, with some efforts already underway to collect a list of those who want to opt out. Organizations that adopt a generative AI model today may find it needs to be amended for copyright reasons in the future.
Organizations using a large AI model trained by a third party to complete their tasks or as a foundation to further customize it with their own data will have to contend with the inherent bias of the algorithm. This can lead to unintended negative experiences for users, as it did for MIT Technology Review journalist Melissa Heikkilä when she uploaded her images to AI avatar app Lensa, only to have it render a collection of sexualized portraits. Heikkilä contends that her Asian heritage overly influenced the algorithm to associate her with video-game characters, anime, and adult content (MIT Technology Review, 2022).
Many of the generative AI bots released so far often create very good responses to user queries but sometimes create nonsense that at first glance might seem to be accurate. One example is Meta's Galactica bot – intended to streamline scientific research discovery and aid in text generation – which was taken down only three days after being made available. Scientists found that it generated fake research that sounded convincing or failed to do math correctly (Spiceworks, 2022).
At the Toronto Raptors practice facility, the OVO Athletic Centre, a new 120-foot custom LG video screen towers over the court. The video board is used to playback game clips so coaches can use them to teach players, but it also displays analytics from algorithmic models that are custom-made for each player. Data on shot-making or defensive deflections are just a couple examples of what might inform the players.
Vice President of Digital Technology Christian Magsisi leads a functional Digital Labs technical group at MLSE. The in-house team builds the specific data models that support the Raptors in their ongoing efforts to improve. The analytics are fed by Noah Analytics, which uses cognitive vision to provide real-time feedback on shot accuracy. SportsVU is a motion capture system that represents how players are positioned on the court, with detail down to which way they are facing and whether their arms are up or down. The third-party vendors provide the solutions to generate the analytics, but it's up to MLSE's internal team to shape them to be actionable for players during a practice.
"All the way from making sure that a specific player is achieving the results that they're looking for and showing that through data, or finding opportunities for the coaching staff. This is the manifestation of it in real life. Our ultimate goal with the coaches was to be able to take what was on emails or in a report and sometimes even in text message and actually implement it into practice."
MLSE's Digital Labs team architects its data insights pipeline on top of cloud services. Amazon Web Services Rekognition provides cognitive vision analysis from video and Amazon Kinesis provides the video processing capabilities. Beyond the court, MLSE uses data to enhance the fan experience, explains CTO Humza Teherany. It begins with having meaningful business goals about where technology can provide the most value. He starts by engaging the leadership of the organization and considering the "art of the possible" when it comes to using technology to unlock their goals.
Humza Teherany (left) and Christian Magsisi lead MLSE's digital efforts for the pro sports teams owned by the group, including the Toronto Raptors, Toronto Maple Leafs, and Toronto Argonauts. (Photo by Brian Jackson).
Read the full story on Spiceworks Insights.
"Our first goal in the entire buildup of the Digital Labs organization has been to support MLSE and all of our teams. We like to do things first. We leverage our own technology to make things better for our fans and for our teams to complete and find incremental advantages where possible."
Humza Teherany,
Chief Technology Officer, MLSE
The performance of AI-assisted tools depends on mature IT operations processes and reliable data sets. Standardize service management processes and build a knowledgebase of structured content to prepare for AI-assisted IT operations.
Prepare for Cognitive Service Management
Explore the enterprise chatbots that are available to not only assist with customer interactions but also help your employees find the resources they need to do their jobs and retrieve data in real time.
Explore the best chatbots software
Understand if you are ready to embark on the AI journey and what business use cases are appropriate for AI. Plan around the organization's maturity in people, tools, and operations for delivering the correct data, model development, and model deployment and managing the models in the operational areas.
Adopt zero-trust architecture as the new security paradigm across your IT stack and from an organizational risk management perspective.
The push toward a zero-trust security framework is becoming necessary for organizations for several different reasons over the past couple of years. As the pandemic forced workers away from offices and into their homes, perimeter-based approaches to security were challenged by much wider network footprints and the need to identify users external to the firewall. Supply-chain security became more of a concern with notable attacks affecting many thousands of firms, some with severe consequences. Finally, the regulatory pressure to implement zero trust is rising following President Joe Biden's 2021 Executive Order on Improving the Nation's Cybersecurity. It directs federal agencies to implement zero trust. That will impact any company doing business with the federal government, and it's likely that zero trust will propagate through other government agencies in the years ahead. Zero-trust architecture can also help maintain compliance around privacy-focused regulations concerned about personal data (CSO Online, 2022).
IT professionals are modestly confident that they can meet new government legislation regarding cybersecurity requirements. When asked to rank their confidence on a scale of one to five, the most common answer was 3 out of 5 (38.5%). The next most common answer was 4 out of 5 (33.3%).
Out of a list of challenges, IT professionals are most concerned with talent shortages leading to capacity constraints in cybersecurity. Fifty-four per cent say they are concerned or very concerned with this issue. Implementing a new zero-trust framework for security will be difficult if capacity only allows for security teams to respond to incidents.
The next most pressing concern is that cyber risks are not on the radar of executive leaders or the board of directors, with 46% of IT pros saying they are concerned or very concerned. Since zero-trust requires that organizations take an enterprise risk management approach to cybersecurity and involve top decision makers, this reveals another area where organizations may fall short of achieving a zero-trust environment.
| How confident are you that your organization is prepared to meet current and future government legislation regarding cybersecurity requirements? |  |
 |
|
| 54% |
of IT professionals are concerned with talent shortages leading to capacity constraints in cybersecurity. |
|---|---|
| 46% |
of IT professionals are concerned that cyber risks are not on the radar of executive leaders or the board of directors. |
A zero-trust approach to security requires organizations to view cybersecurity risk as part of its overall risk framework. Both CIOs and their supervisors agree that IT-related risks are a pain point. When asked to rate the severity of pain points, 58% of CIOs rated IT-related business risk incidents as a minor pain or major pain. Their supervisors were more concerned, with 61% rating it similarly. Enterprises can mitigate this pain point by involving top levels of leadership in cybersecurity planning.
Organizations can be wary about implementing new security measures out of concern it will put barriers between employees and what they need to work. Through a zero-trust approach that focuses on identity verification, friction can be avoided. Overall, IT organizations did well to provide security without friction for stakeholders over the past 18 months. Results from Info-Tech's CIO Business Vision Diagnostic shows that stakeholders almost all agree friction due to security practices are acceptable. The one area that stands to be improved is remote/mobile device access, where 78.3% of stakeholders view the friction as acceptable.
A zero-trust approach treats user identity the same regardless of device and whether it is inside or outside of the corporate network. This can remove friction when workers are looking to connect remotely from a mobile device.
| CXO | 61% |
|---|---|
| CIO | 58% |
CIO Business Vision Diagnostic, N=259
Today's approach to access control on the network is to allow every device to exchange data with every other device. User endpoints and servers talk to each other directly without any central governance. In a zero-trust environment, a centralized zero-trust network access broker provides one-to-one connectivity. This allows servers to rest offline until needed by a user with the right access permissions. Users verify their identity more often as they move throughout the network. The user can access the resources and data they need with minimal friction while protecting servers from unauthorized access. Log files are generated for analysis to raise alerts about when an authorized identity has been compromised.
Many organizations put process in place to make sure data at rest is encrypted, but often when users copy that data to their own devices, it becomes unencrypted, allowing attackers opportunities to exfiltrate sensitive data from user endpoints. Moving to a zero-trust environment where each data access is brokered by a central broker allows for encryption to be preserved. Parties accessing a document must exchange keys to gain access, locking out unauthorized users that don't have both sets of keys to decrypt the data (MIT Lincoln Laboratory, 2022).
IT teams may not be seeing a budget infusion to invest in a new approach to security. By making use of the many free and open-source tools available, they can bootstrap their strategy into reality. Here's a list to get started:
PingCastle Wrangle your Active Directory and find all the domains that you've long since forgotten about and manage the situation appropriately. Also builds a spoke-and-hub map of your Active Directory.
OpenZiti Create an overlay network to enable programmable networking that supports zero trust.
Snyk Developers can automatically find and fix vulnerabilities before they commit their code. This vendor offers a free tier but users that scale up will need to pay.
sigstore Open-source users and maintainers can use this solution to verify the code they are running is the code the developer intended. Works by stitching together free services to facilitate software signing, verify against a transparent ledger, and provide auditable logs.
Microsoft's SBOM generation tool A software bill of materials is a requirement in President Biden's Executive Order, intended to provide organizations with more transparency into their software components by providing a comprehensive list. Microsoft's tool will work with Windows, Linux, and Mac and auto-detect a longlist of software components, and it generates a list organized into four sections that will help organizations comprehend their software footprint.
Zero trust requires that top decision makers get involved in cybersecurity by treating it as an equal consideration of overall enterprise risk. Not all boards will have the cybersecurity expertise required, and some executives may not prioritize cybersecurity despite the warnings. Organizations that don't appoint a chief information security officer (CISO) role to drive the cybersecurity agenda from the top will be at risk of cybersecurity remaining an afterthought.
No matter what industry you're in or what type of organization you run, you need cybersecurity. The demand for talent is very high and organizations are finding it difficult to hire in this area. Without the talent needed to mature cybersecurity approaches to a zero-trust model, the focus will remain on foundational principles of patch management to eliminate vulnerabilities and intrusion prevention. Smaller organizations may want to consider a "virtual CISO" that helps shape the organizational strategy on a part-time basis.
Many enterprise security postures remain vulnerable to an attack that commandeers an employee's identity to infiltrate the network. Hosted single sign-on models provide low friction and continuity of identity across applications but also offer a single point of failure that hackers can exploit. Phishing scams that are designed to trick an employee into providing their credentials to a fake website or to just click on a link that delivers a malware payload are the most common inroads that criminals take into the corporate network. Being aware of how user behavior influences security is crucial.
Brosnan provides private security services to high-profile clients and is staffed by security experts with professional backgrounds in intelligence services and major law enforcement agencies. Safe to say that security is taken seriously in this culture and CIO Serge Suponitskiy makes sure that extends to all back-office staff that support the firm's activities. He's aware that people are often the weakest link in a cybersecurity posture and are prone to being fooled by a phishing email or even a fraudulent phone call. So cybersecurity training is an ongoing activity that takes many forms. He sends out a weekly cybersecurity bulletin that features a threat report and a story about the "scam of the week." He also uses KnowBe4, a tool that simulates phishing attacks and trains employees in security awareness. Suponitskiy advises reaching out to Marketing or HR for help with engaging employees and finding the right learning opportunities.
"What is financially the best solution to protect yourself? It's to train your employees. … You can buy all of the tools and it's expensive. Some of the prices are going up for no reason. Some by 20%, some by 50%, it's ridiculous. So, the best way is to keep training, to keep educating, and to reimagine the training. It's not just sending this video that no one clicks on or posting a poster no one looks at. … Given the fact we're moving into this recession world, and everyone is questioning why we need to spend more, it's time to reimagine the training approach."
David Senf, National Cybersecurity Strategist, Bell
As a cybersecurity analyst and advisor that works with Bell's clients, David Senf sees zero-trust security as an opportunity for organizations to put a strong set of mitigating controls in place to defend against the thorny challenge of reducing vulnerabilities in their software supply chain. With major breaches being linked to widely used software in the past couple of years, security teams might find it effective to focus on a different layer of security to prevent certain breaches. With security policy being enforced at a narrow point/perimeter, attacks are in essence blocked from exploiting application vulnerabilities (e.g. you can't exploit what you can see). Organizations must still ensure there is a solid vulnerability management program in place, but surrounding applications with other controls is critical. One aspect of zero trust, micro-segmentation, which is an approach to network management, can limit the damage caused by a breach. The solutions help to map out and protect the different connections between applications that could otherwise be abused for discovery or lateral movement. Senf advises that knowing your inventory of software and the interdependencies between applications is the first step on a zero-trust journey, before putting protection and detection in place.
"Next year will be a year of a lot more ZTNA, zero-trust network access, being deployed. So, I think that will give organizations more of an understanding of what zero trust is as well, from a really basic perspective. If I can just limit what applications you can see and no one can even see that application, it's undiscoverable because I've got that ZTNA solution in place. … I would see that as a leading area of deployment and coming to understand what zero trust is in 2023."
Enable reduced friction in the remote user experience by underpinning it with a hardware asset management program. Creating an inventory of devices and effectively tracking them will aid in maintaining compliance, result in stronger policy enforcement, and reduce the harm of a lost or stolen device.
Implement Hardware Asset Management
Communicate the transition from a perimeter-based security approach to an "Always Verify" approach with a clear roadmap toward implementation. Map key protect surfaces to business goals to demonstrate the importance of zero-trust security in helping the organization succeed. Help the organization's top leadership build awareness of cybersecurity risk.
Manage the challenge of meeting new government requirements to implement zero-trust security and other data protection and cybersecurity regulations with a compliance program. Create a control environment that aligns multiple compliance regimes, and be prepared for IT audits.
Lead a strong culture through digital means to succeed in engaging the hybrid workforce.
The pandemic's disruption for non-essential workers looks to have a long-lasting, if not permanent, effect on the relationship between employer and employee. The new bargain for almost all organizations is a hybrid work reality, with employees splitting time between the office and working remotely, if not working remotely full-time. IT is in a unique position in the organization as it must not only contend with the shift to this new deal with its own employees but facilitate it for the entire organization.
With 90% of organizations embracing some form of hybrid work, IT leaders have an opportunity to shift from coping with the new work reality to finding opportunities to improve productivity. Organizations that embrace a hybrid model for their IT departments see a more effective IT department. Organizations that offered no remote work for IT rated their IT effectiveness on average 6.2 out of 10, while organizations with at least 10% of IT roles in a hybrid model saw significantly higher effectiveness. At minimum, organizations with between 50%-70% of IT roles in a hybrid model rated their effectiveness at 6.9 out of 10.
IT achieved this increase in effectiveness during a disruptive time that often saw IT take on a heavier burden. Remote work required IT to support more users and be involved in facilitating more work processes. Thriving through this challenging time is a win that's worth sharing with the rest of the organization.
| 90% | of organizations are embracing some form of hybrid work. |
Despite IT's success with hybrid work, CIOs are more concerned about their staff sufficiency, skill, and engagement than their supervisors. Among clients using our CEO-CIO Alignment Diagnostic, 49% of CIOs considered this issue a major pain point compared to only 32% of CXOs. While IT staff are more effective than ever, even while carrying more of a burden in the digital age, CIOs are still looking to improve staff engagement.
Info-Tech's State of Hybrid Work Survey illuminates further details about where IT leaders are concerned for their employee engagement. About four in ten IT leaders say they are concerned for employee wellbeing, and almost the same amount say they are concerned they are not able to see signs that employees are demotivated (N=518).
Boosting IT employees' engagement levels to match their effectiveness will require IT leaders to harness all the tools at their disposal. Communicating culture and effectively managing organizational change in the digital age is a real test of leadership.
| CXO | 32% |
|---|---|
| CIO | 49% |
CEO-CIO Alignment Diagnostic
IT leaders concerned about the erosion of culture and connectedness due to hybrid work can mitigate those effects with increased and improved communication. Among highly effective IT departments, 55% of IT leaders made themselves highly available through instant messaging chat. Another 54% of highly effective leaders increased team meetings (State of Hybrid Work Survey, n=213). The ability to adapt to the team's needs and use a number of tactics to respond is the most important factor. The greater the number of tactics used to overcome communication barriers, the more effective the IT department (State of Hybrid Work Survey, N=518).
A hybrid work approach emphasizes the importance of not only the technology in the office conference room but the process around how meetings are conducted. Creating an equal footing for all participants regardless of how they join is the goal. In pursuit of that, 63% of organizations say they have made changes or upgrades to their conference room technology (n=496). The conferencing experience can influence employee engagement and work culture and enhance collaboration. IT should determine if the business case exists for upgrades and work to decrease the pain of using legacy solutions where possible (State of Hybrid Work in IT: A Trend Report).
Map out the value chain from the customer perspective and then determine the organizational capabilities involved in delivering on that experience. It is a useful tool for helping IT staff understand how they're connected to the customer experience and organizational mission. It's crucial to identify opportunities to resolve pain points and create more efficiency throughout the organization.
Many employees that experienced hybrid work over the past couple of years are finding it's a positive development for work/life balance and aren't interested in a full-time return to the office. Organizations that insist on returning all employees to the office all the time may find that employees choose to leave the organization. Similarly, it could be hard to hire IT talent in a competitive market if the position is required to be onsite every day. Most organizations are providing flexible options to employees and finding ways to manage work in the new digital age.
Organizations may choose to keep their physical office only to later realize that no one is going to work there. While providing an office space can help foster positive culture through valuable face time, it has to be used intentionally. Managers should plan for specific days that their teams will meet in the office and make sure that work activities take advantage of everyone being in the same place at the same time. Asking everyone to come in so that they can be on a videoconference meeting in their cubicle isn't the point.
Studies on a remote work environment show it has an impact on how many connections each employee maintains within the company. Employees still interact well within their own teams but have fewer interactions across departments. Overall, workers are likely to collaborate just as often as they did when working in the office but with fewer other individuals at the company. Keep the isolating effect of remote work in mind and foster collaboration and networking opportunities across different departments (BBC News, 2022).
Working in the legislature of the Ontario provincial government, CIO Roberto Eberhardt's staff went from a fully onsite model to a fully remote model at the outset of the pandemic. Today he's navigating his path to a hybrid model that's somewhere in the middle. His approach is to allow his business colleagues to determine the work model that's needed but to support a technology environment that allows employees to work from home or in the office equally. Every new process that's introduced must meet that paradigm, ensuring it will work in a hybrid environment. For his IT staff, he sees a culture of accountability and commitment to metrics to drive performance measurement as key to the success of this new reality.
"While it's good in a way, the challenge for us is it became a little more complex because you have to account for all those things in the office environment and in the remote work approach. Everything you do now, you have to say OK well how is this going to work in this world and how will it work in the other world?"
At the Virginia Community College System (VCCS), CIO Mike Russell's IT team supports an organization that governs and delivers services to all community colleges in the state. Russell sees his IT team's purpose as being driven by the organization's mission to ensure success throughout the entire student journey, from enrolment to becoming employed after graduation. That customer-focused mindset starts from the top-level leadership, the chancellor, and the state governor. The VCCS maintains a six-year business plan that informs IT's strategic plan and aligns IT with the mission, and both plans are living documents that get refreshed every two years. Updating the plans provides opportunities for the chancellor to engage the organization and remind everyone of the purpose of their work.
"The outcome isn't the degree. The outcome we're trying to measure is the job. Did you get the job that you wanted? Whether it's being re-employed or first-time employment, did you get what you were after?"
Help leaders manage their teams effectively in a hybrid environment by providing them with the right tools and tactics to manage the challenges of hybrid work. Focus on promoting teamwork and fostering connection.
Prepare People Leaders for the Hybrid Work Environment
Assign accountability for managing the changes that the organization is experiencing in the digital age. Make a people-centric approach that takes human behavior into account and plans to address different needs in different ways. Be proactive about change.
Master Organizational Change Management Practices
Develop a foundation for aligning IT's activities with business value by creating a right-sized enterprise architecture approach that isn't heavy on bureaucracy. Drive IT's purpose by illustrating how their work contributes to the overall mission and the customer experience.
Create a Right-Sized Enterprise Architecture Governance Framework
Tightly align the IT organization with the organization's value chain from a customer perspective.
The pandemic motivated organizations to accelerate their digital transformation efforts, digitalizing more of their tasks and organizing the company's value chain around satisfying the customer experience. Now we see organizations taking their foot off the gas pedal of digitalization and shifting their focus to extracting the value from their investments. They want to execute on the digital transformation in their operations and realize the vision they set out to achieve.
In our Trends Report we compared the emphasis organizations are putting on digitalization to last year. Overall, we see that most organizations shifted fewer of their processes to digital in the past year.
We also asked organizations what motivated their push toward automation. The most common drivers are to improve efficiency, with almost seven out of ten organizations looking to increase staff on high-level tasks by automating repetitive tasks, 67% also wanting to increase productivity without increasing headcount, and 59% wanting to reduce errors being made by people. In addition, more than half of organizations pursued automation to improve customer satisfaction.
Tech Trends 2023 Survey
With the shift in focus from implementing new applications to support digital transformation to operating in the new environment, IT must shift its own focus to help realize the value from these systems. At the same time, IT must reorganize itself around the new value chain that's defined by a customer perspective.
Many current IT departments are structured around legacy processes that hinder their ability to deliver business value. CIOs are trying to grapple with the misalignment between the modern business structure and keep up with the demands for innovation and agility.
Almost nine in ten CIOs say that business frustration with IT's failure to deliver value is a pain point. Their supervisors have a slightly more favorable opinion, with 76% agreeing that it is a pain point.
Similarly, nine in ten CIOs say that IT limits affecting business innovation and agility is a pain point, while 81% of their supervisors say the same.
Supervisors say that IT should "ensure benefits delivery" as the most important process (CEO-CIO Alignment Program). This underlines the need to achieve alignment, optimize service delivery, and facilitate innovation. The pain points identified here will need to be resolved to make this possible.
IT departments will need to contend with a tight labor market and economic volatility in the year ahead. If this drives down resource capacity, it will be even more critical to tightly align with the organization.
| CXO | 76% |
|---|---|
| CIO | 88% |
| CXO | 81% |
|---|---|
| CIO |
90% |
CEO-CIO Alignment Program
Communicate the performance of IT to stakeholders by attributing positive changes in enterprise value to IT initiatives. For example, if a digital channel helped increase sales in one area, then IT can claim some portion of that revenue. If optimization of another process resulted in cost savings, then IT can claim that as a contribution toward the bottom line. CIOs should develop their handle on how KPIs influence revenues and costs. Keeping tabs on normalized year-over-year revenue comparisons can help demonstrate that IT contributions are making an impact on driving profitability.
Most back-office functions common to operating a company can be provided by cloud-based applications accessed through a web browser. There's no value in having IT spend time maintaining on-premises applications that require hosting and ongoing maintenance. Organizations that are still accruing technical debt and are unable to modernize will increasingly find it is negatively impacting employee experience, as users expect their working experience to be similar to their experience with consumer applications. In addition, IT will continue to have capacity challenges as resources will be consumed by maintenance. As they seek to outsource some applications, IT will need to consider the geopolitical risk of certain jurisdictions in selecting a provider.
The concept of "clocking in" for a shift and spending eight hours a day on the job doesn't help guide IT toward its objectives or create any higher sense of purpose. Leaders must work to create a true sense of accountability by reaching consensus on what key performance indicators are important and tasking staff to improve them. Metrics should clearly link back to business outcomes and IT should understand the role they play in delivering a good customer experience.
CIOs are finding it difficult to hire the talent needed to create the capacity they need as digital demands of their organizations increase. This could slow the pace of change as new positions created in IT go unfilled. CIOs may need to consider reskilling and rebalancing workloads of existing staff in the short term and tap outsourcing providers to help make up shortfalls.
New processes may have been given the official rubber stamp, but that doesn't mean staff are adhering to them. Organizations that reorganize themselves must take steps to audit their processes to ensure they're executed the way they intend. Some employees may feel they are being made obsolete or pushed out of their jobs and become disengaged.
Restructuring the organization can come with the need for new tools and more training. It may be necessary to operate with redundant staff for the transitional period. Some additional expenses might be incurred for a brief period as the new structure is being put in place.
As the new CIO to McDonald's Germany, Salman Ali came on board with an early mandate to reorganize the IT department. The challenge is to merge two organizations together: one that delivers core technology services of infrastructure, security, service desk, and compliance and one that delivers customer-facing technology such as in-store touchscreen kiosks and the mobile app for food delivery. He is looking to organize this new-look department around the technology in the hands of both McDonald's staff and its customers. In conversations with his stakeholders, Ali emphasizes the value that IT is driving rather than discussing the costs that go into it. For example, there was a huge cost in integrating third-party meal delivery apps into the point-of-sales system, but the seamless experience it delivers to customers looking to place an order helps to drive a large volume of sales. He plans to reorganize his department around this value-driven approach. The organization model will be executed with clear accountability in place and key performance indicators to measure success.
"Technology is no longer just an enabler. It's now a strategic business function. When they talk about digital, they are really talking about what's in the customers' hands and what do they use to interact with the business directly? Digital transformation has given technology a new front seat that's really driving the business."
LAWPRO is a provider of professional liability insurance and title insurance in Canada. The firm is moving its back-office applications from a build approach to a buy approach and focusing its build efforts on customer-facing systems tied to revenue generation. CIO Ernest Solomon says his team has been developing on a legacy platform for two decades, but it's time to modernize. The firm is replacing its legacy platform and moving to a cloud-based system to address technical debt and improve the experience for staff and customers. The claims and policy management platform, the "heartbeat" of the organization, is moving to a software-as-a-service model. At the same time, the firm's customer-facing Title Plus application is being moved to a cloud-native, serverless architecture. Solomon doesn't see the need for IT to spend time building services for the back office, as that doesn't align with the mission of the organization. Instead, he focuses his build efforts on creating a competitive advantage.
"We're redefining the customer experience, which is how do we move the needle in a positive direction for all the lawyers that interact with us? How do we generate that value-based proposition and improve their interactions with our organization?"
Go deeper on pursuing your priorities by improving the associated capabilities.
Help leaders manage their teams effectively in a hybrid environment by providing them with the right tools and tactics to manage the challenges of hybrid work. Focus on promoting teamwork and fostering connection.
Embrace Business-Managed Applications
Drive the most important IT process in the eyes of supervisors by defining business value and linking IT spend to it. Make benefits realization part of your IT governance.
Maximize Business Value From IT Through Benefits Realization
Showcase IT's value to the business by aligning IT spending and staffing to business functions. Provide transparency into business consumption of IT and compare your spending to your peers'.
Denise Cornish, Associate VP of IT and Deputy COO, Western University of Health Sciences
Jim Love, CIO, IT World Canada
Christian Magsisi, Vice President of Venue and Digital Technology, MLSE
Humza Teherany, Chief Technology Officer, MLSE
Serge Suponitskiy, CIO, Brosnan Risk Consultants
David Senf, National Cybersecurity Strategist, Bell
Roberto Eberhardt, CIO, Ontario Legislative Assembly
Mike Russell, Virginia Community College System
Salman Ali, CIO, McDonald's Germany
Ernest Solomon, Former CIO, LAWPRO
Anderson, Brad, and Seth Patton. "In a Hybrid World, Your Tech Defines Employee Experience." Harvard Business Review, 18 Feb. 2022. Accessed 12 Dec. 2022.
"Artificial Intelligence Is Permeating Business at Last." The Economist, 6 Dec. 2022. Accessed 12 Dec. 2022.
Badlani, Danesh Kumar, and Adrian Diglio. "Microsoft Open Sources Its Software Bill
of Materials (SBOM) Generation Tool." Engineering@Microsoft, 12 July 2022. Accessed
12 Dec. 2022.
Birch, Martin. "Council Post: Equipping Employees To Succeed In Digital Transformation." Forbes, 9 Aug. 2022. Accessed 7 Dec. 2022.
Bishop, Katie. "Is Remote Work Worse for Wellbeing than People Think?" BBC News,
17 June 2022. Accessed 7 Dec. 2022.
Carlson, Brian. "Top 5 Priorities, Challenges For CIOs To Recession-Proof Their Business." The Customer Data Platform Resource, 19 July 2022. Accessed 7 Dec. 2022.
"CIO Priorities: 2020 vs 2023." IT PRO, 23 Sept. 2022. Accessed 2 Nov. 2022.
cyberinsiders. "Frictionless Zero Trust Security - How Minimizing Friction Can Lower Risks and Boost ROI." Cybersecurity Insiders, 9 Sept. 2021. Accessed 7 Dec. 2022.
Garg, Sampak P. "Top 5 Regulatory Reasons for Implementing Zero Trust."
CSO Online, 27 Oct. 2022. Accessed 7 Dec. 2022.
Heikkilä, Melissa. "The Viral AI Avatar App Lensa Undressed Me—without My Consent." MIT Technology Review, 12 Dec. 2022. Accessed 12 Dec. 2022.
Jackson, Brian. "How the Toronto Raptors Operate as the NBA's Most Data-Driven Team." Spiceworks, 1 Dec. 2022. Accessed 12 Dec. 2022.
Kiss, Michelle. "How the Digital Age Has Transformed Employee Engagement." Spiceworks,16 Dec. 2021. Accessed 7 Dec. 2022.
Matthews, David. "EU Hopes to Build Aligned Guidelines on Artificial Intelligence with US." Science|Business, 22 Nov. 2022. Accessed 12 Dec. 2022.
Maxim, Merritt. "New Security & Risk Planning Guide Helps CISOs Set 2023 Priorities." Forrester, 23 Aug. 2022. Accessed 7 Dec. 2022.
Miller, Michael J. "Gartner Surveys Show Changing CEO and Board Concerns Are Driving a Different CIO Agenda for 2023." PCMag, 20 Oct. 2022. Accessed 2 Nov. 2022.
MIT Lincoln Laboratory. "Overview of Zero Trust Architectures." YouTube,
2 March 2022. Accessed 7 Dec. 2022.
MIT Technology Review Insights. "CIO Vision 2025: Bridging the Gap between BI and AI." MIT Technology Review, 20 Sept. 2022. Accessed 1 Nov. 2022.
Paramita, Ghosh. "Data Architecture Trends in 2022." DATAVERSITY, 22 Feb. 2022. Accessed 7 Dec. 2022.
Rosenbush, Steven. "Cybersecurity Tops the CIO Agenda as Threats Continue to Escalate - WSJ." The Wall Street Journal, 17 Oct. 2022. Accessed 2 Nov. 2022.
Sacolick, Isaac. "What's in the Budget? 7 Investments for CIOs to Prioritize." StarCIO,
22 Aug. 2022. Accessed 2 Nov. 2022.
Singh, Yuvika. "Digital Culture-A Hurdle or A Catalyst in Employee Engagement." International Journal of Management Studies, vol. 6, Jan. 2019, pp. 54–60. ResearchGate, https://doi.org/10.18843/ijms/v6i1(8)/08.
"Talent War Set to Become Top Priority for CIOs in 2023, Study Reveals." CEO.digital,
8 Sept. 2022. Accessed 7 Dec. 2022.
Tanaka, Rodney. "WesternU COMP and COMP-Northwest Named Apple Distinguished School." WesternU News. 10 Feb. 2022. Accessed 12 Dec. 2022.
Wadhwani, Sumeet. "Meta's New Large Language Model Galactica Pulled Down Three Days After Launch." Spiceworks, 22 Nov. 2022. Accessed 12 Dec. 2022.
"World Economic Outlook." International Monetary Fund (IMF), 11 Oct. 2022. Accessed
14 Dec. 2022.
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Before setting up or re-structuring a PMO, organizational need should not only be taken into consideration but used as a foundation. Phase 1 of this blueprint will help you define the services that your PMO should provide to your organization, instead of the one-size-fits-all approach that doesn’t work.
Use the PMO Role Definition Tool to establish your PMO current state and the service gaps you may have. Use the results to determine the role your PMO should play within your organization.
The PMO Project Charter shares the vision to achieve consensus between stakeholders and projects and initiatives of the PMO. Use this template to jump-start your PMO project.
Use this template to create your job descriptions from scratch.
The Portfolio Manager will oversee the business of discovering unsatisfied needs, articulating them as project demand, and organizing appropriate responses. Your customers are the people who approve projects, and you will service them.
This tool will help you assess staffing requirements to facilitate project management, business analysis, and organizational change management outcomes.
This template will help you compose a PMO strategy. Follow the steps in the blueprint to complete the strategy.
Use the Organizational Change Impact Analysis Tool to analyze the effects of a change across the organization, and to assess the likelihood of adoption to right-size your OCM efforts.
Use this tool to determine the next steps and assign tasks to the appropriate people.
Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.
Get a common understanding of your PMO options.
Determine where you are and engage leadership.
A clear vision for your PMO and an articulated reason for establishing it.
An understanding of you PMO goals and which challenges it sets to address.
1.1 PPM Current State Scorecard
1.2 SWOT Analysis
1.3 Current State and Leadership Engagement
1.4 PMO Mandate and Vision
PPM Current State Scorecard Results
SWOT Results
PMO Role Development Tool
PMO Charter
Identify organizational design.
Build job descriptions.
An analysis of staffing requirements of your PMO that aligns with your mandate from phase 1.
Job description aids to fill the necessary roles.
2.1 Right, Wrong, Missing, Confusing
2.2 PMO Function, Roles, and Responsibilities
2.3 Job Descriptions
Right, Wrong, Missing, Confusing Results
Job Description Survey Tool
Job Description Templates
Create a roadmap.
An actionable roadmap that can be presented to leadership and implemented.
3.1 Roadmap Hierarchy and Staffing and Sizing
3.2 Governance and Authority
PMO Roadmap Draft
Governance Authority
Set up governance and OCM.
An introduction to the concept of governance and tools for a change impact analysis.
4.1 Analyze the impact of the change across multiple dimensions and stakeholder groups.
4.2 Gain sponsorship.
Organizational Change Impact Analysis Tool
Sponsor Template
We all have junk drawers somewhere in our homes, and we probably try not to think about what’s going on in there. We’re just happy that they close and that the contents are concealed from anyone living in or passing through the house.
What goes in these junk drawers? Things that don’t have a home, things you don’t know what to do with, and things you don’t have the time or desire to deal with. Eventually, the drawer gets full, and it doesn’t serve you anymore because you can’t add anything else to it. Instead of cleaning the drawer and keeping the things you need, you throw everything away in one sweep. One day you will start the process again.
The junk drawer is like your project management office (PMO). The PMO is given projects that are barely scoped, projects that don’t have clear sponsors, and ad hoc administrative tasks you don’t have the time or desire to deal with. Inevitably, your PMO is out of capacity. This happens rather quickly, since it’s understaffed. You question its purpose because you made it a junk drawer. You even think about closing it. One day you will start the process again.
Use this blueprint to stop the madness. Learn how to properly define, staff, and plan a roadmap of a PMO that will actually serve your organization.
Ugbad Farah, PMP
Senior Research Analyst, PPM
Info-Tech Research Group
IT is responsible for many different business services. The data from Info-Tech’s IT Staffing diagnostic shows that 11.5% of staff time is spent on projects and project portfolio management. (Source: Info-Tech IT Staffing Benchmark Report)
PMOs can’t do everything and be all things to all people. Define limits with a strong mandate and effective staffing. Make sure you have the skills and capacity to support required PMO functions.
68% — Sixty-eight percent of stakeholders see their PMOs as sources of unnecessary bureaucratic red tape. (Source: KeyedIn, 2014)
50% — Fifty percent of PMOs close within the first three years due to such things as poorly defined mandates and poor leadership. (Source: KeyedIn, 2014)
50% of PMOs close within the first 3 years.
|
|
|
|
01 DefineDEFINE THE RIGHT KIND OF PMOEstablish the purpose of your PMO. Identify organizational needs to fill in gaps instead of duplicating efforts. LOGICAL FALLACY
A properly run portfolio reconciles demand (project requests) to supply (available people) and drives throughput by approving the amount of projects that can get done. |
02 StaffSTAFF THE PMO FOR RESILIENCEAnalyze the staffing requirements for your PMOs mandate. Create purpose-built role descriptions. FALSE ASSUMPTION
Your best project manager should be running projects and, no, they shouldn't do both. |
03 PlanPREPARE AN ACTIONABLE ROADMAPThe difference in a winning PMO is determined by a roadmap or plan created at the beginning. Leaders should understand the full scope of the plan before committing their teams to the project. COMMON MISTAKE
Too often, PMOs focus on project management rigor and plan to do portfolio management after that's done. But few successfully maintain the process long enough to get there. If you start with portfolio management, leadership might soften their demands for project management rigor. |
04 ExecuteALIGN TO STRATEGIC PLANUse the power of organizational change management to ensure success and adoption. Iterate through the finer points of planning and execution to deploy the kind of PMO defined in step 1, with the people described in step 2, and the strategic roadmap articulated in step 3. PROJECT MYOPIA
Don't forget why the idea got approved in the first place. The goal is to sustain beneficial business outcomes well beyond the completion of your project. |
| 1. Define the PMO | 2. Staff the PMO | 3. Prepare a Roadmap | |
| Phase Steps |
|
|
|
| Phase Outcomes | A clear vision for your PMO and an articulated reason for establishing it.
An understanding of your PMO goals and which challenges it sets to address. |
An analysis of staffing requirements of your PMO that aligns with your mandate from phase 1. Job descriptions help to fill the necessary roles. | An actionable roadmap that can be presented to leadership and implemented. An introduction to the concept of governance and tools for a change impact analysis. |
There is a gap in the perception of the actual role of the PMO in many organizations by different stakeholder groups. Many people see the PMO police that produce red tape rather than a helpful support system. Those that need to present a coherent plan to leadership championing the need for a PMO often have an uphill battle.
Determine the PMO’s role and needs and then determine your staff needs based on that PMO.
PMO leaders are all too often set up to fail, left to make successes out of PMOs that:
Staff the PMO according to its actual role and needs. Don’t rush to the assumption that PMO staff starts with accomplished project managers.
Many organizations have PMOs of one person, and it is simply not a long-term recipe for success. People in this situation have a lot of weight on their shoulders and feel like they are being set up to fail. It is very challenging for anyone to run a PMO alone without support or administrative help.
The difference in a winning PMO is determined by a roadmap or plan created at the beginning.
When you are determining what your PMO will provide in the future, it is important to align the ambition of the PMO with the maturity of the business. Too often, a lot of effort is spent trying to convince businesses of the value of a PMO.
| PMO Role Definition Tool | 
|
PMO Project Charter Template | 
|
||
Blank Job Description Template
|
Sample Job Descriptions
|
PMO Job Description Builder Workbook
|
|||
PMO Strategic Plan
|
PMO MS Project Plan Sample
|
Organizational Change Impact Analysis Tool
|
DIY Toolkit |
Guided Implementation |
Workshop |
Consulting |
| "Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful." | "Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track." | "We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place." | "Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project." |
A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization.
A typical GI is 8 to 12 calls over the course of 4 to 6 months.
What does a typical GI on this topic look like?
Contact your account representative for more information.
workshops@infotech.com1-888-670-8889
| Day 1 | Day 2 | Day 3 | Day 4 | Day 5 | |
| Activities |
Define1.1 Review PPM Current State Scorecard Results 1.2 Get a Common Understanding of Your PMO Options 1.3 Conduct SWOT Analysis 1.4 Current State and Leadership Engagement 1.5 PMO Mandate and Vision |
Staff2.1 Identify Organizational Design 2.2 Right, Wrong, Missing, Confusing 2.3 PMO Function, Roles, and Responsibilities 2.4 Job Descriptions |
Plan3.1 Roadmap Top-Level Hierarchy 3.2 Roadmap Second-Level Hierarchy 3.2 Staffing and Sizing 3.3 Reconcile and Finalize Roadmap 3.4 Governance and Authority |
Change4.1 Importance of OCM 4.2 Sponsorship 4.3 Analyze the Impact of the Change Across Multiple Dimensions and Stakeholder Groups |
Next Steps and Wrap-Up (offsite)5.1 Complete in-progress deliverables from previous four days. 5.2 Set up review time for workshop deliverables and to discuss next steps. |
| Deliverables |
|
|
|
|
|
Phase 1
|
Phase 2
|
Phase 3
|
| 1915 | 1930s | 1950s | 1980s | 1990s |
| Frederick Taylor introduces the PMO with the implementation of the scientific management method and the increase in the number and complexity of projects. | The US Air Corps creates a Project Office function to monitor aircraft development (probably the first record of the term being used). | The US military starts developing complex missile systems. Each weapon system was composed of several sub-projects grouped together in system program offices (SPOs). This built the structures underlying the traditional PMO. | The Project Office concept exported to construction and IT. | The PMO gains a lot of momentum with professional associations and project management certifications becoming recognized industry standards. |
The responsibilities of a PMO can range from providing project management support functions to the direct management of one or more projects. The PMO is an organizational body assigned with various responsibilities related to the centralized and coordinated management of those projects under its domain.
The PMO may play a role in supporting strategic alignment and delivering organizational value, integrating data and information for organizational strategic projects, and evaluating how higher-level strategic objectives are being fulfilled.
The PMO can be responsible for portfolio maintenance, setting a standard approach for project and program and portfolio management.
The PMO is an organizational body assigned with various responsibilities related to the centralized and coordinated management of those projects under its domain.
In an effort to set a standard, the governance frameworks have over complicated it for most of us.
|
Determine the Services Your PMO Will Provide
Establish Your PMO’s Mandate
Ensure Organizational Needs Are Being Met
|
Hierarchy of PMO Needs
|
Consider the principles of Maslow’s Hierarchy of Needs, which view the lower tiers of the hierarchy as fundamentally required to validate the pursuit of the higher tiers.
| Step 1.1 | Step 1.2 |
PMOs are often born out of necessity or desperation. A traumatic event happens, and leadership decides that it wouldn’t have happened had there been a “Project Management Office.” The phrase itself is often quite reassuring and offers the hope of some sort of sanity and order.
People may not really be able to explain what a PMO is, but they do have a common understanding that it should solve all project management issues. But simply prescribing the “PMO” as a remedy for every organizational alignment is not going to be sufficient. There are different types of PMOs and more importantly there are different types of organizations.
Google and the Google logo are trademarks of Google LLC.
The PMI does not have a standard for PMOs like it does for things like project, program, and portfolio management. Its PMO definitions should be used as more of a reference point than a best practice.
The PMI described three types of PMOs. These three types are well known in the industry, but they are essentially characteristics and do little to help people understand the functions and services of a PMO. There continue to be questions about the role a PMO should play in an organization and how it’s supposed to add value.
We have narrowed it down to five types of PMOs.
ePMO
|
IT PMO
|
PMO
|
CMO
|
CoE
|
| Enterprise
Highest level PMO, typically responsible to align project and program work to strategy-significant projects or programs for the entire organization. Could include both IT and business units. |
IT
IT PMOs provide project-related support for IT project portfolios. For many organizations PMOs originate in IT departments because of the structure required for technology-related projects. |
Project/Program
Provides project-related tactical service as an entity to support a specific project or program. Can be dismantled when program is done. |
Change
Change management offices (CMO) help build change management capabilities and enable change readiness in organizations. |
Excellence
These centers differ in size and mode of organization, depending on their subject and scope. They support project work by providing the organizations with standard methodologies and tools. |
Use this model to clearly show what is in and out of scope.
| ePMO | IT PMO | PMO | CMO | CoE | ||
| PPM | Reporting for enterprise portfolio and the financial/human resources needed to deliver them | X | ||||
| PPM | Finance for project/portfolio capital and expense | X | X | |||
| PPM | Customer Management – the customers, sponsors of the project | X | X | |||
| PPM | Strategy Management – projects and programs relate to corporate | X | X | X | ||
| PPM | Program Management – related projects in the portfolio | X | X | X | ||
| PPM | Time Accounting | X | X | x | ||
| PPM | Business Relationship Management (BRM) | X | X | |||
| PPM | Project Information System (PMIS) – organization of project information | X | X | |||
| PPM | Administrative Support – general assistance with Portfolio | X | ||||
| PPM | Record Keeping – Enterprise Information | X | X | |||
| RM | Forecasting | X | ||||
| PM | Quality Assurance | X | X | |||
| PM | Procurement and Vendor Management | X | X | X | ||
| PM | Project Status Reporting | X | X | |||
| PM | PM Services | X | X | X | ||
| PM | Training | X | ||||
| PM | PM SOP | X | ||||
| OCM | Adoption | X | X | |||
| OCM | Change Management | X | X | |||
| OCM | Benefits Attainment | X | X | |||
| OCM | Forecast Benefits | X | X | |||
| OCM | Track Benefits | X | X | |||
| GOV | Intake | X | ||||
| GOV | Governance | X | X | |||
| GOV | Reporting | X | X | X | X |
| Portfolio Management | Resource Management | Project Management | Organizational Change Management | PMO Governance | |||
| Recordkeeping and bookkeeping | Strategy management | Assessment of available supply of people and their time | Project status reporting | PM SOP (e.g. feed the portfolio, project planning, task managing) |
Benefits management | Technology and infrastructure | |
| Reporting | Financial management | HR | Security | ||||
| PMIS | Intake | Matching supply to demand based on time, cost, scope, and skill set requirements | Procurement and vendor management | Legal | Financial | ||
| CRM/RM/BRM | Program management | ||||||
| Tracking of utilization based on the allocations | Quality | Intake | |||||
| Time Accounting | PM services (e.g. staffing project managers or coordinators) |
Quality assurance | Organizational change management | Project progress, visibility, and process | |||
| Forecasting of utilization via supply-demand reconciliation | Closure and lessons learned | ||||||
| Administrative support | PM Training | ||||||
The rest of this blueprint will help you choose the right capabilities and accompanying job functions for your PMO.
Various options for specific PMO job functions are listed below each capability. PMO leaders need to decide which of these functions are required for their organization.
Input: Current PMO governance documents and SOPs
Output: An assessment of current strengths, opportunities, threats, and weaknesses of capabilities in previous slide
Materials: Whiteboard/flip charts, Sticky notes
Participants: PMO director and/or portfolio manager, PMO staff/stakeholders, Project managers
Perform a SWOT analysis to assess the current state of PMO capabilities covered on the previous slide.
The purpose of the SWOT is to begin to define the goals of this implementation by assessing your project management, portfolio management, resource management, organizational change management, and governance capabilities and cultivating alignment around the most critical opportunities and challenges.
Strengths
|
Weaknesses
|
Opportunities
|
Threats
|
Define the Right Kind of PMO
| Step 1.1 | Step 1.2 |
“If a company is not a project-oriented organization, there’s less of a need for a PMO. If they are project-focused though, they should have one. Otherwise, who’s driving the delivery of their projects? Who’s establishing their methodology? How are they managing resources efficiently?” (Mary Hubbard, PMP, director of the PMO at Siemens Government Technologies Inc., A PMI Global Executive Council Member)
Observe the needs of your organization before deciding on services to support it.
|
|
Organizational Change Management
|
Project Management
|
Portfolio Management
|
Governance
|
Download the PMO Role Definition Tool
|
|
|
Use the tool on the next slide to see where you may need to spend.
20-30 minutes
Input: Understanding of current project portfolio environment
Output: Completed current state survey
Materials: Tab 1 of Info-Tech’s PMO Role Definition Tool
Participants: PMO director and/or portfolio manager, PMO staff/stakeholders, Project managers
There are 20 current-state questions in column C. Together, the questions address the five capabilities in Info-Tech’s PMO function matrix (slide 28).
Use the drop-down menu in column D to answer Agree, Somewhat Agree, Neutral, Somewhat Disagree, or Disagree to each question in column C.
The questions are broad by design. Answer them honestly and select “neutral” if anything is not applicable.
15-30 minutes
Input: Reflection on the question, “If I/We do nothing, someone in the organization is…”
Output: Completed target state survey
Materials: Tab 2 of Info-Tech’s PMO Role Definition Tool
Participants: PMO director and/or portfolio manager, PMO staff/stakeholders, Project managers
Each question in column C of tab 2 should be answered in the context of, “If I do nothing, someone in the organization is…”
Answer each question by using the drop-down menu in column D to select “Yes,” “No,” “I don’t know,” or “N/A.”
If “Yes” include the department or area that is responsible.
The name of the box is the group the function belongs to.
These outputs are based on the answers to the questions on the previous 2 tabs.
In each group’s box are high-level recommendations.
In a matrix environment, understanding the challenges other teams are facing is a core requirement of an effective PMO. The best way to understand this is through direct engagement like conducting interviews and taking surveys with management and members of other teams.
Ask yourself these questions about your PMO:
A PMO should be structured to provide service to the organization. View it as a business, serving the stakeholders.
45-60 minutes
Input: Outputs from SWOT analysis
Output: An initial PMO mandate
Materials: Whiteboard/flip charts, Sticky notes
Participants: PMO director and/or portfolio manager, PMO staff/stakeholders, Project managers
Now that you have an idea of the services your organization needs from steps 1.1 and 1.2 of this blueprint, you can discuss the target state of your PMO.
3-4 hours
Input: Activity 1.2.3, Logical considerations for PMO deployment (see bulleted list on this slide)
Output: An assessment of current strengths, opportunities, threats, and weaknesses of capabilities in previous slide
Materials: Whiteboard/flip charts, Sticky notes
Participants: PMO director and/or portfolio manager, PMO staff/stakeholders, Project managers
A successful PMO will offer a range of services which business units can rely on. The aim of the PMO charter is to outline what is in scope for the PMO and what services it will initially offer.
A project charter serves several important functions. It organizes the project so you can make efficient and effective resource allocation decisions. It also communicates important details about the project purpose, scope definition, and project parameters.
To use this template, simply modify or delete all information in grey text and convert the remaining text to black before printing or sending. Sections within the Template include:
Download the PMO Project Charter Template
|
?
Will project managers be included in the PMO? Which projects and programs will be in the PMO’s mandate? |
?
Will the PMO have decision-making authority? If so, how much and on what issues? |
?
Where in the organizational structure will the PMO report? |
“Changing the perception of project management from ‘busy work’ to ‘valued efforts’ is easier when the PMO is properly aligned.” (Project Management Institute, October 2009)
It can help drive strategy instead of just being a technical arm.
Strategic |
|
Tactical |
| Strategic Alignment
Leadership assumes that your presence will optimize the alignment of projects to corporate strategy. |
Process Adherence
Leadership assumes you’re all about process. |
|
| Portfolio Thinking
Leadership assumes that you’re thinking about the overall throughput of projects through the portfolio. |
Project Thinking
Leadership assumes you’re not thinking beyond the boundaries of a single project at any given time. |
|
| Outcomes Focused
Leadership assumes that you’re focused on the outcomes forecast by sponsors. |
Timeline Focused
Leadership assumes you’re focused on delivering projects on time. |
A key success factor for a PMO is to take part of strategic conversations; when they are left out, it creates a barrier. The PMO is the connective tissue between strategy and tactics. Don’t risk your benefits by not having the PMO Director at the table before you make decisions.
“The failure to build a bridge between the strategic planning process and project management’s planning process is a major reason strategic plans don’t work.” (Bruce McGraw, Project/Programme Manager)
To create a strategic plan that provides value, recognize that the strategic plan for the PMO is not the PMO charter.
To create a results-driven strategic plan for your PMO, it is helpful to follow a top-down format:
Vision: this needs to be a vivid and common image
Mission: this is the special assignment that is given to a group
Goals: these are broad statements of future conditions
Objectives: these are operational statements that indicate how much and by when (e.g. deliverables or intangible objectives like productivity)
Strategies: these are the set of actions that need to take place
Needs: these are the things required to carry out the strategy
Critical Success Factors: these are the key areas of activity in which favorable results are necessary to reach the goal
Download the PMO Strategic Plan
Phase 1
| Phase 2
| Phase 3
|
58.3% — 58% of respondents feel they have the appropriate staffing level to execute project management effectively. (Source: Info-Tech IT Staffing Benchmark Report)
59.8% — 59% feel they have the appropriate staffing level to execute requirements gathering effectively. (Source: Info-Tech IT Staffing Benchmark Report)
The GDP contributions from project-oriented industries are forecasted to reach $20.2 trillion over the next 20 years. (Source: “Project Management: Job Growth and Talent Gap” Project Management Institute, 2017)
Project work is only going to increase, and in general, people are dissatisfied with their current staffing levels.
Staff Your PMO for Resilience
| Step 2.1 | Step 2.2 |
30-45 minutes
Input: Current PMO process, Current PMO org. chart
Output: An assessment of current things that are being done right and wrong and what is currently missing and confusing
Materials: Whiteboard/flip charts, Sticky notes
Participants: PMO director and/or portfolio manager, PMO staff, Project managers
Perform a right, wrong, missing, confusing analysis to assess the current state of your PMO and its staff.
The purpose of this exercise is to begin to define the goals of this implementation by assessing your staffing capabilities and cultivating alignment around the most critical opportunities and challenges.
Follow these steps to complete the analysis:
The traditional hierarchical organizational structure.
Adapted from ProjectEngineer, 2019 |
|
The majority of project resources are involved in project work.
Adapted from ProjectEngineer, 2019 |
|
A combination of functional and projectized.
Adapted from ProjectEngineer, 2019 |
|
Input: Current org. charts and PMO structures, Info-Tech’s PMO Function Matrix
Output: Structure chart
Materials: Whiteboard/flip charts
Participants: PMO director and/or portfolio manager, PMO staff, Project managers
|
|
| Portfolio Management | Resource Management | Project Management | Organizational Change Management | PMO Governance | |||
| Recordkeeping and bookkeeping | Strategy management | Assessment of available supply of people and their time | Project status reporting | PM SOP (e.g. feed the portfolio, project planning, task managing) |
Benefits management | Technology and infrastructure | |
| Reporting | Financial management | HR | Security | ||||
| PMIS | Intake | Matching supply to demand based on time, cost, scope, and skill set requirements | Procurement and vendor management | Legal | Financial | ||
| CRM/RM/BRM | Program management | ||||||
| Tracking of utilization based on the allocations | Quality | Intake | |||||
| Time Accounting | PM services (e.g. staffing project managers or coordinators) |
Quality assurance | Organizational change management | Project progress, visibility, and process | |||
| Forecasting of utilization via supply-demand reconciliation | Closure and lessons learned | ||||||
| Administrative support | PM Training | ||||||
30-45 minutes
Input: Understanding of your current situation regarding project intake and process
Output: Survey results
Materials: Whiteboard/flip charts
Participants: PMO director and/or portfolio manager, PMO staff, Project managers
When staffing your PMO, it is important to understand your current situation regarding project intake and process.
Answer the following questions, and be as detailed as possible:
45 minutes to 1 hour
Input: Tab 1 of the PMO Job Description Builder Workbook
Output: List of current projects, processes, and tools
Materials: PMO Job Description Builder Workbook
Participants: PMO director and/or portfolio manager, PMO staff, Project managers
On tab 1 of the PMO Job Description Builder Workbook, use the survey to help determine potential role requirements across various project portfolio management, project management, business analysis, and organizational change management activities.
Follow these steps to complete the survey:
Download the PMO Job Description Builder Workbook
Staff Your PMO for Resilience
| Step 2.1 | Step 2.2 |
Tab 2 of the PMO Job Description Builder Workbook shows the survey results from tab 1.
The job activities are ranked in a prioritized list. The analysis will help you determine if you require a portfolio manager, program manager, project manager, business analyst, organizational change manager, or a combination.
Follow these steps to analyze your results:
Download the PMO Job Description Builder Workbook
30 minutes
Input: Tab 3 of the PMO Job Description Builder Workbook
Output: Total estimated monthly time commitments, Preliminary FTE analysis
Materials: PMO Job Description Builder Workbook
Participants: PMO director and/or portfolio manager, PMO staff, Project managers
Tab 3 of the PMO Job Description Builder Workbook is used to complete the FTE analysis.
Download the PMO Job Description Builder Workbook
On tab 3, use column E to estimate the monthly time commitments required for each activity in the role.
Tip: Base estimates on the number of projects and project teams as well as the number of internal and external stakeholders across the portfolio(s) of projects and programs.
Cell J5 will provide a preliminary recommended FTE count for the role.
This is an output tab based on your analysis in tabs 1 and 2. Copy and paste the content and add it under the relevant heading in Info-Tech's Blank Job Description Template later in this blueprint.
For each capability you are including in your job description, there is a list of common certifications. These can also be copied and pasted into the Blank Job Description Template.
Download the PMO Job Description Builder Workbook
While your PMO should have someone to lead the team, aside from that it’s hard to be specific about the exact roles your PMO needs without understanding the needs of your organization.
This is why it’s important to define your PMO first. Your team members should best support the function and capabilities of your PMO.
For example:
You should have a mix of skills in the PMO team, each complementing the others. You may have administrators and coordinators, data analysts and software experts, trainers, coaches, and senior managers.
“If you want to go fast, go alone. If you want to go far, go together.” (African proverb)
The Peter Principle was first introduced by Canadian sociologist Laurence Johnston Peter describing the pitfalls of bureaucratic organizations. The original principle states that "in a hierarchically structured administration, people tend to be promoted up to their level of incompetence.” The principle is based on the observation that whenever someone succeeds at their job, the organizational response is to promote them, thus people will continue to be promoted until they reach a point where they’re no longer excelling at their job. At that point, they would no longer be promoted. Followed to its logical conclusion, organizations will continue to take successful people and rotate them to new positions until they are no longer effective.
The job descriptions on the next few pages are associated with the descriptive headings, but it is important to recognize that these diverse roles can all fall under the job title of PMO director.
As PMO director, you will oversee the throughput of IT projects using portfolio management, project management, and organizational change management disciplines.
You and your team will directly manage the intake of new project requests, the preparation of evaluation-ready project proposals, and the handoff of approved project initiation documents to project managers in other departments. You will forecast and track the availability of people to do the project work throughout the project life cycle. You will publish monthly and annual portfolio reporting based on information collected from the project teams, and you will oversee the closure of projects with follow-up reporting to those who approved them.
From time to time, the PMO may be required to identify projects that should be frozen or canceled based on criteria set forth by the leadership and/or industry best practices.
While currently out of scope, successful candidates should be comfortable with the possibility that the PMO may required to develop full life cycle organizational change management in the future. As well, experienced project managers in the PMO may be required to manage high-risk, high-visibility projects from time to time.
As PMO director, you will oversee a team of professional project managers who are responsible for the company’s high-risk, high-visibility, and strategic projects.
You and your team will receive initiation documents and assigned resourcing for approved projects from the company’s authorized decision makers. You will manage the fulfillment of the project requirements, providing regular status updates to project and portfolio stakeholders and escalating concerns when projects are struggling to meet their commitments for scope, cost, and timelines.
Over time, the PMO will take on an increasing role in organizational change management. The PMO will transition its focus from project delivery to business outcomes. Over time, the PMO will transition project sponsors from articulating requirements to delivering results.
As PMO director, you will oversee the establishment, support, and promotion of company-wide standards for project management.
You and your team will modernize and maintain the company policy manuals and processes for everything related to project management. You will adapt our legacy PMBOK-based standards to cover iterative project management approaches as well as the more formal approaches required for construction projects, outsourced projects, and a wide variety of non-IT projects.
As PMO director, you will oversee the governance of project spending, delivery, and impact.
You and your team will ensure that project proposals address the broad needs of the organization via strategic alignment, operational alignment, appropriateness of timing, identification and management of risk, and ability to execute. You will represent the needs and interests of the shareholder, ratepayer, or constituent by validating adherence to the organization’s published policies for project, portfolio, and organizational change management.
The PMO is independent from the broader information technology division and will retain a mandate to ensure transparency and disclosure relative to the consumption of the organization’s scarce resources in the pursuit of high-risk IT projects.
30 minutes
Input: PMO Job Description Builder Workbook
Output: Job descriptions
Materials: Blank Job Description Template
Participants: PMO director and/or portfolio manager, PMO staff, Project managers
When you’ve determined the roles you need, you can start creating your job descriptions. If none of our out-of-the-box, pre-populated job description templates suit your needs, use the results of Info-Tech’s PMO Job Description Builder Workbook and the Blank Job Description Template to create your purpose-built job description.
Follow these steps to create your job description:
Download the Blank Job Description Template
Phase 1
| Phase 2
| Phase 3
|
9.9% of every dollar is wasted due to poor project performance
52% of projects are delivered to stakeholder satisfaction
51% of projects are likely to meet original the goal and business intent
(Source: Project Management Institute, 2018)
“If I had six hours to chop down a tree, I’d spend the first four hours sharpening the axe.” (Anonymous woodsman)
|
|
“If you run projects and the projects have a significant level of cost or have significant level of impact, then you can really benefit from a PMO. Certainly, the larger the projects, the bigger the budget, the more there are projects, then the more you can benefit from a PMO.” (Michael Fritsch, Vice President PMO, Confoe)
“PMOs are there to ensure project and program success and that’s critical because organizations deliver value through projects and programs.” (Brian Weiss, Vice President, Practitioner Career Development, Project Management Institute)
Prepare an Actionable Roadmap for Your PMO
| Step 3.1 | Step 3.2 |
30 minutes
Input: Business strategies and goals, Current PMO org. chart
Output: An initial short, medium, long-term roadmap of initiatives
Materials: Whiteboard/flip charts, Sticky notes, Slide 83
Participants: IT leaders/CIO, PMO director and/or portfolio manager, PMO staff, Project managers
When you are determining what your PMO will provide in the future, it is important to align the ambition of the PMO with the maturity of the business. Too often, a lot of effort is spent trying to convince businesses of the value of a PMO.
Before you develop your roadmap, try to seek out the key strategies that the business is currently driving to get the proper ownership for the proposed initiatives.
Once you’ve established the business strategies, start mapping out your initiatives:
| Current State Business Strategies | PMO Initiatives | Future State Business Strategies | |||
| Short Term | Medium Term | Long Term | |||
| Portfolio Management | Project Intake Process
Triage Process Project Levelling Book of Record |
Approval
Prioritization Reporting |
Resource Allocation | ||
| Resource Management | |||||
| Project Management | Standardize Project Management
Methodologies |
PM Training | |||
| Organizational Change Management | Benefits | ||||
| Governance | Project progress, visibility, and process
Documentation |
||||
Services should be introduced gradually and your PMO roadmap should clearly highlight this and explain when key deliverables will be achieved.
Consider the below top-level tasks and add any others that pertain to your organization:
Download Info-Tech’s PMO MS Project Plan Sample to see a full list of top-level tasks and second-level tasks. Once done, you can visually plot the tasks on a roadmap. See the next few slides for roadmap visuals.
Download the PMO MS Project Plan Sample
Finances – Understand and be transparent about the real costs of your project.
People – Strategize according to skill sets and availability. Use the org. chart in phase 2 of this blueprint as a starting place (slide 58).
Assets – Determine the tangible resources you may buy like software and licenses.
30 minutes
Input: Project documentation, Current resources
Output: List of resources for your PMO
Materials: Whiteboard/flip charts
Participants: IT leaders/CIO, PMO director and/or portfolio manager, PMO staff, Project managers
Resources for your projects include staff, equipment, and materials. Resource management at the PMO level will help you manage those resources, get visibility into projects, and keep them moving forward. Be sure to consider the resources that will get your PMO off the ground.
Determine the resources you currently have and the resources your PMO will need and add them to your strategic plan:
Prepare an Actionable Roadmap for Your PMO
| Step 3.1 | Step 3.2 |
Governance is an important part of building a strong PMO. A PMO governance framework defines the authority and the support it requires to maximize portfolio and project management capabilities throughout the business. It should sit within your overall governance framework and as the PMO matures, its roles and responsibilities will also change to adapt with business demands and additional capabilities.
Your framework can:
A PMO governance framework enables PMO leaders to establish the common guidelines and manage the distribution of authority given to the PMO.
Visit Make Your IT Governance Adaptable
Key causes of poor or misaligned governance
|
Five key symptoms of ineffective governance committees
|
Ensure business value is achieved through information and technology (IT) investments by aligning strategic objectives and client needs with IT initiatives and their outcomes.
| Responsibilities | ||||
| STRATEGIC ALIGNMENT
Ensure initiatives align with organizational objectives
|
VALUE DELIVERY
|
RISK MANAGEMENT
Assess risk as a factor of prioritizing and approving initiatives |
RESOURCE MANAGEMENT
Decide on the allocation of IT resources |
PERFORMANCE MEASUREMENT
Ensure process is in place to measure and validate performance of IT initiatives |
| Committee Membership | ||||
| Role
CIO, Product Owner, Service Owner, IT VPs, BRM, PMO Director, CISO/CRO |
Individual | |||
Ensure business value is achieved through information and technology (IT) investments by aligning strategic objectives and client needs with IT initiatives and their outcomes.
| Committee Name | Committee Membership | Mandate |
| Executive Leadership Committee | CEO, CFO, CTO, CDO, CISO/CRO, CIO, Enterprise Architect/Chief Architect, CPO | Provide strategic and operational leadership to the company by establishing goals, developing strategy, and directing/validating strategic execution. |
| Enterprise Risk Committee | CISO/CRO, CPO, Enterprise Risk Manager, BU Leaders, CFO, CTO, CDO | Govern enterprise risks to ensure that risk information is available and integrated to support governance decision making. Ensure the definition of the organizational risk posture and that an enterprise risk approach is in place. |
| IT Steering Committee | CIO, Product Owner, Service Owner, IT VPs, BRM, PMO Director, CISO/CRO | Ensure business value is achieved through information and technology (IT) investments by aligning strategic objectives and client needs with IT initiatives and their outcomes. |
| IT Risk Council | IT Risk Manager, CISO, IT Directors | Govern IT risks within the context of business strategy and objectives to align the decision-making processes towards the achievement of performance goals. It will also ensure that a risk management framework is in place and risk posture (risk appetite/threshold) is defined. |
| PPM | Portfolio Manager, Project Managers, BRMs | Ensure the best alignment of IT initiatives and program activity to meet the goals of the business. |
| Architectural Review Board | Service/Product Owners, Enterprise Architects, Chief Architect, Domain Architects | Ensure enterprise and related architectures are managed and applied enterprise-wise. Ensure the alignment of IT initiatives to business strategy and architecture and compliance to regulatory standards. Establish architectural standards and guidelines. Review and recommend initiatives. |
| Change Advisory Board | Service/Product Owner, Change Manager, IT Directors or Managers | Ensure changes are assessed, prioritized, and approved to support the change management purpose of optimizing the throughput of successful changes with a minimum of disruption to business function. |
| Responsibilities | ||||
STRATEGIC ALIGNMENT
| VALUE DELIVERY
| RISK MANAGEMENT
| RESOURCE MANAGEMENT
| PERFORMANCE MEASUREMENT
|
| Committee Membership | ||||
| Role CIO, Product Owner, Service Owner, IT VPs, BRM, PMO Director, CISO/CRO | Individual | |||
1-3 hours
Input: List of key tasks
Output: Initial Authority Map
Materials: Whiteboard/flip charts, Sticky notes, Strategic Plan
Participants: IT leadership, Portfolio Manager (PMO Director), PMO Admin Team, Project Managers
Now that you’ve determined the activities on your roadmap, it’s important to determine who is going to be responsible for the following:
Download the PMO Strategic Plan
| Committee Name | Committee Membership | |
| Executive Leadership Committee | CEO, CFO, CTO, CDO, CISO/CRO, CIO, Enterprise Architect/Chief Architect, CPO | |
| Enterprise Risk Committee | CISO/CRO, CPO, Enterprise Risk Manager, BU Leaders, CFO, CTO, CDO | |
| IT Steering Committee | CIO, Product Owner, Service Owner, IT VPs, BRM, PMO Director, CISO/CRO | |
| IT Risk Council | IT Risk Manager, CISO, IT Directors, | |
| PPM | Portfolio Manager, Project Managers, BRMs | |
| Architectural Review Board | Service/Product Owners, Enterprise Architects, Chief Architect, Domain Architects | |
| Change Advisory Board | Service/Product Owner, Change Manager, IT Directors or Managers |
PMO Authority
|
Standards and Policies
|
Guidelines
|
Executive Oversight
|
Customize groupings as appropriate.
Document key achievements governance initiatives.
The constraints that drive project management (time, scope, and budget) are insufficient for driving the overall success of project efforts.
For instance, a project may come in on time, on budget, and in scope, but…
…then that “successful project” represents a massive waste of the organization’s time and resources.
Organizational change management (OCM) is a supplement to project management that is needed to ensure the intended value is realized. It is the practice through which the PMO or other body can improve user adoption rates and maximize project benefits. Without it, IT might finish the project but the business might fail to recognize the intended benefits.
Start with next step and refer to Info-Tech research on OCM for a deeper dive. Impact analysis is the cornerstone of any OCM strategy. By shining a light on considerations that might have otherwise escaped project planners and decision makers, an impact analysis is an essential component to change management and project success.
Info-Tech’s Organizational Change Impact Analysis Tool helps to document the change impact across multiple dimensions, enabling you to review the analysis with others to ensure that the most important impacts are captured. The tool also helps to effectively monitor each impact throughout project execution.
Download the Organizational Change Impact Analysis Tool
|
The “2. Set Up” tab of the Impact Tool is where you enter project-specific data pertaining to the change initiative. The inputs on this tab are used to auto-populate fields and drop-down menus on subsequent tabs of the analysis. Document the stakeholders (by individual or group) associated with the project who will be subject to the impacts. You are allowed up to 15 entries. Try to make this list comprehensive. Missing any key stakeholders will threaten the value of this activity as a whole. If you find that you have more than 15 individual stakeholders, you can group individuals into stakeholder groups. |
|
Keep in mind…An impact analysis is not a stakeholder management exercise. Impact assessments cover:
Stakeholder management covers:
We will cover the latter in the next step. |
|
Use the survey on tab 3 of the Impact Analysis Tool to determine the dimensions of change that are relevant. The impact analysis is fueled by the 13-question survey on tab 3 of the tool. This survey addresses a comprehensive assortment of change dimensions, ranging from customer-facing considerations to employee concerns, to resourcing, logistical, and technological questions. Once you have determined the dimensions that are impacted by the change, you can go on to assess how individual stakeholders and stakeholder groups are affected by the change. |
Screenshot of tab “3. Impact Survey,” showing the 13-question survey that drives the impact analysis. Ideally, the survey should be performed by a group of project stakeholders together. Use the drop-down menus in column K to record your responses. |
As you assess change impacts, keep in mind that no impact will be felt the same across the organization. Depth of impact can vary depending on the frequency (will the impact be felt daily, weekly, monthly?), the actions necessitated by it (e.g. will it change the way the job is done or is it simply a minor process tweak?), and the anticipated response of the stakeholder (support, resistance, indifference?).
Use the Organizational Change Depth Scale below to help visualize various depths of impact. The deeper the impact, the tougher the job of managing change will be.
Procedural |
Behavioral |
Interpersonal |
Vocational |
Cultural |
| Procedural change involves changes to explicit procedures, rules, policies, processes, etc. | Behavioral change is similar to procedural change, but goes deeper to involve the changing tacit or unconscious habits. | Interpersonal change goes beyond behavioral change to involve changing relationships, teams, locations, reporting structures, and other social interactions. | Vocational change requires acquiring new knowledge and skills and accepting the loss or decline in the value or relevance of previously acquired knowledge and skills. | Cultural change goes beyond interpersonal and vocational change to involve changing personal values, social norms, and assumptions about the meaning of good vs. bad or right vs. wrong. |
| Example: providing sales reps with mobile access to the CRM application to let them update records from the field. | Example: requiring sales reps to use tablets equipped with a custom mobile application for placing orders from the field. | Example: migrating sales reps to work 100% remotely. | Example: migrating technical support staff to field service and sales support roles. | Example: changing the operating model to a more service-based value proposition or focus. |
Tab “4. Impact Analysis” of the Analysis Tool contains the meat of the impact analysis activity.
See the next slide for an accompanying screenshot of a change impact table from tab 4 of the Analysis Tool.
The stakeholder groups entered on the Set Up tab will auto-populate in column B of each table.
Your “yes” responses from the survey tab will auto-populate in the cells to the right of the “Change Impact” cells.
Use the drop-down menus in this column to select how often the impact will be felt for each group (e.g. daily, weekly, periodically, one time, or never).
“Actions” include “change to core job duties,” “change to how time is spent,” “confirm awareness of change,” etc.
Use the drop-down menus to hypothesize what the stakeholder response might be. For the purpose of this impact analysis, a guess is fine. A more detailed communication plan can be created later.
Based upon your assessment of each individual impact, the Analysis Tool will provide you with an “Overall Impact Rating” in tab 5.
| Projects in the red zone should have maximum change governance, applying a full suite of OCM tools and templates as well as revisiting the impact analysis exercise regularly to help monitor progress.
Increased communication and training efforts, as well as cross-functional partnerships, will also be key for success. |
Projects in the yellow zone also require a high level of change governance.
|
To free up resources for those OCM initiatives that require more discipline, projects in the green zone can ease up in their OCM efforts somewhat. With a high likelihood of adoption as is, stakeholder engagement and communication efforts can be minimized somewhat for these projects, so long as the PMO is in regular contact with key stakeholders. |
This table displays the highest risk impacts based on frequency and action inputs on tab 4.
Here you’ll find the stakeholders, ranked again based on frequency and action, who will be most impacted by the proposed changes.
These are the five stakeholders most likely to support changes, based on the Anticipated Response column on tab 4.
The stakeholder groups entered on the Set Up tab will auto-populate in column B of each table.
In addition to these outputs, this tab also lists top five change resistors and has an impact register and list of potential impacts to watch out for (i.e. your “maybe” responses from tab 3).
| Metric | KPI |
| Portfolio Performance | Return on Investment (ROI) for projects and programs
Alignment of spend with objectives Resource Utilization Rate (hours allocated to projects actual vs. allocation) Customer/Stakeholder Satisfaction # of strategic projects approved vs. completed |
| Project/Program Performance | % of completed projects (planned vs. actual)
% of projects completed on time (based on original due date) % of projects completed on budget % of projects delivering their expected business outcomes Actual delivery of benefits vs. planned benefits % of customer satisfaction Project manager satisfaction rating |
| PMO | % of approved IT initiatives that measure benefit achievement upon completion
% of IT initiatives with direct alignment to organizational strategic direction |
The PMO staffing model that you use will depend on many different factors. It is in your hands to create and define what your staffing needs are for your organization.
The success of your PMO is linked to the plan you create before executing on it.
Contact your account representative for more information.
Contact your account representative for more information.
If you would like additional support, have our analysts guide you through other phases as part of an Info-Tech workshop.
Contact your account representative for more information.
To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.
Info-Tech analysts will join you and your team at your location or welcome you to Info-Tech’s historic Toronto office to participate in an innovative onsite workshop.
Job Description Survey Use the survey to help determine potential role requirements across various project portfolio management, project management, business analysis, and organizational change management activities. |
Create Your Job Descriptions Use the job descriptions as a guide when creating your own job descriptions based on the outputs from the tool. |
|
Develop a Project Portfolio Management Strategy
Time is money; spend it wisely. |
|
Establish Realistic IT Resource Management Practices
Holistically balance IT supply and demand to avoid overallocation. |
|
Tailor Project Management Processes to Fit Your Projects
Spend less time managing processes and more time delivering results. |
|
Optimize IT Project Intake, Approval, and Prioritization
Decide which IT projects to approve and when to start them. |
|
Master Organizational Change Management Practices
PMOs, if you don’t know who is responsible for org change, it’s you. |
|
Set a Strategic Course of Action for the PMO in 100 Days
Use your first 100 days as PMO leader to define a mandate for long-term success. |
Alexander, Moira. “How to Develop a PMO Strategic Plan.” CIO, 11 July 2018. Web.
Barlow, Gina, Andrew Tubb, and Grant Riley. “Driving Business Performance. Project Management Survey 2017.” KPMG, 2017. Accessed 11 Jan. 2022.
Brennan, M. V., and G. Heerkens. “How we went from zero project management to PMO implementation—a real life story.” Paper presented at PMI® Global Congress 2009—North America, Orlando, FL. Project Management Institute, 13 October 2009. Web.
Casey, W., and W. Peck. “Choosing the right PMO setup.” PM Network, vol. 15, no. 2, 2001, pp. 40-47. Web.
“COBIT 2019 Framework Governance and Management Objectives.” ISACA, 2019. PDF.
Crawford, J. K. “Staffing your strategic project office: seven keys to success.” Paper presented at Project Management Institute Annual Seminars & Symposium, San Antonio, TX. Project Management Institute, 2002. Web.
Davis, Stanley M., and Paul R. Lawrence. “Problems of Matrix Organizations.” Harvard Business Review, May 1978. Web.
Dow, William D. “Chapter 6: The Tactical Guide for Building a PMO.” Dow Publishing, 2012. PDF.
Giraudo, L., and E. Monaldi. “PMO evolution: from the origin to the future.” Paper presented at PMI® Global Congress 2015—EMEA, London, England. Project Management Institute, 11 May 2015. Web.
Greengard, S. “No PMO? Know when you need one.” PM Network, vol. 27, no. 12, 2013, pp. 44-49. Web.
Hobbs, J. B., and M. Aubry. “What research is telling us about PMOs.” Paper presented at PMI® Global Congress 2009—EMEA, Amsterdam, North Holland, The Netherlands. Project Management Institute, May 2009. Web.
Jordan, Andy. “Staffing the Strategic PMO.” ProjectManagement.com, 24 October 2016. Web.
Lang, Greg. “5 Questions to Answer When Building a Roadmap.” LinkedIn, 2 October 2016. Accessed 15 Apr. 2021.
Manello, Carl. “Establish a PMO Roadmap.” LinkedIn, 10 February 2021. Accessed 29 Mar. 2021.
Martin, Ken. “5 Steps to Set Up a Successful Project Management Office.” BrightWork, 9 July 2018. Accessed 29 Mar. 2021.
Miller, Jen A. “What Is a Project Management Office (PMO) and Do You Need One?” CIO, 19 October 2017. Accessed 16 Apr. 2021.
Needs, Ian. “Why PMOs Fail: 5 Shocking PMO Statistics.” KeyedIn, 6 January 2014. Web.
Ovans, Andrea. “Overcoming the Peter Principle.” Harvard Business Review, 22 December 2014. Web.
PMI®. “A Guide to the Project Management Body of Knowledge.” 6th Ed. Project Management Institute, 2017.
PMI®. “Ahead of the Curve: Forging a Future-Focused Culture.” Pulse of the Profession. Project Management Institute, 11 February 2020. Accessed 21 April 2021.
PMI®. “Project Management: Job Growth and Talent Gap.” Project Management Institute, 2017. Web.
PMI®. “Pulse of the Profession: Success in Disruptive Times.” Project Management Institute, 2018. Web.
PMI®.“The Project Management Office: In Sync with Strategy.” Project Management Institute, March 2012. Web.
“Project Management Organizational Structures.” PM4Dev, 2016. Web.
Rincon, I. “Building a PMO from the ground up: Three stories, one result.” Paper presented at PMI® Global Congress 2014—North America, Phoenix, AZ. Project Management Institute, 26 October 2014. Web.
Roseke, Bernie. “The 4 Types of Project Organizational Structure.” ProjectEngineer, 16 August 2019. Web.
Sexton, Peter. “Project Delivery Performance: AIPM and KPMG Project Management Survey 2020 - KPMG Australia.” KPMG, 9 November 2020. Web.
The Change Management Office (CMO). Prosci, n.d. Accessed 7 July 2021.
“The New Face of Strategic Planning.” Project Smart, 27 March 2009. Accessed 29 Mar. 2021.
“The State of Project Management Annual Survey.” Wellington PPM Intelligence, 2018. Web.
“The State of the Project Management Office : Enabling Strategy Execution Excellence.” PM Solutions Research, 2016. Web.
Wagner, Rodd. “New Evidence The Peter Principle Is Real - And What To Do About It.” Forbes, 10 April 2018. Accessed 14 Apr. 2021.
Wright, David. “Developing Your PMO Roadmap.” Paper presented at PMI® Global Congress 2012—North America, Vancouver, British Columbia, Canada. Project Management Institute, 2012. Accessed 29 March 2021.
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Understand the use cases and benefits of using text-based services for customer support, and establish how they align to the organization’s current service strategy.
Identify the right applications that will be needed to adequately support a text-based support strategy.
Create repeatable workflows and escalation policies for text-centric support.
Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.
Create the business case for text-based support.
A clear direction on the drivers and value proposition of text-based customer support for your organization.
1.1 Identify customer personas.
1.2 Define business and IT drivers.
Identification of IT and business drivers.
Project framework and guiding principles for the project.
Create a technology enablement framework for text-based support.
Prioritized requirements for text-based support and a vetted shortlist of the technologies needed to enable it.
2.1 Determine the correct migration strategy based on the current version of Exchange.
2.2 Plan the user groups for a gradual deployment.
Exchange migration strategy.
User group organization by priority of migration.
Create service workflows for text-based support.
Customer service workflows and escalation policies, as well as risk mitigation considerations.
Present final deliverable to key stakeholders.
3.1 Review the text channel matrix.
3.2 Build the inventory of customer service applications that are needed to support text-based service.
Extract requirements for text-based customer support.
Finalize the text service strategy.
Resource and risk mitigation plan.
4.1 Build core customer service workflows for text-based support.
4.2 Identify text-centric risks and create a mitigation plan.
4.3 Identify metrics for text-based support.
Business process models assigned to text-based support.
Formulation of risk mitigation plan.
Key metrics for text-based support.
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Define a digital product vision that takes into account your objectives, business value, stakeholders, customers, and metrics.
Build a structure for your backlog that supports your product vision.
Define standards, ownership for your backlog to effectively communicate your strategy in support of your digital product vision.
Understand what to consider when planning your next release.
Build a plan for communicating and updating your strategy and where to go next.
Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.
Understand the elements of a good product vision and the pieces that back it up.
Provide a great foundation for an actionable vision and goals people can align to.
1.1 Build out the elements of an effective digital product vision
Completed product vision definition for a familiar product via the product canvas
Define the standards and approaches to populate your product backlog that support your vision and overall strategy.
A prioritized backlog with quality throughout that enables alignment and the operationalization of the overall strategy.
2.1 Introduction to key activities required to support your digital product vision
2.2 What do we mean by a quality backlog?
2.3 Explore backlog structure and standards
2.4 Define backlog data, content, and quality filters
Articulate the activities required to support the population and validation of your backlog
An understanding of what it means to create a quality backlog (quality filters)
Defining the structural elements of your backlog that need to be considered
Defining the content of your backlog and quality standards
Define standards and procedures for creating and updating your roadmap.
Enable your team to create a product roadmap to communicate your product strategy in support of your digital product vision.
3.1 Disambiguating backlogs vs. roadmaps
3.2 Defining audiences, accountability, and roadmap communications
3.3 Exploring roadmap visualizations
Understand the difference between a roadmap and a backlog
Roadmap standards and agreed-to accountability for roadmaps
Understand the different ways to visualize your roadmap and select what is relevant to your context
Build a release plan aligned to your roadmap.
Understand what goes into defining a release via the release canvas.
Considerations in communication of your strategy.
Understand how to frame your vision to enable the communication of your strategy (via an executive summary).
4.1 Lay out your release plan
4.2 How to introduce your product vision
4.3 Communicate changes to your strategy
4.4 Where do we get started?
Release canvas
An executive summary used to introduce other parties to your product vision
Specifics on communication of the changes to your roadmap
Your first step to getting started
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Create a prioritized action plan for documentation based on business need.
Adapt policy templates to meet your business requirements.
Improve policy adherence and service effectiveness through procedure standardization and documentation.
"Most IT organizations struggle to create and maintain effective policies and procedures, despite known improvements to consistency, compliance, knowledge transfer, and transparency.
The numbers are staggering. Fully three-quarters of IT professionals believe their policies need improvement, and the same proportion of organizations don’t update procedures as required.
At the same time, organizations that over-document and under-document perform equally poorly on key measures such as policy quality and policy adherence. Take a practical, step-by-step approach that prioritizes the documentation you need now. Leave the rest for later."
(Andrew Sharp, Research Manager, Infrastructure & Operations Practice, Info-Tech Research Group)This blueprint supports templates for key policies and procedures that help Infrastructure & Operations teams to govern and manage internal operations. For security policies, see the NIST SP 800-171 aligned Info-Tech blueprint, Develop and Deploy Security Policies.
A policy is a governing document that states the long-term goals of the organization and in broad strokes outlines how they will be achieved (e.g. a Data Protection Policy).
In the context of policies, a procedure is composed of the steps required to complete a task (e.g. a Backup and Restore Procedure). Procedures are informed by required standards and recommended guidelines. Processes, guidelines, and standards are three pillars that support the achievement of policy goals.
A process is higher level than a procedure – a set of tasks that deliver on an organizational goal.
Better policies and procedures reduce organizational risk and, by strengthening the ability to execute processes, enhance the organization’s ability to execute on its goals.
Build, deliver, and support Infrastructure assets in a consistent way, which ultimately reduces costs associated with downtime, errors, and rework. A good manual process is the foundation for a good automated process.
Use documentation for knowledge transfer. Routine tasks can be delegated to less-experienced staff.
Comply with laws and regulations. Policies are often required for compliance, and formally documented and enforced policies help the organization maintain compliance by mandating required due diligence, risk reduction, and reporting activities.
Build an open kitchen. Other areas of the organization may not understand how Infra & Ops works. Your documentation can provide the answer to the perennial question: “Why does that take so long?”
Governance goals must be supported with effective, well-aligned procedures and processes. Use Info-Tech’s research to support the key Infrastructure & Operations processes that enable your business to create value.
Half of all organizations believe their policy suite is insufficient. (Info-Tech myPolicies Survey Data (N=59))
Too much documentation and a lack of documentation are both ineffective. (Info-Tech myPolicies Survey Data (N=59))
77% of IT professionals believe their policies require improvement. (Kaspersky Lab)
We’ve developed a suite of effective policy templates for every Infra & Ops manager based on Info-Tech’s IT Management & Governance Framework.
Look for these symbols as you work through the deck. Prioritize and focus on the policies you work on first based on the value of the policy to the enterprise and the existing gaps in your governance structure.
Phases |
1. Identify policy and procedure gaps | 2. Develop policies | 3. Document effective procedures |
Steps |
|
|
|
Outcomes |
Action list of policy and procedure gaps | New or updated Infrastructure & Operations policies | Procedure documentation |
Use these icons to help guide you through each step of the blueprint and direct you to content related to the recommended activities.
This icon denotes a slide where a supporting Info-Tech tool or template will help you perform the activity or step associated with the slide. Refer to the supporting tool or template to get the best results and proceed to the next step of the project.
This icon denotes a slide with an associated activity. The activity can be performed either as part of your project or with the support of Info-Tech team members, who will come onsite to facilitate a workshop for your organization.
DIY Toolkit |
Guided Implementation |
Workshop |
Consulting |
| "Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful." | "Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track." | "We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place." | "Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project." |
Contact Info-Tech to set up a Guided Implementation with a dedicated advisor who will walk you through every stage of your policy development project.
1(a) 30 minutes per policy
1(b) 1 hour
Asset Management: Manage hardware and software assets across their lifecycle to protect assets and manage costs.
Availability and Capacity Management: Balance current and future availability, capacity, and performance needs with cost-to-serve.
Business Continuity Management: Continue operation of critical business processes and IT services.
Change Management: Deliver technical changes in a controlled manner.
Configuration Management: Define and maintain relationships between technical components.
Problem Management: Identify incident root cause.
Operations Management: Coordinate operations.
Release and Patch Management: Deliver updates and manage vulnerabilities in a controlled manner.
Service Desk: Respond to user requests and all incidents.
Policy: Directives, rules, and mandates that support the overarching, long-term goals of the organization.
Take advantage of your Info-Tech advisory membership by scheduling review sessions with an analyst. We provide high-level feedback to ensure your documentation is clear, concise, and consistent and aligns with the governance objectives you’ve identified.
1(c) 30 minutes
Reinvent the wheel? I don’t think so!
Always check to see if a gap can be addressed with existing tools before drafting a new policy
Some problems can’t be solved by better documentation (or by documentation alone). Consider additional strategies that address people, process, and technology.
1(d) 30 minutes
| Score | Business risk of missing documentation | Business benefit of value of documentation |
1 |
Low: Affects ad hoc activities or non-critical data. | Low: Minimal impact. |
2 |
Moderate: Impacts productivity or internal goodwill. | Moderate: Required periodically; some cross-training opportunities. |
3 |
High: Impacts revenue, safety, or external goodwill. | High: Save time for common or ongoing processes; extensive improvement to training/knowledge transfer. |
Documentation pulls resources away from other important programs and projects, so ultimately it must be a demonstrably higher priority than other work. This exercise is designed to align documentation efforts with business goals.
To download the full suite of templates all at once, click the “Download Research” button on the research landing page on the website.
Understanding makes compliance possible. Create policy with the goal of making compliance as easy as possible. Use positive, simple language to convey your intentions and rationale to your audience. Staff will make an effort adhere to your policy when they understand the need and are able to comply with the terms.
Highly effective policies are easy to navigate. Your policies should be “skimmable.” Very few people will fully read a policy before accepting it. Make it easy to navigate so the reader can easily find the policy statements that apply to them.
Ensure that policies are aligned with other organizational policies and procedures. It detracts from compliance if different policies prescribe different behavior in the same situation. Moreover, your policies should reflect the corporate culture and other company standards. Use your policies to communicate rules and get employees aligned with how your company works.
"One of the issues is the perception that policies are rules and regulations. Instead, your policies should be used to say ‘this is the way we do things around here.’" (Mike Hughes CISA CGEIT CRISC, Principal Director, Haines-Watts GRC)
Reading and understanding policies shouldn’t be challenging, and it shouldn’t significantly detract from productive time. Long policies are more difficult to read and understand, increasing the work required for employees to comply with them. Put it this way: How often do you read the Terms and Conditions of software you’ve installed before accepting them?
"If the policy’s too large, people aren’t going to read it. Why read something that doesn’t apply to me?" (Carole Fennelly, Owner and Principal, cFennelly Consulting)
"I always try to strike a good balance between length and prescriptiveness when writing policy. Your policies … should be short and describe the problem and your approach to solving it. Below policies, you write standards, guidelines, and SOPs." (Michael Deskin, Policy and Technical Writer, Canadian Nuclear Safety Commission)
2(a) 1-2 hours per policy
INPUT: List of prioritized policies
OUTPUT: Written policy drafts ready for review
Materials: Policy templates
Participants: Policy writer, Signing authority
No policy template will be a perfect fit for your organization. Use Info-Tech’s research to develop your organization’s program requirements. Customize the policy templates to support those requirements.
Use the following template to create a policy that outlines the goals and mandate for your service and support organization:
Support the program and associated policy statements using Info-Tech’s research:
Use the following templates to create policies that define effective patch, release, and change management:
Ensure the policy is supported by using the following Info-Tech research:
Start by outlining the requirements for effective asset management:
Support ITAM policies with the following Info-Tech research:
"Many of the large data breaches you hear about… nobody told the sysadmin the client data was on that server. So they weren’t protecting and monitoring it." (Carole Fennelly, Owner and Principal, cFennelly Consulting)
Set the direction and requirements for effective BCM:
Support the BCM policy with the following Info-Tech research:
Governance goals must be supported with effective, well-aligned procedures and processes. Use Info-Tech’s research to support the key Infrastructure & Operations processes that enable your business to create value.
Set the direction and requirements for effective availability and capacity management:
Support the policy with the following Info-Tech research:
Security policies support the organization’s larger security program. We’ve created a dedicated research blueprint and a set of templates that will help you build security policies around a robust framework.
Review and download Info-Tech's blueprint Develop and Deploy Security Policies.
Customize Info-Tech’s policy framework to align your policy suite to NIST SP 800-171. Given NIST’s requirements for the control of confidential information, organizations that align their policies to NIST standards will be in a strong governance position.
2(b) Review period: 1-2 weeks
INPUT: Draft policies
OUTPUT: Reviewed policy drafts ready for approval
Materials: Policy drafts
Participants: Policy stakeholders
Allow staff the opportunity to provide input on policy development. Giving employees a say in policy development helps avoid obstacles down the road. This is especially true if you’re trying to change behavior rather than lock it in.
2(c) 20 minutes per policy
INPUT: Draft policies
OUTPUT: Reviewed policy drafts ready for approval
Materials: Policy drafts
Participants: Policy stakeholders
Preventive controls are designed to discourage or pre-empt policy breaches before they occur. Training, approvals processes, and segregation of duties are examples of preventive controls. (Ohio University)
Detective controls help enforce the policy by identifying breaches after they occur. Forensic analysis and event log auditing are examples of detective controls. (Ohio University)
Not all policies require the same level of enforcement. Policies that are required by law or regulation generally require stricter enforcement than policies that outline best practices or organizational values.
Identify controls and enforcement mechanisms that are in line with policy requirements. Build control and enforcement into procedure documentation as needed.
Standards are requirements that support policy adherence. Server builds and images, purchase approval criteria, and vulnerability severity definitions can all be examples of standards that improve policy adherence.
Where reasonable, use automated controls to enforce standards. If you automate the control, consider how you’ll handle exceptions.
If no standards exist – or best practices can’t be monitored and enforced, as standards require – write guidelines to help users remain in compliance with the policy.
Create Procedures: We’ll cover procedure development and documentation in Phase 3.
In general, failing to follow or strictly enforce a policy creates a risk for the business. If you’re not confident a policy will be followed or enforced, consider using policy statements as guidelines or standards as an interim measure as you update procedures and communicate and roll out changes that support adherence and enforcement.
"A lot of board members and executive management teams… don’t understand the technology and the risks posed by it." (Carole Fennelly, Owner and Principal, cFennelly Consulting)
2(d) 30 minutes
Role |
Responsibilities |
Executive sponsor |
|
Program lead |
|
Policy writer |
|
IT infrastructure SMEs |
|
Legal expert |
|
"Whether at the level of a government, a department, or a sub-organization: technology and policy expertise complement one another and must be part of the conversation." (Peter Sheingold, Portfolio Manager, Cybersecurity, MITRE Corporation)
3(a) 1-2 hours
Support these processes... |
...with these blueprints... |
...to create SOPs using these templates. |
|
|
Create a Right-Sized Disaster Recovery Plan | DRP Summary |
|
|
Implement IT Asset Management | HAM SOP and SAM SOP |
|
|
Optimize Change Management | Change Management SOP |
|
|
Standardize the Service Desk | Service Desk SOP |
3(b) 30 minutes
OUTPUT: Steps in the current process for one SOP
Materials: Tabletop, pen, and cue cards
Participants: Process owners, SMEs
Don’t get weighed down by tools. Relying on software or other technological tools can detract from the exercise. Use simple tools such as cue cards to record steps so that you can easily rearrange steps or insert steps based on input from the group.
3(c) 30 minutes
Review the tabletop exercise. What gaps exist in current processes?
How can the processes be made better? What are the outputs and checkpoints?
OUTPUT: Identify steps to optimize the SOP
Materials: Tabletop, pen, and cue cards
Participants: Process owners, SMEs
A note on colors: Use white cards to record steps. Record gaps on yellow cards (e.g. a process step not documented) and risks on red cards (e.g. only one person knows how to execute a step) to highlight your gaps/to-dos and risks to be mitigated or accepted.
If it’s necessary to clarify complex process flows during the exercise, you can also use green cards for decision diamonds, purple for document/report outputs, and blue for subprocesses.
Download the following workflow examples:
|
Start, End, and Connector: Traditional flowcharting standards reserve this shape for connectors to other flowcharts or other points in the existing flowchart. Unified Modeling Language (UML) also uses the circle for start and end points. |
|
Start and End: Traditional flowcharting standards use this for start and end. However, Info-Tech recommends using the circle shape to reduce the number of shapes and avoid confusion with other similar shapes. |
|
Process Step: Individual process steps or activities (e.g. create ticket or escalate ticket). If it’s a series of steps, then use the subprocess symbol and flowchart the subprocess separately. |
|
Subprocess: A series of steps. For example, a critical incident SOP might reference a recovery process as one of the possible actions. Marking it as a subprocess, rather than listing each step within the critical incident SOP, streamlines the flowchart and avoids overlap with other flowcharts (e.g. the recovery process). |
|
Decision: Represents decision points, typically with Yes/No branches, but you could have other branches depending on the question (e.g. a “Priority?” question could branch into separate streams for Priority 1, 2, 3, 4, and 5 issues). |
|
Document/Report Output: For example, the output from a backup process might include an error log. |
"It isn’t unusual for us to see infrastructure or operations documentation that is wildly out of date. We’re talking months, even years. Often it was produced as one big effort and then not reliably maintained." (Gary Patterson, Consultant, Quorum Resources)
Use Info-Tech’s research Create Visual SOP Documents to further evaluate document management practices and toolsets.
Carole Fennelly provides pragmatic cyber security expertise to help organizations bridge the gap between technical and business requirements. She authored the Center for Internet Security (CIS) Solaris and Red Hat benchmarks, which are used globally as configuration standards to secure IT systems. As a consultant, Carole has defined security strategies, and developed policies and procedures to implement them, at numerous Fortune 500 clients. Carole is a Certified Information Security Manager (CISM), Certified Security Compliance Specialist (CSCS), and Certified HIPAA Professional (CHP).
Marko is an IT Audit Manager at audit2advise, where he delivers audit, risk advisory, and project management services. He has worked as a Security Officer, Quality Manager, and Consultant at some of Germany’s largest companies. He is a CISA and is ITIL v3 Intermediate and ITGCP certified.
Martin is a digital transformation enabler who has been involved in various fields of IT for more than 30 years. At Glenfis, he leads large Governance and Service Management projects for various customers. Since 2002, he has been the course manager for ITIL® Foundation, ITIL® Service Management, and COBIT training. He has published two books on ISO 20000 and ITIL.
Myles Suer, according to LeadTails, is the number 9 influencer of CIOs. He is also the facilitator for the CIOChat, which has executive-level participants from around the world in such industries as banking, insurance, education, and government. Myles is also the Industry Solutions Marketing Manager at Dell Boomi.
Peter leads tasks that involve collaboration with the Department of Homeland Security (DHS) sponsors and MITRE colleagues and connect strategy, policy, organization, and technology. He brings a deep background in homeland security and strategic analysis to his work with DHS in the immigration, border security, and cyber mission spaces. Peter came to MITRE in 2005 but has worked with DHS from its inception.
Dr. Austin is a professor of Information Systems at Ivey Business School and an affiliated faculty member at Harvard Medical School. Before his appointment at Ivey, he was a professor of Innovation and Digital Transformation at Copenhagen Business School, and, before that, a professor of Technology and Operations Management at the Harvard Business School.
Ron is a senior IT leader with over 20 years of management experiences from engineering to IT Service Management and operations support. He is known for joining organizations and leading enhanced process efficiency and has improved software, hardware, infrastructure, and operations solution delivery and support. Ron has worked for global and Canadian firms including BlackBerry, DoubleClick, Cogeco, Infusion, Info-Tech Research Group, and Data Communications Management.
Scott is an accomplished IT executive with 26 years of experience in technical and leadership roles. In his current role, Scott provides strategic leadership, vision, and oversight for an IT portfolio supporting 31,000 users consisting of services utilized by campuses located in North America, Asia, and Europe; oversees the University’s Command Center; and chairs the UC Cyberinfrastructure Alliance (UCCA), a group of research IT providers that collectively deliver services to the campus and partners.
Steve has 20 years of experience in information security design, implementation, and assessment. He has provided information security services to a wide variety of organizations, including government agencies, hospitals, universities, small businesses, and large enterprises. With his background as a systems administrator, security consultant, security architect, and information security director, Steve has a strong understanding of both the strategic and tactical aspects of information security. Steve has significant hands-on experience with security controls, operating systems, and applications. Steve has a master's degree in Information Science from the University of Washington.
Tony has over 25 years of international IT leadership experience, within high tech, computing, telecommunications, finance, banking, government, and retail industries. Throughout his career, Tony has led and successfully implemented key corporate initiatives, contributing millions of dollars to the top and bottom line. He established Read & Associates in 2002, an international IT management and program/project delivery consultancy practice whose aim is to provide IT value-based solutions, realizing stakeholder economic value and network advantage. These key concepts are presented in his new book: The IT Value Network: From IT Investment to Stakeholder Value, published by J. Wiley, NJ.
“About Controls.” Ohio University, ND. Web. 2 Feb 2018.
England, Rob. “How to implement ITIL for a client?” The IT Skeptic. Two Hills Ltd, 4 Feb. 2010. Web. 2018.
“Global Corporate IT Security Risks: 2013.” Kaspersky Lab, May 2013. Web. 2018.
“Information Security and Technology Policies.” City of Chicago, Department of Innovation and Technology, Oct. 2014. Web. 2018.
ISACA. COBIT 5: Enabling Processes. International Systems Audit and Control Association. Rolling Meadows, IL.: 2012.
“IT Policy & Governance.” NYC Information Technology & Telecommunications, ND. Web. 2018.
King, Paula and Kent Wada. “IT Policy: An Essential Element of IT Infrastructure”. EDUCAUSE Review. May-June 2001. Web. 2018.
Luebbe, Max. “Simplicity.” Site Reliability Engineering. O’Reilly Media. 2017. Web. 2018.
Swartout, Shawn. “Risk assessment, acceptance, and exception with a process view.” ISACA Charlotte Chapter September Event, 2013. Web. 2018.
“User Guide to Writing Policies.” Office of Policy and Efficiency, University of Colorado, ND. Web. 2018.
“The Value of Policies and Procedures.” New Mexico Municipal League, ND. Web. 2018.
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Review IT vendor risk fundamentals and establish a risk governance framework.
Categorize, prioritize, and assess your vendor risks. Follow up with creating effective response strategies.
Assign accountability and responsibilities to formalize ongoing risk monitoring. Communicate your findings to management and share the plan moving forward.
Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.
To prepare the team for the workshop.
Avoids delays and interruptions once the workshop is in progress.
1.1 Send workshop agenda to all participants.
1.2 Prepare list of vendors and review any contracts provided by them.
1.3 Review current risk management process.
All necessary participants assembled
List of vendors and vendor contracts
Understanding of current risk management process
Review IT vendor risk fundamentals.
Assess current maturity and set risk management program goals.
Engage stakeholders and establish a risk governance framework.
Understanding of organizational risk culture and the corresponding risk threshold.
Obstacles to effective IT risk management identified.
Attainable goals to increase maturity established.
Understanding of the gap to achieve vendor risk readiness.
2.1 Brainstorm vendor-related risks.
2.2 Assess current program maturity.
2.3 Identify obstacles and pain points.
2.4 Develop risk management goals.
2.5 Develop key risk indicators (KRIs) and escalation protocols.
2.6 Gain stakeholders’ perspective.
Vendor risk management maturity assessment
Goals for vendor risk management
Stakeholders’ opinions
Categorize vendors.
Prioritize assessed risks.
Risk events prioritized according to risk severity – as defined by the business.
3.1 Categorize vendors.
3.2 Map vendor infrastructure.
3.3 Prioritize vendors.
3.4 Identify risk contributing factors.
3.5 Assess risk exposure.
3.6 Calculate expected cost.
3.7 Identify risk events.
3.8 Input risks into the Risk Register Tool.
Vendors classified and prioritized
Vendor risk exposure
Expected cost calculation
Determine risk threshold and contract clause relating to risk prevention.
Identify and assess risk response actions.
Thorough analysis has been conducted on the value and effectiveness of risk responses for high-severity risk events.
Risk response strategies have been identified for all key risks.
Authoritative risk response recommendations can be made to senior leadership.
4.1 Determine the threshold for (un)acceptable risk.
4.2 Match elements of the contract to related vendor risks.
4.3 Identify and assess risk responses.
Thresholds for (un)acceptable risk
Risk responses
Communicate top risks to management.
Assign accountabilities and responsibilities for risk management process.
Establish monitoring schedule.
Risk monitoring responsibilities are established.
Transparent accountabilities and established ongoing improvement of the vendor risk management program.
5.1 Create a stakeholder map.
5.2 Complete RACI chart.
5.3 Establish the reporting schedule.
5.4 Finalize the vendor risk management program.
Stakeholder map
Assigned accountability for risk management
Established monitoring schedule
Risk report
Vendor Risk Management Program Manual
Improvement can be incremental. You do not have to adopt every recommended improvement right away. Ensure every process change you make will create value and slowly add improvements to ease buy-in.
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Use this storyboard as a guide to align projects with your IT change management lifecycle.
Use this SOP as a template to document and maintain your change management practice.
Focus on frequent and transparent communications between the project team and change management.
|
Misalignment between IT change management and project management leads to headaches for both practices. Project managers should aim to be represented in the change advisory board (CAB) to ensure their projects are prioritized and scheduled appropriately. Advanced notice on project progress allows for fewer last-minute accommodations at implementation. Widespread access of the change calendar can also lead project management to effectively schedule projects to give change management advanced notice. Moreover, alignment between the two practices at intake allows for requests to be properly sorted, whether they enter change management directly or are governed as a project. Lastly, standardizing implementation and post-implementation across everyone involved ensures more successful changes and socialized/documented lessons learned for when implementations do not go well. Benedict Chang |
Your Challenge |
Common Obstacles |
Info-Tech’s Approach |
|---|---|---|
To align projects with the change lifecycle, IT leaders must:
|
Loose definitions may work for clear-cut examples of changes and projects at intake, but grey-area requests end up falling through the cracks. Changes to project scope, when not communicated, often leads to scheduling conflicts at go-live. Too few checkpoints between change and project management can lead to conflicts. Too many checkpoints can lead to delays. |
Set up touchpoints between IT change management and project management at strategic points in the change and project lifecycles. Include appropriate project representation at the change advisory board (CAB). Leverage standard change resources such as the change calendar and request for change form (RFC). |
Improvement can be incremental. You do not have to adopt every recommended improvement right away. Ensure every process change you make will create value, and slowly add improvements to ease buy-in.
This deck is intended to align established processes. If you are just starting to build IT change processes, see the related research below.
Align Projects With the IT Change Lifecycle |
01 Optimize IT Change Management | |
|---|---|---|
Increase the success of your changes by integrating project touchpoints in your change lifecycle. (You are here) |
Decide which IT projects to approve and when to start them. |
Right-size IT change management to protect the live environment. |
IT Benefits |
Business Benefits |
|---|---|
|
|
IT satisfaction with change management will drive business satisfaction with IT. Once the process is working efficiently, staff will be more motivated to adhere to the process, reducing the number of unauthorized changes. As fewer changes bypass proper evaluation and testing, service disruptions will decrease and business satisfaction will increase.
Control |
Collaboration |
Consistency |
Confidence |
|---|---|---|---|
Change management brings daily control over the IT environment, allowing you to review every relatively new change, eliminate changes that would have likely failed, and review all changes to improve the IT environment. |
Change management planning brings increased communication and collaboration across groups by coordinating changes with business activities. The CAB brings a more formalized and centralized communication method for IT. |
Request-for-change templates and a structured process result in implementation, test, and backout plans being more consistent. Implementing processes for pre-approved changes also ensures these frequent changes are executed consistently and efficiently. |
Change management processes will give your organization more confidence through more accurate planning, improved execution of changes, less failure, and more control over the IT environment. This also leads to greater protection against audits. |
Both changes and projects will end up in change control in the end. Here, we define the intake.
Changes and projects will both go to change control when ready to go live. However, defining the governance needed at intake is critical.
A change should be governed by change control from beginning to end. It would typically be less than a week’s worth of work for a SME to build and come in at a nominal cost (e.g. <$20k over operating costs).
Projects on the other hand, will be governed by project management in terms of scope, scheduling, resourcing, etc. Projects typically take over a week and/or cost more. However, the project, when ready to go live, should still be scheduled through change control to avoid any conflicts at implementation. At triage and intake, a project can be further scoped based on projected scale.
This initial touchpoint between change control and project management is crucial to ensure tasks and request are executed with the proper governance. To distinguish between changes and projects at intake, list examples of each and determine what resourcing separates changes from projects.
Need help scoping projects? Download the Project Intake Classification Matrix
Change |
Project |
|---|---|
|
|
While effort and cost are good indicators of changes and projects, consider evaluating risk and complexity too.
Change | Project | Service Request (Optional) | Operational Task (Optional) | Release (Optional) |
|---|---|---|---|---|
Changing Configuration | New ERP | Add new user | Delete temp files | Software release |
Download the Change Management Standard Operating Procedure (SOP).
| Input | Output |
|---|---|
|
|
| Materials | Participants |
|
|
CAB touchpoints
Consistently communicate the plan and timeline for hitting these milestones so CAB can prioritize and plan changes around it. This will give change control advanced notice of altered timelines.
RFCs
Projects may have multiple associated RFCs. Keeping CAB appraised of the project RFC or RFCs gives them the ability to further plan changes.
Change Calendar
Query and fill the change calendar with project timelines and milestones to compliment the CAB touchpoints.
The request for change (RFC) form does not have to be a burden to fill out. If designed with value in mind, it can be leveraged to set standards on all changes (from projects and otherwise).
When looking at the RFC during the Build and Test phase of a project, prioritize the following fields to ensure the implementation will be successful from a technical and user-adoption point of view.
Filling these fields of the RFC and communicating them to the CAB at go-live approval gives the approvers confidence that the project will be implemented successfully and measures are known for when that implementation is not successful.
Download the Request for Change Form Template
Communication Plan The project may be successful from a technical point of view, but if users do not know about go-live or how to interact with the project, it will ultimately fail. |
Training Plan If necessary, think of how to train different stakeholders on the project go-live. This includes training for end users interacting with the project and technicians supporting the project. |
Implementation Plan Write the implementation plan at a high enough level that gives the CAB confidence that the implementation team knows the steps well. |
Rollback Plan Having a well-formulated rollback plan gives the CAB the confidence that the impact of the project is well known and the impact to the business is limited even if the implementation does not go well. |
Inputs
Guidelines
Roles
Info-Tech Insight
Make the calendar visible to as many parties as necessary. However, limit the number of personnel who can make active changes to the calendar to limit calendar conflicts.
As optional CAB members
Project SMEs may attend when projects are ready to go live and when invited by the change manager. Optional members provide details on change cross-dependencies, high-level testing, rollback, communication plans, etc. to inform prioritization and scheduling decisions.
As project management representatives
Project management should also attend CAB meetings to report in on changes to ongoing projects, implementation timelines, and project milestones. Projects are typically high-priority changes when going live due to their impact. Advanced notice of timeline and milestone changes allow the rest of the CAB to properly manage other changes going into production.
As core CAB members
The core responsibilities of CAB must still be fulfilled:
1. Protect the live environment from poorly assessed, tested, and implemented changes.
2. Prioritize changes in a way that fairly reflects change impact, urgency, and likelihood.
3. Schedule deployments in a way the minimizes conflict and disruption.
If you need to define the authority and responsibilities of the CAB, see Activity 2.1.3 of the Optimize IT Change Management blueprint.
Verification |
Once the change has been implemented, verify that all requirements are fulfilled. |
|---|---|
Review |
Ensure all affected systems and applications are operating as predicted. |
Update change ticket and change log |
Update RFC status and CMDB as well (if necessary). |
Transition |
Once the change implementation is complete, it’s imperative that the team involved inform and train the operational and support groups. |
If you need to define transitioning changes to production, download Transition Projects to the Service Desk
Conduct PIRs for failed changes. Successful changes can simply be noted and transitioned to operations.
It’s best to perform a PIR once a change-related incident is resolved.
Include a root-cause analysis, mitigation actions/timeline, and lessons learned in the documentation.
Socialize the findings of the PIR at the subsequent CAB meeting.
If a similar change is conducted, append the related PIR to avoid the same mistakes.
Info-Tech Insight
Include your PIR documentation right in the RFC for easy reference.
Download the RFC template for more details on post-implementation reviews
Download the Change Management Standard Operating Procedure (SOP).
| Input | Output |
|---|---|
|
|
| Materials | Participants |
|
|
Right-size IT change management to protect the live environment. |
Optimize IT Project Intake, Approval, and Prioritization Decide which IT projects to approve and when to start them. |
Maintain an Organized Portfolio Align portfolio management practices with COBIT (APO05: Manage Portfolio). |
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Parse specific technology drivers out of the formal enterprise digital strategy.
Review and understand potential enabling applications.
Use the drivers and an understanding of enabling applications to put together an execution roadmap that will support the digital strategy.
Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.
Review and validate the formal enterprise digital strategy.
Confirmation of the goals, objectives, and direction of the organization’s digital strategy.
1.1 Review the initial digital strategy.
1.2 Determine gaps.
1.3 Refine digital strategy scope and vision.
1.4 Finalize digital strategy and validate with stakeholders.
Validated digital strategy
Enumerate relevant technology drivers from the digital strategy.
List of technology drivers to pursue based on goals articulated in the digital strategy.
2.1 Identify affected process domains.
2.2 Brainstorm impacts of digital strategy on technology enablement.
2.3 Distill critical technology drivers.
2.4 Identify KPIs for each driver.
Affected process domains (based on APQC)
Critical technology drivers for the digital strategy
Relate your digital strategy drivers to specific, actionable application areas.
Understand the interplay between the digital strategy and impacted application domains.
3.1 Build and review current application inventory for digital.
3.2 Execute fit-gap analysis between drivers and current state inventory.
3.3 Pair technology drivers to specific enabling application categories.
Current-state application inventory
Fit-gap analysis
Understand how different applications support the digital strategy.
Understand the art of the possible.
Knowledge of how applications are evolving from a features and capabilities perspective, and how this pertains to digital strategy enablement.
4.1 Application spotlight: customer experience.
4.2 Application spotlight: content and collaboration.
4.3 Application spotlight: business intelligence.
4.4 Application spotlight: enterprise resource planning.
Application spotlights
Create a concrete, actionable roadmap of application and technology initiatives to move the digital strategy forward.
Clear, concise articulation of application roadmap for supporting digital that can be communicated to the business.
5.1 Build list of enabling projects and applications.
5.2 Create prioritization criteria.
5.3 Build the digital strategy application roadmap.
5.4 Socialize the roadmap.
5.5 Delineate responsibility for roadmap execution.
Application roadmap for the digital strategy
RACI chart for digital strategy roadmap execution
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.
Understand the drivers for your product transformation.
Define the drivers for your transition to product-centric delivery.
1.1 What is driving your organization to become product focused?
List of challenges and drivers
Understand the product transformation journey and differences.
Identify the cultural, behavioral, and leadership changes needed for a successful transformation.
2.1 Define the differences between projects and product delivery
List of differences
Understand why smaller iterations increase value realization and decrease accumulated risk.
Leverage smaller iterations to reduce time to value and accumulated risk to core operations.
3.1 What is business agility?
Common understanding about the value of smaller iterations
Establish an organizational starting definition of products.
Tailor product management to meet the needs and vision of your organization.
4.1 What is a product? Who are your consumers?
4.2 Identify enablers and blockers of product ownership
4.3 Define a set of guiding principles for product management
Product definition
List of enablers and blockers of product ownership
Set of guiding principles for product management
Understand the relationship between product management and product delivery.
Optimize product management to prioritize the right changes for the right people at the right time.
5.1 Discussions
Common understanding
Personalize and commit to supporting product teams.
Embrace leadership and cultural changes needed to empower and support teams.
6.1 Your management culture
6.2 Personal Cultural Stop, Start, and Continue
6.3 Now, Next, Later to support product owners
Your management culture map
Personal Cultural Stop, Start, and Continue list
Now, Next, Later roadmap
To develop a common understanding and foundation for product management so we, as leaders, better understand how to lead product owners, product managers, and their teams.
Learn how enterprise agility can provide lasting value to the organization
Repeat workshops with different companies, operating units, departments, or teams as needed.
We WILL ENGAGE in discussions and activities:
This workshop will NOT be:
Facilitators
Participants
Your Challenge
Common Obstacles
Info-Tech's Approach
Info-Tech's approach will guide you through:
Capture in the Enable Product Delivery – Executive Leadership Workshop Outcomes and Next Steps.
Input
Output
Capture in the Enable Product Delivery – Executive Leadership Workshop Outcomes and Next Steps.
Output
Project Delivery | vs | Product Delivery |
|---|---|---|
Point in time | What is changed | |
Method of funding changes | Needs an owner | |
Output
Capture in the Enable Product Delivery – Executive Leadership Workshop Outcomes and Next Steps.
Project | Product | ||
|---|---|---|---|
Fund Projects | Funding | → | Fund Products or Teams |
Line of Business Sponsor | Prioritization | → | Product Owner |
Makes Specific Changes | Product Management | → | Improve Product Maturity |
Assign People to Work | Work Allocation | → | Assign Work |
Project Manager Manages | Capacity Management | → | Team Manages Capacity |
Product delivery requires significant shifts in the way you complete development work and deliver value to your users. Make the changes that support improving end user value and enterprise alignment.
Regardless of whether you recognize yourself as a "product-based" or "project-based" shop, the same basic principles should apply.
You go through a period or periods of project-like development to build a version of an application or product.
You also have parallel services along with your project development, which encompass the more product-based view. These may range from basic support and maintenance to full-fledged strategy teams or services like sales and marketing.
In Deliver on Your Digital Product Vision, we demonstrate how the product roadmap is core to value realization. The product roadmap is your communicated path, and as a product owner, you use it to align teams and changes to your defined goals while aligning your product to enterprise goals and strategy.
Adapted from: Pichler, "What Is Product Management?"
The quality of your product backlog – and your ability to realize business value from your delivery pipeline – is directly related to the input, content, and prioritization of items in your product roadmap.
Tailor your security program according to what makes your organization unique.
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
This storyboard will help you lay foundations for your security program that will inform future security program decisions and give your leadership team the information they need to support your success. You will evaluate design factors that make your organization unique, prioritize the security capabilities to suit, and assess the maturity of key security program components including security governance, security strategy, security architecture, service design, and service metrics.
Use this Excel workbook to evaluate your security program against ten key design factors. The tool will produce a goals cascade that shows the relationship between business and security goals, a prioritized list of security capabilities that align to business requirements, and a list of program accountabilities.
This second Excel workbook will help you conduct a gap analysis on key security program components and identify improvement initiatives. You can then use the Security Program Design and Implementation Plan to collect results from the design and implementation tools and draft a communication deck.
Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.
Determine the initial design of your security program.
An initial prioritized list of security capabilities that aligns with enterprise strategy and goals.
1.1 Review Info-Tech diagnostic results.
1.2 Identify project context.
1.3 Identify enterprise strategy.
1.4 Identify enterprise goals.
1.5 Build a goal cascade.
1.6 Assess the risk profile.
1.7 Identify IT-related issues.
1.8 Evaluate initial program design.
Stakeholder satisfaction with program
Situation, challenges, opportunities
Initial set of prioritized security capabilities
Initial set of prioritized security capabilities
Initial set of prioritized security capabilities
Initial set of prioritized security capabilities
Initial set of prioritized security capabilities
Initial set of prioritized security capabilities
Refine the design of your security program.
A refined, prioritized list of security capabilities that reflects what makes your organization unique.
2.1 Gauge threat landscape.
2.2 Identify compliance requirements.
2.3 Categorize the role of IT.
2.4 Identify the sourcing model.
2.5 Identify the IT implementation model.
2.6 Identify the tech adoption strategy.
2.7 Refine the scope of the program.
Refined set of prioritized security capabilities
Refined set of prioritized security capabilities
Refined set of prioritized security capabilities
Refined set of prioritized security capabilities
Refined set of prioritized security capabilities
Refined set of prioritized security capabilities
Refined set of prioritized security capabilities
Finalize security program design.
Key accountabilities to support the security program
Gap analysis to produce an improvement plan
3.1 Identify program accountabilities.
3.2 Conduct program gap analysis.
3.3 Prioritize initiatives.
Documented program accountabilities.
Security program gap analysis
Security program gap analysis
Create and communicate an improvement roadmap for the security program.
Security program design and implementation plan to organize and communicate program improvements.
4.1 Build program roadmap
4.2 Finalize implementation plan
4.3 Sponsor check-in
Roadmap of program improvement initiatives
Roadmap of program improvement initiatives
Communication deck for program design and implementation
EXECUTIVE BRIEF
 |
Security leaders often tout their choice of technical security framework as the first and most important program decision they make. While the right framework can help you take a snapshot of the maturity of your program and produce a quick strategy and roadmap, it won’t help you align, modernize, or transform your program to meet emerging business requirements. Common technical security frameworks focus on operational controls rather than business services and value creation. They are difficult to convey to business stakeholders and provide little program management or implementation guidance. Focus on business value first, and the security services that enable it. Your organization has its own distinct character and profile. Understand what makes your organization unique, then design and refine the design of your security program to ensure it supports the right capabilities. Next, collaborate with stakeholders to ensure the right accountabilities, roles, and responsibilities are in place to support the implementation of the security program. |
Michel Hébert |
Your Challenge |
Common Obstacles |
Info-Tech’s Approach |
|---|---|---|
|
|
Tailor your security program according to what makes your organization unique.
|
Info-Tech Insight
You are a business leader who supports business goals and mitigates risk. Focus first on business value and the security services that enable it, not security controls.
Cybercriminals deploying ransomware are evolving into a growing and sophisticated criminal ecosystem that will continue to adapt to maximize its profits.
Malicious agents continue to target critical infrastructure to harm industrial processes and the customers they serve State-sponsored actors are expected to continue to target critical infrastructure to collect information through espionage, pre-position in case of future hostilities, and project state power.
Malicious actors increasingly deceive or exploit cryptocurrencies, machine learning, and artificial intelligence technologies to support their activities.
50% Only half of leaders are framing the impact of security threats as a business risk.
49% Less than half of leaders align security program cost and risk reduction targets with the business.
57% Most leaders still don’t regularly review security program performance of the business.
Organizations with misaligned security programs have 48% more security incidents...
…and the cost of their data breaches are 40% higher than those with aligned programs.
37% of stakeholders still lack confidence in their security program.
54% of senior leaders still doubt security gets the goals of the organization.
“There's so much focus on better risk management that every leadership team in every organization wants to be part of the solution.
If you can give them good data about what things they really need to do, they will work to understand it and help you solve the problem.”
1. New CISO
“I need to understand the business, prioritize core security capabilities, and identify program accountabilities quickly.”
2. Program Renewal
“The business is changing, and the threat landscape is shifting. I am concerned the program is getting stale.”
Use this blueprint to understand what makes your organization unique:
If you need a deep dive into governance, move on to a security governance and management initiative.
3. Program Update
“I am happy with the fundamentals of my security program. I need to assess and improve our security posture.”
Move on to our guidance on how to Build an Information Security Strategy instead.
Define Scope of |
Refine Scope of |
Finalize Security |
|
|---|---|---|---|
Phase steps |
1.1 Identify enterprise strategy 1.2 Identify enterprise goals 1.3 Assess the risk profile 1.4 Identify IT-related issues 1.5 Define initial program design |
2.1 Gage threats and compliance 2.2 Assess IT role and sourcing 2.3 Assess IT implementation model 2.4 Assess tech adoption strategy 2.5 Refine program design |
3.1 Identify program accountabilities 3.2 Define program target state 3.3 Build program roadmap |
Phase outcomes |
|
|
|
Tools |
You are a business leader first and a security leader second
Technical security frameworks are static and focused on operational controls and standards. They belong in your program’s solar system but not at its center. Design your security program with business value and the security services that enable it in mind, not security controls.
There is no one-size-fits-all security program
Tailor your security program to your organization’s distinct profile to ensure the program generates value.
Lay the right foundations to increase engagement
Map out accountabilities, roles, and responsibilities to ensure the components of your security program work together over time to secure and enable business services.
If you build it, they will come
Your executive team wants to be part of the solution. If you give them reliable data for the things they really need to do, they will work to understand and help you solve the problem.
Security Program Design Tool
Tailor the security program to what makes your organization unique to ensure alignment.
Security Program Implementation Tool
Assess the current state of different security program components and plan next steps.
SecurityProgram Design and Implementation Plan
Communicate capabilities, accountabilities, and implementation initiatives.
Key deliverable
Security Program Design and Implementation Plan
The design and implementation plan captures the key insights your work will generate, including:
IT Benefits |
Business Benefits |
|---|---|
|
|
Deliverable |
Challenge |
|
|---|---|---|
Security Program Design |
|
|
Program Assessment and Implementation Plan |
|
|
Measured Value |
|
Governance & Management Maturity Scorecard
Understand the maturity of your security program across eight domains.
Audience: Security Manager
Security Business Satisfaction and Alignment Report
Assess the organization’s satisfaction with the security program.
Audience: Business Leaders
CIO Business Vision
Assess the organization’s satisfaction with IT services and identify relevant challenges.
Audience: Business Leaders
INDUSTRY: Higher Education
SOURCE: Interview
Building a business-aligned security program
Portland Community College (PCC) is the largest post-secondary institution in Oregon and serves more than 50,000 students each year. The college has a well-established information technology program, which supports its education mission in four main campuses and several smaller centers.
PCC launched a security program modernization effort to deal with the evolving threat landscape in higher education. The CISO studied the enterprise strategy and goals and reviewed the college’s risk profile and compliance requirements. The exercise helped the organization prioritize security capabilities for the renewal effort and informed the careful assessment of technical controls in the current security program.
Results
Laying the right foundations for the security program helped the security function understand how to provide the organization with a clear report of its security posture. The CISO now reports directly to the board of directors and works with stakeholders to align cost, performance, and risk reduction objectives with the needs of the college.
The security program modernization effort prioritized several critical design factors
“Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful.”
“Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track.”
“We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place.”
“Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project.”
| Phase 1 | Phase 2 | Phase 3 |
|---|---|---|
Call #1: Call #2: |
Call #3: Call #4: |
Call #5: Call #6: |
A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization.
A typical GI is 4 to 6 calls over the course of 6 months.
Contact your account representative for more information.
workshops@infotech.com 1-888-670-8889
| Day 1 | Day 2 | Day 3 | Day 4 | Day 5 | |
|---|---|---|---|---|---|
Initial Security |
Refine Security |
Security Program |
Roadmap and Implementation Plan |
Next Steps and |
|
Activities |
1.1.0 Review Info-Tech diagnostic results 1.1.1 Identify project context 1.1.2 Identify enterprise strategy 1.2.1 Identify enterprise goals 1.2.2 Build a goals cascade 1.3 Assess the risk profile 1.4 Identify IT-related issues 1.5 Evaluate initial program design |
2.1.1 Gauge threat landscape 2.1.2 Identify compliance requirements 2.2.1 Categorize the role of IT 2.2.2 Identify the sourcing model 2.3.1 Identify the IT implementation model 2.4.1 Identify the tech adoption strategy 2.5.1 Refine the design of the program |
3.1 Identify program accountabilities 3.2.1 Conduct program gap analysis 3.2.2 Prioritize initiatives |
3.3.1 Build program roadmap 3.3.2 Finalize implementation plan 3.3.3 Sponsor check-in |
4.1 Complete in-progress deliverables from previous four days 4.2 Set up review time for workshop deliverables and to discuss next steps |
Deliverables |
|
|
|
|
|
Workshop |
Workshop |
|---|---|
Security Program Design Factors |
Security Program Gap Analysis or |
Under the best of circumstances, mainframe systems are complex, expensive, and difficult to scale. In today’s world, applications written for mainframe legacy systems also present significant operational challenges to customers compounded by the dwindling pool of engineers who specialize in these outdated technologies. Many organizations want to migrate their legacy applications to the cloud but to do so they need to go through a lengthy migration process that is made more challenging by the complexity of mainframe applications.
The most common tactic is for the organization to better realize their z/Series options and adopt a strategy built on complexity and workload understanding. To make the evident, obvious, the options here for the non-commodity are not as broad as with commodity server platforms and the mainframe is arguably the most widely used and complex non-commodity platform on the market.
This research will help you:
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
This blueprint will help you assess the fit, purpose, and price; develop strategies for overcoming potential challenges; and determine the future of z/Series for your organization.
Use this tool to play with the pre-populated values or insert your own amounts to compare possible database decisions, and determine the TCO of each. Note that common assumptions can often be false; for example, open-source Cassandra running on many inexpensive commodity servers can actually have a higher TCO over six years than a Cassandra environment running on a larger single expensive piece of hardware. Therefore, calculating TCO is an essential part of the database decision process.
“A number of market conditions have coalesced in a way that is increasingly driving existing mainframe customers to consider running their application workloads on alternative platforms. In 2020, the World Economic Forum noted that 42% of core skills required to perform existing jobs are expected to change by 2022, and that more than 1 billion workers need to be reskilled by 2030.” – Dale Vecchio
Your Challenge |
It seems like anytime there’s a new CIO who is not from the mainframe world there is immediate pressure to get off this platform. However, just as there is a high financial commitment required to stay on System Z, moving off is risky and potentially more costly. You need to truly understand the scale and complexity ahead of the organization. |
|---|---|
Common Obstacles |
Under the best of circumstances, mainframe systems are complex, expensive, and difficult to scale. In today’s world, applications written for mainframe legacy systems also present significant operational challenges to customers compounded by the dwindling pool of engineers who specialize in these outdated technologies. Many organizations want to migrate their legacy applications to the cloud, but to do so they need to go through a lengthy migration process that is made more challenging by the complexity of mainframe applications. |
Info-Tech Approach |
The most common tactic is for the organization to better realize its z/Series options and adopt a strategy built on complexity and workload understanding. To make the evident, obvious: the options here for the non-commodity are not as broad as with commodity server platforms and the mainframe is arguably the most widely used and complex non-commodity platform on the market. |
Problem statement: The z/Series remains a vital platform for many businesses and continues to deliver exceptional reliability and performance and play a key role in the enterprise. With the limited and aging resources at hand, CIOs and the like must continually review and understand their migration path with the same regard as any other distributed system roadmap. |
This research is designed for: IT strategic direction decision makers. IT managers responsible for an existing z/Series platform. Organizations evaluating platforms for mission critical applications. |
This research will help you:
|
Good Luck.
 |
Modernize the mainframe … here we go again. Prior to 2020, most organizations were muddling around in “year eleven of the four-year plan” to exit the mainframe platform where a medium-term commitment to the platform existed. Since 2020, it appears the appetite for the mainframe platform changed. Again. Discussions mostly seem to be about what the options are beyond hardware outsourcing or re-platforming to “cloud” migration of workloads – mostly planning and strategy topics. A word of caution: it would appear unwise to stand in front of the exit door for fear of being trampled. Hardware expirations between now and 2025 are motivating hosting deployments. Others are in migration activities, and some have already decommissioned and migrated but now are trying to rehab the operations team now lacking direction and/or structure. |
Darin Stahl |
Thinking of modernizing your mainframe can cause you angst so grab a fidget spinner and relax because we have you covered!
External Business Pressures:
Internal Considerations:
With multiple control points to be addressed, care must be taken to simplify your options while addressing all concerns to ease operational load.
Dating back to 2011, Darin Stahl has been the primary z/Series subject matter expert within the Infrastructure & Operations Research team. Below represents the percentage of calls, per industry, where z/Series advisory has been provided by Darin*: 37% - State Government 19% - Insurance 11% - Municipality 8% - Federal Government 8% - Financial Services 5% - Higher Education 3% - Retail 3% - Hospitality/Resort 3% - Logistics and Transportation 3% - Utility Based on the Info-Tech call history, there is a consistent cross section of industry members who not only rely upon the mainframe but are also considering migration options. |
Note:Of course, this only represents industries who are Info-Tech members and who called for advisory services about the mainframe. There may well be more Info-Tech members with mainframes who have no topic to discuss with us about the mainframe specifically. Why do we mention this? We caution against suggesting things like, ”somewhat less than 50% of mainframes live in state data centers” or any other extrapolated inference from this data. Our viewpoint and discussion is based on the cases and the calls that we have taken over the years. *37+ enterprise calls were reviewed and sampled. |
For most workloads “scale out" (e.g. virtualized cloud or IaaS ) is going to provide obvious and quantifiable benefits. However, with some workloads (extremely large analytics or batch processing ) a "scale up" approach is more optimal. But the scale up is really limited to very specific workloads. Despite some assumptions, the gains made when moving from scale up to scale out are not linear. Obviously, when you scale out from a performance perspective you experience a drop in what a single unit of compute can do. Additionally, there will be latency introduced in the form of network overhead, transactions, and replication into operations that were previously done just bypassing object references within a single frame. Some applications or use cases will have to be architected or written differently (thinking about the high-demand analytic workloads at large scale). Remember the “grid computing” craze that hit us during the early part of this century? It was advantageous for many to distribute work across a grid of computing devices for applications but the advantage gained was contingent on the workload able to be parsed out as work units and then pulled back together through the application. There can be some interesting and negative consequences for analytics or batch operations in a large scale as mentioned above. Bottom line, as experienced previously with Microfocus mainframe ports to x86, the batch operations simply take much longer to complete. |
Big Data Considerations*:
|
Below is a summary of concerns regarding core mainframe skills:
|
The Challenge An aging workforce, specialized skills, and high salary expectations
The In-House Solution: Build your mentorship program to create a viable succession plan
|
Migrate to another platform |
Use a hosting provider |
Outsource |
Re-platform (cloud/vendors) |
Reinvest |
|---|---|---|---|---|
There are several challenges to overcome in a migration project, from finding an appropriate alternative platform to rewriting legacy code. Many organizations have incurred huge costs in the attempt, only to be unsuccessful in the end, so make this decision carefully. |
Organizations often have highly sensitive data on their mainframes (e.g. financial data), so many of these organizations are reluctant to have this data live outside of their four walls. However, the convenience of using a hosting provider makes this an attractive option to consider. |
The most common tactic is for the organization to adopt some level of outsourcing for the non-commodity platform, retaining the application support/development in-house. |
A customer can “re-platform” the non-commodity workload into public cloud offerings or in a few offerings |
If you’re staying with the mainframe and keeping it in-house, it’s important to continue to invest in this platform, keep it current, and look for opportunities to optimize its value. |
If this sounds like your organization, it’s time to do the analysis so you can decide and get clarity on the future of the mainframe in your organization.
|
*3 of the top 4 challenges related to shortfalls of alternative platforms
|
*Source: Maximize the Value of IBM Mainframes in My Business |
Potential for reduced costs
Reliable infrastructure and experienced staff
So, what are the risks?
The most common tactic is for the organization to adopt some level of outsourcing for the non-commodity platform, retaining the application support/development in-house. The options here for the non-commodity (z/Series, IBM Power platforms, for example) are not as broad as with commodity server platforms. More confusingly, the term “outsourcing” for these can include: |
Traditional/Colocation – A customer transitions their hardware environment to a provider’s data center. The provider can then manage the hardware and “system.” Onsite Outsourcing – Here a provider will support the hardware/system environment at the client’s site. The provider may acquire the customer’s hardware and provide software licenses. This could also include hiring or “rebadging” staff supporting the platform. This type of arrangement is typically part of a larger services or application transformation. While low risk, it is not as cost-effective as other deployment models. Managed Hosting – A customer transitions their legacy application environment to an off-prem hosted multi-tenanted environment. It will provide the most cost savings following the transition, stabilization, and disposal of existing environment. Some providers will provide software licensing, and some will also support “Bring Your Own,” as permitted by IBM terms for example. |
Info-Tech Insight Technical debt for non-commodity platforms isn’t only hardware based. Moving an application written for the mainframe onto a “cheaper” hardware platform (or outsourced deployment) leaves the more critical problems and frequently introduces a raft of new ones. |
While the majority of the coded functionality (JCLs, programs, etc.) migrate easily, there will be a need to re-code or re-write objects – especially if any object, code, or location references are not exactly the same in the new environment. Micro Focus has solid experience in this but if consider it within the context of an 80/20 rule (the actual metrics might be much better than that), meaning that some level of rework would have to be accomplished as an overhead to the exercise. Build that thought into your thinking and business case. |
AWS Cloud
Azure Cloud
Micro Focus COBOL (Visual COBOL)
|
Yeah, a complication for this situation is the legacy code. While re-platforming/re-hosting non-COBOL code is not new, we have not had many member observations compared to the re-platforming/re-hosting of COBOL functionality initiatives. That being said, there are a couple of interesting opportunities to explore. |
NTT Data Services (GLOBAL)
ModernSystems (or ModSys) has relevant experience.
ATOS, as a hosting vendor mostly referenced by customers with global locations in a short-term transition posture, could be an option. Lastly, the other Managed Services vendors with NATURAL and Adabas capabilities: |
*92% of organizations that added capacity said TCO is lower than for commodity servers (compared to 50% of those who did not add capacity) |
*63% of organizations that added capacity said finding resources is not very difficult (compared to 42% of those who did not add capacity) |
 |
 |
| Temporary workaround. This would align with a technical solution allowing the VASM files to be accessed using platforms other than on mainframe hardware (Micro Focus or other file store trickery). This can be accomplished relatively quickly but does run the risk of technology obsolesce for the workaround at some point in the future. Bulk conversion. This method would involve the extract/transform/load of the historical records into the new application platform. Often the order of the conversion is completed on work newest to oldest (the idea is that the newest historical records would have the highest likelihood of an access need), but all files would be converted to the new application and the old data store destroyed. Forward convert, which would have files undergo the extract/transform/load conversion into the new application as they are accessed or reopened. This method would keep historical records indefinitely or until they are converted – or the legal retention schedule allows for their destruction (hopefully no file must be kept forever). This could be a cost-efficient approach since the historical files remaining on the VSAM platform would be shrunk over time based on demand from the district attorney process. The conversion process could be automated and scripted, with a QR step allowing for the records to be deleted from the old platform. |
Info-Tech Insight It is not usual for organizations to leverage options #2 and #3 above to move the functionality forward while containing the scope creep and costs for the data conversions. |
Note: Enterprise job scheduling is a topic with low member interest or demand. Since our published research is driven by members’ interest and needs, the lack of activity or member demand would obviously be a significant influence into our ability to aggregate shared member insight, trends, or best practices in our published agenda.
|
|
✓ Advanced Systems Concepts ✓ BMC ✓ Broadcom ✓ HCL ✓ Fortra |
✓ Redwood ✓ SMA Technologies ✓ StoneBranch ✓ Tidal Software ✓ Vinzant Software |
Creating vendor profiles will help quickly filter the solution providers that directly meet your z/Series needs.
ActiveBatch
| Workload Management: | ||
Summary Founded in 1981, ASCs ActiveBatch “provides a central automation hub for scheduling and monitoring so that business-critical systems, like CRM, ERP, Big Data, BI, ETL tools, work order management, project management, and consulting systems, work together seamlessly with minimal human intervention.”* URL Coverage: Global |
Amazon EC2 Hadoop Ecosystem IBM Cognos DataStage IBM PureData (Netezza) Informatica Cloud Microsoft Azure Microsoft Dynamics AX Microsoft SharePoint Microsoft Team Foundation Server |
Oracle EBS Oracle PeopleSoft SAP BusinessObjects ServiceNow Teradata VMware Windows Linux Unix IBM i |
*Advanced Systems Concepts, Inc.
Control-M
Workload Management: | ||
Summary Founded in 1980, BMCs Control-M product “simplifies application and data workflow orchestration on premises or as a service. It makes it easy to build, define, schedule, manage, and monitor production workflows, ensuring visibility, reliability, and improving SLAs.”* URL bmc.com/it-solutions/control-m.html Coverage: Global | AWS Azure Google Cloud Platform Cognos IBM InfoSphere DataStage SAP HANA Oracle EBS Oracle PeopleSoft BusinessObjects | ServiceNow Teradata VMware Windows Linux Unix IBM i IBM z/OS zLinux |
*BMC
Atomic Automation
Autosys Workload Automation
Workload Management: | ||
Summary Broadcom offers Atomic Automation and Autosys Workload Automation which ”gives you the agility, speed and reliability required for effective digital business automation. From a single unified platform, Atomic centrally provides the orchestration and automation capabilities needed accelerate your digital transformation and support the growth of your company.”* URL broadcom.com/products/software/automation/automic-automation broadcom.com/products/software/automation/autosys Coverage: Global
| Windows MacOS Linux UNIX AWS Azure Google Cloud Platform VMware z/OS zLinux System i OpenVMS Banner Ecometry | Hadoop Oracle EBS Oracle PeopleSoft SAP BusinessObjects ServiceNow Teradata VMware Windows Linux Unix IBM i |
Workload Automation
Workload Management: | |||
Summary “HCL Workload Automation streamlined modelling, advanced AI and open integration for observability. Accelerate the digital transformation of modern enterprises, ensuring business agility and resilience with our latest version of one stop automation platform. Orchestrate unattended and event-driven tasks for IT and business processes from legacy to cloud and kubernetes systems.”* URL hcltechsw.com/workload-automation Coverage: Global
| Windows MacOS Linux UNIX AWS Azure Google Cloud Platform VMware z/OS zLinux System i OpenVMS IBM SoftLayer IBM BigInsights | IBM Cognos Hadoop Microsoft Dynamics 365 Microsoft Dynamics AX Microsoft SQL Server Oracle E-Business Suite PeopleSoft SAP ServiceNow Apache Oozie Informatica PowerCenter IBM InfoSphere DataStage Salesforce BusinessObjects BI | IBM Sterling Connect:Direct IBM WebSphere MQ IBM Cloudant Apache Spark |
JAMS Scheduler
Workload Management: | ||
Summary Fortra’s “JAMS is a centralized workload automation and job scheduling solution that runs, monitors, and manages jobs and workflows that support critical business processes. JAMS reliably orchestrates the critical IT processes that run your business. Our comprehensive workload automation and job scheduling solution provides a single pane of glass to manage, execute, and monitor jobs—regardless of platforms or applications.”* URL Coverage: Global
| OpenVMS OS/400 Unix Windows z/OS SAP Oracle Microsoft Infor Workday AWS Azure Google Cloud Compute ServiceNow Salesforce | Micro Focus Microsoft Dynamics 365 Microsoft Dynamics AX Microsoft SQL Server MySQL NeoBatch Netezza Oracle PL/SQL Oracle E-Business Suite PeopleSoft SAP SAS Symitar |
*JAMS
Redwood SaaS
Workload Management: | ||
Summary Founded in 1993 and delivered as a SaaS solution, ”Redwood lets you orchestrate securely and reliably across any application, service or server, in the cloud or on-premises, all inside a single platform. Automation solutions are at the core of critical business operations such as forecasting, replenishment, reconciliation, financial close, order to cash, billing, reporting, and more. Enterprises in every industry — from manufacturing, utility, retail, and biotech to healthcare, banking, and aerospace.”* URL Coverage: Global
| OpenVMS OS/400 Unix Windows z/OS SAP Oracle Microsoft Infor Workday AWS Azure Google Cloud Compute ServiceNow Salesforce | Github Office 365 Slack Dropbox Tableau Informatica SAP BusinessObjects Cognos Microsoft Power BI Amazon QuickSight VMware Xen Kubernetes |
Robot Scheduler
Workload Management: | |
Summary “Robot Schedule’s workload automation capabilities allow users to automate everything from simple jobs to complex, event-driven processes on multiple platforms and centralize management from your most reliable system: IBM i. Just create a calendar of when and how jobs should run, and the software will do the rest.”* URL fortra.com/products/job-scheduling-software-ibm-i Coverage: Global
| IBM i (System i, iSeries, AS/400) AIX/UNIX Linux Windows SQL/Server Domino JD Edwards EnterpriseOne SAP Automate Schedule (formerly Skybot Scheduler) |
OpCon
Workload Management: | |||
Summary Founded in1980, SMA offers to “save time, reduce error, and free your IT staff to work on more strategic contributions with OpCon from SMA Technologies. OpCon offers powerful, easy-to-use workload automation and orchestration to eliminate manual tasks and manage workloads across business-critical operations. It's the perfect fit for financial institutions, insurance companies, and other transactional businesses.”* URL Coverage: Global | Windows Linux Unix z/Series IBM i Unisys Oracle SAP Microsoft Dynamics AX Infor M3 Sage Cegid Temenos | FICS Microsoft Azure Data Management Microsoft Azure VM Amazon EC2/AWS Web Services RESTful Docker Google Cloud VMware ServiceNow Commvault Microsoft WSUS Microsoft Orchestrator | Java JBoss Asysco AMT Tuxedo ART Nutanix Corelation Symitar Fiserv DNA Fiserv XP2 |
Universal Automation Center (UAC)
Workload Management: | |||
Summary Founded in 1999, ”the Stonebranch Universal Automation Center (UAC) is an enterprise-grade business automation solution that goes beyond traditional job scheduling. UAC's event-based workload automation solution is designed to automate and orchestrate system jobs and tasks across all mainframe, on-prem, and hybrid IT environments. IT operations teams gain complete visibility and advanced control with a single web-based controller, while removing the need to run individual job schedulers across platforms.”* URL stonebranch.com/it-automation-solutions/enterprise-job-scheduling Coverage: Global | Windows Linux Unix z/Series Apache Kafka AWS Databricks Docker GitHub Google Cloud Informatica | Jenkins Jscape Kubernetes Microsoft Azure Microsoft SQL Microsoft Teams PagerDuty PeopleSoft Petnaho RedHat Ansible Salesforce | SAP ServiceNow Slack SMTP and IMAP Snowflake Tableau VMware |
Workload Automation
Workload Management: | |||
Summary Founded in 1979, Tidal’s Workload Automation will “simplify management and execution of end-to-end business processes with our unified automation platform. Orchestrate workflows whether they're running on-prem, in the cloud or hybrid environments.”* URL Coverage: Global | CentOS Linux Microsoft Windows Server Open VMS Oracle Cloud Oracle Enterprise Linux Red Hat Enterprise Server Suse Enterprise Tandem NSK Ubuntu UNIX HPUX (PA-RISC, Itanium) Solaris (Sparc, X86) | AIX, iSeries z/Linux z/OS Amazon AWS Microsoft Azure Oracle OCI Google Cloud ServiceNow Kubernetes VMware Cisco UCS SAP R/3 & SAP S/4HANA Oracle E-Business | Oracle ERP Cloud PeopleSoft JD Edwards Hadoop Oracle DB Microsoft SQL SAP BusinessObjects IBM Cognos FTP/FTPS/SFTP Informatica |
Global ECS
Workload Management: | |
Summary Founded in 1987, Global ECS can “simplify operations in all areas of production with the GECS automation framework. Use a single solution to schedule, coordinate and monitor file transfers, database operations, scripts, web services, executables and SAP jobs. Maximize efficiency for all operations across multiple business units intelligently and automatically.”* URL Coverage: Global | Windows Linux Unix iSeries SAP R/3 & SAP S/4HANA Oracle, SQL/Server |
Activities:
This activity involves the following participants:
IT strategic direction decision makers
IT managers responsible for an existing z/Series platform
Organizations evaluating platforms for mission critical applications
Outcomes of this step:
This checkpoint process creates transparency around agreement costs with the business and gives the business an opportunity to re-evaluate its requirements for a potentially leaner agreement.
The Scale Up vs. Scale Out TCO Tool provides organizations with a framework for estimating the costs associated with purchasing and licensing for a scale-up and scale-out environment over a multi-year period. Use this tool to:
|  |
Info-Tech InsightWatch out for inaccurate financial information. Ensure that the financials for cost match your maintenance and contract terms. | Use the Scale Up vs. Scale Out TCO Tool to determine your TCO options. |
Effectively Acquire Infrastructure Services
Acquiring a service is like buying an experience. Don’t confuse the simplicity of buying hardware with buying an experience.
Outsource IT Infrastructure to Improve System Availability, Reliability, and Recovery
There are very few IT infrastructure components you should be housing internally – outsource everything else.
Build Your Infrastructure Roadmap
Move beyond alignment: Put yourself in the driver’s seat for true business value.
Make the most of cloud for your organization.
Drive consensus by outlining how your organization will use the cloud.
Build a Strategy for Big Data Platforms
Know where to start and where to focus attention in the implementation of a big data strategy.
Improve your RFPs to gain leverage and get better results.
|
Darin Stahl, Principal Research Advisor, Info-Tech Research Group Darin is a Principal Research Advisor within the Infrastructure Practice, and leveraging 38+ years of experience, his areas of focus include: IT Operations Management, Service Desk, Infrastructure Outsourcing, Managed Services, Cloud Infrastructure, DRP/BCP, Printer Management, Managed Print Services, Application Performance Monitoring/ APM, Managed FTP, non-commodity servers (z/Series, mainframe, IBM i, AIX, Power PC). |
 |
Troy Cheeseman, Practice Lead, Info-Tech Research Group Troy has over 25 years of IT management experience and has championed large enterprise-wide technology transformation programs, remote/home office collaboration and remote work strategies, BCP, IT DRP, IT Operations and expense management programs, international right placement initiatives, and large technology transformation initiatives (M&A). Additionally, he has deep experience working with IT solution providers and technology (cloud) start-ups. |
“AWS Announces AWS Mainframe Modernization.” Business Wire, 30 Nov. 2021.
de Valence, Phil. “Migrating a Mainframe to AWS in 5 Steps with Astadia?” AWS, 23 Mar. 2018.
Graham, Nyela. “New study shows mainframes still popular despite the rise of cloud—though times are changing…fast?” WatersTechnology, 12 Sept. 2022.
“Legacy applications can be revitalized with API.” MuleSoft, 2022.
Vecchio, Dale. “The Benefits of Running Mainframe Applications on LzLabs Software Defined Mainframe® & Microsoft Azure.” LzLabs Sites, Mar. 2021.
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Begin your proactive audit management journey and leverage value from your software asset management program.
Prepare for an audit by effectively scoping and consolidating organizational response.
Execute the audit in a way that preserves valuable relationships while accounting for vendor specific criteria.
Conduct negotiations, settle on remuneration, and close out the audit.
Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.
Kick off the project
Identify challenges and red flags
Determine maturity and outline internal audit
Clarify stakeholder responsibilities
Build and structure audit team
Leverage value from your audit management program
Begin your proactive audit management journey
A documented consolidated licensing position, which ensures that you are not blindsided by a sudden audit request
1.1 Perform a maturity assessment of the current environment
1.2 Classify licensing contracts/vendors
1.3 Conduct a software inventory
1.4 Meter application usage
1.5 Manual checks
1.6 Gather software licensing data
1.7 Reconcile licenses
1.8 Create your audit team and assign accountability
Maturity assessment
Effective license position/license reconciliation
Audit team RACI chart
Create a strategy for audit response
Know the types of requests
Scope the engagement
Understand scheduling challenges
Know roles and responsibilities
Understand common audit pitfalls
Define audit goals
Take control of the situation and prepare a measured response
A dedicated team responsible for all audit-related activities
A formalized audit plan containing team responsibilities and audit conduct policies
2.1 Use Info-Tech’s readiness assessment template
2.2 Define the scope of the audit
Readiness assessment
Audit scoping email template
Overview of process conducted
Kick-off and self-assessment
Identify documentation requirements
Prepare required documentation
Data validation process
Provide resources to enable the auditor
Tailor audit management to vendor compliance position
Enforce best-practice audit behaviors
A successful audit with minimal impact on IT resources
Reduced severity of audit findings
3.1 Communicate audit commencement to staff
Audit launch email template
Clarify auditor findings and recommendations
Access severity of audit findings
Develop a plan for refuting unwarranted findings
Disclose findings to management
Analyze opportunities for remediation
Provide remediation options and present potential solutions
Ensure your audit was productive and beneficial
Improve your ability to manage audits
Come to a consensus on which findings truly necessitate organizational change
4.1 Don't accept the penalties; negotiate with vendors
4.2 Close the audit and assess the financial impact
A consensus on which findings truly necessitate organizational change
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Discover a proven process for your RFPs. Review Info-Tech’s process and understand how you can prevent your organization from leaking negotiation leverage while preventing vendors from taking control of your RFP. Our 7-phase process prevents a bad RFP from taking your time, money, and resources.
Use this tool to assist you and your team in documenting the requirements for your RFP. Use the results of this tool to populate the requirements section of your RFP.
Configure this time-saving suite of tools to your organizational culture, needs, and most importantly the desired outcome of your RFP initiative. This suite contains four unique RFP templates. Evaluate which template is appropriate for your RFP. Also included in this suite are a response evaluation guidebook and several evaluation scoring tools along with a template to report the RFP results to stakeholders.
Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.
Problem Identification
Current process mapped and requirements template configured
1.1 Overview and level-setting
1.2 Identify needs and drivers
1.3 Define and prioritize requirements
1.4 Gain business authorization and ensure internal alignment
Map Your Process With Gap Identification
Requirements Template
Map Your Process With Gap Identification
Requirements Template
Map Your Process With Gap Identification
Requirements Template
Map Your Process With Gap Identification
Requirements Template
Define Success Target
Baseline RFP and evaluation templates
2.1 Create and issue RFP
2.2 Evaluate responses/proposals and negotiate the agreement
2.3 Purchase goods and services
RFP Calendar Tool
RFP Evaluation Guidebook
RFP Respondent Evaluation Tool
Configure Templates
Configured Templates
3.1 Assess and measure
3.2 Review templates
Long-Form RFP Template
Short-Form RFP Template
Excel-Based RFP Template
Lack of RFP Process Causes...
|
Solution: RFP Process
|
|
||
Requirements
|
Templates, Tools, Governance
|
Vendor Management
|
||
“A bad request for proposal (RFP) is the gift that keeps on taking – your time, your resources, your energy, and your ability to accomplish your goal. A bad RFP is ineffective and incomplete, it creates more questions than it answers, and, perhaps most importantly, it does not meet your organization’s expectations.”
Steven Jeffery
Principal Research Director, Vendor Management
Co-Author: The Art of Creating a Quality RFP
Info-Tech Research Group
A well planned and executed sourcing strategy that focuses on solid requirements, evaluation criteria, and vendor management will improve vendor performance.
Your challenge is to determine the best sourcing tool to obtain vendor information on capabilities, solution(s), pricing and contracting: RFI, RFP, eRFX.
Depending on your organization’s knowledge of the market, your available funding, and where you are in the sourcing process, there are several approaches to getting the information you need.
An additional challenge is to answer the question “What is the purpose of our RFX?”
If you do not have in-depth knowledge of the market, available solutions, and viable vendors, you may want to perform an RFI to provide available market information to guide your RFP strategy.
If you have defined requirements, approved funding, and enough time, you can issue a detailed, concise RFP.
If you have “the basics” about the solution to be acquired and are on a tight timeframe, an “enhanced RFI” may fit your needs.
This blueprint will provide you with the tools and processes and insights to affect the best possible outcome.
|
70 Days is the average duration of an IT RFP. The average number of evaluators is 5-6 4 Is the average number of vendor submissions, each requiring an average of two to three hours to review. (Source: Bonfire, 2019. Note: The 2019 Bonfire report on the “State of the RFP” is the most recent published.) |
“IT RFPs take the longest from posting to award and have the most evaluators. This may be because IT is regarded as a complex subject requiring complex evaluation. Certainly, of all categories, IT offers the most alternative solutions. The technology is also changing rapidly, as are the requirements of IT users – the half-life of an IT requirement is less than six months (half the requirements specified now will be invalid six months from now). And when the RFP process takes up two of those months, vendors may be unable to meet changed requirements when the time to implement arrives. This is why IT RFPs should specify the problem to be resolved rather than the solution to be provided. If the problem resolution is the goal, vendors are free to implement the latest technologies to meet that need.” (Bonfire, “2019 State of the RFP”) |
Vendors’ win rate
44%Vendors only win an average of 44% of the RFPs they respond to (Loopio, 2022). |
High cost to respond
3-5%Vendors budget 3-5% of the anticipated contract value to respond (LinkedIn, 2017, Note: LinkedIn source is the latest information available). |
Time spent writing response
23.8 hoursVendors spend on average 23.8 hours to write or respond to your RFP (Marketingprofs, 2021). |
|
Stress, because roles and responsibilities aren’t clearly defined and communication is haphazard, resulting in strained relationships. Confusion, because you don’t know what the expected or desired results are. Directionless, because you don’t know where the team is going. Uncertainty, with many questions of your own and many more from other team members. Frustration, because of all the questions the vendors ask as a result of unclear or incomplete requirements. Exhaustion, because reviewing RFP responses of insufficient quality is tedious. Disappointment in the results your company realizes. (Source: The Art of Creating a Quality RFP) |
Without a well defined, consistent RFP process, with input from all key stakeholders, the organization will not achieve the best possible results from its sourcing efforts.
Vendors are choosing to not respond to RFPs due to their length and lack of complete requirements.
Be clear and concise in stating your requirements and include, in addition to IT requirements, procurement, security, legal, and risk requirements.
Consider adding vendor management requirements to manage the ongoing relationship post contract.
Consider the RFP Evaluation Process as you draft the RFP, including weighting the RFP components. Don’t underestimate the level of effort required to effectively evaluate responses – write the RFP with this in mind.
Provide strict, prescriptive instructions detailing how the vendor should submit their responses. Controlling vendor responses will increase your team’s efficiency in evaluations while providing ease of reference responses across multiple vendors.
| Key deliverables:
Info-Tech provides you with the tools you need to go to market in the most efficient manner possible, with guidance on how to achieve your goals.
|
Long-Form RFP Template
For when you have complete requirements and time to develop a thorough RFP. |
|
Short-Form RFP Template
When the requirements are not as extensive, time is short, and you are familiar with the market. |
|
| Lean RFP Template
When you have limited time and some knowledge of the market and wish to include only a few vendors. |
|
Excel-Form RFP Template
When there are many requirements, many options, multiple vendors, and a broad evaluation team. |
|
IT Benefits
|
Mutual IT and Business Benefits
|
Business Benefits
|
DIY Toolkit |
Guided Implementation |
Workshop |
Consulting |
| "Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful." | "Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track." | "We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place." | "Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project." |
A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization.
A typical GI is seven to twelve calls over the course of four to six months.
What does a typical GI on this topic look like?
Phase 1 |
Phase 2 |
Phase 3 |
Phase 4 |
Phase 5 |
Phase 6 |
Phase 7 |
| Call #1: Identify the need | Call #3: Gain business authorization | Call #5: Negotiate agreement strategy | Call #7: Assess and measure performance | |||
| Call #2: Define business requirements | Call #4: Review and perform the RFX or RFP | Call #6: Purchase goods and services |
Contact your account representative for more information.
workshops@infotech.com1-888-670-8889
| Day 1 | Day 2 | Day 3 | |
| Activities |
Answer “What problem do we need to solve?”1.1 Overview and level-setting 1.2 Identify needs and drivers 1.3 Define and prioritize requirements 1.4 Gain business authorization and ensure internal alignment |
Define what success looks like?2.1 Create and issue RFP 2.2 Evaluate responses/ proposals and negotiate the agreement. 2.3 Purchase goods and services |
Configure Templates3.1 Assess and measure 3.2 Review tools |
| Deliverables |
|
|
|
| Steps
1.1 Establish the need to either purchase goods/services (RFP) or acquire additional information from the market (RFI). |
|
Identify the need based on business requirements, changing technology, increasing vendor costs, expiring contracts, and changing regulatory requirements.
Agreement on the need to go to market to make a purchase (RFP) or to acquire additional information (RFI) along with a high-level agreement on requirements, rough schedule (is there time to do a full blown RFP or are you time constrained, which may result in an eRFP) and the RFP team is identified.
Identify Need| Phase 1 | Phase 2 | Phase 3 | Phase 4 | Phase 5 | Phase 6 | Phase 7 |
|
|
| Steps
2.1 Define and classify the technical, business, financial, legal, and support and security requirements for your business. |
|
A detailed list of required business, technical, legal and procurement requirements classified as to absolute need(s), bargaining and concession need(s), and “nice to haves.”
Define Business Requirements
| Phase 1 | Phase 2 | Phase 3 | Phase 4 | Phase 5 | Phase 6 | Phase 7 |
“Concentrate on the needs of the organization and not the wants of the individuals when creating requirements to avoid scope creep.” (Donna Glidden, ITRG Research Director)
Leverage the “ABCD” approach found in our Prepare for Negotiations More Effectively blueprint:
https://tymansgrpup.com/research/ss/prepare-for-negotiations-more-effectively
Input: List of all requirements from IT and IT Security, Business, Sourcing/Procurement, Risk Management, and Legal
Output: Prioritized list of RFP requirements approved by the stakeholder team
Materials: The RFP Requirements Worksheet
Participants: All stakeholders impacted by the RFP: IT, IT Security, the Business, Sourcing/ Procurement, Risk Management, Legal
Download the RFP Requirements Worksheet
| Steps
3.1 Obtain business authorization from the business, technology, finance and Sourcing/Procurement |
|
Approval by all key stakeholders to proceed with the issuing of the RFP and to make a purchase as a result.
Gain Business Authorization
| Phase 1 | Phase 2 | Phase 3 | Phase 4 | Phase 5 | Phase 6 | Phase 7 |
Gain authorization for your RFP from all relevant stakeholders
Obtaining cross-function alignment will clear the way for contract, SOW, and budget approvals and not waste any of your and your vendor’s resources in performing an RFP that your organization is not ready to implement or invest financial and human resources in. |
|
| Steps
4.1 Build your RFP 4.2 Decide RFI or not 4.3 Create your RFP 4.4 Receive & answer questions 4.5 Perform Pre-Proposal Conference 4.6 Evaluate responses |
|
RFP package is issued to vendors and includes the date of the Pre-Proposal Conference, which should be held shortly after RFP release and includes all parties.
SME’s/stakeholders participate in providing answers to RFP contact for response to vendors.
Create and Issue Your RFP/RFI
| Phase 1 | Phase 2 | Phase 3 | Phase 4 | Phase 5 | Phase 6 | Phase 7 |
Step 1
|
Step 2
|
Step 3
|
Step 4
|
Step 5
|
Step 6
|
At the beginning of your RFP creation process consider how your requirements will impact the vendor’s response. Concentrate on the instructions you provide the vendors and how you wish to receive their responses. View the RFP through the lens of the vendors and envision how they are going to respond to the proposal.
Limiting the number of requirements included in the RFP will increase the evaluation team’s speed when reviewing vendors’ responses. This is accomplished by not asking questions for common features and functionality that all vendors provide. Don’t ask multiple questions within a question. Avoid “lifting” vendor-specific language to copy into the RFP as this will signal to vendors who their competition might be and may deter their participation. Concentrate your requirement questions to those areas that are unique to your solution to reduce the amount of time required to evaluate the vendors’ response.
Inconsistent formatting of vendor responses prevents an apples-to-apples evaluation between vendor responses. Evaluation teams are frequently challenged and are unable to evaluate vendors’ responses equally against each other for the following reasons:
Challenges
|
Prevention
|
Step 1
| Step 2
| Step 3
| Step 4
| Step 5
| Step 6
|
As the name implies, a request for information (RFI) is a tool for collecting information from vendors about the companies, their products, and their services. We find RFIs useful when faced with a lot of vendors that we don’t know much about, when we want to benchmark the marketplace for products and services, including budgetary information, and when we have identified more potential vendors than we care to commit a full RFP to.
RFIs are simpler and less time-consuming than RFPs to prepare and evaluate, so it can make a lot of sense to start with an RFI. Eliminating unqualified vendors from further consideration will save your team from weeding through RFP responses that do not meet your objectives. For their part, your vendors will appreciate your efforts to determine up-front which of them are the best bets before asking them to spend resources and money producing a costly proposal.
While many organizations rarely use RFIs, they can be an effective tool in the vendor manager’s toolbox when used at the right time in the right way. RFIs can be deployed in competitive targeted negotiations.
A Lean RFP is a two-stage strategy that speeds up the typical RFP process. The first stage is like an RFI on steroids, and the second stage is targeted competitive negotiation.
Don’t rely solely on the internet to qualify vendors; use an RFI to acquire additional information before finalizing an RFP.
Download the Lean RFP Template
Download the RFP Evaluation Tool
Input
|
Output
|
Materials
|
Participants
|
Case StudyA Lean RFP saves time |
INDUSTRY: Pharmaceutical
|
|
Challenge
|
Solution
|
Results
|
Step 1
| Step 2
| Step 3
| Step 4
| Step 5
| Step 6
|
Input: List duration in days of key activities, RFP Calendar and Key Date Tool, For all vendor-inclusive meetings, include the dates on your RFP calendar and reference them in the RFP
Output: A timeline to complete the RFP that has the support of each stakeholder involved in the process and that allows for a complete and thorough vendor response.
Materials: RFP Calendar and Key Date Tool
Participants: IT management, Business stakeholder(s), Legal (as required), Risk management (as required), Sourcing/Procurement, Vendor management
Download the RFP Calendar and Key Date Tool
Create and issue your RFP, which should contain at least the following:
|
|
Dictating to the vendors the format of their response will increase your evaluation efficiency
Narrative Response:Create either a Word or Excel document that provides the vendor with an easy vehicle for their response. This template should include the question identifier that ties the response back to the requirement in the RFP. Instruct vendors to include the question number on any ancillary materials they wish to include. Pricing Response:Create a separate Excel template that the vendors must use to provide their financial offer. This template should include pricing for hardware, software, training, implementation, and professional services, as well as placeholders for any additional fees. Always be flexible in accepting alternative proposals after the vendor has responded with the information you requested in the format you require. |
|
Input: Identify pricing components for hardware, software, training, consulting/services, support, and additional licenses (if needed)
Output: Vendor Pricing Tool
Materials: RFP Requirements Worksheet, Pricing template
Participants: IT, Finance, Business stakeholders, Sourcing/Procurement, Vendor management
Download the Vendor Pricing Tool
Use the Short-Form RFP Template for simple, non-complex solutions that are medium to low dollar amounts that do not require numerous requirements.
We recommend the Long-Form RFP Template for highly technical and complex solutions that are high dollar and have long implementation duration.
Leverage the Excel-Form RFP Tool for requirements that are more specific in nature to evaluate a vendor’s capability for their solution. This template is designed to be complete and inclusive of the RFP process, e.g., requirements, vendor response, and vendor response evaluation scoring.
Like tools in a carpenters’ tool box or truck, there is no right or wrong template for any job. Take into account your organization culture, resources available, time frame, policies, and procedures to pick the right tool for the job. (Steve Jeffery, Principal Research Director, Vendor Management, Co-Author: The Art of Creating a Quality RFP, Info-Tech Research Group)
1-2 hours
Input: List of technical, legal, business, and data security requirements
Output: Full set of requirements, prioritized, that all participants agree to
Materials: Short-Form RFP Template, Vendor Pricing Tool, Supporting exhibits
Participants: IT management, Business stakeholder(s), Legal (as required), Risk management (as required), Sourcing/Procurement, Vendor management
Download the Short-Form RFP Template
1-3 hours
Input: List of technical, legal, business, and data security requirements
Output: Full set of requirements, prioritized, that all stakeholders agree to
Materials: Long-Form RFP Template, Vendor Pricing Tool, Supporting exhibits
Participants: IT management, Business stakeholder(s), Legal (as required), Risk management (as required), Sourcing/Procurement, Vendor management
Download the Long-Form RFP Template
Several weeks
Input: List of technical, legal, business, and data security requirements
Output: Full set of requirements, prioritized, that all stakeholders agree to
Materials: Excel-Form RFP Template, Vendor Pricing Tool, Supporting exhibits
Participants: IT management, Business stakeholder(s), Legal (as required), Risk management (as required), Sourcing/Procurement, Vendor management
Download the Excel-Form RFP Template
Step 1
| Step 2
| Step 3
| Step 4
| Step 5
| Step 6
|
|
|
|
Step 1
| Step 2
| Step 3
| Step 4
| Step 5
| Step 6
|
“Using a Pre-Proposal Conference allows you to reinforce that there is a level playing field for all of the vendors…that each vendor has an equal chance to earn your business. This encourages and maximizes competition, and when that happens, the customer wins.” (Phil Bode, Principal Research Director, Co-Author: The Art of Creating a Quality RFP, Info-Tech Research Group)
| Modify this agenda for your specific organization’s culture | |
(Source: The Art of Creating a Quality RFP, Jeffery et al., 2019) |
|
Allow your executive or leadership sponsor to leave the Pre-Proposal Conference after they provide their comments to allow them to continue their day while demonstrating to the vendors the importance of the project.
Step 1
| Step 2
| Step 3
| Step 4
| Step 5
| Step 6
|
|
|
The first, by response, is when the evaluator reviews each vendor’s response in its entirety.
The second, reviewing by objective, is when the evaluator reviews each vendor’s response to a single objective before moving on to the next.
| By Response
|
By Objective
|
||
|
|
|
|
You cannot eliminate bias completely – the best you can do is manage it by identifying these biases with the team and mitigating their influence in the evaluation process.
VendorThe evaluator only trusts a certain vendor and is uncomfortable with any other vendor.
|
|
Account RepresentativesRelationships extend beyond business, and an evaluator doesn't want to jeopardize them.
|
TechnicalA vendor is the only technical solution the evaluator is looking for, and they will not consider anything else.
|
PriceAs humans, we can justify anything at a good price.
|
| When your evaluation team includes a member of the C-suite or senior leadership, ensure you give them extra time to sufficiently review the vendor's responses. | 
|
When your questions require a definitive “Yes”/“True” or “No”/“False” responses, we recommend giving the maximum score for “Yes”/“True” and the minimum score for “No”/“False”. |
| Increase your efficiency and speed of evaluation by evaluating the mandatory requirements first. If a vendor's response doesn't meet the minimum requirements, save time by not reviewing the remainder of the response. | Group your RFP questions with a high-level qualifying question, then the supporting detailed requirements. The evaluation team can save time by not evaluating a response that does not meet a high-level qualifying requirement. |
Define your ranking scale to ensure consistency in ratingsWithin each section of your RFP are objectives, each of which should be given its own score. Our recommended approach is to award on a scale of 0 to 5. With such a scale, you need to define every level. Below are the recommended definitions for a 0 to 5 scoring scale.
|
|
Obtain Alignment on Weighting the Scores of Each Section
|
Example RFP Section Weights
(Source: The Art of Creating a Quality RFP, Jeffery et al., 2019) |
Protect your organization's reputation within the vendor community with a fair and balanced process.
|
|
Do not alter the evaluation weights after responses are submitted.
|
|
1 hour
Input: RFP responses, Weighted Scoring Matrix, Vendor Response Scorecard
Output: One or two finalists for which negotiations will proceed
Materials: RFP Evaluation Guidebook
Participants: IT, Finance, Business stakeholders, Sourcing/Procurement, Vendor management
Download the RFP Evaluation Guidebook
1-4 hours
Input: Each vendor’s RFP response, A copy of the RFP (less pricing), A list of the weighted criteria incorporated into a vendor response scorecard
Output: A consolidated ranked and weighted comparison of the vendor responses with pricing
Materials: Vendor responses, RFP Evaluation Tool
Participants: Sourcing/Procurement, Vendor management
Download the RFP Evaluation Tool
Input: Consolidated vendor pricing responses, Consolidated vendor RFP responses, Current spend within your organization for the product/service, if available, Budget
Output: A completed TCO model summarizing the financial results of the RFP showing the anticipated costs over the term of the agreement, taking into consideration the impact of renewals.
Materials: Vendor TCO Tool, Vendor pricing responses
Participants: IT, Finance, Business stakeholders, Sourcing/Procurement
Download the Vendor TCO Tool
1-2 hours
Input: Vendor Response Scorecard from each stakeholder, Consolidated RFP responses and pricing, Any follow up questions or items requiring further vendor clarification.
Output: An RFP Response Evaluation Summary that identifies the finalists based on pre-determined criteria.
Materials: RFP Evaluation Tool from each stakeholder, Consolidated RFP responses and pricing.
Participants: IT, Finance, Business stakeholders, Sourcing/Procurement, Vendor management
Download the Consolidated Vender RFP Response Evaluation Summary
Download the Vendor Recommendation Presentation
Input
| Output
| Materials
| Participants
|
|
Templates/ToolsRFP templates and tools are found in a variety of places, such as previous projects, your favorite search engine, or by asking a colleague. |
SourcingRegardless of the source of these documents, you must take great care and consideration to sanitize any reference to another vendor, company, or name of the deal. |
ReviewThen you must carefully examine the components of the deal before creating your final documents.Popular RFP templates include:
|
| Steps
5.1 Perform negotiation process |
|
A negotiated agreement or agreements that are a result of competitive negotiations.
Negotiate Agreement(s)
| Phase 1 | Phase 2 | Phase 3 | Phase 4 | Phase 5 | Phase 6 | Phase 7 |
| You should evaluate your RFP responses first to see if they are complete and the vendor followed your instructions.
Info-Tech InsightBe certain to include any commitments made in the RFP, presentations, and proposals in the agreement – dovetails to underperforming vendor. |  Leverage Info-Tech's negotiation process research for additional information | Negotiate before you select your vendor:
Info-Tech InsightProviding contract terms in an RFP can dramatically reduce time for this step by understanding the vendor’s initial contractual position for negotiation. |
| Steps
6.1 Purchase Goods & Services |
|
A purchase order that completes the RFP process.
The beginning of the vendor management process.
Purchase Goods and Services
| Phase 1 | Phase 2 | Phase 3 | Phase 4 | Phase 5 | Phase 6 | Phase 7 |
Prepare to purchase goods and services by completing all items on your organization’s onboarding checklist.
|
|
As a customer, honoring your contractual obligations and commitments will ensure that your organization is not only well respected but considered a customer of choice.
| Steps
7.1 Assess and measure performance against the agreement |
|
A list of what went well during the period – it’s important to recognize successes
A list of areas needing improvement that includes:
Purchase Goods and Services
| Phase 1 | Phase 2 | Phase 3 | Phase 4 | Phase 5 | Phase 6 | Phase 7 |
To be an objective vendor manager, you should also assess and measure your company’s performance along with the vendor’s performance.
Upon completion of this blueprint, guided implementation, or workshop, your team should have a comprehensive, well-defined end-to-end approach to performing a quality sourcing event. Leverage Info-Tech’s industry-proven tools and templates to provide your organization with an effective approach to maintain your negotiation leverage, improve the ease with which you evaluate vendor proposals, and reduce your risk while obtaining the best market value for your goods and services.
Additionally, your team will have a foundation to execute your vendor management principles. These principles will assist your organization in ensuring you receive the perceived value from the vendor as a result of your competitive negotiations.
Contact your account representative for more information.
DO
|
DON'T
|
“2022 RFP Response Trends & Benchmarks.” Loopio, 2022. Web.
Corrigan, Tony. “How Much Does it Cost to Respond to an RFP?” LinkedIn, March 2017. Accessed 10 Dec. 2019
“Death by RFP:7 Reasons Not to Respond.” Inc. Magazine, 2013. Web.
Jeffery, Steven, George Bordon, and Phil Bode. The Art of Creating a Quality RFP, 3rd ed. Info-Tech Research Group, 2019.
“RFP Benchmarks: How Much Time and Staff Firms Devote to Proposals.” MarketingProfs, 2020. Web.
“State of the RFP 2019.” Bonfire, 2019. Web.
“What Vendors Want (in RFPs).” Vendorful, 2020. Web.
|
Prepare for Negotiations More Effectively
|
|
Understand Common IT Contract Provisions to Negotiate More Effectively
|
|
Jump Start Your Vendor Management Initiative
|
Establish an enterprise architecture practice that:
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
You need to define a sound set of design principles before commencing with the design of your EA organization.
The EA operating model structure should be rigid but pliable enough to fit the needs of the stakeholders it provide services to.
A phased approach and a good communications strategy are key to the success of the new EA organization.
Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.
Identify how EA looks within the organization and ensure all the necessary skills are accounted for within the function.
EA is designed to be the most appropriately placed and structured for the organization.
1.1 Place the EA department.
1.2 Define roles for each team member.
1.3 Find internal and external talent.
1.4 Create job descriptions with required proficiencies.
EA organization design
Role-based skills and competencies
Talent acquisition strategy
Job descriptions
Create a thorough engagement model to interact with stakeholders.
An understanding of each process within the engagement model.
Create stakeholder interaction cards to plan your conversations.
2.1 Define each engagement process for your organization.
2.2 Document stakeholder interactions.
EA Operating Model Template
EA Stakeholder Engagement Model Template
Develop EA boards, alongside a charter and policies to effectively govern the function.
Governance that aids the EA function instead of being a bureaucratic obstacle.
Adherence to governace.
3.1 Outline the architecture review process.
3.2 Position the architecture review board.
3.3 Create a committee charter.
3.4 Make effective governance policy.
Architecture Board Charter Template
EA Policy Template
Create an operating model that is influenced by universal standards including TOGAF, Zachmans, and DoDAF.
A thoroughly articulated development framework.
Understanding of the views that influence each domain.
4.1 Tailor an architecture development framework to your organizational context.
EA Operating Model Template
Enterprise Architecture Views Taxonomy
Create a change management and communication plan or roadmap to execute the operating model.
Build a plan that takes change management and communication into consideration to achieve the wanted benefits of an EA program.
Effectively execute the roadmap.
5.1 Create a sponsorship action plan.
5.2 Outline a communication plan.
5.3 Execute a communication roadmap.
Sponsorship Action Plan
EA Communication Plan Template
EA Roadmap
Businesses are expected to balance achieving innovation through initiatives that transform the organization with effective risk management. While this is nothing new, added challenges arise due to:
Address digital risk to build digital resilience. In the process, you will drive transformation and maintain digital trust among your employees, end users, and consumers by:
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Discover an overview of what digital risk is, learn how to assess risk factors for the five primary categories of digital risk, see several industry-specific scenarios, and explore how to plan for and mitigate identified risks.
Begin building the digital risk profile for your organization, identify where your key areas of risk exposure exist, and assign ownership and accountability among the organization’s business units.
Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.
Develop an understanding and standard definition of what digital risk is, who it impacts, and its relevance to the organization.
Understand what digital risk means and how it differs from traditional enterprise or cybersecurity risk.
Develop a definition of digital risk that recognizes the unique external and internal considerations of your organization.
1.1 Review the business context
1.2 Review the current roles of enterprise, IT, and cyber risk management within the organization
1.3 Define digital transformation and list transformation initiatives
1.4 Define digital risk in the context of the organization
1.5 Define digital resilience in the context of the organization
Digital risk drivers
Applicable definition of digital risk
Applicable definition of digital resilience
Understand the roles digital risk management and your digital risk profile have in helping your organization achieve safe, transformative growth.
An overview and understanding of digital risk categories and subsequent individual digital risk factors for the organization
Industry considerations that highlight the importance of managing digital risk
A structured approach to managing the categories of digital risk
2.1 Review and discuss industry case studies and industry examples of digital transformation and digital risk
2.2 Revise the organization's list of digital transformation initiatives (past, current, and future)
2.3 Begin to build your organization's Digital Risk Management Charter (with inputs from Module 1)
2.4 Revise, customize, and complete a Digital Risk Management Charter for the organization
Digital Risk Management Charter
Industry-specific digital risks, factors, considerations, and scenarios
The organization's digital risks mapped to its digital transformation initiatives
Develop an initial digital risk profile that identifies the organization’s core areas of focus in managing digital risk.
A unique digital risk profile for the organization
Digital risk management initiatives that are mapped against the organization's current strategic initiatives and aligned to meet your digital resilience objectives and benchmarks
3.1 Review category control questions within the Digital Risk Profile Tool
3.2 Complete all sections (tabs) within the Digital Risk Profile Tool
3.3 Assess the results of your Digital Risk Profile Tool
3.4 Discuss and assign initial weightings for ownership of digital risk among the organization's stakeholders
Completion of all category tabs within the Digital Risk Profile Tool
Initial stakeholder ownership assignments of digital risk categories
Refine the digital risk management plan for the organization.
A targeted, organization-specific approach to managing digital risk as a part of the organization's projects and initiatives on an ongoing basis
An executive presentation that outlines digital risk management for your senior leadership team
4.1 Conduct brief information sessions with the relevant digital risk stakeholders identified in Module 3.
4.2 Review and revise the organization's Digital Risk Profile as necessary, including adjusting weightings for the digital risk categories
4.3 Begin to build an actionable digital risk management plan
4.4 Present your findings to the organization's relevant risk leaders and executive team
A finalized and assessed Digital Risk Profile Tool
Stakeholder ownership for digital risk management
A draft Digital Risk Management plan and Digital Risk Management Executive Report
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
This blueprint guides you through a value-driven approach to digital transformation that allows you to identify what aspects of the business to transform, what technologies to embrace, what processes to automate, and what new business models to create. This approach to digital transformation unifies digital possibilities with your customer experiences.
This tool guides you in planning and prioritizing projects to build an effective digital business strategy. Key activities include conducting a horizon scan, conducting a journey mapping exercise, prioritizing opportunities from a journey map, expanding opportunities into projects, and lastly, building the digital transformation roadmap using a Gantt chart visual to showcase project execution timelines.
This deck is a visual presentation template for this blueprint. The intent is to capture the contents of the activities in a presentation PowerPoint. It uses sample data from “City of X” to demonstrate the digital business strategy.
Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.
Understand how your organization creates value today.
Identify opportunities for digital transformation in how you currently deliver value today.
1.1 Validate business context.
1.2 Assess business ecosystem.
1.3 Identify and prioritize value streams.
1.4 Break down value stream into value chains.
Business context
Overview of business ecosystem
Value streams and value chains
Leverage strategic foresight to evaluate how complex trends can evolve over time and identify opportunities to leapfrog competitors.
Identify a leapfrog idea to sidestep competitors.
2.1 Conduct a horizon scan.
2.2 Identify leapfrog ideas.
2.3 Identify impact to existing or new value chains.
One leapfrog idea
Corresponding value chain
Design a journey map to empathize with your customers and identify opportunities to streamline or enhance existing and new experiences.
Identify a unified view of customer experience.
Identify opportunities to automate non-routine cognitive tasks.
Identify gaps in value delivery.
Improve customer journey.
3.1 Identify stakeholder persona.
3.2 Identify journey scenario.
3.3 Conduct one journey mapping exercise.
3.4 Identify opportunities to improve stakeholder journey.
3.5 Break down opportunities into projects.
Stakeholder persona
Stakeholder scenario
Journey map
Journey-based projects
Build a customer-centric digital transformation roadmap.
Keep your team on the same page with key projects, objectives, and timelines.
4.1 Prioritize and categorize initiatives.
4.2 Build roadmap.
Digital goals
Unified roadmap
35,000 members sharing best practices you can leverage
Millions spent developing tools and templates annually
Leverage direct access to over 100 analysts as an extension of your team
Use our massive database of benchmarks and vendor assessments
Get up to speed in a fraction of the time
Dana Daher
Senior Research Analyst
To survive one of the greatest economic downturns since the Great Depression, organizations had to accelerate their digital transformation by engaging with the Digital Economy. To sustain growth and thrive as the pandemic eases, organizations must focus their attention on building business resilience by transforming how they deliver value today.
This requires a value-driven approach to digital transformation that is capable of identifying what aspects of the business to transform, what technologies to embrace, what processes to automate, and what new business models to create. And most importantly, it needs to unify digital possibilities with your customer experiences.
If there was ever a time for an organization to become a digital business, it is today.
After a major crisis, focus on restarting the growth engine and bolstering business resilience.
Business activities (tasks, procedures, and processes, etc.) are used to create, sell, buy, and deliver goods and services.
When we convert information into a readable format used by computers, we call this digitization (e.g. converting paper into digital format). When we convert these activities into a format to be processed by a computer, we have digitalization (e.g. scheduling appointments online).
These two processes alter how work takes place in an organization and form the foundation of the concept digital transformation.
We maintain that digital transformation is all about becoming a “digital business” – an organization that performs more than 66% of all work activities via executable code.
As organizations take a step closer to this optimal state, new avenues are open to identify advances to promote growth, enhance customer experiences, secure sustainability, drive operational efficiencies, and unearth potential future business ventures.
Digital: The representation of a physical item in a format used by computers
Digitization: Conversion of information and processes into a digital format
Digitalization: Conversion of information into a format to be processed by a computer
COVID-19 has irrefutably changed livelihoods, businesses, and the economy. During the pandemic, digital tools have acted as a lifeline, helping businesses and economies survive, and in the process, have acted as a catalyst for digital transformation.
As organizations continue to safeguard business continuity and financial recovery, in the long term, recovery won’t be enough.
Although many pandemic/recession recovery periods have occurred before, this next recovery period will present two first-time challenges no one has faced before. We must find ways to:
To grow and thrive in this post-pandemic world, organizations must provide meaningful and lasting changes to brace for a future defined by digital technologies.
– Dana Daher, Info-Tech Research Group
In the last 60 years alone, performance and productivity have been vastly improved by IT in virtually all economic activities and sectors. And today, digital technologies continue to advance IT's contribution even further by bringing unprecedented insights into economic activities that have largely been untouched by IT.
As technological innovation and the digitalization of products and services continue to support economic activities, a fundamental shift is occurring that is redefining how we live, work, shop, and relate to one another.
These rapid changes are captured in a new 21st century term:
The Digital Economy.
90% of CEOs believe the digital economy will impact their industry. But only 25% have a plan in place.
– Paul Taylor, Forbes, 2020
Kenneth McGee
Research Fellow
Today, the world faces two profoundly complex, mega-challenges simultaneously:
Within the past year, healthcare professionals have searched for and found solutions that bring real hope to the belief the global pandemic/recession will soon end.
As progress towards ending COVID-19 continues, business professionals are searching for the most effective near-term and long-term methods of restoring or exceeding the rates of growth they were enjoying prior to 2020.
We believe developing a digital business strategy can deliver cost savings to help achieve near-term business growth while preparing an enterprise for long-term business growth by effectively competing within the digital economy of the future.
The digital economy refers to a concept in which all economic activity is facilitated or managed through digital technologies, data, infrastructure, services, and products (OECD, 2020).
The digital economy captures decades of digital trends including:
These trends among others have set the stage to permanently alter how buying and selling will take place within and between local, regional, national, and international economies.
The emerging digital economy concept is so compelling that the world economists, financial experts, and others are currently investigating how they must substantially rewrite the rules governing how taxes, trade, tangible and intangible assets, and countless other financial issues will be assessed and valued in a digital economy.
Download Info-Tech’s Digital Economy Report
| 60% of People on Earth Use the Internet (DataReportal, 2021) |
| 20% of Global Retail Sales Performed via E-commerce (eMarketer, 2021) |
| 6.64T Global Business-to-Business E-commerce Market (Derived from The Business Research Company, 2021) |
| 9.6% of US GDP ($21.4T) accounted for by the digital economy ($2.05T) (Bureau of Economic Analysis, 2021) |
Pre-pandemic digital strategies have been primarily focused on automation. However, your post-pandemic digital strategy must focus on driving resilience for growth opportunities.
As digital transformation is an effort to transform how you deliver value today, it is important to understand the different value-generating activities that deliver an outcome for and from your customers.
We do this by looking at value streams –which refer to the specific set of activities an industry player undertakes to create and capture value for and from the end consumer (and so the question to ask is, how do you make money as an organization?).
Our approach helps you to digitally transform those value streams that generate the most value for your organization.
Recruitment → Admission → Student Enrolment → Instruction & Research → Graduation → Advancement
Sustain Land, Property, and the Environment → Facilitate Civic Engagement → Protect Local Health and Safety → Grow the Economy → Provide Regional Infrastructure
Design Product → Produce Product → Sell Product
Visit Info-Tech’s Industry Coverage Research to identify your industry’s value streams
Assessing your external environment allows you to identify trends that will have a high impact on how you deliver value today.
Traditionally, a PESTLE analysis is used to assess the external environment. While this is a helpful tool, it is often too broad as it identifies macro trends that are not relevant to an organization's addressable market. That is because not every factor that affects the macro environment (for example, the country of operation) affects a specific organization’s industry in the same way.
And so, instead of simply assessing the macro environment and trying to project its evolution along the PESTLE factors, we recommend to:
While PESTLE is helpful to scan the macro environment, the analysis often lacks relevance to an organization’s industry.
A Market Evolution Trend Analysis (META) identifies changes in prevailing market conditions that are directly relevant to an organization’s industry, and thus provides some critical input to the strategy design process, since these trends can bring about strategic risks or opportunities.
Shifts in these five characteristics directly impact an organization:
As we prioritize value streams, we break them down into value chains – that is the “string” of processes that interrelate that work.
However, once we identify these value chains and determine what parts we wish to digitally transform, we take on the perspective of the user, as the way they interact with your products and services will be different to the view of those within the organization who implement and provide those services.
This method allows us to build an empathetic and customer-centric lens, granting the capability to uncover challenges and potential opportunities. Here, we may define new experiences or redesign existing ones.
Pre-pandemic, a digital transformation was primarily focused around improving customer experiences. Today, we are facing a paradigm shift in the way in which we capture the priorities and strategies for a digital transformation.
As the world grows increasingly uncertain, organizations need to continue to focus on improving customer experience while simultaneously protecting their enterprise value.
Ultimately, a digital transformation has two purposes:
| Old Paradigm | → | New Paradigm |
|---|---|---|
| Predictable regulatory changes with incremental impact | → | Unpredictable regulatory changes with sweeping impact |
| Reluctance to use digital collaboration | → | Wide acceptance of digital collaboration |
| Varied landscape of brick-and-mortar channels | → | Last-mile consolidation |
| Customers value brand | → | Customers value convenience/speed of fulfilment |
| Intensity of talent wars depends on geography | → | Broadened battlefields for the war for talent |
| Cloud-first strategies | → | Cloud-only strategies |
| Physical assets | → | Aggressive asset decapitalization |
| Digitalization of operational processes | → | Robotization of operational processes |
| Customer experience design as an ideation mechanism | → | Business resilience for value protection and risk reduction |
A highly visual and compelling presentation template that enables easy customization and executive-facing content.
*Coming in 2022
The Digital Business Strategy Workbook supports each step of this blueprint to help you accomplish your goals:
Initiative Prioritization
Use the weighted scorecard approach to evaluate and prioritize your opportunities and initiatives.
Roadmap Gantt Chart
Populate your Gantt chart to visually represent your key initiative plan over the next 12 months.
Journey Mapping Workbook
Populate the journey maps to evaluate a user experience over its end-to-end journey.
“Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful.”
“Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track.”
“We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place.”
“Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project.”
What does a typical GI on this topic look like?
| Phase 0 | Phase 1 | Phase 2 | Phase 3 | Phase 4 |
|---|---|---|---|---|
| Call #1: Discuss business context and customize your organization’s capability map. |
Call #2: Assess business ecosystem. |
Call #3: Perform horizon scanning and trends identification. |
Call #5: Identify stakeholder personas and scenarios. |
Call #7: Discuss initiative generation and inputs into roadmap. |
| Call #3: Identify how your organization creates value. |
Call #4: Discuss value chain impact. |
Call #6: Complete journey mapping exercise. |
Call #8: Summarize results and plan next steps. |
A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization.
A typical GI is between 8 to 12 calls over the course of 2 to 4 months.
Gather business strategy documents and find information on:
Interview the following stakeholders to uncover business context information:
Download the Business Context Discovery Tool
Understand how your organization delivers value today and identify value chains to be transformed.
A cross-functional cohort across all levels of the organization.
Understand the business
Identify top value chains to be transformed
In this section you will gain an understanding of the business context for your strategy.
A cross-functional cohort across levels in the organization.
Business Context
Understanding the business context is a must for all strategic initiatives. A pre-requisite to all strategic planning should be to elicit the business context from your business stakeholders.
| Inputs | Document(s)/ Method | Outputs |
|---|---|---|
| Key stakeholders | Strategy Document | Stakeholders that are actively involved in, affected by or influence outcome of the organization, e.g. employers, customers, vendors. |
| Vision and mission of the organization | Website Strategy Document | What the organization wants to achieve and how it strives to accomplish those goals. |
| Business drivers | CEO Interview | Inputs and activities that drive the operational and financial results of the organization. |
| Key targets | CEO Interview | Quantitative benchmarks to support strategic goals, e.g. double the enterprise EBITD, improve top-of-mind brand awareness by 15%, |
| Strategic investment goals | CFO Interview Digital Strategy |
Financial investments corresponding with strategic objectives of the organization, e.g. geographic expansion, digital investments. |
| Top three value-generating lines of business | Financial Document | Identification of your top three value-generating products and services or lines of business. |
| Goals of the organization over the next 12 months | Strategy Document Corporate Retreat Notes |
Strategic goals to support the vision, e.g. hire 100 new sales reps, improve product management and marketing. |
| Top business initiatives over the next 12 months | Strategy Document CEO Interview |
Internal campaigns to support strategic goals, e.g. invest in sales team development, expand the product innovation team. |
| Business model | Strategy Document | Products or services that the organization plans to sell, the identified market and customer segments, price points, channels and anticipated expenses. |
| Competitive landscape | Internal Research Analysis | Who your typical or atypical competitors are. |
Assess your digital readiness with Info-Tech’s Digital Maturity Assessment
Assess your business ecosystem
Your digital business strategy cannot be formulated without a clear vision of the evolution of your industry.
Identify top value chains to be transformed
In this section, we will assess who the incumbents and disruptors are in your ecosystem and identify who your stakeholders are.
A cross-functional cohort across levels in the organization.
Business Ecosystem
Learn what your competitors are doing.
To survive, grow, or transform in today's digital era, organizations must first have a strong pulse on their business ecosystem. Learning what your competitors are doing to grow their bottom line is key to identifying how to grow your own. Start by understanding who the key incumbents and disruptors in your industry are to identify where your industry is heading.
Incumbents: These are established leaders in the industry that possess the largest market share. Incumbents often focus their attention to their most demanding or profitable customers and neglect the needs of those down market.
Disruptors: Disruptors are primarily new entrants (typically startups) that possess the ability to displace the existing market, industry, or technology. Disruptors are often focused on smaller markets that the incumbents aren’t focused on. (Clayton Christenson, 1997)
’Disruption’ specifically refers to what happens when the incumbents are so focused on pleasing their most profitable customers that they neglect or misjudge the needs of their other segments.
– Ilan Mochari, Inc., 2015
| Business | Target Market & Customer | Product/Service & Key Features | Key Differentiators | Market Positioning | |
|---|---|---|---|---|---|
| University XYZ |
|
|
|
Affordable education with low tuition cost and access to bursaries & scholarships. | |
| University CDE | University CDE |
|
|
|
Outcome focused university with strong co-ops/internship programs and career placements for graduates |
| University MNG |
|
|
|
Nurturing university with small student population and classroom sizes. University attractive to adult learners. | |
| Disruptors | Online Learning Company EFG |
|
|
|
Competitive pricing with an open acceptance policy |
| University JKL Online Credential Program |
|
|
|
Borderless and free (or low cost) education |
Value-chain prioritization
Identify top value chains to be transformed
Identify and prioritize how your organization currently delivers value today and identify value chains to be transformed.
A cross-functional cohort across levels in the organization.
Prioritized Value Chains
Value streams and value chains connect business goals to the organization’s value realization activities. They enable an organization to create and capture value in the market place by engaging in a set of interconnected activities. Those activities are dependent on the specific industry segment an organization operates within.
A value stream refers to the specific set of activities an industry player undertakes to create and capture value for and from the end consumer.
A value chain is a ”string” of processes within a company that interrelate and work together to meet market demand. Examining the value chain of a company will reveal how it achieves competitive advantage.
Visit Info-Tech’s Industry Coverage Research to identify value streams
Value streams connect business goals to the organization’s value realization activities in the marketplace. Those activities are dependent on the specific industry segment in which an organization operates.
There are two types of value streams: core value streams and support value streams.
An effective method for ensuring all value streams have been considered is to understand that there can be different end-value receivers.
A business capability defines what a business does to enable value creation, rather than how. Business capabilities:
A capability map is a great starting point to identify value chains within an organization as it is a strong indicator of the processes involved to deliver on the value streams.
Leverage your industry reference architecture to define value streams and value chains.
Visit Info-Tech’s Industry Coverage Research to identify value streams
Use an evaluation criteria that considers both the human and business value generators that these streams provide.
To produce maximum impact, focus on value streams that provide two-thirds of your enterprise value.
Business Value
Assess the value generators to the business, e.g. revenue dollars, enterprise value, cost or differentiation (competitiveness), etc.
Assess the value generators to people, e.g. student/faculty satisfaction, well-being, and social cohesion.
Value chains, pioneered by the academic Michael Porter, refer to the ”string” of processes within a company that interrelate and work together to meet market demand. An organization’s value chain is connected to the larger part of the value stream. This perspective of how value is generated encourages leaders to see each activity as a part of a series of steps required deliver value within the value stream and opens avenues to identify new opportunities for value generation.
Once we have identified the key value chains within each value stream element, evaluate the individual processes within the value chain to identify opportunities for transformation. Evaluate the value chain processes based on the level of pain experienced by a stakeholder to accomplish that task, and the financial impact that level of the process has on the organization.
stringof processes within the value stream element. Each value chain also captures a particular stakeholder that benefits from the value chain.
Visit Info-Tech’s Industry Coverage Research to identify value streams and capability maps
Assess trends that are impacting your industry and identify strategic growth opportunities.
A cross-functional cohort across levels in the organization.
Identify new growth opportunities and value chains impacted
Horizon scanning
Systematically scan your environment to identify avenues or opportunities to skip one or several stages of technological development and stay ahead of disruption.
Scan the environment for external environment for megatrends, trends, and drivers. Prioritize trends and build a trends radar to keep track of trends within your environment.
A cross-functional cohort across levels in the organization.
Growth opportunity
Horizon scanning is a systematic analysis of detecting early signs of future changes or threats.
Horizon scanning involves scanning, analyzing, and communicating changes in an organization’s environment to prepare for potential threats and opportunities. Much of what we know about the future is based around the interactions and trajectory of macro trends, trends, and drivers. These form the foundations for future intelligence.
A macro trend captures a large-scale transformative trend that could impact your addressable market.
A trend captures a business use case of the macro trend. Consider trends in relation to competitors in your industry.
A driver is an underlying force causing the trend to occur. There can be multiple causal forces, or drivers, that influence a trend, and multiple trends can be influenced by the same causal force.
Identify signals of change in the present and their potential future impacts.
A macro trend captures a large-scale transformative trend that could change the addressable market. Here are some examples of macro trends to consider when horizon scanning for your own organization:
A trend captures a business use case of a macro trend. Assessing trends can reduce some uncertainties about the future and highlight potential opportunities for your organization. A driver captures the internal or external forces that lead the trend to occur. Understanding and capturing drivers is important to understanding why these trends are occurring and the potential impacts to your value chains.
Uncover important business and industry trends that can inform possibilities for technology innovation.
Explore trends in areas such as:
Market research is critical in identifying factors external to your organization and identifying technology innovation that will provide a competitive edge. It’s important to evaluate the impact each trend or opportunity will have in your organization and market.
Visit Info-Tech’s Trends & Priorities Research Center
Visit Info-Tech’s Industry Coverage Research to identify your industry’s value streams
Images are from Info-Tech’s Rethinking Higher Education Report and 2021 Tech Trends Report
| Macro Trends | Trends | Drivers | |
|---|---|---|---|
| Talent Availability | Diversity | Inclusive campus culture | Systemic inequities |
| Hybrid workforce | Online learning staff | COVID-19 and access to physical institutions | |
| Customer Expectations | Digital experience | eLearning for working learners | Accommodate adult learners |
| Accessibility | Micro-credentials for non-traditional students | Addressing skills gap | |
| Technological Landscape | Artificial intelligence and robotics | AI for personalized learning | Hyper personalization |
| IoT | IoT for monitoring equipment | Asset tracking | |
| Augmented reality | Immersive education AR and VR | Personalized experiences | |
| Regulatory System | Regulatory System | Alternative funding for research | Changes in federal funding |
| Global Green | Environmental and sustainability education curricula | Regulatory and policy changes | |
| Supply Chain Continuity | Circular supply chains | Vendors recycling outdated technology | Sustainability |
| Cloud-based solutions | Cloud-based eLearning software | Convenience and accessibility |
Visit Info-Tech’s Industry Coverage Research to identify your industry’s value streams
Develop a cross-industry holistic view of trends.
Moving from horizon scanning to action requires an evaluation process to determine which trends can lead to growth opportunities. First, we need to make a short list of trends to analyze. For your digital strategy, consider trends on the time horizon that are under 24 months. Next, we need to evaluate the shortlisted opportunities by a second set of criteria: relevance to your organization and impact on industry.
The estimated time to disruption this trend will have for your industry. Assess whether the trend will require significant developments to support its entry into the ecosystem.
The relevance of the trend to your organization. Does the trend fulfil the vision or goals of the organization?
The degree of impact the trend will have on your industry. A trend with high impact will drive new business models, products, or services.
| Trend | Timing (S/M/L) |
Impact (1-5) |
Relevance ( 1-5) |
|
|---|---|---|---|---|
| 1. | Micro-credentialing | S | 5 | 5 |
| 2. | IoT-connected devices for personalized experience | S | 1 | 3 |
| 3. | International partnerships with educational institutions | M | ||
| 4. | Use of chatbots throughout enrollment process | L | ||
| 5. | IoT for energy management of campus facilities | L | ||
| 6. | Gamification of digital course content | M | ||
| 7. | Flexible learning curricula | S | 4 | 3 |
| Deprioritize trends that have a time frame to disruption of more than 24 months. |
||||
A systematic approach to leapfrog ideation is one of the most critical ways in which an organization can build the capacity for resilient innovation.
Evaluate trend opportunities and determine the strategic opportunities they pose. You will also work towards identifying the impact the trend has on your value chain.
A cross-functional cohort across levels in the organization.
In this digital era, organizations are often playing catch up to a rapidly evolving technological landscape and following a strict linear approach to innovation. However, this linear catch-up approach does not help companies get ahead of competitors. Instead, organizations must identify avenues to skip one or several stages of technological development to leapfrog ahead of their competitors.
The best way to predict the future is to invent it.
– Alan Kay
Leapfrogging takes place when an organization introduces disruptive innovation into the market and sidesteps competitors who are unable to mobilize to respond to the opportunities.
Higher Education: Barco’s Virtual Classroom at UCL
University College London (UCL), in the United Kingdom, selected Barco weConnect virtual classroom technology for its continuing professional development medical education offering. UCL uses the platform for synchronous teaching, where remote students can interact with a lecturer.
One of the main advantages of the system is that it enables direct interaction with students through polls, questions, and whiteboarding. The system also allows you to track student engagement in real time.
The system has also been leveraged for scientific research and publications. In their “Delphi” process, key opinion leaders were able to collaborate in an effective way to reach consensus on a subject matter. The processes that normally takes months were successfully completed in 48 hours (McCann, 2020).
The system has been largely successful and has supported remote, real-time teaching, two-way engagement, engagement with international staff, and an overall enriched teaching experience.
Brainstorm ways of generating leapfrog ideas from trend insights.
Dealing with trends is one of the most important tasks for innovation. It provides the basis of developing the future orientation of the organization. However, being aware of a trend is one thing, to develop strategies for response is another.
To identify the impact the trend has on the organization, consider the four areas of growth strategies for the organization:
| Trend | New Customer | New Market | New Business Model | New Product or Service |
|---|---|---|---|---|
| What trends pose a high-immediate impact to the organization? | Target new customers for existing products or services | Enter or create new markets by applying existing products or services to different problems | Adjust the business model to capture a change in how the organization delivers value | Introduce new products or services to the existing market |
| Micro-credentials for non-traditional students | Target non-traditional learners/students | - | Online delivery | Introduce mini MBA program |
Evaluate trend opportunities and determine the strategic opportunities they pose. Prioritize the opportunities and identify impact to your value chain.
A cross-functional cohort across levels in the organization.
As we identify and prioritize the opportunities available to us, we need to assess their impacts on value chains. Does the opportunity directly impact an existing value chain? Or does it open us to the creation of a new value chain?
The value chain perspective allows an organization to identify how to best minimize or enhance impacts and generate value.
As we move from opportunity to impact, it is important to break down opportunities into the relevant pieces so we can see a holistic picture of the sources of differentiation.
Take the prioritized value chains and create a journey map to capture the end-to-end experience of a stakeholder.
Through a journey mapping exercise, you will identify opportunities to digitize parts of the journey. These opportunities will be broken down into functional initiatives to tackle in your strategy.
A cross-functional cohort across levels in the organization.
Transform stakeholder journeys
In this step, you with identify stakeholder personas and scenarios relating to the prioritized value chains.
A cross-functional cohort across levels in the organization.
Stakeholder personas and scenarios help us build empathy towards our customers. It helps put us into the shoes of a stakeholder and relate to their experience to solve problems or understand how they experience the steps or processes required to accomplish a goal. A user persona is a valuable basis for stakeholder journey mapping.
A stakeholder scenario describes the situation the journey map addresses. Scenarios can be real (for existing products and services) or anticipated.
A stakeholder persona is a fictitious profile to represent a customer or a user segment. Creating this persona helps us understand who your customers really are and why they are using your service or product.
For your digital strategy, leverage the existing and opportunity value chains identified in phase 1 and 2 for journey mapping.
| Identify two existing value chains to be transformed. In section 1, we identified existing value chains to be transformed. For example, your stakeholder persona is a member of the faculty (engineering), and the scenario is the curricula design process. |
|
| Identify one new value chain. In section 2, we identified a new value chain. However, for a new opportunity, the scenario is more complex as it may capture many different areas of a value chain. Subsequently, a journey map for a new opportunity may require mapping all parts of the value chain. |
|
To define a stakeholder scenario, we need to understand who we are mapping for. In each value chain, we identified a stakeholder who gains value from that value chain. We now need to develop a stakeholder persona: a representation of the end user to gain a strong understanding of who they are, what they need, and their pains and gains.
One of the best ways to flesh out your stakeholder persona is to engage with the stakeholders directly or to gather the input of those who may engage with them within the organization.
For example, if we want to define a journey map for a student, we might want to gather the input of students or teaching faculty that have firsthand encounters with different student types and are able to define a common student type.
Run a survey to understand your end users and develop a stronger picture of who they are and what they are seeking to gain from your organization.
Name: Anne
Age: 35
Occupation: Engineering Faculty
Location: Toronto, Canada
What are their frustrations, fears, and anxieties?
What do they want to get done? How will they know they are successful?
What are their wants, needs, hopes, and dreams?
(Adapted from Osterwalder, et al., 2014)
Now that we understand who we are mapping for, we need to define a journey statement to capture the stakeholder journey.
Leverage the following format to define the journey statement.
As a [stakeholder], I need to [prioritized value chain task], so that I can [desired result or overall goal].
As a [stakeholder], I need to [prioritized value chain task], so that I can [desired result or overall goal].
Prioritize the journeys by focusing on what matters most to the stakeholders and estimating the organizational effort to improve those experiences.
A cross-functional cohort across levels in the organization.
A journey-based approach helps an organization understand how a stakeholder moves through a process and interacts with the organization in the form of touch points, channels, and supporting characters. By identifying pain points in the journey and the activity types, we can identify opportunities for innovation and automation along the journey.
Embrace design thinking methodologies to elevate the stakeholder journey and to build a competitive advantage for your organization.
In journey mapping, we always start with the stakeholder's perspective, then eventually transition into what the organization does business-wise to deliver value to each stakeholder. It is important to keep in mind both perspectives while conducting a journey mapping exercise as there are often different roles, processes, and technologies associated with each of the journey steps.
Take the perspective of an end user, who interacts with your products and services, as it is different from the view of those inside the organization, who implement and provide those services.
A stakeholder journey map is a tool used to illustrate the user’s perceptions, emotions, and needs as they move through a process and interact with the organization in the form of touch points, channels, and supporting characters.
The journey activity refers to the steps taken to accomplish a goal.
The journey activity comprises the steps or sequence of tasks the stakeholder takes to accomplish their goal. These steps reflect the high-level process your candidates perform to complete a task or solve a problem.
Touch points are the points of interaction between a stakeholder and the organization.
A touch point refers to any time a stakeholder interacts with your organization or brand. Consider three main points of interaction with the customer in the journey:
The nature of activity refers to the type of task the journey activity captures.
We categorize the activity type to identify opportunities for automation. There are four main types of task types, which in combination (as seen in the table below) capture a task or job to be automated.
| Routine | Non-Routine | |
|---|---|---|
| Cognitive | Routine Cognitive: repeatable tasks that rely on knowledge work, e.g. sales, administration Prioritize for automation (2) |
Non-Routine Cognitive: infrequent tasks that rely on knowledge work, e.g. driving, fraud detection Prioritize for automation (3) |
| Non-Routine Cognitive: infrequent tasks that rely on knowledge work, e.g. driving, fraud detection Prioritize for automation (3) | Routine Manual: repeatable tasks that rely on physical work, e.g. manufacturing, production Prioritize for automation (1) |
Non-Routine Manual: infrequent tasks that rely on physical work, e.g. food preparation Not mature for automation |
Where automation makes sense, routine manual activities should be transformed first, followed by routine cognitive activities. Non-routine cognitive activities are the final frontier.
Metrics are a quantifiable measurement of a process, activity, or initiative.
Metrics are crucial to justify expenses and to estimate growth for capacity planning and resourcing. There are multiple benefits to identifying and implementing metrics in a journey map:
Example of journey mapping metrics: Cost, effort, turnaround time, throughput, net promoter score (NPS), satisfaction score
Key moments and pain points refer to the emotional status of a stakeholder at each stake of the customer journey.
The key moments are defining pieces or periods in a stakeholder's experience that create a critical turning point or memory.
The pain points are the critical problems that the stakeholder is facing during the journey or business continuity risks. Prioritize identifying pain points around key moments.
To identify key moments, look for moments that can dramatically influence the quality of the journey or end the journey prematurely. To improve the experience, analyze the hidden needs and how they are or aren’t being met.
An opportunity is an investment into people, process, or technology for the purposes of building or improving a business capability and accomplishing a specific organizational objective.
An opportunity refers to the initiatives or projects that should address a stakeholder pain. Opportunities should also produce a demonstrable financial impact – whether direct (e.g. cost reduction) or indirect (e.g. risk mitigation) – and be evaluated based on how technically difficult it will be to implement.
Create new or different experiences for customers
Generate new organizational skills or new ways of working
Improve responsiveness and resilience of operations
Develop different products or services
Stakeholder: A faculty member
Journey: As an engineering faculty member, I want to design my curricula in a hybrid mode of delivery so that I can simulate in-classroom experiences
| Journey activity | Understanding the needs of students | Construct the course material | Deliver course material | Conduct assessments | Upload grades into system |
|---|---|---|---|---|---|
| Touch Points |
|
|
|
|
|
| Nature of Activity | Non-routine cognitive | Non-routine cognitive | Non-routine cognitive | Routine cognitive | Routine Manual |
| Metrics |
|
|
|
|
|
| Ken Moments & Pain Points | Lack of centralized repository for research knowledge |
|
|
|
No existing critical pain points; process already automated |
| Opportunities |
|
|
|
|
Stakeholder Journeytab
Aim to build out 90% of the stakeholder journey map with the working team; validate the last 10% with the stakeholder themselves.
Prioritize the opportunities that arose from the stakeholder journey mapping exercise.
A cross-functional cohort across levels in the organization.
Prioritized opportunities
As there may be many opportunities arising from the journey map, we need to prioritize ideas to identify which ones we can tackle first – or at all. Leverage IDEO’s design-thinking “three lenses of innovation” to support prioritization:
| Opportunities | Feasibility (L/M/H) |
Desirability (L/M/H) |
Viability (L/M/H) |
|---|---|---|---|
| Centralized repository for research knowledge | H | H | H |
| Rationalize course creation tool set | H | H | H |
| Connectivity self-assessment/ checklist | H | M | H |
| Forums for students | M | H | H |
| Exam preparation (e.g. education or practice exams) | H | H | H |
Define a digital goal as it relates to the prioritized opportunities and the stakeholder journey map.
A cross-functional cohort across levels in the organization.
Digital goals
With the prioritized set of opportunities for each stakeholder journey, take a step back and assess what the sum of these opportunities mean for the journey. What is the overall goal or objective of these opportunities? How do these opportunities change or facilitate the journey experience? From here, identify a single goal statement for each stakeholder journey.
| Stakeholder | Scenario | Prioritized Opportunities | Goal |
|---|---|---|---|
| Faculty (Engineering) | As a faculty (Engineering), I want to prepare and teach my course in a hybrid mode of delivery | Centralized repository for research knowledge Rationalized course creation tool set |
Support hybrid course curricula development through value-driven toolsets and centralized knowledge |
Identify people, process, and technology initiatives for the opportunities identified.
A cross-functional cohort across levels in the organization.
Brainstorm initiatives for each high-priority opportunity using the framework below. Describe each initiative as a plan or action to take to solve the problem.
People: What initiatives are required to manage people, data, and other organizational factors that are impacted by this opportunity?
Process: What processes must be created, changed, or removed based on the data?
Technology: What systems are required to support this opportunity?
| Initiatives | ||
|---|---|---|
| Centralized repository for research knowledge | Technology | Acquire and implement knowledge management application |
| People | Train researchers on functionality | |
| Process | Periodically review and validate data entries into repository | |
| Initiatives | ||
| Rationalize course creation toolset | Technology | Retire duplicate or under-used tools |
| People | Provide training on tool types and align to user needs | |
| Process | Catalog software applications and tools across the organization Identify under-used or duplicate tools/applications |
Ruthlessly evaluate if a initiative should stand alone or if it can be rolled up with another. Fewer initiatives or opportunities increases focus and alignment, allowing for better communication.
Build a digital transformation roadmap that captures people, process, and technology initiatives.
A cross-functional cohort across levels in the organization.
Build a digital transformation roadmap
Detail initiatives for each priority initiative on your horizon.
A cross-functional cohort across levels in the organization.
Build a digital transformation roadmap
A roadmap that balances growth opportunities with business resilience will transform your organization for long-term success in the digital economy.
Identify timing of initiatives and build a Gantt chart roadmap.
A cross-functional cohort across levels in the organization.
Develop a high-level document that travels with the initiative from inception through executive inquiry, project management, and finally execution.
A initiative needs to be discrete: able to be conceptualized and discussed as an independent item. Each initiative must have three characteristics:
Learn more about project portfolio management strategy
Build a digital transformation roadmap
A digital strategy is a design process, it must be revisited to pressure test and account for changes in the external environment.
Detail a refresh strategy.
A cross-functional cohort across levels in the organization.
It is important to dedicate time to your strategy throughout the year. Create a refresh plan to assess for the changing business context and its impact on the digital business strategy. Make sure the regular planning cycle is not the primary trigger for strategy review. Put a process in place to review the strategy and make your organization proactive. Start by examining the changes to the business context and how the effect would trickle downwards. It’s typical for organizations to build a refresh strategy around budget season and hold planning and touch points to accommodate budget approval time.
Example:
Example:
| Frequency | Audience | Scope | Date |
|---|---|---|---|
| Annually | Executive Leadership | Resurvey, review/ validate, update schedule | Pre-budget |
| Touch Point | Executive Leadership | Status update, risks/ constraints, priorities | Oct 2021 |
| Every Year (Re-build) | Executive Leadership | Full planning | Jan 2022 |
Establish a new way of working to deliver value on your digital transformation initiatives.
Drive project throughput by throttling resource capacity.
Innovation needs design thinking.
Prepare your organization for digital transformation – or risk falling behind.
Research Fellow
Info-Tech Research Group
Kenneth McGee is a Research Fellow within the CIO practice at Info-Tech Research Group and is focused on IT business and financial management issues, including IT Strategy, IT Budgets and Cost Management, Mergers & Acquisitions (M&A), and Digital Transformation. He also has extensive experience developing radical IT cost reduction and return-to-growth initiatives during and following financial recessions.
Ken works with CIOs and IT leaders to help establish twenty-first-century IT organizational charters, structures, and responsibilities. Activities include IT organizational design, IT budget creation, chargeback, IT strategy formulation, and determining the business value derived from IT solutions. Ken’s research has specialized in conducting interviews with CEOs of some of the world’s largest corporations. He has also interviewed a US Cabinet member and IT executives at the White
House. He has been a frequent keynote speaker at industry conventions, client sales kick-off meetings, and IT offsite planning sessions.
Ken obtained a BA in Cultural Anthropology from Dowling College, Oakdale, NY, and has pursued graduate studies at Polytechnic Institute (now part of NYU University). He has been an adjunct instructor at State University of New York, Westchester Community College.
Vice President
Info-Tech Research Group
Jack has more than 25 years of technology and management consulting experience. He has served multi-billion dollar organizations in multiple industries including Financial Services and Telecommunications. Jack also served a number of large public sector institutions.
Prior to joining the Info-Tech Research Group, he worked for leading consulting players such as Accenture, Deloitte, EY, and IBM.
Jack led digital business strategy engagements as well as corporate strategy and M&A advisory services for clients across North America, Europe, the Middle East, and Africa. He is a seasoned technology consultant who has developed IT strategies and technology roadmaps, led large business transformations, established data governance programs, and managed the deployment of mission-critical CRM and ERP applications.
He is a frequent speaker and panelist at technology and innovation conferences and events and holds a Master’s degree in Computer Engineering as well as an MBA from the ESCP-EAP European School of Management.
Abrams, Karin von. “Global Ecommerce Forecast 2021.” eMarketer, Insider Intelligence, 7 July 2021. Web.
Christenson, Clayton. The Innovator's Dilemma: When New Technologies Cause Great Firms to Fail. Harvard Business School, 1997. Book.
Drucker, Peter F., and Joseph A. Maciariello. Innovation and Entrepreneurship. Routledge, 2015.
Eagar, Rick, David Boulton, and Camille Demyttenaere. “The Trends in Megatrends.” Arthur D Little, Prism, no. 2, 2014. Web.
Enright, Sara, and Allison Taylor. “The Future of Stakeholder Engagement.” The Business of a Better World, October 2016. Web.
Hatem, Louise, Daniel Ker, and John Mitchell. “A roadmap toward a common framework for measuring the digital economy.” Report for the G20 Digital Economy Task Force, OECD, 2020. Web.
Kemp, Simon. “Digital 2021 April Statshot Report.” DataReportal, Global Digital Insights, 21 Apr. 2021. Web.
Larson, Chris. “Disruptive Innovation Theory: 4 Key Concepts.” Business Insights, Harvard Business School, HBS Online, 15 Nov. 2016. Web.
McCann, Leah. “Barco's Virtual Classroom at UCL: A Case Study for the Future of All University Classrooms?” rAVe, 2 July 2020. Web.
Mochari, Ilan. “The Startup Buzzword Almost Everyone Uses Incorrectly.” Inc., 19 Nov. 2015. Web.
Osterwalder, Alexander, et al. Value Proposition Design. Wiley, 2014.
Reed, Laura. “Artificial Intelligence: Is Your Job at Risk?” Science Node, 9 August 2017.
Rodeck, David. “Alphabet Soup: Understanding the Shape of a Covid-19 Recession.” Forbes, 8 June 2020. Web.
Tapscott, Don. Wikinomics. Atlantic Books, 2014.
Taylor, Paul. “Don't Be A Dodo: Adapt to the Digital Economy.” Forbes, 27 Aug. 2015. Web.
The Business Research Company. "Wholesale Global Market Report 2021: COVID-19 Impact and Recovery to 2030." Research and Markets, January 2021. Press Release.
“Topic 1: Megatrends and Trends.” BeFore, 11 October 2018.
“Updated Digital Economy Estimates – June 2021.” Bureau of Economic Analysis, June 2021. Web.
Williamson, J. N. The Leader Manager. John Wiley & Sons, 1984.
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.
Establish the security compliance management program.
Reviewing and adopting an information security control framework.
Understanding and establishing roles and responsibilities for security compliance management.
Identifying and scoping operational environments for applicable compliance obligations.
1.1 Review the business context.
1.2 Review the Info-Tech security control framework.
1.3 Establish roles and responsibilities.
1.4 Define operational environments.
RACI matrix
Environments list and definitions
Identify security and data protection compliance obligations.
Identifying the security compliance obligations that apply to your organization.
Documenting obligations and obtaining direction from management on conformance levels.
Mapping compliance obligation requirements into your control framework.
2.1 Identify relevant security and data protection compliance obligations.
2.2 Develop conformance level recommendations.
2.3 Map compliance obligations into control framework.
2.4 Develop process for operationalizing identification activities.
List of compliance obligations
Completed Conformance Level Approval forms
(Optional) Mapped compliance obligation
(Optional) Identification process diagram
Understand how to build a compliance strategy.
Updating security policies and other control design documents to reflect required controls.
Aligning your compliance obligations with your information security strategy.
3.1 Review state of information security policies.
3.2 Recommend updates to policies to address control requirements.
3.3 Review information security strategy.
3.4 Identify alignment points between compliance obligations and information security strategy.
3.5 Develop compliance exception process and forms.
Recommendations and plan for updates to information security policies
Compliance exception forms
Track the status of your compliance program.
Tracking the status of your compliance obligations.
Managing exceptions to compliance requirements.
Reporting on the compliance management program to senior stakeholders.
4.1 Define process and forms for self-attestation.
4.2 Develop audit test scripts for selected controls.
4.3 Review process and entity control types.
4.4 Develop self-assessment process.
4.5 Integrate compliance management with risk register.
4.6 Develop metrics and reporting process.
Self-attestation forms
Completed test scripts for selected controls
Self-assessment process
Reporting process
Recommended metrics
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Review current licensing options and models to determine which cloud products will most appropriately fit the organization's environment.
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Begin the process by identifying your VMO’s ROI maturity level and which calculation components are most appropriate for your situation.
Set measurement baselines and goals for the next measurement cycle.
Measure the VMO's ROI and value created by the VMO’s efforts and the overall internal satisfaction with the VMO.
Report the results to key stakeholders and executives in a way that demonstrates the value added by the VMO to the entire organization.
Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.
Determine how you will measure the VMO’s ROI.
Focus your measurement on the appropriate activities.
1.1 Determine your VMO’s maturity level and identify applicable ROI measurement categories.
1.2 Review and select the appropriate ROI formula components for each applicable measurement category.
1.3 Compile a list of potential data sources, evaluate the viability of each data source selected, and assign data collection and analysis responsibilities.
1.4 Communicate progress and proposed ROI formula components to executives and key stakeholders for feedback and/or approval/alignment.
VMO ROI maturity level and first step of customizing the ROI formula components.
Second and final step of customizing the ROI formula components…what will actually be measured.
Viable data sources and assignments for team members.
A progress report for key stakeholders and executives.
Set baselines to measure created value against.
ROI contributions cannot be objectively measured without baselines.
2.1 Gather baseline data.
2.2 Calculate/set baselines.
2.3 Set SMART goals.
2.4 Communicate progress and proposed ROI formula components to executives and key stakeholders for feedback and/or approval/alignment.
Data to use for calculating baselines.
Baselines for measuring ROI contributions.
Value creation goals for the next measurement cycle.
An updated progress report for key stakeholders and executives.
Calculate the VMO’s ROI.
An understanding of whether the VMO is paying for itself.
3.1 Assemble the data and calculate the VMO’s ROI.
3.2 Organize the data for the reporting step.
The VMO’s ROI expressed in terms of how many times it pays for itself (e.g. 1X, 3X, 5X).
Determine which supporting data will be reported.
Report results to stakeholders.
Stakeholders understand the value of the VMO.
4.1 Create a reporting template.
4.2 Determine reporting frequency.
4.3 Decide how the reports will be distributed or presented.
4.4 Send out a draft report and update based on feedback.
A template for reporting ROI and supporting data.
A decision about quarterly or annual reports.
A decision regarding email, video, and in-person presentation of the ROI reports.
Final ROI reports.
Business operations in high-risk areas of the world contend with complex threat environments and risk scenarios that often require a unique response. But traditional approaches to security strategy often miss these jurisdictional risks, leaving organizations vulnerable to threats that range from cybercrime and data breaches to fines and penalties.
Security leaders need to identify high-risk jurisdictions, inventory critical assets, identify vulnerabilities, assess risks, and identify security controls necessary to mitigate those risks.
Across risks that include insider threats and commercial surveillance, the two greatest vulnerabilities that organizations face in high-risk parts of the world are travel and compliance. Organizations can make small adjustments to their security program to address these risks:
Using these two prevalent risk scenarios in high-risk jurisdictions as examples, this research walks you through the steps to analyze the threat landscape, assess security risks, and execute a response to mitigate them.
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Traditional approaches to security strategy often miss jurisdictional risks. Use this storyboard to make small adjustments to your security program to mitigate security risks in high-risk jurisdictions.
Use this tool to track jurisdictional risks, assess the exposure of critical assets, and identify mitigation controls. Use the geographic heatmap to communicate inherent jurisdictional risk with key stakeholders.
Use these two templates to develop help you develop your own guidelines for key jurisdictional risk scenarios. The guidelines address high-risk travel and compliance risk.
Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.
Assess business requirements and evaluate security pressures to set the context for the security risk assessment.
Understand the goals of the organization in high-risk jurisdictions.
Assess the threats to critical assets in these jurisdictions and capture stakeholder expectations for information security.
1.1 Determine assessment scope.
1.2 Determine business goals.
1.3 Determine compliance obligations.
1.4 Determine risk appetite.
1.5 Conduct pressure analysis.
Business requirements
Security pressure analysis
Build key risk scenarios for high-risk jurisdictions.
Identify critical assets in high-risk jurisdictions, their vulnerabilities to relevant threats, and the adverse impact should malicious agents exploit them.
Assess risk exposure of critical assets in high-risk jurisdictions.
2.1 Identify critical assets.
2.2 Identify threats.
2.3 Assess risk likelihood.
2.4 Assess risk impact.
Key risk scenarios
Jurisdictional risk exposure
Jurisdictional Risk Register and Heat Map
Prioritize and treat jurisdictional risks to critical assets.
Build an initiative roadmap to reduce residual risks in high-risk jurisdictions.
3.1 Identify and assess risk response.
3.2 Assess residual risks.
3.3 Identify security controls.
3.4 Build initiative roadmap.
Action plan to mitigate key risk scenarios
Michel Hébert
Research Director
Security and Privacy
Info-Tech Research Group
Alan Tang
Principal Research Director
Security and Privacy
Info-Tech Research Group
Traditional approaches to security strategies may miss key risk scenarios that critical assets face in high-risk jurisdictions. These include high-risk travel, heightened insider threats, advanced persistent threats, and complex compliance environments. Most organizations have security strategies and risk management practices in place, but securing global operations requires its own effort. Assess the security risk that global operations pose to critical assets. Consider the unique assets, threats, and vulnerabilities that come with operations in high-risk jurisdictions. Focus on the business activities you support and integrate your insights with existing risk management practices to ensure the controls you propose get the visibility they need. Your goal is to build a plan that mitigates the unique security risks that global operations pose and secures critical assets in high-risk areas. Don’t leave security to chance.
Info-Tech has developed an effective approach to protecting critical assets in high-risk jurisdictions.
This approach includes tools for:
Organizations with global operations must contend with a more diverse set of assets, threats, and vulnerabilities when they operate in high-risk jurisdictions. Security leaders need to take additional steps to secure operations and protect critical assets.
The 2022 Allianz Risk Barometer surveyed 2,650 business risk specialists in 89 countries to identify the most important risks to operations. The report identified cybercrime, IT failures, outages, data breaches, fines, and penalties as the most important global business risks in 2022, but their results varied widely by region. The standout finding of the 2022 Allianz Risk Barometer is the return of security risks as the most important threat to business operations. Security risks will continue to be acute beyond 2022, especially in Africa, the Middle East, Europe, and the Asia-Pacific region, where they will dwarf risks of supply chain interruptions, natural catastrophe, and climate change.
Global operations in high-risk jurisdictions contend with more diverse threats. These security risk scenarios are not captured in traditional security strategies.
Figures represent the number of cybersecurity risks business risk specialists selected as a percentage of all business risks (Allianz, 2022). Higher scores indicate jurisdictions with higher security-related business risks. Jurisdictions without data are in grey.
The index assesses a country’s legal framework to identify basic requirements that public and private stakeholders must uphold and the legal instruments prohibiting harmful actions.
The 2020 GCI results show overall improvement and strengthening of the cybersecurity agenda globally, but significant regional gaps persist. Of the 194 countries surveyed:
Not every jurisdiction has the same commitment to cybersecurity. Protecting critical assets in high-risk jurisdictions requires additional due diligence.
The diagram sets out the score and rank for each country that took part in the Global Cybersecurity Index (ITU, 2021)
Higher scores show jurisdictions with a lower rank on the CGI, which implies greater risk. Jurisdictions without data are in grey.
As a result, security leaders who support operations in many countries need to take additional steps to mitigate security risks to critical assets.
Guide stakeholders to make informed decisions about how to assess and treat the security risks and secure operations.
Work with your organization to analyze the threat landscape, assess security risks unique to high-risk jurisdictions, and execute a response to mitigate them.
This project blueprint works through this process using the two most prevalent risk scenarios in high-risk jurisdictions: high-risk travel and compliance risk.
Key Risk Scenarios
The project blueprint includes template guidance in Phase 3 to help you build and deploy your own travel guidelines to protect critical assets and support end users before they leave, during their trip, and when they return.
Before you leave
During your trip
When you return
The project blueprint includes template guidance in Phase 3 to help you deploy your own compliance governance controls as a risk mitigation measure.
|
1. Identify Context |
2. Assess Risks |
3. Execute Response |
|
|---|---|---|---|
|
Phase Steps |
|
|
|
|
Phase Outcomes |
|
|
|
Business Security Requirements
Identify the context for the global security risk assessment, including risk appetite and risk tolerance.
Jurisdictional Risk Register and Heatmap
Identify critical global assets and the threats they face in high-risk jurisdictions and assess exposure.
Mitigation Plan
Roadmap of initiatives and security controls to mitigate global risks to critical assets. Tools and templates to address key security risk scenarios.
Jurisdictional Risk Register and Heatmap
Use the Jurisdictional Risk Register and Heatmap Tool to capture information security risks to critical assets in high-risk jurisdictions. The tool generates a world chart that illustrates the risks global operations face to help you engage the business and execute a response.
IT Benefits
Assess and remediate information security risk to critical assets in high-risk jurisdictions.
Easily integrate your risk assessment with enterprise risk assessments to improve communication with the business.
Illustrate key information security risk scenarios to make the case for action in terms the business understands.
Business Benefits
Develop mitigation plans to protect staff, devices, and data in high-risk jurisdictions.
Support business growth in high-risk jurisdictions without compromising critical assets.
Mitigate compliance risk to protect your organization’s reputation, avoid fines, and ensure business continuity.
|
ID |
Metric |
Why is this metric valuable? |
How do I calculate it? |
|---|---|---|---|
|
1. |
Overall Exposure – High-Risk Jurisdictions |
Illustrates the overall exposure of critical assets in high-risk jurisdictions. |
Use the Jurisdictional Risk Register and Heatmap Tool. Calculate the impact times the probability rating for each risk. Take the average. |
|
2. |
# Risks Identified – High-Risk Jurisdictions |
Informs risk tolerance assessments. |
Use the Jurisdictional Risk Register and Heatmap Tool. |
|
3. |
# Risks Treated – High-Risk Jurisdictions |
Informs residual risk assessments. |
Use the Jurisdictional Risk Register and Heatmap Tool. |
|
4. |
Mitigation Cost – High-Risk Jurisdictions |
Informs cost-benefit analysis to determine program effectiveness. |
Use the Jurisdictional Risk Register and Heatmap Tool. |
|
5. |
# Security Incidents – High-Risk Jurisdictions |
Informs incident trend calculations to determine program effectiveness. |
Draw the information from your service desk or IT service management tool. |
| 6. |
Incident Remediation Cost – High-Risk Jurisdictions |
Informs cost-benefit analysis to determine program effectiveness. |
Estimate based on cost and effort, including direct and indirect cost such as business disruptions, administrative finds, reputational damage, etc. |
|
7. |
TRENDS: Program Effectiveness – High-Risk Jurisdictions |
# of security incidents over time. Remediation : Mitigation costs over time |
Calculate based on metrics 5 to 7. |
"Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful."
"Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track."
"We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place."
"Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project."
Diagnostics and consistent frameworks are used throughout all four options.
Phase 1
Call #1: Scope project requirements, determine assessment scope, and discuss challenges.
Phase 2
Call #2: Conduct initial risk assessment and determine risk tolerance.
Call #3: Evaluate security pressures in high-risk jurisdictions.
Call #4: Identify risks in high-risk jurisdictions.
Call #5: Assess risk exposure.
Phase 3
Call #6: Treat security risks in high-risk jurisdictions.
A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization. A typical GI is between 8 to 12 calls over the course of 4 to 6 months.
Contact your account representative for more information. workshops@infotech.com 1-888-670-8889
|
Days 1 |
Days 2-3 |
Day 4 |
Day 5 |
|
|---|---|---|---|---|
|
Identify Context |
Key Risk Scenarios |
Build Roadmap |
Next Steps and Wrap-Up (offsite) |
|
|
Activities |
1.1.1 Determine assessment scope. 1.1.2 Determine business goals. 1.1.3 Identify compliance obligations. 1.2.1 Determine risk appetite. 1.2.2 Conduct pressure analysis. |
2.1.1 Identify assets. 2.1.2 Identify threats. 2.2.1 Assess risk likelihood. 2.2.2 Assess risk impact. |
3.1.1 Identify and assess risk response. 3.1.2 Assess residual risks. 3.2.1 Identify security controls. 3.2.2 Build initiative roadmap. |
5.1 Complete in-progress deliverables from previous four days. 5.2 Set up review time for workshop deliverables and to discuss next steps. |
|
Deliverables |
|
|
|
|
Stakeholders sometimes ask information security and privacy leaders to produce a list of safe jurisdictions from which to operate. We need to help them see that there are no safe jurisdictions, only relatively risky ones. As you build your security program, deepen the scope of your risk assessments to include risk scenarios critical assets face in different jurisdictions. These risks do not need to rule out operations, but they may require additional mitigation measures to keep staff, data, and devices safe and reduce potential reputational harms.
Traditional approaches to security strategy often omit jurisdictional risks.
Global operations must contend with a more complex security landscape. Secure critical assets in high-risk jurisdictions with a targeted risk assessment.
The two greatest risks are high-risk travel and compliance risk.
You can mitigate them with small adjustments to your security program.
Support High-Risk Travel
When securing travel to high-risk jurisdictions, you must consider personnel safety as well as data and device security. Put measures and guidelines in place to protect them before, during, and after travel.
Mitigate Compliance Risk
Think through data residency requirements, data breach notification, cross-border data transfer, and third-party risks to support business growth and mitigate compliance risks in high-risk jurisdictions to protect your organization’s reputation and avoid hefty fines or business disruptions.
This phase will walk you through the following activities:
This phase involves the following participants:
Activities
1.1.1 Determine assessment scope
1.1.2 Identify enterprise goals in high-risk jurisdictions
1.1.3 Identify compliance obligations
This step involves the following participants:
Outcomes of this step
Focus your risk assessment on the business activities security supports in high-risk jurisdictions and the unique threats they face to bridge gaps in your security strategy.
Work closely with your enterprise risk management function.
Enterprise risk management functions are often tasked with developing risk assessments from composite sources. Work closely with them to complete your own assessment.
Countries at heightened risk of money laundering and terrorism financing are examples of high-risk jurisdictions. The Financial Action Task Force and the U.S. Treasury publish reports three times a year that identify Non-Cooperative Countries or Territories.
Strategic Intelligence
White papers, briefings, reports. Audience: C-Suite, board members
Tactical Intelligence
Internal reports, vendor reports. Audience: Security leaders
Operational intelligence
Indicators of compromise. Audience: IT Operations
Operational intelligence focuses on machine-readable data used to block attacks, triage and validate alerts, and eliminate threats from the network. It becomes outdated in a matter of hours and is less useful for this exercise.
Without a flexible system to account for the risk exposures of different jurisdictions, staff may perceive measures as a hindrance to operations.
|
Rating |
Description |
|---|---|
|
Low |
Generally secure with adequate physical security. Low violent crime rates. Some civil unrest during significant events. Acts of terrorism rare. Risks associated with natural disasters limited and health threats mainly preventable. |
|
Moderate |
Periodic civil unrest. Antigovernment, insurgent, or extremist groups active with sporadic acts of terrorism. Staff at risk from common and violent crime. Transport and communications services are unreliable and safety records are poor. Jurisdiction prone to natural disasters or disease epidemics. |
|
High |
Regular periods of civil unrest, which may target foreigners. Antigovernment, insurgent, or extremist groups very active and threaten political or economic stability. Violent crime rates high, often targeting foreigners. Infrastructure and emergency services poor. May be regular disruption to transportation or communications services. Certain areas off-limits to foreigners. Jurisdictions experiencing natural disasters or epidemics are considered high risk. |
|
Extreme |
Undergoing active conflict or persistent civil unrest. Risk of being caught up in a violent incident or attack is very high. Authorities may have lost control of significant portions of the country. Lines between criminality and political and insurgent violence are blurred. Foreigners are likely to be denied access to parts of the country. Transportation and communication services are severely degraded or nonexistent. Violence presents a direct threat to staff security. |
Ratings are formulated by assessing several types of risk, including conflict, political/civil unrest, terrorism, crime, and health and infrastructure risks.
1 – 2 hours
Pay close attention to elements of the assessment that are not in scope.
|
Input |
Output |
|
|
|
Materials |
Participants |
|
|
Download the Information Security Requirements Gathering Tool
Do you understand the unique business context of operations in high-risk jurisdictions?
Estimated Time: 1-2 hours
Input | Output |
|
|
Materials | Participants |
|
|
Download the Information Security Requirements Gathering Tool
Tab 3, Goals Cascade
Tab 6, Results
If the organization is considering a merger and acquisition project that will expand operations in jurisdictions with different travel risk profiles, the security organization needs to revise the security strategy to ensure the organization can support high-risk travel and mitigate risks to critical assets.
Security leaders are familiar with most conventional regulatory obligations that govern financial, personal, and healthcare data in North America and Europe.
Data privacy concerns, nationalism, and the economic value of data are all driving jurisdictions to adopt data residency and data localization and to shut down the cross-border transfer of data.
The next step requires you to consider the compliance obligations the organization needs to meet to support the business as it expands to other jurisdictions through natural growth, mergers, and acquisitions.
Estimated Time: 1-2 hours
Include:
Input | Output |
|
|
Materials | Participants |
|
|
Download the Information Security Requirements Gathering Tool
Activities
1.2.1 Conduct initial risk assessment
1.2.2 Conduct pressure analysis
1.2.3 Determine risk tolerance
This step involves the following participants:
Outcomes of this step
Identify threats to global assets and capture the security expectations of external stakeholders, including customers, regulators, legislators, and business partners, and determine risk tolerance.
Perform an initial assessment of high-risk jurisdictions to set the context.
Assess:
You should be able to find the information in your existing security strategy. If you don’t have the information, work through the next three steps of the project blueprint.
Jurisdictional risk is often reduced to countries where money laundering and terrorist activities are high. In this blueprint, the term refers to the broader set of information security risks that arise when operating in a foreign country or jurisdiction.
Security leaders who support operations in many countries need to take additional steps to mitigate security risks to critical assets. The goal of the next two exercises is to analyze the threat landscape and security pressures unique to high-risk jurisdictions, which will inform the construction of key scenarios in Phase 2. These five scenarios are most prevalent in high-risk jurisdictions. Keep them in mind as you go through the exercises in this section.
1-3 hours
Input | Output |
|
|
Materials | Participants |
|
|
For more information on how to complete the risk assessment questionnaire, see Step 1.2.1 of Build an Information Security Strategy.
1-3 hours
For more information on how to complete the pressure analysis questionnaire, see Step 1.3 of Build an Information Security Strategy.
Input | Output |
|
|
Materials | Participants |
|
|
A low security pressure means that your stakeholders do not assign high importance to information security. You may need to engage stakeholders with the right key risk scenarios to illustrate jurisdictional risk and generate support for new security controls.
Download the Information Security Pressure Analysis Tool
A formalized risk tolerance statement can help:
The role of security professionals is to identify and analyze key risk scenarios that may prevent the organization from reaching its goals.
1-3 hours
For more information on how to complete the risk tolerance questionnaire, see Step 1.4 of Build an Information Security Strategy.
Input | Output |
|
|
Materials | Participants |
|
|
Download the Information Security Pressure Analysis Tool
This phase will walk you through the following activities:
This phase involves the following participants:
Activities
2.1.1 Identify assets
2.1.2 Identify threats
This step involves the following participants:
Outcomes of this step
For a deeper dive into building a risk management program, see Info-Tech’s core project blueprints on risk management:
Build an IT Risk Management Program
Combine Security Risk Management Components Into One Program
Risk scenarios are further distilled into a single sentence or risk statement that communicates the essential elements from the scenario.
|
Threat |
Exploits an |
Asset |
Using a |
Method |
Creating an |
Effect |
|
An actor capable of harming an asset |
Anything of value that can be affected and results in loss |
Technique an actor uses to affect an asset |
How loss materializes |
|||
|
Examples: Malicious or untrained employees, cybercriminal groups, malicious state actors |
Examples: Systems, regulated data, intellectual property, people |
Examples: Credential compromise, privilege escalation, data exfiltration |
Examples: Loss of data confidentiality, integrity, or availability; impact on staff health & safety |
|||
Risk scenarios are concise, four to six sentence narratives that describe the core elements of forecasted adverse events. Use them to engage stakeholders with the right questions and guide them to make informed decisions about how to address and treat security risks in high-risk jurisdictions.
The next slides review five key risk scenarios prevalent in high-risk jurisdictions. Use them as examples to develop your own.
For instance, in the US, these lists might include countries that are:
When securing travel to high-risk jurisdictions, you must consider personnel safety as well as data and device security.
The diagram presents high-risk jurisdictions based on US governmental sources (2021) listed on this slide.
Likelihood: Medium
Impact: Medium
Malicious state actors, cybercriminals, and competitors can threaten staff, devices, and data during travel to high-risk jurisdictions. Device theft or compromise may occur while traveling through airports, accessing hotel computer and phone networks, or in internet cafés or other public areas. Threat actors can exploit data from compromised or stolen devices to undermine the organization’s strategic, economic, or competitive advantage. They can also infect compromised devices with malware that delivers malicious payloads once they reconnect with home networks.
Threat Actor:
Assets:
Effect:
Methods:
Data privacy concerns, nationalism, and the economic value of data are all driving jurisdictions to adopt data residency, breach notification, and cross-border data transfer regulations. As 2021 wound down to a close, nearly all the world’s 30 largest economies had some form of data regulation in place. The regulatory landscape is shifting rapidly, which complicates operations as organizations grow into new markets or engage in merger and acquisition activities.
Global operations require special attention to data-residency requirements, data breach notification requirements, and cross-border data transfer regulations to mitigate compliance risk.
Likelihood: Medium
Impact: High
Rapid changes in the privacy and security regulatory landscape threaten organizations’ ability to meet their compliance obligations from local legal and regulatory frameworks. Organizations risk reputational damage, administrative fines, criminal charges, and loss of market share. In extreme cases, organizations may lose their license to operate in high-risk jurisdictions. Shifts in the regulatory landscape can involve additional requirements for data residency, cross-border data transfer, data breach notification, and third-party risk management.
Threat Actor:
Asset:
Effect:
Methods:
The Ponemon Institute set out to understand the financial consequences that result from insider threats and gain insight into how well organizations are mitigating these risks.
In the context of this research, insider threat is defined as:
On average, the total cost to remediate insider threats in 2021 was US$15.4 million per incident.
In all regions, employee or contractor negligence occurred most frequently. Organizations in North America and in the Middle East and Africa were most likely to experience insider threat incidents in 2021.
The diagram represents the average number of insider incidents reported per organization in 2021. The results are analyzed in four regions (Ponemon Institute, 2022)
Likelihood: Low to Medium
Impact: High
Malicious insiders, negligent employees, and credential thieves can exploit inside access to information systems to commit fraud, steal confidential or commercially valuable information, or sabotage computer systems. Insider threats are difficult to identify, especially when security is geared toward external threats. They are often familiar with the organization’s data and intellectual property as well as the methods in place to protect them. An insider may steal information for personal gain or install malicious software on information systems. They may also be legitimate users who make errors and disregard policies, which places the organization at risk.
Threat Actor:
Asset:
Effects:
Methods:
The CISA Shields Up site, SANS Storm Center site, and MITRE ATT&CK group site provide helpful and timely information to understand APT risks in different jurisdictions.
The following threat actors are currently associated with cyberattacks affiliated with the Russian government.
|
Activity Group |
Risks |
|---|---|
|
Known as Fancy Bear, this threat group has been tied to espionage since 2004. They compromised the Hillary Clinton campaign, amid other major events. |
|
| APT29 (SVT) |
Tied to espionage since 2008. Reportedly compromised the Democratic National Committee in 2015. Cited in the 2021 SolarWinds compromise. |
| Buhtrap/RTM Group |
Group focused on financial targets since 2014. Currently known to target Russian and Ukrainian banks. |
| Gamaredon |
Operating in Crimea. Aligned with Russian interests. Has previously targeted Ukrainian government officials and organizations. |
| DEV-0586 |
Carried out wiper malware attacks on Ukrainian targets in January 2022. |
| UNC1151 |
Active since 2016. Linked to information operation campaigns and the distribution of anti-NATO material. |
| Conti |
Most successful ransomware gang of 2021, with US$188M revenue. Supported Russian invasion of Ukraine, threatening attacks on allied critical infrastructure. |
Likelihood: Low to Medium
Impact: High
Advanced persistent threats are state actors or state-sponsored affiliates with the means to avoid detection by anti-malware software and intrusion detection systems. These highly-skilled and persistent malicious agents have significant resources with which to bypass traditional security controls, establish a foothold in the information technology infrastructure, and exfiltrate data undetected. APTs have the resources to adapt to a defender’s efforts to resist them over time. The loss of system integrity and data confidentiality over time can lead to financial losses, business continuity disruptions, and the destruction of critical infrastructure.
Threat Actor:
Asset:
Effects:
Methods:
Countries where commercial surveillance tools have been deployed (“Global Spyware Market Index,” Top10VPN, 2021)
Adware
Software applications that display advertisements while the program is running.
Keyboard Loggers
Applications that monitor and record keystrokes. Malicious agents use them to steal credentials and sensitive enterprise data.
Trojans
Applications that appear harmless but inflict damage or data loss to a system.
Mobile Spyware
Surveillance applications that infect mobile devices via SMS or MMS channels, though the most advanced can infect devices without user input.
State actors and their affiliates use system monitors to track browsing habits, application usage, and keystrokes and capture information from devices’ GPS location data, microphone, and camera. The most advanced system monitor spyware, such as NSO Group’s Pegasus, can infect devices without user input and record conversations from end-to-end encrypted messaging systems.
Likelihood: Low to Medium
Impact: Medium
Malicious agents can deploy malware on end-user devices with commercial tools available off the shelf to secretly monitor the digital activity of users. Attacks exploit widespread vulnerabilities in telecommunications protocols. They occur through email and text phishing campaigns, malware embedded in untested applications, and sophisticated zero-click attacks that deliver payloads without requiring user interactions. Attacks target sensitive as well as mundane information. They can be used to track employee activities, investigate criminal activity, or steal credentials, credit card numbers, or other personally identifiable information.
Threat Actor:
Asset:
Effects:
Methods:
The risk register will capture a list of critical assets and their vulnerabilities, the threats that endanger them, and the adverse effect your organization may face.
Download the Jurisdictional Risk Register and Heatmap Tool
1 – 2 hours
Threat | Exploits an | Asset | Using a | Method | Creating an | Effect |
Inputs for risk scenario identification
Input | Output |
|
|
Materials | Participants |
|
|
Threat | Exploits an | Asset | Using a | Method | Creating an | Effect |
Inputs for risk scenario identification
|
Category |
Actions |
Motivation |
Sophistication |
|---|---|---|---|
|
Nation-states |
Cyberespionage, cyberattacks |
Geopolitical |
High. Dedicated resources and personnel, extensive planning and coordination. |
|
Proxy organizations |
Espionage, destructive attacks |
Geopolitical, Ideological, Profit |
Moderate. Some planning and support functions and technical expertise. |
|
Cybercrime |
Theft, fraud, extortion |
Profit |
Moderate. Some planning and support functions and technical expertise. |
|
Hacktivists |
Disrupt operations, attack brands, release sensitive data |
Ideological |
Low. Rely on widely available tools that require little skill to deploy. |
|
Insiders |
Destruction or release of sensitive data, theft, exposure through negligence |
Incompetence, Discontent |
Internal access. Acting on their own or in concert with any of the above. |
1 – 2 hours
Threat | Exploits an | Asset | Using a | Method | Creating an | Effect |
Inputs for risk scenario identification
Input | Output |
|
|
Materials | Participants |
|
|
1 – 2 hours
For example:
Threat | Exploits an | Asset | Using a | Method | Creating an | Effect |
Risk Scenario: High-Risk Travel
State actors and cybercriminals can threaten staff, devices, and data during travel to high-risk jurisdictions. Device theft or compromise may occur while traveling through airports, accessing hotel computer and phone networks, or in internet cafés or other public areas. Threat actors can exploit data from compromised or stolen devices to undermine the organization’s strategic, economic, or competitive advantage. They can also infect compromised devices with malware that delivers malicious payloads once they reconnect with home networks.
Risk Statement
Cybercriminals compromise end-user devices during travel to high-risk jurisdictions, jeopardizing staff safety and leading to loss of sensitive data.
Risk Scenario: Compliance Risk
Rapid changes in the privacy and security regulatory landscape threaten an organization’s ability to meet its compliance obligations from local legal and regulatory frameworks. Organizations that fail to do so risk reputational damage, administrative fines, criminal charges, and loss of market share. In extreme cases, organizations may lose their license to operate in high-risk jurisdictions. Shifts in the regulatory landscape can involve additional requirements for data residency, cross-border data transfer, data breach notification, and third-party risk management.
Risk Statement
Rapid changes in the privacy and security regulations landscape threaten our ability to remain compliant, leading to reputational and financial loss.
Download the Jurisdictional Risk Register and Heatmap Tool
Activities
2.2.1 Identify existing controls
2.2.2 Assess likelihood and impact
This step involves the following participants:
Outcomes of this step
Likelihood of Occurrence X Likelihood of Impact = Risk Severity
Likelihood of occurrence: How likely the risk is to occur.
Likelihood of impact: The likely impact of a risk event.
Risk severity: The significance of the risk.
Evaluate risk severity against the risk tolerance thresholds and the cost of risk response.
Existing controls were put in place to avoid, mitigate, or transfer key risks your organization faced in the past. Without considering existing controls, you run the risk of overestimating the likelihood and impact of the risk scenarios your organization faces in high-risk jurisdictions.
For instance, the ability to remote-wipe corporate-owned devices will reduce the potential impact of a device lost or compromised during travel to high-risk jurisdictions.
As you complete the risk assessment for each scenario, document existing controls that reduce their inherent likelihood and impact.
6-10 hours
Input | Output |
|
|
Materials | Participants |
|
|
Download the Jurisdictional Risk Register and Heatmap Tool.
Expected cost calculations may not be practical. Determining robust likelihood and impact values to produce cost estimates can be challenging and time consuming. Use severity-level assessments as a first pass to make the case for risk mitigation measures and take your lead from stakeholders.
Use the Jurisdictional Risk Register and Heatmap Tool to capture and analyze your data.
6-10 hours
Input | Output |
|
|
Materials | Participants |
|
|
Download the Jurisdictional Risk Register and Heatmap Tool.
Stakeholders will likely ask you to explain some of the numbers you assigned to likelihood and impact assessments. Pointing to an assessment methodology will give your estimates greater credibility.
The goal is to develop robust intersubjective estimates of the likelihood and impact of a risk scenario.
We assigned a 50% likelihood rating to a risk scenario. Were we correct?
Assess the truth of the following statements to test likelihood assessments. In this case, do these two statements seem true?
This phase will walk you through the following activities:
This phase involves the following participants:
Activities
3.1.1 Identify and assess risk response
This step involves the following participants:
Outcomes of this step
Identify
Identify risk responses.
Predict
Predict the effectiveness of the risk response, if implemented, by estimating the residual likelihood and impact of the risk.
Calculate
The tool will calculate the residual severity of the risk after applying the risk response.
The first part of the phase outlines project activities. The second part elaborates on high-risk travel and compliance risk, the two key risk scenarios we are following throughout the project. Use the Jurisdictional Risk Register and Heatmap Tool to capture your work.
Input | Output |
|
|
Materials | Participants |
|
|
Download the Jurisdictional Risk Register and Heatmap Tool
Activities
3.2.1 Develop a travel policy
3.2.2 Develop travel procedures
3.2.3 Design high-risk travel guidelines
This step involves the following participants:
Outcomes of this step
This section provides guidance on the most prevalent risk scenarios identified in Phase 2 and provides a more in-depth examination of the two most prevalent ones, high-risk travel and compliance risk. Determine the appropriate response to each risk scenario to keep global risks to critical assets aligned with the organization’s risk tolerance.
Before you leave
During your trip
When you return
Higher Education: Camosun College
Interview: Evan Garland
Situation
The director of the international department at Camosun College reached out to IT security for additional support. Department staff often traveled to hostile environments. They were concerned malicious agents would either steal end-user devices or compromise them and access sensitive data. The director asked IT security for options that would better protect traveling staff, their devices, and the information they contain.
Challenges
First, controls would need to admit both work and personal use of corporate devices. Staff relied exclusively on work devices for travel to mitigate the risk of personal device theft. Personal use of corporate devices during travel was common. Second, controls needed to strike the right balance between friction and effortless access. Traveling staff had only intermittent access to IT support. Restrictive controls could prevent them from accessing their devices and data altogether.
Solution
IT consulted staff to discuss light-touch solutions that would secure devices without introducing too much complexity or compromising functionality. They then planned security controls that involved user interaction and others that did not and identified training requirements.
Results
|
Controls with user interaction |
Controls without user interaction |
|
|
The most effective solution will take advantage of existing risk management policies, processes, and procedures at your organization.
Input | Output |
|
|
Materials | Participants |
|
|
Security plans are key country documents that outline the security measures and procedures in place and the responsibilities and resources required to implement them. Security plans should be established in high-risk jurisdictions where your organization has a regular, significant presence. Security plans must remain relevant and accessible documents that address the specific risks that exist in that location, and, if appropriate, are specific about where the measures apply and who they apply to. Plans should be updated regularly, especially following significant incidents or changes in the operating environment or activities.
Critical information – One-page summary of pertinent information for easy access and quick reference (e.g. curfew times, no-go areas, important contacts).
Overview – Purpose and scope of the document, responsibilities for security plan, organization’s risk attitude, date of completion and review date, and a summary of the security strategy and policy.
Current Context – Summary of current operating context and overall security situation; main risks to staff, assets, and operations; and existing threats and risk rating.
Procedures – Simple security procedures that staff should adhere to in order to prevent incidents and how to respond should problems arise. Standard operating procedures (SOPs) should address key risks identified in the assessment.
Security levels – The organization's security levels/phases, with situational indicators that reflect increasing risks to staff in that context and location and specific actions/measures required in response to increasing insecurity.
Incident reporting – The procedures and responsibilities for reporting security-related incidents; for example, the type of incidents to be reported, the reporting structure, and the format for incident reporting.
Ratings are formulated by assessing several types of risk, including conflict, political/civil unrest, terrorism, crime, and health and infrastructure risks.
Rating | Description (Examples) | Recommended Action |
Low | Generally secure with adequate physical security. Low violent crime rates. Some civil unrest during significant events. Acts of terrorism rare. Risks associated with natural disasters limited and health threats mainly preventable. | Basic personal security, travel, and health precautions required. |
Moderate | Periodic civil unrest. Antigovernment, insurgent, or extremist groups active with sporadic acts of terrorism. Staff at risk from common and violent crime. Transport and communications services are unreliable and safety records are poor. Jurisdiction prone to natural disasters or disease epidemics. | Increased vigilance and routine security procedures required. |
High | Regular periods of civil unrest, which may target foreigners. Antigovernment, insurgent, or extremist groups very active and threaten political or economic stability. Violent crime rates high and targeting of foreigners is common. Infrastructure and emergency services poor. May be regular disruption to transportation or communications services. Certain areas off-limits to foreigners. Jurisdictions experiencing a natural disaster or a disease epidemic are considered high risk. | High level of vigilance and effective, context-specific security precautions required. |
Extreme | Undergoing active conflict or persistent civil unrest. Risk of being caught up in a violent incident or attack is very high. Civil authorities may have lost control of significant portions of the country. Lines between criminality and political and insurgent violence are blurred. Foreigners are likely to be denied access to significant parts of the country. Transportation and communication services are severely degraded or non-existent. Violence presents a direct threat to staff security. | Stringent security precautions essential and may not be sufficient to prevent serious incidents. Program activities may be suspended and staff withdrawn at very short notice. |
Input | Output |
|
|
Materials | Participants |
|
|
Address all types of travel, detail security measures, and outline what the organization expects of travelers before, during, and after their trip
|
Introduction |
Clarifies who the procedures apply to. Highlights any differences in travel security requirements or support provided to staff, consultants, partners, and official visitors. |
|---|---|
|
Travel risk ratings |
Explains the travel or country risk rating system, how staff access the information, the different categories and indicators, and their implications. |
|
Roles and responsibilities |
Clarifies the responsibilities of travelers, their line managers or contact points, and senior management regarding travel security and how this changes for destinations with higher risk ratings. |
|
Travel authorization |
Stipulates who in the organization authorizes travel, the various compliance measures required, and how this changes for destinations with higher risk ratings. |
|
Travel risk assessment |
Explains when travel risk assessments are required, the template that should be used, and who approves the completed assessments. |
Travel security procedures should specify what happens when staff add personal travel to their work trip to cover issues such as insurance, check-in, actual travel times, etc.
|
Pre-travel briefings |
Outlines the information that must be provided to travelers prior to departure, the type of briefing required and who provides it, and how these requirements change as risk ratings increase. |
|---|---|
|
Security training |
Explain security training required prior to travel. This may vary depending on the country’s risk rating. Includes information on training waiver system, including justifications and authorization. |
|
Traveler profile forms |
Travelers should complete a profile form, which includes personal details, emergency contacts, medical details, social media footprint, and proof-of-life questions (in contexts where there are abduction risks). |
|
Check-in protocol |
Specifies who travelers must maintain contact with while traveling and how often, as well as the escalation process in case of loss of contact. The frequency of check-ins should reflect the increase in the risk rating for the destination. |
|
Emergency procedures |
Outlines the organization's emergency procedures for security and medical emergencies. |
Input | Output |
|
|
Materials | Participants |
|
|
Download the Digital Safety Guidelines for International Travel template
Activities
3.3.1 Identify data localization obligations
3.3.2 Integrate obligations into IT system design
3.3.3 Document data processing activities
3.3.4 Choose the right mechanism
3.3.5 Implement the appropriate controls
3.3.6 Identify data breach notification obligations
3.3.7 Integrate data breach notification into incident response
3.3.8 Identify vendor security and data protection requirements
3.3.9 Build due diligence questionnaire
3.3.10 Build appropriate data processing agreement
This step involves the following participants:
Outcomes of this step
Likelihood: Medium to High
Impact: High
Data Residency
Gap Controls
Heatmap of Global Data Residency Regulations
Examples of Data Residency Requirements
|
Country |
Data Type |
Local Storage Requirements |
|---|---|---|
|
Australia |
Personal data – heath record |
My Health Records Act 2012 |
|
China |
Personal information — critical information infrastructure operators |
Cybersecurity law |
|
Government cloud data |
Opinions of the Office of the Central Leading Group for Cyberspace Affairs on Strengthening Cybersecurity Administration of Cloud Computing Services for Communist Party and Government Agencies |
|
|
India |
Government email data |
The Public Records Act of 1993 |
|
Indonesia |
Data held by electronic system operator for the public service |
Regulation 82 concerning “Electronic System and Transaction Operation” |
|
Germany |
Government cloud service data |
Criteria for the procurement and use of cloud services by the federal German administration |
|
Russia |
Personal data |
The amendments of Data Protection Act No. 152 FZ |
|
Vietnam |
Data held by internet service providers |
The Decree on Management, Provision, and Use of Internet Services and Information Content Online (Decree 72) |
|
US |
Government cloud service data |
Defense Federal Acquisition Regulation Supplement: Network Penetration Reporting and Contracting for Cloud Services (DFARS Case 2013-D018) |
1-2 hours
|
Jurisdiction |
Relevant Regulations |
Local Storage Requirements |
Date Type |
|---|---|---|---|
Input | Output |
|
|
Materials | Participants |
|
|
Download the Guidelines for Compliance With Local Security and Privacy Laws Template
1-2 hours
|
Item |
Consideration |
Answer |
Supporting Document |
|---|---|---|---|
| 1 |
Have you identified business services that process data that will be subject to localization requirements? |
||
| 2 |
Have you identified IT systems associated with the business services mentioned above? |
||
| 3 |
Have you established a data inventory (i.e. data types, business purposes) for the IT systems mentioned above? |
||
| 4 |
Have you established a data flow diagram for the data identified above? |
||
| 5 |
Have you identified the types of data that should be stored locally? |
||
| 6 |
Have you confirmed whether a copy of the data locally stored will satisfy the obligations? |
||
| 7 |
Have you confirmed whether an IT redesign is needed or whether modifications (e.g. adding a server) to the IT systems would satisfy the obligations? |
||
| 8 |
Have you confirmed whether access from another jurisdiction is allowed? |
||
| 9 |
Have you identified how long the data should be stored? |
Input | Output |
|
|
Materials | Participants |
|
|
Download the Guidelines for Compliance With Local Security and Privacy Laws Template
Likelihood: Medium to High
Impact: High
Gap Controls
Which cross-border transfer mechanism should I choose?
|
Transfer Mechanism |
Advantages |
Disadvantages |
|---|---|---|
|
Standard Contractual Clauses (SCC) |
|
|
|
Binding Corporate Rules (BCRs) |
|
|
|
Code of Conduct |
|
|
|
Certification |
|
|
|
Consent |
|
|
1-2 hours
|
Input |
Output |
|
|
|
Materials |
Participants |
|
|
Download the Guidelines for Compliance With Local Security and Privacy Laws Template
1-2 hours
Data Transfer Mechanism | Pros | Cons | Final Decision |
|---|---|---|---|
SCC | |||
BCR | |||
Code of Conduct | |||
Certification | |||
Consent |
Input | Output |
|
|
Materials | Participants |
|
|
Download the Guidelines for Compliance With Local Security and Privacy Laws Template
1-3 hours
| # | Core Components | Status | Note |
|---|---|---|---|
| 1 | Purpose and scope | ||
| 2 | Effect and invariability of the Clauses | ||
| 3 | Description of the transfer(s) | ||
| 4 | Data protection safeguards | ||
| 5 | Purpose limitation | ||
| 6 | Transparency | ||
| 7 | Accuracy and data minimization | ||
| 8 | Duration of processing and erasure or return of data | ||
| 9 | Storage limitation | ||
| 10 | Security of processing | ||
| 11 | Sensitive data | ||
| 12 | Onward transfers | ||
| 13 | Processing under the authority of the data importer | ||
| 14 | Documentation and compliance | ||
| 15 | Use of subprocessors | ||
| 16 | Data subject rights | ||
| 17 | Redress | ||
| 18 | Liability | ||
| 19 | Local laws and practices affecting compliance with the Clauses | ||
| 20 | Noncompliance with the Clauses and termination | ||
| 21 | Description of data processing activities, such as list of parties, description of transfer, etc. | ||
| 22 | Technical and organizational measures |
| Input | Output |
|
|
| Materials | Participants |
|
|
Download the Guidelines for Compliance With Local Security and Privacy Laws Template
Likelihood: High
Impact: Medium to High
Data Breach
Gap Controls
Examples of Data Breach Notification Obligations
|
Location |
Regulation/ Standard |
Reporting Obligation |
|---|---|---|
|
EU |
GDPR |
72 hours |
|
China |
PIPL |
Immediately |
|
US |
HIPAA |
No later than 60 days |
|
Canada |
PIPEDA |
As soon as feasible |
|
Global |
PCI DSS |
|
Summary of US State Data Breach Notification Statutes
1-2 hours
| Region | Regulation/Standard | Reporting Obligation |
|---|---|---|
Input | Output |
|
|
Materials | Participants |
|
|
Download the Guidelines for Compliance With Local Security and Privacy Laws Template
1-2 hours
| # | Phase | Considerations | Status | Notes |
|---|---|---|---|---|
| 1 | Prepare | Ensure the appropriate resources are available to best handle an incident. | ||
| 2 | Detect | Leverage monitoring controls to actively detect threats. | ||
| 3 | Analyze | Distill real events from false positives. | ||
| 4 | Contain | Isolate the threat before it can cause additional damage. | ||
| 5 | Eradicate | Eliminate the threat from your operating environment. | ||
| 6 | Recover | Restore impacted systems to a normal state of operations. | ||
| 7 | Report | Report data breaches to relevant regulators and data subjects if required. | ||
| 8 | Post-Incident Activities | Conduct a lessons-learned post-mortem analysis. |
| Input | Output |
|
|
| Materials | Participants |
|
|
Download the Guidelines for Compliance With Local Security and Privacy Laws Template
Likelihood: High
Impact: Medium to High
Third-Party Risk
End-to-End Third-Party Security and Privacy Risk Management
Examples of Vendor Security Management Requirements
|
Region |
Law/Standard |
Section |
|---|---|---|
|
EU |
General Data Protection Regulation (GDPR) |
Article 28 (1) |
|
Article 46 (1) |
||
| US |
Health Insurance Portability and Accountability Act (HIPAA) |
§164.308(b)(1) |
| US |
New York Department of Financial Services Cybersecurity Requirements |
500.11(a) |
|
Global |
ISO 27002:2013 |
15.1.1 |
|
15.1.2 |
||
|
15.1.3 |
||
|
15.2.1 |
||
|
15.2.2 |
||
| US |
NIST 800-53 |
SA-12 |
|
SA-12 (2) |
||
| US |
NIST Cybersecurity Framework |
ID-SC-1 |
|
ID-SC-2 |
||
|
ID-SC-3 |
||
|
ID-SC-4 |
||
| Canada |
OSFI Cybersecurity Guidelines |
4.25 |
|
4.26 |
1-2 hours
| Region | Law/Standard | Section | Requirements |
|---|---|---|---|
Input | Output |
|
|
Materials | Participants |
|
|
Download the Guidelines for Compliance With Local Security and Privacy Laws Template
1-2 hours
Perform internal due diligence prior to selecting a service provider.
| # | Question | Vendor Request | Vendor Comments |
|---|---|---|---|
| 1 | Document Requests | ||
| 2 | Asset Management | ||
| 3 | Governance | ||
| 4 | Supply Chain Risk Management | ||
| 5 | Identify Management, Authentication, and Access Control |
| Input | Output |
|
|
| Materials | Participants |
|
|
Download the Guidelines for Compliance With Local Security and Privacy Laws Template
1-2 hours
| # | Core Components | Status | Note |
|---|---|---|---|
| 1 | Processing of personal data | ||
| 2 | Scope of application and responsibilities | ||
| 3 | Processor's obligations | ||
| 4 |
Controller's obligations |
||
| 5 | Data subject requests | ||
| 6 | Right to audit and inspection | ||
| 7 | Subprocessing | ||
| 8 | Data breach management | ||
| 9 | Security controls | ||
| 10 | Transfer of personal data | ||
| 11 | Duty of confidentiality | ||
| 12 | Compliance with applicable laws | ||
| 13 | Service termination | ||
| 14 | Liability and damages |
| Input | Output |
|
|
| Materials | Participants |
|
|
Download the Guidelines for Compliance With Local Security and Privacy Laws Template
By following Info-Tech’s methodology for securing global operations, you have:
You have gone through a deeper analysis of two key risk scenarios that affect global operations:
If you would like additional support, have our analysts guide you through an Info-Tech workshop or Guided Implementation.
Contact your account representative for more information.
workshop@infotech.com1-888-670-8889
Contact your account representative for more information.
workshops@infotech.com 1-888-670-8889
To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team. Info-Tech analysts will join you and your team at your location or welcome you to Info-Tech’s historic Toronto office to participate in an innovative onsite workshop.
The following are sample activities that will be conducted by Info-Tech analysts with your team:
Identify High-Risk Jurisdictions
Develop requirements to identify high-risk jurisdictions.
Build Risk Scenarios
Build risk scenarios to capture assets, vulnerabilities, threats, and the potential effect of a compromise.
Ken Muir
CISO
LMC Security
Premchand Kurup
CEO
Paramount Computer Systems
Preeti Dhawan
Manager, Security Governance
Payments Canada
Scott Wiggins
Information Risk and Governance
CDPHP
Fritz Y. Jean Louis
CISO
Globe and Mail
Eric Gervais
CIO
Ovivo Water
David Morrish
CEO
MBS Techservices
Evan Garland
Manager, IT Security
Camosun College
Jacopo Fumagalli
CISO
Axpo
Dennis Leon
Governance and Security Manager
CPA Canada
Tero Lehtinen
CIO
Planmeca Oy
2022 Cost of Insider Threats Global Report.” Ponemon Institute, NOVIPRO, 9 Feb. 2022. Accessed 25 May 22.
“Allianz Risk Barometer 2022.” Allianz Global Corporate & Specialty, Jan. 2022. Accessed 25 May 22.
Bickley, Shaun. “Security Risk Management: a basic guide for smaller NGOs”. European Interagency Security Forum (EISF), 2017. Web.
“Biden Administration Warns against spyware targeting dissidents.” New York Times, 7 Jan 22. Accessed 20 Jan 2022.
Boehm, Jim, et al. “The risk-based approach to cybersecurity.” McKinsey & Company, October 2019. Web.
“Cost of a Data Breach Report 2021.” IBM Security, July 2021. Web.
“Cyber Risk in Asia-Pacific: The Case for Greater Transparency.” Marsh & McLennan Companies, 2017. Web.
“Cyber Risk Index.” NordVPN, 2020. Accessed 25 May 22
Dawson, Maurice. “Applying a holistic cybersecurity framework for global IT organizations.” Business Information Review, vol. 35, no. 2, 2018, pp. 60-67.
“Framework for improving critical infrastructure cybersecurity.” National Institute of Standards and Technology, 16 Apr 2018. Web.
“Global Cybersecurity Index 2020.” International Telecommunication Union (ITU), 2021. Accessed 25 May 22.
“Global Risk Survey 2022.” Control Risks, 2022. Accessed 25 May 22.
“International Travel Guidance for Government Mobile Devices.” Federal Mobility Group (FMG), Aug. 2021. Accessed 18 Nov 2021.
Kaffenberger, Lincoln, and Emanuel Kopp. “Cyber Risk Scenarios, the Financial System, and Systemic Risk Assessment.” Carnegie Endowment for International Peace, September 2019. Accessed 11 Jan 2022.
Koehler, Thomas R. Understanding Cyber Risk. Routledge, 2018.
Owens, Brian. “Cybersecurity for the travelling scientist.” Nature, vol. 548, 3 Aug 2017. Accessed 19 Jan. 2022.
Parsons, Fintan J., et al. “Cybersecurity risks and recommendations for international travellers.” Journal of Travel Medicine, vol. 1, no. 4, 2021. Accessed 19 Jan 2022.
Quinn, Stephen, et al. “Identifying and estimating cybersecurity risk for enterprise risk management.” National Institute of Standards and Technology (NIST), Interagency or Internal Report (IR) 8286A, Nov. 2021.
Quinn, Stephen, et al. “Prioritizing cybersecurity risk for enterprise risk management.” NIST, IR 8286B, Sept. 2021.
“Remaining cyber safe while travelling security recommendations.” Government of Canada, 27 April 2022. Accessed 31 Jan 2022.
Stine, Kevin, et al. “Integrating cybersecurity and enterprise risk management.” NIST, IR 8286, Oct. 2020.
Tammineedi, Rama. “Integrating KRIs and KPIs for effective technology risk management.” ISACA Journal, vol. 4, 1 July 2018.
Tikk, Eneken, and Mika Kerttunen, editors. Routledge Handbook of International Cybersecurity. Routledge, 2020.
Voo, Julia, et al. “National Cyber Power Index 2020.” Belfer Center for Science and International Affairs, Harvard Kennedy School, Sept. 2020. Web.
Zhang, Fang. “Navigating cybersecurity risks in international trade.” Harvard Business Review, Dec 2021. Accessed 31 Jan 22.
Likelihood: Medium to High
Impact: High
Gap Controls
For more holistic approach, you can leverage our Reduce and Manage Your Organization’s Insider Threat Risk blueprint.
You can’t just throw tools at a human problem. While organizations should monitor critical assets and groups with privileged access to defend against malicious behavior, good management and supervision can help detect attacks and prevent them from happening in the first place.
Industry | Actors | Risks | Tactics | Motives |
|---|---|---|---|---|
State and Local Government |
|
|
|
|
Information Technology |
|
|
|
|
Healthcare |
|
|
|
|
Finance and Insurance |
|
|
|
|
Source: Carnegie Mellon University Software Engineering Institute, 2019
Likelihood: Medium to High
Impact: High
Gap Controls
Prevent: Defense in depth is the best approach to protect against unknown and unpredictable attacks. Effective anti-malware, diligent patching and vulnerability management, and strong human-centric security are essential.
Detect: There are two types of companies – those who have been breached and know it, and those who have been breached and don’t know it. Ensure that monitoring, logging, and event detection tools are in place and appropriate to your organizational needs.
Analyze: Raw data without interpretation cannot improve security and is a waste of time, money, and effort. Establish a tiered operational process that not only enriches data but also provides visibility into your threat landscape.
Respond: Organizations can’t rely on ad hoc response anymore – don’t wait until a state of panic. Formalize your response processes in a detailed incident runbook to reduce incident remediation time and effort.
Lock down your organization. Among other tactics, control administrative privileges, leverage threat intelligence, use IP whitelisting, adopt endpoint protection and two-factor authentication, and formalize incident response measures.
Information alone is not actionable. A successful threat intelligence program contextualizes threat data, aligns intelligence with business objectives, and then builds processes to satisfy those objectives. Actively block indicators and act upon gathered intelligence.
Create organizational situational awareness around security initiatives to drive adoption of foundational security measures: network hardening, threat intelligence, red-teaming exercises, and zero-day mitigation, policies, and procedures.
Security extends beyond your organization. Ensure your organization has a comprehensive view of your organizational threat landscape and a clear understanding of the security posture of any managed service providers in your supply chain.
Conduct security awareness and training. Teach end users how to recognize current cyberattacks before they fall victim – this is a mandatory first line of defense.
As misinformation is a major attack vector for malicious actors, follow only reliable sources for cyberalerts and actionable intelligence. Aggregate information from these reliable sources.
The CISA Shields Up site provides the latest cyber risk updates on the Russia-Ukraine conflict and should provide the most value in staying informed.
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Successful execution of business strategy requires planning that:
To accomplish this, the business architect must engage stakeholders, model the business, and drive planning with business architecture.
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Build a structured, repeatable framework for both IT and business stakeholders to appraise the activities that deliver value to consumers; and assess the readiness of their capabilities to enable them.
This template helps you ensure that your business architecture practice receives the resources, visibility, and support it needs to be successful, by helping you develop a strategy to engage the key stakeholders involved.
Record the complete value stream and decompose it into stages. Add a description of the expected outcome of the value stream and metrics for each stage.
Build a business capability model for the organization and map capabilities to the selected value stream.
Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.
Identify and consult stakeholders to discover the business goals and value proposition for the customer.
Engage stakeholders and SMEs in describing the business and its priorities and culture.
Identify focus for the areas we will analyze and work on.
1.1 Select key stakeholders
1.2 Plan for engaging stakeholders
1.3 Gather business goals and priorities
Stakeholder roles
Engagement plan
Business strategy, value proposition
Describe the main value-adding activities of the business from the consumer’s point of view, e.g. provide product or service.
Shared understanding of why we build resources and do what we do.
Starting point for analyzing resources and investing in innovation.
2.1 Define or update value streams
2.2 Decompose selected value stream(s) into value stages and identify problematic areas and opportunities
Value streams for the enterprise
Value stages breakdown for selected value stream(s)
Describe all the capabilities that make up an organization and enable the important customer-facing activities in the value streams.
Basis for understanding what resources the organization has and their ability to support its growth and success.
3.1 Define and describe all business capabilities (Level 1)
3.2 Decompose and analyze capabilities for a selected priority value stream.
Business Capability Map (Level 1)
Business Capabilities Level 2 for selected value stream
Use the Business Capability Map to identify key capabilities (e.g. cost advantage creator), and look more closely at what applications or information or business processes are doing to support or hinder that critical capability.
Basis for developing a roadmap of IT initiatives, focused on key business capabilities and business priorities.
4.1 Identify key capabilities (cost advantage creators, competitive advantage creators)
4.2 Assess capabilities with the perspective of how well applications, business processes, or information support the capability and identify gaps
4.3 Apply analysis tool to rank initiatives
Business Capability Map with key capabilities: cost advantage creators and competitive advantage creators
Assessment of applications or business processes or information for key capabilities
Roadmap of IT initiatives
Info-Tech is a provider of best-practice IT research advisory services that make every IT leader’s job easier.
| 35,000 members sharing best practices you can leverage | Millions spent developing tools and templates annually | Leverage direct access to over 100 analysts as an extension of your team | Use our massive database of benchmarks and vendor assessments | Get up to speed in a fraction of the time |
Business architecture provides a holistic and unified view of:
Without a business architecture it is difficult to see the connections between the business’s activities for the customer and the IT resources supporting them – to demonstrate that what we do in IT is customer-driven.
As a map of your business, the business architecture is an essential input to the digital strategy:
Crystal Singh
Research Director, Data and Analytics
Info-Tech Research Group
Andrea Malick
Research Director, Data and Analytics
Info-Tech Research Group
| Your Challenge | Common Obstacles | Info-Tech’s Approach |
|
Organizations need to innovate rapidly to respond to ever-changing forces and demands in their industry. But they often fail to deliver meaningful outcomes from their IT initiatives within a reasonable time. Successful companies are transforming, i.e. adopting fluid strategies that direct their resources to customer-driven initiatives and execute more quickly on those initiatives. In a responsive and digital organization, strategies, capabilities, information, people, and technology are all aligned, so work and investment are consistently allocated to deliver maximum value. |
You don’t have a complete reference map of your organization’s capabilities on which to base strategic decisions. You don’t know how to prioritize and identify the capabilities that are essential for achieving the organization’s customer-driven objectives. You don’t have a shared enterprise vision, where everyone understands how the organization delivers value and to whom. |
Begin important business decisions with a map of your organization – a business reference architecture. Model the business in the form of architectural blueprints. Engage your stakeholders. Recognize the opportunity for mapping work, and identify and engage the right stakeholders. Drive business architecture forward to promote real value to the organization. Assess your current projects to determine if you are investing in the right capabilities. Conduct business capability assessments to identify opportunities and prioritize projects. |
Info-Tech Insight
Business architecture is the set of strategic planning techniques that connects organization strategy to execution in a manner that is accurate and traceable and promotes the efficient use of organizational resources.
| Phase | Purpose | Activity | Outcome |
| 1. | Business context: Identify organization goals, industry drivers, and regulatory requirements in consultation with business stakeholders. |
Identify forces within and outside the organization to consider when planning the focus and timing of digital growth, through conducting interviews and surveys and reviewing existing strategies. | Business value canvas, business strategy on a page, customer journey |
| 2. | Customer activities (value stream): What is the customer doing? What is our reason for being as a company? What products and services are we trying to deliver? |
Define or update value streams, e.g. purchase product from supplier, customer order, and deliver product to customer. | Value streams enterprise-wide (there may be more than one set of value streams, e.g. a medical school and community clinic) |
| Prioritize value streams: Select key value streams for deeper analysis and focus. |
Assess value streams. | Priority value streams | |
| Value stages: Break down the selected value stream into its stages. |
Define stages for selected value streams. | Selected value stream stages | |
| 3. | Business capability map, level 1 enterprise: What resources and capabilities at a high level do we have to support the value streams? |
Define or update the business capabilities that align with and support the value streams. | Business capability map, enterprise-wide capabilities level 1 |
| Business capability map, level 2 for selected area: List resources and capabilities that we have at a more detailed level. |
Define or update business capabilities for selected value stream to level 2. | Business capability map, selected value stream, capability level 2 | |
| Heatmap Business Capability Map: Flag focus areas in supporting technology, applications, data and information. |
| Day 1: Discover Business Context | Day 2: Define Value Streams | Day 3: Build Business Capability Map | Day 4: Roadmap Business Architecture | ||
|---|---|---|---|---|---|
| Phase Steps |
1.1 Collect corporate goals and strategies 1.2 Identify stakeholders |
2.1 Build or update value streams 2.2 Decompose selected value stream into value stages and analyze for opportunities |
3.1 Update business capabilities to level 1 for enterprise 3.2 For selected value streams, break down level 1 to level 2 |
3.3 Use business architecture to heatmap focus areas: technology, information, and processes 3.4 Build roadmap of future business architecture initiatives |
|
| Phase Outcomes |
|
|
|
|
| INDUSTRY VALUE CHAIN | DIGITAL TRANSFORMATION | BUSINESS ARCHITECTURE |
| A high-level analysis of how the industry creates value for the consumer as an overall end-to-end process. | The adoption of digital technologies to innovate and re-invent existing business, talent ,and operating models to drive growth, business value, and improved customer experience. | A holistic, multidimensional business view of capabilities, end-to-end value, and operating model in relation to the business strategy. |
| INDUSTRY VALUE STREAM | STRATEGIC OBJECTIVES | CAPABILITY ASSESSMENTS |
| A set of activities, tasks, and processes undertaken by a business or a business unit across the entire end-to-end business function to realize value. | A set of standard objectives that most industry players will feature in their corporate plans. | A heat-mapping effort to analyze the maturity and priority of each capability relative to the strategic priorities that they serve. |
| 1 | Understand the business context and drivers Deepen your understanding of the organization’s priorities by gathering business strategies and goals. Talking to key stakeholders will allow you to get a holistic view of the business strategy and forces shaping the strategy, e.g. economy, workforce, and compliance. |
| 2 | Define value streams; understand the value you provide Work with senior leadership to understand your customers’ experience with you and the ways your industry provides value to them. Assess the value streams for areas to explore and focus on. |
| 3 | Customize the industry business architecture;
develop business capability map
Work with business architects and enterprise architects to customize Info-Tech’s business architecture for your industry as an enterprise-wide map of the organization and its capabilities. Extend the business capability map to more detail (Level 2) for the value stream stages you select to focus on. |
Business architecture provides a framework that connects business strategy and IT strategy to project execution through a set of models that provide clarity and actionable insights. How well do you know your business?
Business architecture is:
Business architecture must be branded as a front-end planning function to be appropriately embedded in the organization’s planning process.
Brand business architecture as an early planning pre-requisite on the basis of maintaining clarity of communication and spreading an accurate awareness of how strategic decisions are being made.
As an organization moves from strategy toward execution, it is often unclear as to exactly how decisions pertaining to execution are being made, why priority is given to certain areas, and how the planning function operates.
The business architect’s primary role is to model this process and document it.
In doing so, the business architect creates a unified view as to how strategy connects to execution so it is clearly understood by all levels of the organization.
| Business Architecture | ||
|---|---|---|
| Business strategy map | Business model canvas | Value streams |
| Business capability map | Business process flows | Service portfolio |
| Data Architecture | Application Architecture | Infrastructure Architecture |
| Conceptual data model | Application portfolio catalog | Technology standards catalog |
| Logical data model | Application capability map | Technology landscape |
| Physical data model | Application communication model | Environments location model |
| Data flow diagram | Interface catalog | Platform decomposition diagram |
| Data lifecycle diagram | Application use-case diagram | Network computing / hardware diagram |
| Security Architecture | ||
| Enterprise security model | Data security model | Application security model |
The key characteristic of the business architecture is that it represents real-world aspects of a business, along with how they interact.
Many different views of an organization are typically developed. Each view is a diagram that illustrates a way of understanding the enterprise by highlighting specific information about it:
The business owns the strategy and operating model; the business architect connects all the pieces together.
| R | Business Architect (Responsible) |
| A | Business Unit Leads (Accountable) |
| C | Subject Matter Experts (Consulted) – Business Lines, Operations, Data, Technology Systems & Infrastructure Leads |
| I | Business Operators (Informed) – Process, Data, Technology Systems & Infrastructure |
Picking the right project is critical to setting the tone for business architecture work in the organization.
Consider these best practices to maintain a high level of engagement from key stakeholders throughout the process of establishing or applying business architecture.
Balance short-term cost savings with long-term benefits
Participate in project governance to facilitate compliance
Create a center of excellence to foster dialogue
It is important to understand the different value-generating activities that deliver an outcome for and from your customers.
We do this by looking at value streams, which refer to the specific set of activities an industry player undertakes to create and capture value for and from the end consumer (and so the question to ask is, how do you make money as an organization?).
Our approach helps you to strengthen and transform those value streams that generate the most value for your organization.
An organization can have more than one set of streams.
For example, an enterprise can provide both retail shopping and financial services, such as credit cards.
| Value Streams | Create or Purchase the Product | Manage Inventory | Distribute Product | Sell Product, Make Product Available to Customers |
|---|---|---|---|---|
|
|
|
|
Value streams – the activities we do to provide value to customers – require business capabilities.
Value streams are broken down further into value stages, for example, the Sell Product value stream has value stages Evaluate Options, Place Order, and Make Payment.
Think of value streams as the core operations: the reason for your organization’s being. A professional consulting organization may have a legal team but it does not brand itself as a law firm. A core value stream is providing research products and services; a business capability that supports it is legal counsel.
The stages of a value stream are usually action-oriented statements or verbs that make up the individual steps involved throughout the scope of the value stream, e.g. Place Order or Make Payment.
Each value stream should have a trigger or starting point and an end result for a client or receiver.
There should be measurable value or benefits at each stage. These are key performance indicators (KPIs). Spot problem areas in the stream.
Value streams usually fall into one of these categories:
Business capabilities are built up to allow the business to perform the activities that bring value to customers. Map capabilities to the value-add activities in the value stream. Business capabilities lie at the top layer of the business architecture:
A business capability map can be thought of as a visual representation of your organization’s business capabilities and represents a view of what your data program must support.
Validate your business capability map with the right stakeholders, including your executive team, business unit leaders, and/or other key stakeholders.
Example business capability map for: Higher Education
Validate your business capability map with the right stakeholders, including your executive team, business unit leaders, and/or other key stakeholders.
A business capability map can be thought of as a visual representation of your organization’s business capabilities and represents a view of what your data program must support.
Example business capability map for: Local Government
Value streams – the activities we do to provide value to customers – require business capabilities. Value streams are broken down further into value stages.
Business capabilities are built up to allow the business to perform the activities that bring value to customers. Map capabilities to the activities in the value stage to spot opportunities and problems in delivering services and value.
Business processes fulfill capabilities. They are a step-by-step description of who is performing what to achieve a goal. Capabilities consist of networks of processes and the resources – people, technology, materials – to execute them.
Capability = Processes + Software, Infrastructure + People
Align the business objectives of your organization to your value streams (the critical actions that take place within your organization to add value to a customer).
Prioritize a value stream to transform based on the number of priorities aligned to a value stream, and/or the business value (e.g. revenue, EBITDA earnings, competitive differentiation, or cost efficiency).
Decompose the selected value stream into value stages.
Align capabilities level 1 and 2 to value stages. One capability may support several value stages in the stream.
Build a business architecture for the prioritized value stream with a map of business capabilities up to level 2.
NOTE: We can’t map all capabilities all at once: business architecture is an ongoing practice; select key mapping initiatives each year based on business goals.
Business value defines the success criteria of an organization as manifested through organizational goals and outcomes, and it is interpreted from four perspectives:
It’s never a good idea to start with a blank page.
The business capability map available from Info-Tech and with industry standard models can be used as an accelerator. Assemble the relevant stakeholders – business unit leads and product/service owners – and modify the business capability map to suit your organization’s context.
Acceleration path: Customize generic capability maps with the assistance of our industry analysts.
| Business context | Define value streams | Build business capability map |
|---|---|---|
| 1.1 Select key stakeholders 1.2 Collect and understand corporate goals |
2.1 Update or define value streams 2.2 Decompose and analyze selected value stream |
3.1 Build level 1 capability map 3.2 Build level 2 capability map 3.3 Heatmap capability map 3.4 Roadmap |
Use inputs from business goals and strategies to understand priorities.
It is not necessary to have a comprehensive business strategy document to start – with key stakeholders, the business architect should be able to gather a one-page business value canvas or customer journey.
What is business context?
“The business context encompasses an understanding of the factors impacting the business from various perspectives, including how decisions are made and what the business is ultimately trying to achieve. The business context is used by IT to identify key implications for the execution of its strategic initiatives.”
Source: Businesswire, 2018
First, as the CIO, you must engage executive stakeholders and secure their support.
Focus on key players who have high power and high interest in business architecture.
Engage the stakeholders who are impacted the most and have the power to impede the success of business architecture.
For example, if the CFO – who has the power to block funding – is disengaged, business architecture will be put at risk.
Use Info-Tech’s Stakeholder Power Map Template to help prioritize time spent with stakeholders.
A business architecture project may involve the following stakeholders:
You must identify who the stakeholders are for your business architecture work.
Think about:
Avoid these common mistakes:
1-3 hours
Build an accurate depiction of the business.
| Input | Output |
|---|---|
|
|
| Materials | Participants |
|
|
A business strategy must articulate the long-term destination the business is moving into. This illustration shapes all the strategies and activities in every other part of the business, including what IT capabilities and resources are required to support business goals. Ultimately, the benefits of a well-defined business strategy increase as the organization scales and as business units or functions are better equipped to align the strategic planning process in a manner that reflects the complexity of the organization.
Using the Business Strategy on a Page canvas, consider the questions in each bucket to elicit the overall strategic context of the organization and uncover the right information to build your digital strategy. Interview key executives including your CEO, CIO, CMO, COO, CFO, and CRO, and review documents from your board or overall organizational strategy to uncover insights.
Info-Tech Insight
A well-articulated and clear business strategy helps different functional and business units work together and ensures that individual decisions support the overall direction of the business.
Examples business objectives:
Info-Tech Insight
CIOs are ideally positioned to be the sponsors of business architecture given that their current top priorities are digital transformation, innovation catalyzation, and business alignment.
1-3 hours
Having a clear understanding of the business is crucial to executing on the strategic IT initiatives.
| Input | Output |
|---|---|
|
|
| Materials | Participants |
|
|
|
Vision Where do you want to go? Mission/Mandate What do you do? |
Value Streams Why are you in business? What do you do? |
Key Products & Services What are your top three to five products and services? |
Key Customer Segments Who are you trying to serve or target? |
|
Value Proposition What is the value you deliver to your customers? Future Value Proposition What is your value proposition in three to five years’ time? |
Digital Experience Aspirations How can you create a more effective value stream? |
Business Resilience Aspirations How can you reduce business risks? |
Sustainability (or ESG) Aspirations How can you deliver ESG and sustainability goals? |
|
CEO |
Core Business Goals What are the core business goals to meet business objectives? |
Top Priorities & Initiatives What are the top initiatives and priorities over the planning horizon? |
Performance Insights/Metrics What do we need to achieve? |
|
CMO |
Shared Business Goals What are the shared (operational) business goals to meet business objectives? |
Top Priorities & Initiatives What are the top initiatives and priorities over the planning horizon? |
Performance Insights/Metrics What do we need to achieve? |
|
CFO |
Enabling Business Goals What are the enabling (supporting/enterprise) business goals to meet business objectives? |
Top Priorities & Initiatives What are the top initiatives and priorities over the planning horizon? |
Performance Insights/Metrics What do we need to achieve? |
The BA practice’s supporters are potential champions who will help you market the value of BA; engage with them first to create positive momentum. Map out the concerns of each group of stakeholders so you can develop marketing tactics and communications vehicles to address them.
Example Communication Strategy
| Stakeholder Concerns | Tactics to Address Concerns | Communication Vehicles | Frequency | |
|---|---|---|---|---|
| Supporters (High Priority) |
|
|
|
Bi-Monthly |
| Indifferent (Medium Priority) |
|
|
|
Quarterly |
| Resistors (Medium Priority) |
|
|
|
Tailored to individual groups |
1-2 hours
Now that you have organized and categorized your stakeholders based on their power, influence, interest, and knowledge of business architecture, it is time to brainstorm how you are going to gain their support and participation.
Think about the following:
Avoid these common mistakes:
| Input | Output |
|---|---|
|
|
|
| Materials | Participants |
|
|
Download the Stakeholder Engagement Strategy Template for this project.
CASE STUDY
IndustrySource
Anonymous
| Situation | Complication | Result |
|---|---|---|
|
To achieve success with the business architecture initiative, the bank’s CIO needed to put together a plan to engage the right stakeholders in the process. Without the right stakeholders, the initiative would suffer from inadequate information and thus would run the risk of delivering an ineffective solution. |
The bank’s culture was resistant to change and each business unit had its own understanding of the business strategy. This was a big part of the problem that led to decreasing customer satisfaction. The CIO needed a unified vision for the business architecture practice involving people, process, and technology that all stakeholders could support. |
Starting with enlisting executive support in the form of a business sponsor, the CIO identified the rest of the key stakeholders, in this case, the business unit heads, who were necessary to engage for the initiative. Once identified, the CIO promoted the benefits of business architecture to each of the business unit heads while taking stock of their individual needs. |
1 hour
Using your stakeholder power map as a starting point, focus on the three most important quadrants: those that contain stakeholders you must keep informed, those to keep satisfied, and the key players.
Plot the stakeholders from those quadrants on a stakeholder engagement map.
Think about the following:
Avoid these common mistakes:
| Input | Output |
|---|---|
|
|
| Materials | Participants |
|
|
Download the Stakeholder Engagement Strategy Template for this project.
1-2 hours
Now that you have organized and categorized your stakeholders based on their power, influence, interest, and knowledge of business architecture, it is time to brainstorm how you are going to gain their support and participation.
Think about the following:
Avoid these common mistakes:
| Input | Output |
|---|---|
|
|
| Materials | Participants |
|
|
Download the Stakeholder Engagement Strategy Template for this project.
| Business context | Define value streams | Build business capability map |
|---|---|---|
|
1.1 Select key stakeholders |
2.1 Update or define value streams |
3.1 Build Level 1 capability map |
This phase will walk you through the following activities:
This phase involves the following participants:
Value streams connect business goals to organization’s value realization activities. They enable an organization to create and capture value in the market place by engaging in a set of interconnected activities.
There are several key questions to ask when endeavoring to identify value streams.
| Key Questions |
|---|
|
| Value Streams | Create or Purchase Product | Manage Inventory | Distribute Product | Sell Product |
|
|
|
|
Value streams – the activities we do to provide value to customers – require business capabilities.
Value streams are broken down further into value stages, for example, Sell Product value stream has value stages Evaluate Options, Place Order, and Make Payment.
Think of value streams as the core operations, the reason for our organization’s being. A professional consulting organization may have a legal team but it does not brand itself as a law firm. A core value stream is providing research products and services – a business capability that supports it is legal counsel.
1-3 hours
Unify the organization’s perspective on how it creates value.
| Input | Output |
|---|---|
|
|
| Materials | Participants |
|
|
See your Info-Tech Account Representative for access to the Reference Architecture Template
The stages of a value stream are usually action-oriented statements or verbs that make up the individual steps involved throughout the scope of the value stream, e.g. Place Order or Make Payment.
Each value stream should have a trigger or starting point and an end result for a client or receiver.
There should be measurable value or benefits at each stage.
These are key performance indicators (KPIs).
Spot problem areas in the stream.
Value streams usually fall into one of these categories:
Customer Acquisitions
Identify Prospects > Contact Prospects > Verify Interests
Sell Product
Identify Options > Evaluate Options > Negotiate Price and Delivery Date > Place Order > Get Invoice > Make Payment
Product Delivery
Confirm Order > Plan Load > Receive Warehouse > Fill Order > Ship Order > Deliver Order > Invoice Customer
Product Financing
Initiate Loan Application > Decide on Application > Submit Documents > Review & Satisfy T&C > Finalize Documents > Conduct Funding > Conduct Funding Audits
Product Release
Ideate > Design > Build > Release
Sell Product is a value stream, made up of value stages Identify options, Evaluate options, and so on.
1-3 hours
Once we have a good understanding of our value streams, we need to decide which ones to focus on for deeper analysis and modeling, e.g. extend the business architecture to more detailed level 2 capabilities.
Organization has goals and delivers products or services.
| Input | Output |
|---|---|
|
|
| Materials | Participants |
|
|
The first step of creating a value stream is defining it.
The second step is the value stream mapping.
Title
Scope
Objectives
Example Value Streams List
| Title | Scope | Objectives |
| Sell Product | From option identification to payment | Revenue Growth |
| … | … | … |
| … | … | … |
| A Decompose the Value Stream Into Stages | B Add the Customer Perspective |
|
|
| C Add the Expected Outcome | D Define the Entry and Exit Criteria |
|
|
| E Outline the Metrics | F Assess the Stages |
|
|
The first step in creating a value stream map is breaking it up into its component stages.
The stages of a value stream are usually action-oriented statements or verbs that make up the individual steps involved throughout the scope of the value stream.
The Benefit
Segmenting your value stream into individual stages will give you a better understanding of the steps involved in creating value.
The Benefit
Adding the customer’s perspective will inform you of their priorities at each stage of the value stream.
The Benefit
Understanding the organization’s desired outcome at each stage of the value stream will help set objectives and establish metrics.
The Benefit
Establishing the entry and exit criteria for each stage will help you understand how the customer experience flows from one end of the stream to the other.
The Benefit
Setting metrics for each stage will facilitate the tracking of success and inform the business architecture practitioner of where investments should be made.
To determine which specific business capabilities you should seek to assess and potentially refine, you must review performance toward target metrics at each stage of the value stream.
Stages that are not performing to their targets should be examined further by assessing the capabilities that enable them.
| Value Stage | Metric Description | Metric Target | Current Measure | Meets Objective? |
| Evaluate Options | Number of Product Demonstrations | 12,000/month | 9,000/month | No |
| Identify Options | Google Searches | 100K/month | 100K/month | Yes |
| Identify Options | Product Mentions | 1M/month | 1M/month | Yes |
| … | Website Traffic (Hits) | … | … | … |
| Average Deal Size | ||||
| Number of Deals | ||||
| Time to Complete an Order | ||||
| Percentage of Invoices Without Error | ||||
| Average Time to Acquire Payment in Full |
Sell Product
Identify Options > Evaluate Options > Negotiate Price and Delivery Date > Place Order > Get Invoice > Make Payment
The value stage(s) that doesn’t meet its objective metrics should be examined further.
Info-Tech Insight
In the absence of tangible metrics, you will have to make a qualitative judgement about which stage(s) of the value stream warrant further examination for problems and opportunities.
| Business context | Define value streams | Build business capability map |
|---|---|---|
| 1.1 Select key stakeholders 1.2 Collect and understand corporate goals |
2.1 Update or define value streams 2.2 Decompose and analyze selected value stream |
3.1 Build Level 1 capability map 3.2 Build Level 2 capability map 3.3 Heatmap capability map 3.4 Roadmap |
This step will walk you through the following activities:
This step involves the following participants:
Outcomes of this step
The Business Capability Map is the primary visual representation of the organization’s key abilities or services that are delivered to stakeholders. This model forms the basis of strategic planning discussions.
A business capability map can be thought of as a visual representation of your organization’s business capabilities and represents a view of what your data program must support.
Validate your business capability map with the right stakeholders, including your executive team, business unit leaders, and/or other key stakeholders.
Example business capability map for: Higher Education
A business capability map can be thought of as a visual representation of your organization’s business capabilities and represents a view of what your data program must support.
Validate your business capability map with the right stakeholders, including your executive team, business unit leaders, and/or other key stakeholders.
Example business capability map for: Local Government
Source: Lambert, “Practical Guide to Agile Strategy Execution”
1-3 hours
Ensure you engage with the right stakeholders:
Don’t waste your efforts building an inaccurate depiction of the business: The exercise of identifying capabilities for an organization is very introspective and requires deep analysis.
It is challenging to develop a common language that everyone will understand and be able to apply. Invest in the time to ensure the right stakeholders are brought into the fold and bring their business area expertise and understanding to the table.
| Input | Output |
|---|---|
|
|
| Materials | Participants |
|
|
Align the innovation goals and business objectives of your organization to your value streams (the critical actions that take place within your organization to add value to a customer).
Prioritize a value stream to transform based on the number of priorities aligned to a value stream and/or the business value (e.g. revenue, EBITDA earnings, competitive differentiation, or cost efficiency).
Working alongside a business or enterprise architect, build a reference architecture for the prioritized value stream up to level 2.
Info-Tech Insight
To produce maximum impact, focus on value streams that provide two-thirds of your enterprise value (EBITDA earnings).
1-3 hours
It is only at level 2 and further that we can pinpoint the business capabilities – the exact resources, whether applications or data or processes – that we need to focus on to realize improvements in the organization’s performance and customer experience.
| Input | Output |
|---|---|
|
|
| Materials | Participants |
|
|
Download: See your Account Representative for access to Info-Tech’s Reference Architecture Template
1-3 hours
Determine the organization’s key capabilities.
| Input | Output |
|---|---|
|
|
| Materials | Participants |
|
|
Download: See your Account Representative for access to Info-Tech’s Reference Architecture Template
Note: Illustrative Example
Note: Illustrative Example
Note: Illustrative Example
Note: Illustrative Example
Note: Illustrative Example
| MoSCoW Rank | IT Implication | Value Stream Impacted | Comments/Actions |
|---|---|---|---|
| M | [Implication] | [Value Stream] | |
| M | [Implication] | [Value Stream] | |
| M | [Implication] | [Value Stream] | |
| S | [Implication] | [Value Stream] | |
| S | [Implication] | [Value Stream] | |
| S | [Implication] | [Value Stream] | |
| C | [Implication] | [Value Stream] | |
| C | [Implication] | [Value Stream] | |
| C | [Implication] | [Value Stream] | |
| W | [Implication] | [Value Stream] | |
| W | [Implication] | [Value Stream] | |
| W | [Implication] | [Value Stream] |
1-3 hours
Unify the organization’s perspective on how it creates value.
| Input | Output |
|---|---|
|
|
| Materials | Participants |
|
|
Download: See your Account Representative for access to Info-Tech’s Reference Architecture Template
| Enterprise Architecture Domain | Architectural View | Selection |
|---|---|---|
| Business Architecture | Business strategy map | Required |
| Business Architecture | Business model canvas | Optional |
| Business Architecture | Value streams | Required |
| Business Architecture | Business capability map | Not Used |
| Business Architecture | Business process flows | |
| Business Architecture | Service portfolio | |
| Data Architecture | Conceptual data model | |
| Data Architecture | Logical data model | |
| Data Architecture | Physical data model | |
| Data Architecture | Data flow diagram | |
| Data Architecture | Data lineage diagram |
The Industry Business Reference Architecture Template for your industry is a place for you to collect all of the activity outputs and outcomes you’ve completed for use in next-steps.
Download the Industry Business Reference Architecture Template for your industry
| DIY Toolkit | Guided Implementation | Workshop | Consulting |
|---|---|---|---|
| "Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful." | "Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track." | "We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place." | "Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project." |
Diagnostics and consistent frameworks are used throughout all four options
| Name | Role | Organization |
| Ibrahim Abdel-Kader | Research Analyst, Data & Analytics | Info-Tech Research Group |
| Ben Abrishami-Shirazi | Technical Counselor, Enterprise Architecture | Info-Tech Research Group |
| Andrew Bailey | Consulting, Manager | Info-Tech Research Group |
| Dana Dahar | Research & Advisory Director, CIO / Digital Business Strategy | Info-Tech Research Group |
| Larry Fretz | VP | Info-Tech Research Group |
| Shibly Hamidur | Enterprise Architect | Toronto Transit Commission (TTC) |
| Rahul Jaiswal | Principal Research Director, Industry | Info-Tech Research Group |
| John Kemp | Executive Counselor, Executive Services | Info-Tech Research Group |
| Gerald Khoury | Senior Executive Advisor | Info-Tech Research Group |
| Igor Ikonnikov | Principal Advisory Director, Data & Analytics | Info-Tech Research Group |
| Daniel Lambert | VP | Benchmark Consulting |
| Milena Litoiu | Principal Research Director, Enterprise Architecture | Info-Tech Research Group |
| Andy Neill | AVP Data & Analytics, Chief Enterprise Architect | Info-Tech Research Group |
| Rajesh Parab | Research Director, Data & Analytics | Info-Tech Research Group |
| Rick Pittman | VP, Research | Info-Tech Research Group |
| Irina Sedenko | Research Director, Data & Analytics | Info-Tech Research Group |
Andriole, Steve. “Why No One Understands Enterprise Architecture & Why Technology Abstractions Always Fail.” Forbes, 18 September 2020. Web.
“APQC Process Classification Framework (PCF) – Retail.” American Productivity & Quality Center, 9 January 2019. Web.
Brose, Cari. “Who’s on First? Architecture Roles and Responsibilities in SAFe.” Business Architecture Guild, 9 March 2017. Web.
Burlton, Roger, Jim Ryne, and Daniel St. George. “Value Streams and Business Processes: The Business Architecture Perspective.” Business Architecture Guild, December 2019. Web.
“Business Architecture: An overview of the business architecture professional.” Capstera, 5 January 2022. Web.
Business Architecture Guild. “What is Business Architecture?” Business Analyst Mentor, 18 November 2022. Web.
“Business Architecture Overview.” The Business Architecture Working Group of the Object Management Group (OMG), n.d. Web.
“Delivering on your strategic vision.” The Business Architecture Guild, n.d. Web.
Ecker, Grant. “Deploying business architecture.” LinkedIn, 11 November 2021. (Presentation)
IRIS. “Retail Business Architecture Framework and Examples.” IRIS Business Architect, n.d. Web.
IRIS. “What Is Business Architecture?” IRIS Business Architect, 8 May 2014. Web.
IRIS. “Your Enterprise Architecture Practice Maturity 2021 Assessment.” IRIS Business Architect, 17 May 2021. Web.
Khuen, Whynde. “How Business Architecture Breaks Down and Bridges Silos.” Biz Arch Mastery, January 2020. Web.
Lambert, Daniel. “Practical Guide to Agile Strategy Execution.” 18 February 2020.
Lankhorst, Marc, and Bernd Ihnen. “Mapping the BIZBOK Metamodel to the ArchiMate Language.” Bizzdesign, 2 September 2021. Web.
Ramias, Alan, and Andrew Spanyi, “Demystifying the Relationship Between Processes and Capabilities: A Modest Proposal.” BPTrends, 2 February 2015. Web.
Newman, Daniel. “NRF 2022: 4 Key Trends From This Year’s Big Show.” Forbes, 20 January 2022. Web.
Research and Markets. “Define the Business Context Needed to Complete Strategic IT Initiatives: 2018 Blueprint.” Business Wire, 1 February 2018. Web.
Sabanoglu, Tugba. “Retail market worldwide - Statistics & Facts.” Statista, 21 April 2022. Web.
Spacey, John. “Capability vs Process.” Simplicable, 18 November 2016. Web.
“The Definitive Guide to Business Capabilities.” LeanIX, n.d. Web.
TOGAF 9. Version 9.1. The Open Group, 2011. Web.
“What is Business Architecture?” STA Group, 2017. PDF.
Whittie, Ralph. “The Business Architecture, Value Streams and Value Chains.” BA Institute, n.d. Web.
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Determine the stakeholders for an IT department of a singular initiative.
Use the guidance of this section to analyze stakeholders on both a professional and personal level.
Use Info-Tech’s guiding principles of stakeholder management to direct how to best engage key stakeholders.
Use real-life experiences from Info-Tech’s analysts to understand how to use and apply stakeholder management techniques.
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Most business leaders think that the best way to beat the competition is to push their development teams harder and demand faster delivery. I've seen the opposite happen many times.
When you prioritize "shipping fast" and "getting to market first," you often end up taking the longest time to succeed, because your team must spend months, sometimes years, addressing the problems caused by your haste. On the surface, things appear to be improving, but internally, they can feel overwhelming. You will notice this impact on your staff.
This is the harsh truth about rushing IT development:
Here's what really happens in the codebase when you tell your team to "just get it done fast": you don't do proper input validation and sanitization because you say, "We'll add that later." And then you have to deal with SQL injection attacks and data breaches for months. This wasted time could have been avoided by using simple parameterized queries and validation frameworks.
In 2024, the average cost of a data breach was $4.88 million. 73% of these breaches require more than 200 days to resolve. You only code for the happy flow, but real users submit incorrect data, experience network timeouts, and encounter failures with third-party APIs.
Your app crashes more than it should because you didn't set up proper error handling, or circuit breakers, or graceful degradation patterns. I know these take time to implement, but what would you rather have? Customers abandoning it?
Businesses lose an average of $5,600 per minute when their systems go down, and e-commerce sites can lose up to $300,000 per hour during busy times. Instead of fixing the root causes of problems, you just patch them up with quick fixes. Instead of proper garbage collection, that memory leak gets a band-aid restart script. Instead of being optimized, the slow database query is cached.
Soon, you will find yourself struggling to keep your building intact.
To keep up with technical debt, companies usually have to spend 23–42% of their total IT budget each year.
You don't do full testing because "writing unit tests takes longer than manual testing." This approach does not include load testing, test-driven development, or integration testing. Your first real test is when you have paying customers in production. Companies that don't test their software properly have 60% more bugs in their products and spend 40% more time fixing them than companies that do.
You start without being able to properly monitor and see what's going on. There are no logging frameworks, no application performance monitoring, and no health checks in place. When things go wrong—and they will—it's difficult to figure out what's amiss. Without proper monitoring, it takes an average of 4.5 hours to find and fix IT problems. With full observability tools, it only takes 45 minutes.
It's easy to see that every shortcut you take today will cause two new problems tomorrow. Each of those problems makes two more. You're going to be in a lot of trouble with technical debt, security holes, and unstable systems soon. All because you were in a hurry to meet some random deadline.
The true cost of rushing in those "move fast and break things" success stories is often overlooked. You don't guarantee a quick time to market when you rush code to market. You're just making sure that failure to market happens quickly. Remember that most Silicon Valley break-movers lose millions, but you never read about those; you only read about the 1 in 350 VC-backed companies that make it. That is a staggering 0.29%. I would not bet on that strategy just yet.
Because code that is rushed doesn't just break once. It breaks all the time. In production. This issue arises when dealing with real customers. At the worst times. Your developers are putting out fires instead of adding new features. Instead of adding the features that the customer asked for, they're fixing race conditions at 2 AM. They're patching vulnerabilities in dependencies rather than creating the next version.
According to research, developers in environments with a lot of technical debt spend 42% of their time on maintenance and bug fixes, while those in well-architected systems spend only 23% of their time on these tasks. Bad code drives up your infrastructure costs by requiring more servers to handle the same load. Your database runs slower because no one took the time to make the right indexes or make the queries run faster. Unoptimized applications typically require 3 to 5 times more infrastructure resources, directly impacting your cloud computing and operational costs.
The costs of getting new customers go up because products that are rushed have higher churn rates. People stop using apps that crash a lot or don't work well. For example, 53% of mobile users will stop using an app if it takes longer than 3 seconds to load. It costs 5 to 25 times more to get a new customer than to keep an old one.
In the meantime, what about your competitor who took an extra month to set up proper error handling, security controls, and performance optimization? They're growing smoothly while you're still working on the base.
Let me tell you a myth that is costing you millions: The race isn't about speed unless you're in a real winner-take-all market with huge network effects. It's about lasting.
There is usually room for more than one winner in most markets. Your real job isn't to be the first to market; it's to still be there when the "fast movers" fail because they owe too much money. The businesses that are the biggest in their markets aren't usually the first ones there. They are the ones who took the time to use excellent software engineering practices from the start. They used well-known security frameworks like the OWASP guidelines to make their systems safe, set up the right authentication and authorization patterns, and made sure their APIs were designed with security and resilience in mind from the start.
Companies that have good security practices have 76% fewer security incidents and save an average of $1.76 million for every breach they avoid. They wrote code for failure scenarios using patterns like retry logic with exponential backoff, circuit breakers to stop failures from spreading, and bulkhead isolation to keep problems from spreading.
They set up full logging and monitoring so they could find problems before customers did. Systems that are built well and have the right resilience patterns are up 99.9% of the time, while systems that are built quickly are up 95% to 98% of the time. While you may believe that 95% to 98% uptime is an acceptable figure to agree to, take a moment to consider what that actually translates to in terms of downtime for your availability metrics. Remember that you should only calculate the times you really want to be available. This is due to the fact that any unavailability during your downtime is not taken into account. But failures do not take your opening hours into consideration.
Successful companies used domain-driven design to get the business requirements right, made complete API documentation, and built automated testing suites that found regressions before deployment. Companies that do a lot of testing deliver features 2.5 times faster and with 50% fewer bugs after deployment.
They made sure that their environments were always the same by using infrastructure as code, setting up the right CI/CD pipelines with automated security scanning and regression testing, and planning for horizontal scaling from the start.
Companies that have mature DevOps practices deploy 208 times more often and have lead times that are 106 times faster, all while being more reliable.
The truth is that your development schedule isn't about meeting deadlines. The purpose is to create systems that function effectively when real people use them in real-life situations with actual data and at a large scale. If your code crashes under load because you didn't use the right caching strategies or database connection pooling, it doesn't matter how fast it is to market.
If you neglect to conduct security code reviews and utilize static analysis tools, the likelihood of hacking increases significantly.
Think about the return on investment: putting in an extra 20–30% up front for the right architecture, security, and testing usually cuts the total cost of ownership by 60–80% over the life of the application.
The first "delay" of 2 to 4 weeks for proper engineering practices saves 6 to 12 months of fixing technical debt later on.
You have a simple choice: either take the time to follow excellent software engineering practices now, or spend the next two years telling customers why your system is down again while your competitors take your market share. The companies that last and eventually take over choose quality engineering over random speed. I leave it up to your imagination as to what multi-trillion-dollar company immediately comes to mind.
Getting a seat at the table is your first objective in building a strategic roadmap. Knowing what the business wants to do and understanding what it will need in the future is a challenge for most IT departments.
This could be a challenge such as:
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
In this section you will develop a vision and mission statement and set goals that align with the business vision and goals. The outcome will deliver your guiding principles and a list of goals that will determine your initiatives and their priorities.
Consider your future state by looking at technology that will help the business in the future. Complete an analysis of your past spending to determine your future spend. Complete a SWOT analysis to determine suitability.
Develop a risk framework that may slow or hinder your strategic initiatives from progressing and evaluate your technical debt. What is the current state of your infrastructure? Generate and prioritize your initiatives, and set dates for completion.
After creating your roadmap, communicate it to your audience. Identify who needs to be informed and create an executive brief with the template download. Finally, create KPIs to measure what success looks like.
Infrastructure roadmaps are an absolute necessity for all organizations. An organization's size often dictates the degree of complexity of the roadmap, but they all strive to paint the future picture of the organization's IT infrastructure.
Infrastructure roadmaps typically start with the current state of infrastructure and work on how to improve. That thinking must change! Start with the future vision, an unimpeded vision, as if there were no constraints. Now you can see where you want to be.
Look at your past to determine how you have been spending your infrastructure budget. If your past shows a trend of increased operational expenditures, that trend will likely continue. The same is true for capital spending and staffing numbers.
Now that you know where you want to go, and how you ended up where you are, look at the constraints you must deal with and make a plan. It's not as difficult as it may seem, and even the longest journey begins with one step.
Speaking of that first step, it should be to understand the business goals and align your roadmap with those same goals. Now you have a solid plan to develop a strategic infrastructure roadmap; enjoy the journey!
There are many reasons why you need to build a strategic IT infrastructure roadmap, but your primary objectives are to set the long-term direction, build a framework for decision making, create a foundation for operational planning, and be able to explain to the business what you are planning. It is a basis for accountability and sets out goals and priorities for the future.
Other than knowing where you are going there are four key benefits to building the roadmap.
When complete, you will be able to communicate to your fellow IT teams what you are doing and get an understanding of possible business- or IT-related roadblocks, but overall executing on your roadmap will demonstrate to the business your competencies and ability to succeed.
PJ Ryan
Research Director
Infrastructure & Operations Practice
Info-Tech Research Group
John Donovan
Principal Research Director
Infrastructure & Operations Practice
Info-Tech Research Group
Your Challenge
When it comes to building a strategic roadmap, getting a seat at the table is your first objective. Knowing what the business wants to do and understanding its future needs is a challenge for most IT organizations.
Challenges such as:
Common Obstacles
Fighting fires, keeping the lights on, patching, and overseeing legacy debt maintenance – these activities prevent your IT team from thinking strategically and looking beyond day-to-day operations. Issues include:
Procrastinating when it comes to thinking about your future state will get you nowhere in a hurry.
Info-Tech's Approach
Look into your past IT spend and resources that are being utilized.
Build your roadmap by setting priorities, understanding risk and gaps both in finance and resources. Overall, your roadmap is never done, so don't worry if you get it wrong on the first pass.
Info-Tech Insight
Have a clear vision of what the future state is, and know that when creating an IT infrastructure roadmap, it is never done. This will give your IT team an understanding of priorities, goals, business vision, and risks associated with not planning. Understand what you are currently paying for and why.
"Planning is bringing the future into the present so that you can do something about it now."
Source: Alan Lakein, Libquotes
Many organizations' day-to-day IT operations are tactical and reactive. This needs to change; the IT team needs to become strategic and proactive in its planning and execution. Forward thinking bridges the gap from your current state, to what the organization is, to what it wants to achieve. Your strategic objectives need to align to the business vision and goals and keep it running.
Identify what the business needs to meet its goals; this should be reflected in your roadmap priorities. Then identify the tasks and projects that can get you there. Business alignment is key, as these projects require prioritization. Strategic initiatives that align to business outcomes will be your foundation for planning on those priorities. If you do not align your initiatives, you will end up spinning your wheels. A good strategic roadmap will have all the elements of forward thinking and planning to execute with the right resources, right priorities, and right funding to make it happen.
Measure the cost of "keeping the lights on" as a baseline for your budget that is earmarked and already spent. Determine if your current spend is holding back innovation due to:
A successful strategic roadmap will be determined when you have a good handle on your current spending patterns and planning for future needs that include resources, budget, and know-how. Without a plan and roadmap, that plan will not get business buy-in or funding.
Time seepage
Technical debt
The strategic IT roadmap allows Dura to stay at the forefront of automotive manufacturing.
INDUSTRY: Manufacturing
SOURCE: Performance Improvement Partners
Challenge
Following the acquisition of Dura, MiddleGround aimed to position Dura as a leader in the automotive industry, leveraging the company's established success spanning over a century.
However, prior limited investments in technology necessitated significant improvements for Dura to optimize its processes and take advantage of digital advancements.
Solution
MiddleGround joined forces with PIP to assess technology risks, expenses, and prospects, and develop a practical IT plan with solutions that fit MiddleGround's value-creation timeline.
By selecting the top 15 most important IT projects, the companies put together a feasible technology roadmap aimed at advancing Dura in the manufacturing sector.
Results
Armed with due diligence reports and a well-defined IT plan, MiddleGround and Dura have a strategic approach to maximizing value creation.
By focusing on key areas such as analysis, applications, infrastructure and the IT organization, Dura is effectively transforming its operations and shaping the future of the automotive manufacturing industry.
A mere 25% of managers
can list three of the company's
top five priorities.
Based on a study from MIT Sloan, shared understanding of strategic directives barely exists beyond the top tiers of leadership.
29% |
Less than one-third of all IT projects finish on time. |
|---|---|
200% |
85% of IT projects average cost overruns of 200% and time overruns of 70%. |
70% |
70% of IT workers feel as though they have too much work and not enough time to do it. |
Source: MIT Sloan
Refresh strategies are still based on truisms (every three years for servers, every seven years for LAN, etc.) more than risk-based approaches.
Opportunity Cost
Assets that were suitable to enable business goals need to be re-evaluated as those goals change.
See Info-Tech's Manage Your Technical Debt blueprint
Initiatives collectively support the business goals and corporate initiatives, and improve the delivery of IT services.
A CIO has three roles: enable business productivity, run an effective IT shop, and drive technology innovation. Your key initiative plan must reflect these three mandates and how IT strives to fulfill them.
Manage
the lifecycle of aging equipment against current capacity and capability demands.
Curate
a portfolio of enabling technologies to meet future capacity and capability demands.
Initiate
a realistic schedule of initiatives that supports a diverse range of business goals.
Adapt
to executive feedback and changing business goals.
(Source: BMC)
| Business metric | Source(s) | Primary infrastructure drivers | Secondary infrastructure drivers |
|---|---|---|---|
Sales revenue |
Online store |
Website/Server (for digital businesses) |
|
# of new customers |
Call center |
Physical plant cabling in the call center |
|
You may not be able to directly influence the primary drivers of the business, but your infrastructure can have a major impact as a secondary driver.
Mission and Vision Statement
Goal Alignment (Slide 28)
Construct your vision and mission aligned to the business.
Strategic Infrastructure Roadmap tool
Build initiatives and prioritize them. Build the roadmap.
Infrastructure Domain Study
What is stealing your time from getting projects done?
Initiative Templates Process Maps & Strategy
Build templates for initiates, build process map, and develop strategies.
“Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful.”
“Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track.”
“We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place.”
“Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project.”
1. Align Strategy and Goals |
2. Envision Future and Analyze Constraints |
3. Align and Build the Roadmap |
4. Communicate and Improve the Process |
|
|---|---|---|---|---|
Phase steps |
1.1 Develop the infrastructure strategy 1.2 Define the goals |
2.1 Define the future state 2.2 Analyze constraints |
3.1 Align the roadmap 3.2 Build the roadmap |
4.1 Identify the audience 4.2 Improve the process |
Phase Outcomes |
|
|
|
|
| Phase 0 | Phase 1 | Phase 2 | Phase 3 | Phase 4 |
|---|---|---|---|---|
Call #1: Scope requirements, objectives, and your specific challenges. |
Call #2: Define mission and vision statements and guiding principles to discuss strategy scope. |
Call #4: Conduct a spend analysis and a time resource study. |
Call #6: Develop a risk framework and address technical debt. |
Call #10: Identify your audience and communicate. |
A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization.
A typical GI is 8 to 12 calls over the course of 4 to 6 months.
Contact your account representative for more information.
workshops@infotech.com 1-888-670-8889
Session 0 (Pre-workshop) |
Session 1 |
Session 2 |
Session 3 |
Session 4 |
Session 5 (Post-workshop) |
|---|---|---|---|---|---|
| Elicit business context | Align Strategy and Goals | Envision Future and Analyze Constraints | Align and Build the Roadmap | Communicate and Improve the Process | Wrap-up (offsite) |
0.1 Complete recommended diagnostic programs. |
1.1 Infrastructure strategy. 1.2 Business goal alignment |
2.1 Define the future state. 2.2 Analyze your constraints |
3.1 Align the roadmap 3.2 Build the roadmap. |
4.2 Identify the audience 4.2 Improve the process |
5.1 Complete in-progress deliverables from previous four days. |
|
|
|
|
|
|
Phase 1 | Phase 2 | Phase 3 | Phase 4 |
|---|---|---|---|
1.1 Infrastructure strategy 1.2 Goal alignment | 2.1 Define your future 2.2 Conduct constraints analysis | 3.1 Drive business alignment 3.2. Build the roadmap | 4.1 Identify the audience 4.2 Process improvement and measurements |
This phase will walk you through the following activities:
This phase involves the following participants:
1.1.1 Review/validate the business context
1.1.2 Construct your mission and vision statements
1.1.3 Elicit your guiding principles and finalize IT strategy scope
This step requires the following inputs:
This step involves the following participants:
Outcomes of this step
Use the IT Infrastructure Strategy and Roadmap Report Template to document the results from the following activities:
A mission statement
"A mission statement focuses on the purpose of the brand; the vision statement looks to the fulfillment of that purpose."
A vision statement
"A vision statement provides a concrete way for stakeholders, especially employees, to understand the meaning and purpose of your business. However, unlike a mission statement – which describes the who, what, and why of your business – a vision statement describes the desired long-term results of your company's efforts."
Source: Business News Daily, 2020
A strong mission statement has the following characteristics:
A strong vision statement has the following characteristics:
Ensure there is alignment between the business and IT statements.
Note: Mission statements may remain the same unless the IT department's mandate is changing.
Objective: Help teams define their purpose (why they exist) to build a mission statement (if one doesn't already exist).
Step 1:
Step 2:
Download the ITRG IT Infrastructure Strategy and Roadmap Report Template and document your mission and vision statements in Section 1.
Input
Output
Materials
Participants
Objective: Help teams define their purpose (why they exist) to build a mission statement (if one doesn't already exist).
This step involves reviewing individual mission statements, combining them, and building one collective mission statement for the team.
Use the 20x20 rule for group decision-making. Give the group no more than 20 minutes to craft a collective team purpose with no more than 20 words.
Download the ITRG IT Infrastructure Strategy and Roadmap Report Template and document your mission and vision statements in Section 1.
Input
Output
Materials
Participants
Download the ITRG IT Infrastructure Strategy and Roadmap Report Template and document your mission and vision statements in Section 1.
Input
Output
Materials
Participants
Step 5:
Step 6:
Download the ITRG IT Infrastructure Strategy and Roadmap Report Template and document your mission and vision statements in Section 1.
Input
Output
Materials
Participants
Source: Hyper Island
Input
Output
Materials
Participants
Strong IT mission statements have the following characteristics:
Sample IT Mission Statements:
Strong IT vision statements have the following characteristics:
Sample IT vision statements:
Quoted From ITtoolkit, 2020
INDUSTRY: Professional Services
COMPANY: This case study is based on a real company but was anonymized for use in this research.
Business |
IT | ||
|---|---|---|---|
Mission |
Vision |
Mission |
Vision |
We help IT leaders achieve measurable results by systematically improving core IT processes, governance, and critical technology projects. |
Acme Corp. will grow to become the largest research firm across the industry by providing unprecedented value to our clients. |
IT provides innovative product solutions and leadership that drives growth and success. |
We will relentlessly drive value to our customers through unprecedented innovation. |
Strategic guiding principles advise the IT organization on the boundaries of the strategy.
Guiding principles are a priori decisions that limit the scope of strategic thinking to what is acceptable organizationally, from budgetary, people, and partnership standpoints. Guiding principles can cover other dimensions, as well.
Organizational stakeholders are more likely to follow IT principles when a rationale is provided.
After defining the set of IT principles, ensure that they are all expanded upon with a rationale. The rationale ensures principles are more likely to be followed because they communicate why the principles are important and how they are to be used. Develop the rationale for each IT principle your organization has chosen.
IT guiding principles = IT strategy boundaries
Breadth
of the IT strategy can span across the eight perspectives: people, process, technology, data, process, sourcing, location, and timing.
Defining which of the eight perspectives is in scope for the IT strategy is crucial to ensuring the IT strategy will be comprehensive, relevant, and actionable.
Depth
of coverage refers to the level of detail the IT strategy will go into for each perspective. Info-Tech recommends that depth should go to the initiative level (i.e. individual projects).
Organizational coverage
will determine which part of the organization the IT strategy will cover.
Planning horizon
of the IT strategy will dictate when the target state should be reached and the length of the roadmap.
| Approach focused | IT principles are focused on the approach, i.e. how the organization is built, transformed, and operated, as opposed to what needs to be built, which is defined by both functional and non-functional requirements. |
|---|---|
| Business relevant | Create IT principles that are specific to the organization. Tie IT principles to the organization's priorities and strategic aspirations. |
| Long lasting | Build IT principles that will withstand the test of time. |
| Prescriptive | Inform and direct decision-making with IT principles that are actionable. Avoid truisms, general statements, and observations. |
| Verifiable | If compliance can't be verified, the principle is less likely to be followed. |
| Easily digestible | IT principles must be clearly understood by everyone in IT and by business stakeholders. IT principles aren't a secret manuscript of the IT team. IT principles should be succinct; wordy principles are hard to understand and remember. |
| Followed | Successful IT principles represent a collection of beliefs shared among enterprise stakeholders. IT principles must be continuously reinforced to all stakeholders to achieve and maintain buy-in. In organizations where formal policy enforcement works well, IT principles should be enforced through appropriate governance processes. |
IT principle name |
IT principle statement |
|---|---|
| 1. Enterprise value focus | We aim to provide maximum long-term benefits to the enterprise as a whole while optimizing total costs of ownership and risks. |
| 2. Fit for purpose | We maintain capability levels and create solutions that are fit for purpose without over engineering them. |
| 3. Simplicity | We choose the simplest solutions and aim to reduce operational complexity of the enterprise. |
| 4. Reuse > buy > build | We maximize reuse of existing assets. If we can't reuse, we procure externally. As a last resort, we build custom solutions. |
| 5. Managed data | We handle data creation, modification, and use enterprise-wide in compliance with our data governance policy. |
| 6. Controlled technical diversity | We control the variety of technology platforms we use. |
| 7. Managed security | We manage security enterprise-wide in compliance with our security governance policy. |
| 8. Compliance to laws and regulations | We operate in compliance with all applicable laws and regulations. |
| 9. Innovation | We seek innovative ways to use technology for business advantage. |
| 10. Customer centricity | We deliver best experiences to our customers with our services and products. |
Source: Hyper Island
Download the ITRG IT Infrastructure Strategy and Roadmap Report Template and document your mission and vision statements in Section 1.
Input
Output
Materials
Participants
Quoted From: Office of Information Technology, 2014; Future of CIO, 2013
INDUSTRY: Professional Services
COMPANY: Acme Corp.
The following guiding principles define the values that drive IT's strategy in FY23 and provide the criteria for our 12-month planning horizon.
Your mission and vision statements and your guiding principles should be the first things you communicate on your IT strategy document.
Why is this important?
Input information into the IT Strategy Presentation Template.
If you would like additional support, have our analysts guide you through other phases as part of an Info-Tech workshop
Contact your account representative for more information.
workshops@infotech.com 1-888-670-8889
1.2.1 Intake identification and analysis
1.2.2 Survey results analysis
1.2.3 Goal brainstorming
1.2.4 Goal association and analysis
This step requires the following inputs:
This step involves the following participants:
"Typically, IT thinks in an IT first, business second, way: 'I have a list of problems and if I solve them, the business will benefit.' This is the wrong way of thinking. The business needs to be thought of first, then IT."
– Fred Chagnon, Infrastructure Director,
Info-Tech Research Group
If you're not soliciting input from or delivering on the needs of the various departments in your company, then who is? Be explicit and track how you communicate with each individual unit within your company.
It may not be a democracy, but listening to everyone's voice is an essential step toward generating a useful roadmap.
Building good infrastructure requires an understanding of how it will be used. Explicit consultation with stakeholders maximizes a roadmap's usefulness and holds the enterprise accountable in future roadmap iterations as goals change.
Who are the customers for infrastructure?
Internal customer examples:
External customer examples:
Discussion:
Input
Output
Materials
Participants
INDUSTRY: Education
COMPANY: Collegis Education
Challenge
In 2019, Saint Francis University decided to expand its online program offering to reach students outside of its market.
It had to first transform its operations to deliver a high-quality, technology-enabled student experience on and off campus. The remote location of the campus posed power outages, Wi-Fi issues, and challenges in attracting and retaining the right staff to help the university achieve its goals.
It began working with an IT consulting firm to build a long-term strategic roadmap.
Solution
The consultant designed a strategic multi-year roadmap for digital transformation that would prioritize developing infrastructure to immediately improve the student experience and ultimately enable the university to scale its online programs. The consultant worked with school leadership to establish a virtual CIO to oversee the IT department's strategy and operations. The virtual CIO quickly became a key advisor to the president and board, identifying gaps between technology initiatives and enrollment and revenue targets. St. Francis staff also transitioned to the consultant's technology team, allowing the university to alleviate its talent acquisition and retention challenges.
Results
A simple graph showing the breakdown of projects by business unit is an excellent visualization of who is getting the most from infrastructure services.
Show everyone in the organization that the best way to get anything done is by availing themselves of the roadmap process.
Technology-focused IT staff are notoriously disconnected from the business process and are therefore often unable to explain the outcomes of their projects in terms that are meaningful to the business.
When business, IT, and infrastructure goals are aligned, the business story writes itself as you follow the path of cascading goals upward.
So many organizations we speak with don't have goals written down. This rarely means that the goals aren't known, rather that they're not clearly communicated.
When goals aren't clear, personal agendas can take precedence. This is what often leads to the disconnect between what the business wants and what IT is delivering.
Discussion:
Examples: The VP of Operations is looking to reduce office rental costs over the next three years. The VP of Sales is focused on increasing the number of face-to-face customer interactions. Both can potentially be served by IT activities and technologies that increase mobility.
Input
Output
Materials
Participants
Discussion:
Is there a lot of agreement within the group? What does it mean if there are 10 or 15 groups with equal numbers of sticky notes? What does it mean if there are a few top groups and dozens of small outliers?
How does the group's understanding compare with that of the Director and/or CIO?
What mechanisms are in place for the business to communicate their goals to infrastructure? Are they effective? Does the team take the time to reimagine those goals and internalize them?
What does it mean if infrastructure's understanding differs from the business?
Input
Output
Materials
Participants
Now that infrastructure has a consensus on what it thinks the business' goals are, suggest a meeting with leadership to validate this understanding. Once the first picture is drawn, a 30-minute meeting can help clear up any misconceptions.
With a framework of cascading goals in place, a roadmap is a Rosetta Stone. Being able to map activities back to governance objectives allows you to demonstrate value regardless of the audience you are addressing.
(Info-Tech, Build a Business-Aligned IT Strategy 2022)
Wherever possible use the language of your customers to avoid confusion, but at least ensure that everyone in infrastructure is using a common language.
Discussion:
Input
Output
Materials
Participants
If you would like additional support, have our analysts guide you through other phases as part of an Info-Tech workshop
Contact your account representative for more information.
workshops@infotech.com 1-888-670-8889
Phase 1 | Phase 2 | Phase 3 | Phase 4 |
|---|---|---|---|
1.1 Infrastructure strategy 1.2 Goal alignment | 2.1 Define your future 2.2 Conduct constraints analysis | 3.1 Drive business alignment 3.2. Build the roadmap | 4.1 Identify the audience 4.2 Process improvement and measurements |
This phase will walk you through the following activities:
This phase involves the following participants:
2.1.1 Define your future infrastructure vision
2.1.2 Document desired future state
2.1.3 Develop a new technology identification process
2.1.4 Conduct a SWOT analysis
This step requires the following inputs:
This step involves the following participants:
Outcomes of this step
"Very few of us are lucky enough to be one of the first few employees in a new organization. Those of you who get to plan the infrastructure with a blank slate and can focus all of your efforts on doing things right the first time."
BMC, 2018
"A company's future state is ultimately defined as the greater vision for the business. It's where you want to be, your long-term goal in terms of the ever-changing state of technology and how that applies to your present-day business."
"Without a definitive future state, a company will often find themselves lacking direction, making it harder to make pivotal decisions, causing misalignment amongst executives, and ultimately hindering the progression and growth of a company's mission."
Source: Third Stage Consulting
"When working with digital technologies, it is imperative to consider how such technologies can enhance the solution. The future state should communicate the vision of how digital technologies will enhance the solutions, deliver value, and enable further development toward even greater value creation."
Source: F. Milani
Define your infrastructure roadmap as if you had a blank slate – no constraints, no technical debt, and no financial limitations. Imagine your future infrastructure and let that vision drive your roadmap.
This is not intended to be a thesis grade research project, nor an onerous duty. Most infrastructure practitioners came to the field because of an innate excitement about technology! Harness that excitement and give them four to eight hours to indulge themselves.
An output of approximately four slides per technology candidate should be sufficient to decided if moving to PoC or pilot is warranted.
Including this material in the roadmap helps you control the technology conversation with your audience.
Don't start from scratch. Recall the original sources from your technology watchlist. Leverage vendors and analyst firms (such as Info-Tech) to give the broad context, letting you focus instead on the specifics relevant to your business.
Implementing every new promising technology would cost prodigious amounts of money and time. Know the costs before choosing what to invest in.
The risk of a new technology failing is acceptable. The risk of that failure disrupting adjacent core functions is unacceptable. Vet potential technologies to ensure they can be safely integrated.
Best practices for new technologies are nonexistent, standards are in flux, and use cases are fuzzy. Be aware of the unforeseen that will negatively affect your chances of a successful implementation.
"Like early pioneers crossing the American plains, first movers have to create their own wagon trails, but later movers can follow in the ruts."
Harper Business, 2014
The right technology for someone else can easily be the wrong technology for your business.
Even with a mature Enterprise Architecture practice, wrong technology bets can happen. Minimize the chance of this occurrence by making selection an infrastructure-wide activity. Leverage the practical knowledge of the day-to-day operators.
First Mover |
47% failure rate |
Fast Follower |
8% failure rate |
Objective: Help teams define their future infrastructure state (assuming zero constraints or limitations).
Discussion:
Download the IT Infrastructure Strategy and Roadmap Report Template and document your mission and vision statements in Section 1.
Input
Output
Materials
Participants
Steps:
Discussion:
| Infrastructure Future State Vision | ||
|---|---|---|
| Item | Focus Area | Future Vision |
| 1 | Residing on Microsoft 365 | |
| 2 | Servers | Hosted in cloud - nothing on prem. |
| 3 | Endpoints | virtual desktops on Microsoft Azure |
| 4 | Endpoint hardware | Chromebooks |
| 5 | Network | internet only |
| 6 | Backups | cloud based but stored in multiple cloud services |
| 7 | ||
Download Info-Tech's Infrastructure Strategy and Roadmap Tool and document your future state vision in the Infrastructure Future State tab.
Input
Output
Materials
Participants
Discussion:
Input
Output
Materials
Participants
It is impractical for everyone to present their tech briefing at the monthly meeting. But you want to avoid a one-to-many exercise. Keep the presenter a secret until called on. Those who do not present live can still contribute their material to the technology watchlist database.
Four to eight hours of research per technology can uncover a wealth of relevant information and prepare the infrastructure team for a robust discussion. Key research elements include:
Download the IT Infrastructure Strategy and Roadmap Report Template slides 21, 22, 23 for sample output.
Beware airline magazine syndrome! |
Symptoms |
Pathology |
|---|---|---|
|
Outbreaks tend to occur in close proximity to
|
Effective treatment options
While no permanent cure exists, regular treatment makes this chronic syndrome manageable.
You want to present a curated landscape of technologies, demonstrating that you are actively maintaining expertise in your chosen field.
Most enterprise IT shops buy rather than develop their technology, which means they want to focus effort on what is market available. The outcome is that infrastructure sponsors and delivers new technologies whose capabilities and features will help the business achieve its goals on this roadmap.
If you want to think more like a business disruptor or innovator, we suggest working through the blueprint Exploit Disruptive Infrastructure Technology.
Explore technology five to ten years into the future!
The ROI of any individual effort is difficult to justify – in aggregate, however, the enterprise always wins!
Money spent on Google Glass in 2013 seemed like vanity. Certainly, this wasn't enterprise-ready technology. But those early experiences positioned some visionary firms to quickly take advantage of augmented reality in 2018. Creative research tends to pay off in unexpected and unpredictable ways.
.
Discussion:
Input
Output
Materials
Participants
2.2.1 Historical spend analysis
2.2.2 Conduct a time study
2.2.3 Identify roadblocks
This step requires the following inputs:
This step involves the following participants:
Outcomes of this step
"A Budget is telling your money where to go, instead of wondering where it went."
-David Ramsay
"Don't tell me where your priorities are. Show me where you spend your money and I'll tell you what they are"
-James Frick, Due.com
| Annual IT budgeting aligns with business goals | |
 |
50% of businesses surveyed see that improvements are necessary for IT budgets to align to business goals, while 18% feel they require significant improvements to align to business goals |
Challenges in IT spend visibility |
|
 |
Visibility of all spend data for on-prem, SaaS and cloud environments |
The challenges that keep IT leaders up at night |
|
 |
Lack of visibility in resource usage and cost |
Download the Infrastructure Roadmap Financial Analysis Tool
( additional Deep Dive available if required)
Input
Output
Materials
Participants
Download the Infrastructure Roadmap Financial Analysis Tool
( additional Deep Dive available if required)
Input
Output
Materials
Participants
Internal divisions that seem important to infrastructure may have little or even negative value when it comes to users accessing their services.
Domains are the logical divisions of work within an infrastructure practice. Historically, the organization was based around physical assets: servers, storage, networking, and end-user devices. Staff had skills they applied according to specific best practices using physical objects that provided functionality (computing power, persistence, connectivity, and interface).
Modern enterprises may find it more effective to divide according to activity (analytics, programming, operations, and security) or function (customer relations, learning platform, content management, and core IT). As a rule, look to your organizational chart; managers responsible for buying, building, deploying, or supporting technologies should each be responsible for their own domain.
Regardless of structure, poor organization leads to silos of marginally interoperable efforts working against each other, without focus on a common goal. Clearly defined domains ensure responsibility and allow for rapid, accurate, and confident decision making.
The medium is the message. Do stakeholders talk about switches or storage or services? Organizing infrastructure to match its external perception can increase communication effectiveness and improve alignment.
IT infrastructure that makes employees happier
INDUSTRY: Services
SOURCE: Network Doctor
Challenge
Atlas Electric's IT infrastructure was very old and urgently needed to be refreshed. Its existing server hardware was about nine years old and was becoming unstable. The server was running Windows 2008 R2 server operating systems that was no longer supported by Microsoft; security updates and patches were no longer available. They also experienced slowdowns on many older PCs.
Recommendations for an upgrade were not approved due to budgetary constraints. Recommendations for upgrading to virtual servers were approved following a harmful phishing attack.
Solution
The following improvements to their infrastructure were implemented.
Results
Virtualization, consolidating servers, and desktops have made assets more flexible and simpler to manage.
Improved levels of efficiency, reliability, and productivity.
Enhanced security level.
An upgraded backup and disaster recovery system has improved risk management.
Not all time is spent equally, nor is it equally valuable. Analysis lets us communicate with others and gives us a shared framework to decide where our priorities lie.
There are lots of frameworks to help categorize our activities. Stephen Covey (Seven Habits of Highly Effective People) describes a four-quadrant system along the axes of importance and urgency. Gene Kim, through his character Erik in The Phoenix Project,speaks instead of business projects, internal IT projects, changes, and unplanned work.
We propose a similar four-category system.
| Project | Maintenance | Administrative |
Reactive |
|---|---|---|---|
Planned activity spent pursuing a business objective |
Planned activity spent on the upkeep of existing IT systems |
Planned activity required as a condition of employment |
Unplanned activity requiring immediate response |
This is why we are valuable to our company |
We have it in our power to work to reduce these three in order to maximize our time available for projects |
||
Verifiable data sources are always preferred but large groups can hold each other's inherent biases in check to get a reasonable estimate.
Discussion
Input
Output
Materials
Participants
Strategic Infrastructure Roadmap Tool, Tab 2, Capacity Analysis
In order to quickly and easily build some visualizations for the eventual final report, Info-Tech has developed the Strategic Infrastructure Roadmap Tool.
Please note that this tool requires Microsoft's Power Pivot add-in to be installed if you are using Excel 2010 or 2013. The scatter plot labels on tabs 5 and 8 may not function correctly in Excel 2010.
Strong IT strategy favors top-down: activities enabling clearly dictated goals. The bottom-up approach aggregates ongoing activities into goals.
Systematic approach
External stakeholders prioritize a list of goals requiring IT initiatives to achieve.
Roadblocks:
Organic approach
Practitioners aggregate initiatives into logical groups and seek to align them to one or more business goals.
Roadblocks:
A successful roadmap respects both approaches.
Perfection is anathema to practicality. Draw the first picture and not only expect but welcome conflicting feedback! Socialize it and drive the conversation forward to a consensus.
Identify the systemic roadblocks to executing infrastructure projects
1 hour
Affinity diagramming is a form of structured brainstorming that works well with larger groups and provokes discussion.
Discussion
Categorize each roadblock identified as either internal or external to infrastructure's control.
Attempt to understand the root cause of each roadblock. What would you need to ask for in order to remove the roadblock?
Additional Research
Also called the KJ Method (after its inventor, Jiro Kawakita, a 1960s Japanese anthropologist), this activity helps organize large amounts of data into groupings based on natural relationships while reducing many social biases.
Input
Output
Materials
Participants
Which roadblocks do you need to work on? How do you establish a group sense of these priorities? This exercise helps establish priorities while reducing individual bias.
Total the number of passes (ticks) for each roadblock. A large number indicates a notionally low priority. No passes indicates a high priority.
Are the internal or external roadblocks of highest priority? Were there similarities among participants' 0th and NILs compared to each other or to the final results?
Input
Output
Materials
Participants
Review performance from last fiscal year
If you would like additional support, have our analysts guide you through other phases as part of an Info-Tech workshop
Contact your account representative for more information.
workshops@infotech.com 1-888-670-8889
Phase 1 | Phase 2 | Phase 3 | Phase 4 |
|---|---|---|---|
1.1 Infrastructure strategy 1.2 Goal alignment | 2.1 Define your future 2.2 Conduct constraints analysis | 3.1 Drive business alignment 3.2. Build the roadmap | 4.1 Identify the audience 4.2 Process improvement and measurements |
This phase will walk you through the following activities:
This phase involves the following participants:
3.1.1 Develop a risk framework
3.1.2 Evaluate technical debt
This step requires the following inputs:
This step involves the following participants:
Outcomes of this step
Time has been a traditional method for assessing the fitness of infrastructure assets – servers are replaced every five years, core switches every seven, laptops and desktops every three. While quick, this framework of assessment is overly simplistic for most modern organizations.
Building one that is instead based on the likelihood of asset failure plotted against the business impact of that failure is not overly burdensome and yields more practical results. Infrastructure focuses on its strength (assessing IT risk) and validates an understanding with the business regarding the criticality of the service(s) enabled by any given asset.
Rather than fight on every asset individually, agree on a framework with the business that enables data-driven decision making.
IT Risk Factors
Age, Reliability, Serviceability, Conformity, Skill Set
Business Risk Factors
Suitability, Capacity, Safety, Criticality
Infrastructure in a cloud-enabled world: As infrastructure operations evolve it is important to keep current with the definition of an asset. Software platforms such as hypervisors and server OS are just as much an asset under the care and control of infrastructure as are cloud services, managed services from third-party providers, and traditional racks and switches.
Discussion:
Input
Output
Materials
Participants
Identify the key elements that make up risk in order to refine your framework.
A shared notional understanding is good, but in order to bring the business onside a documented defensible framework is better.
Discussion
How difficult was it to agree on the definitions of the IT risk elements? What about selecting the scale? What was the voting distribution like? Were there tiers of popular elements or did most of the dots end up on a limited number of elements? What are the implications of having more elements in the analysis?
Input
Output
Materials
Participants
Alternate: Identify the key elements that make up risk in order to refine your framework
A shared notional understanding is good, but in order to bring the business onside a documented defensible framework is better.
1 hour
What was the total number of elements required in order to contain the full set of every participant's first-, second-, and third-ranked risks? Does this seem a reasonable number?
Why did some elements contain both the lowest and highest rankings? Was one (or more) participant thinking consistently different from the rest of the group? Are they seeing something the rest of the group is overlooking?
This technique automatically puts the focus on a smaller number of elements – is this effective? Or is it overly simplistic and reductionist?
Input
Output
Materials
Participants
How much framework is too much? Complexity and granularity do not guarantee accuracy. What is the right balance between effort and result?
Does your granular assessment match your notional assessment? Why or why not? Do you need to go back and change weightings? Or reduce complexity?
Is this a more reasonable and valuable way of periodically evaluating your infrastructure?
Input
Output
Materials
Participants
3.2.1 Build templates and visualize
3.2.2 Generate new initiatives
3.2.3 Repatriate shadow IT initiatives
3.2.4 Finalize initiative candidates
This step requires the following inputs:
This step involves the following participants:
Develop a high-level document that travels with the initiative from inception through executive inquiry and project management, and finally to execution. Understand an initiative's key elements that both IT and the business need defined and that are relatively static over its lifecycle.
Initiatives are the waypoints along a roadmap leading to the eventual destination, each bringing you one step closer. Like steps, initiatives need to be discrete: able to be conceptualized and discussed as a single largely independent item. Each initiative must have two characteristics:
"Learn a new skill"– not an effective initiative statement.
"Be proficient in the new skill by the end of the year" – better.
"Use the new skill to complete a project and present it at a conference by Dec 15" – best!
Info-Tech Insight
Bundle your initiatives for clarity and manageability.
Ruthlessly evaluate if an initiative should stand alone or can be rolled up with another. Fewer initiatives increases focus and alignment, allowing for better communication.
Step 1: Open Info-Tech's Strategic Roadmap Initiative Template. Determine and describe the goals that the initiative is enabling or supporting.
Step 2: State the current pain points from the end-user or business perspective. Do not list IT-specific pain points here, such as management complexity.
Step 3: List both the tangible (quantitative) and ancillary (qualitative) benefits of executing the project. These can be pain relievers derived from the pain points, or any IT-specific benefit not captured in Step 1.
Step 4: List any enabled capability that will come as an output of the project. Avoid technical capabilities like "Application-aware network monitoring." Instead, shoot for business outcomes like "Ability to filter network traffic based on application type."
Sell the project to the mailroom clerk! You need to be able to explain the outcome of the project in terms that non-IT workers can appreciate. This is done by walking as far up the goals cascade as you have defined, which gets to the underlying business outcome that the initiative supports.
Strategic Roadmap Initiative Template, p. 2
Step 5: State the risks to the business for not executing the project (and avoid restating the pain points).
Step 6: List any known or anticipated roadblocks that may come before, during, or after executing the project. Consider all aspects of people, process, and technology.
Step 7: List any measurable objectives that can be used to gauge the success of the projects. Avoid technical metrics like "number of IOPS." Instead think of business metrics such as "increased orders per hour."
Step 8: The abstract is a short 50-word project description. Best to leave it as the final step after all the other aspects of the project (risks and rewards) have been fully fleshed out. The abstract acts as an executive summary – written last, read first.
Every piece of information that is not directly relevant to the interests of the audience is a distraction from the value proposition.
Discussion:
Did everyone use the goal framework adopted earlier? Why not?
Are there recurring topics or issues that business leaders always seem concerned about?
Of all the information available, what consistently seems to be the talking points when discussing an initiative?
Input
Output
Materials
Participants
Strategic Infrastructure Roadmap Tool, Tab 8, "Roadmap"
Visuals aren't always as clear as we assume them to be.
We've spent an awful lot of time setting the stage, deciding on frameworks so we agree on what is important. We know how to have an effective conversation – now what do we want to say?
Discussion:
Did everyone use the goal framework adopted earlier? Why not?
Do we think we can find business buy-in or sponsorship? Why or why not?
Are our initiatives at odds with or complementary to the ones proposed through the normal channels?
Input
Output
Materials
Participants
Discussion:
Do participants tend to think their idea is the best and rank it accordingly?
If so, then is it better to look at the second, third, and fourth rankings for consensus instead?
What is a reasonable number of initiatives to suggest? How do we limit ourselves?
Input
Output
Materials
Participants
Shadow IT operates outside of the governance and control structure of Enterprise IT and so is, by definition, a problem. an opportunity!
Except for that one thing they do wrong, that one small technicality, they may well do everything else right.
Consider:
In short, shadow IT can provide fully vetted infrastructure initiatives that with a little effort can be turned into easy wins on the roadmap.
Shadow IT can include business-ready initiatives, needing only minor tweaking to align with infrastructure's best practices.
Discussion:
Did you learn anything from working directly with in-the-trenches staff? Can those learnings be used elsewhere in infrastructure? Or in larger IT?
Input
Output
Materials
Participants
Also called scrum poker (in Agile software circles), this method reduces anchoring bias by requiring all participants to formulate and submit their estimates independently and simultaneously.
Equipment: A typical scrum deck shows the Fibonacci sequence of numbers, or similar progression, with the added values of ∞ (project too big and needs to be subdivided), and a coffee cup (need a break). Use of the (mostly) Fibonacci sequence helps capture the notional uncertainty in estimating larger values.
Discussion:
How often was the story unclear? How often did participants have to ask for additional information to make their estimate? How many rounds were required to reach consensus?
Does number of person, days, or weeks, make more sense than dollars? Should we estimate both independently?
Source: Scrum Poker
Input
Output
Materials
Participants
Add your ideas to the visualization.
We started with eight simple questions. Logically, the answers suggest sections for a published report. Developing those answers in didactic method is effective and popular among technologists as answers build upon each other. Business leaders and journalists, however, know never to bury the lead.
| Report Section Title | Roadmap Activity or Step |
|---|---|
| Sunshine diagram | Visualization |
| Priorities | Understand business goals |
| Who we help | Evaluate intake process |
| How we can help | Create initiatives |
| What we're working on | Review initiatives |
| How you can help us | Assess roadblocks |
| What is new | Assess new technology |
| How we spend our day | Conduct a time study |
| What we have | Assess IT platform |
| We can do better! | Identify process optimizations |
If you would like additional support, have our analysts guide you through other phases as part of an Info-Tech workshop
Contact your account representative for more information.
workshops@infotech.com 1-888-670-8889
Phase 1 | Phase 2 | Phase 3 | Phase 4 |
|---|---|---|---|
1.1 Infrastructure strategy 1.2 Goal alignment | 2.1 Define your future 2.2 Conduct constraints analysis | 3.1 Drive business alignment 3.2. Build the roadmap | 4.1 Identify the audience 4.2 Process improvement and measurements |
This phase will walk you through the following activities:
This phase involves the following participants:
Identify the audience
4.1.1 Identify required authors and target audiences
4.1.2 Planning the process
4.1.3 Identifying supporters and blockers
This step requires the following inputs:
This step involves the following participants:
And you thought we were done. The roadmap is a process. Set a schedule and pattern to the individual steps.
Publishing an infrastructure roadmap once a year as a lead into budget discussion is common practice. But this is just the last in a long series of steps and activities. Balance the effort of each activity against its results to decide on a frequency. Ensure that the frequency is sufficient to allow you to act on the results if required. Work backwards from publication to develop the schedule.
A lot of work has gone into creating this final document. Does a single audience make sense? Who else may be interested in your promises to the business? Look back at the people you've asked for input. They probably want to know what this has all been about. Publish your roadmap broadly to ensure greater participation in subsequent years.
Who needs to hear (and more importantly believe) your message? Who do you need to hear from? Build a communications plan to get the most from your roadmap effort.
Discussion:
How many people appear in both lists? What are the implications of that?
Input
Output
Materials
Participants
| Due Date (t) | Freq | Mode | Participants | Infrastructure Owner | |
|---|---|---|---|---|---|
| Update & Publish | Start of Budget Planning |
Once |
Report |
IT Steering Committee |
Infrastructure Leader or CIO |
| Evaluate Intakes | (t) - 2 months (t) - 8 months |
Biannually |
Review |
PMO Service Desk |
Domain Heads |
| Assess Roadblocks | (t) - 2 months (t) - 5 months (t) - 8 months (t) - 11 months |
Quarterly |
Brainstorming & Consensus |
Domain Heads |
Infrastructure Leader |
| Time Study | (t) - 1 month (t) - 4 months (t) - 7 months (t) - 10 months |
Quarterly |
Assessment |
Domain Staff |
Domain Heads |
| Inventory Assessment | (t) - 2 months |
Annually |
Assessment |
Domain Staff |
Domain Heads |
| Business Goals | (t) - 1 month |
Annually |
Survey |
Line of Business Managers |
Infrastructure Leader or CIO |
| New Technology Assessment | monthly (t) - 2 months |
Monthly/Annually |
Process |
Domain Staff |
Infrastructure Leader |
| Initiative Review | (t) - 1 month (t) - 4 months (t) - 7 months (t) - 10 months |
Quarterly |
Review |
PMO Domain Heads |
Infrastructure Leader |
| Initiative Creation | (t) - 1 month |
Annually |
Brainstorming & Consensus |
Roadmap Team |
Infrastructure Leader |
The roadmap report is just a point-in-time snapshot, but to be most valuable it needs to come at the end of a full process cycle. Know your due date, work backwards, and assign responsibility.
Discussion:
Input
Output
Materials
Participants
Certain stakeholders will not only be highly involved and accountable in the process but may also be responsible for approving the roadmap and budget, so it's essential that you get their buy-in upfront.
You may want to restrict participation to senior members of the roadmap team only.
This activity requires a considerable degree of candor in order to be effective. It is effectively a political conversation and as such can be sensitive.
Steps:
Input
Output
Materials
Participants
4.2.1 Evaluating the value of each process output
4.2.2 Brainstorming improvements
4.2.3 Setting realistic measures
This step requires the following inputs:
This step involves the following participants:
You started with a desire – greater satisfaction with infrastructure from the business. All of the inputs, processes, and outputs exist only, and are designed solely, to serve the attainment of that outcome.
The process outlined is not dogma; no element is sacrosanct. Ruthlessly evaluate the effectiveness of your efforts so you can do better next time.
You would do no less after a server migration, network upgrade, or EUC rollout.
Leadership
If infrastructure leaders aren't committed, then this will quickly become an exercise of box-checking rather than candid communication.
Data
Quantitative or qualitative – always try to go where the data leads. Reduce unconscious bias and be surprised by the insight uncovered.
Metrics
Measurement allows management but if you measure the wrong thing you can game the system, cheating yourself out of the ultimate prize.
Focus
Less is sometimes more.
Discussion:
Did the group agree on the intended outcome of each step? Did the group think the step was effective? Was the outcome clear and did it flow naturally to where it was useful?
Is the effort required for each step commensurate with its value? Are we doing too much for not enough return?
Are we acting on the information we're gathering? Is it informing or changing decisions throughout the year or period?
Input
Output
Materials
Participants
| Freq. | Method | Measures | Success criteria | Areas for improvement | Expected change | |
|---|---|---|---|---|---|---|
| Evaluate intakes | Biannually | PMO Intake & Service Requests | Projects or Initiatives | % of departments engaged | Actively reach out to underrepresented depts. | +10% engagement |
| Assess roadblocks | Quarterly | IT All-Staff Meeting | Roadblocks | % of identified that have been resolved | Define expected outcomes of removing roadblock | Measurable improvements |
| Time study | Quarterly | IT All-Staff Meeting | Time | Confidence value of data | Real data sources (time sheets, tools, etc.) | 85% of sources defensible |
| Legacy asset assessment | Annually | Domain effort | Asset Inventory | Completeness of Inventory |
|
|
| Understand business goals | Annually | Roadmap Meeting | Goal list | Goal specificity | Survey or interview leadership directly | 66% directly attributable participation |
| New technology assessment | Monthly/Annually | Team/Roadmap Meeting | Technologies Reviewed | IT staff participation/# SWOTs | Increase participation from junior members | 50% presentations from junior members |
Initiative review | Quarterly | IT All-Staff Meeting |
|
|
|
|
Initiative creation | Annually | Roadmap Meeting | Initiatives | # of initiatives proposed | Business uptake | +25% sponsorship in 6 months (biz) |
Update and publish | Annually | PDF report | Roadmap Final Report | Leadership engagement | Improve audience reach | +15% of LoB managers have read the report |
Baseline metrics will improve through:
| Metric description | Current metric | Future goal |
|---|---|---|
| # of critical incidents resulting from equipment failure per month | ||
| # of service provisioning delays due to resource (non-labor) shortages | ||
| # of projects that involve standing up untested (no prior infrastructure PoC) technologies | ||
| # of PoCs conducted each year | ||
| # of initiatives proposed by infrastructure | ||
| # of initiatives proposed that find business sponsorship in >1yr | ||
| % of long-term projects reviewed as per goal framework | ||
| # of initiatives proposed that are the only ones supporting a business goal | ||
| # of technologies deployed being used by more than the original business sponsor | ||
| # of PMO delays due to resource contention |
Insight 1
Draw the first picture.
Highly engaged and effective team members are proactive rather than reactive. Instead of waiting for clear inputs from the higher ups, take what you do know, make some educated guesses about the rest, and present that to leadership. Where thinking diverges will be crystal clear and the necessary adjustments will be obvious.
Insight 2
Infrastructure must position itself as the broker for new technologies.
No man is an island; no technology is a silo. Infrastructure's must ensure that everyone in the company benefits from what can be shared, ensure those benefits are delivered securely and reliably, and prevent the uninitiated from making costly technological mistakes. It is easier to lead from the front, so infrastructure must stay on top of available technology.
Insight 3
The roadmap is a process that is business driven and not a document.
In an ever-changing world the process of change itself changes. We know the value of any specific roadmap output diminishes quickly over time, but don't forget to challenge the process itself from time to time. Striving for perfection is a fool's game; embrace constant updates and incremental improvement.
Insight 4
Focus on the framework, not the output.
There usually is no one right answer. Instead make sure both the business and infrastructure are considering common relevant elements and are working from a shared set of priorities. Data then, rather than hierarchical positioning or a d20 Charisma roll, becomes the most compelling factor in making a decision. But since your audience is in hierarchical ascendency over you, make the effort to become familiar with their language.
| Metric description | Metric goal |
Checkpoint 1 |
Checkpoint 2 |
Checkpoint 3 |
|---|---|---|---|---|
| # of critical incidents resulting from equipment failure per month | >1 | |||
| # of service provisioning delays due to resource (non-labor) shortages | >5 | |||
| # of projects that involve standing up untested (no prior infrastructure PoC) technologies | >10% | |||
| # of PoCs conducted each year | 4 | |||
| # of initiatives proposed by infrastructure | 4 | |||
| # of initiatives proposed that find business sponsorship in >1 year | 1 | |||
| # of initiatives proposed that are the only ones supporting a business goal | 1 | |||
| % of long-term projects reviewed as per goal framework | 100% |
Review performance from last fiscal year
If you would like additional support, have our analysts guide you through other phases as part of an Info-Tech workshop
Contact your account representative for more information.
workshops@infotech.com 1-888-670-8889
Build a Business-Aligned IT Strategy
Success depends on IT initiatives clearly aligned to business goals, IT excellence, and driving technology innovation.
Document your Cloud Strategy
A cloud strategy might seem like a big project, but it's just a series of smaller conversations. The methodology presented here is designed to facilitate those conversations using a curated list of topics, prompts, participant lists, and sample outcomes. We have divided the strategy into four key areas.
Develop an IT Asset Management Strategy
ITAM is a foundational IT service that provides accurate, accessible, actionable data on IT assets. But there's no value in data for data's sake. Enable collaboration between IT asset managers, business leaders, and IT leaders to develop an ITAM strategy that maximizes the value they can deliver as service provider.
Infrastructure & Operations Research Center
Practical insights, tools, and methodologies to systematically improve IT Infrastructure & Operations.
Knowledge gained
Processes optimized
Deliverables completed
If you would like additional support, have our analysts guide you through other phases as part of an Info-Tech workshop
Contact your account representative for more information.
workshops@infotech.com 1-888-670-8889
"10 Essential KPIs for the IT Strategic Planning Process." Apptio Inc, Dec. 2021. Accessed Nov. 2022.
Amos, Justin. "8 areas your 2022 IT Infrastructure roadmap should cover." Soma, 24 Jan 2022 Accessed Nov. 2022
Ahmed, Anam. "Importance of Mission Vision in Organizational Strategy." Chron, 14 March 2019. Accessed 10 May 2021. ."
Barker, Joel A. "Joel A Barker Quote about Vision." Joel A Barker.com. Accessed 10 Nov 2022
Bhagwat, Swapnil ."Top IT Infrastructure Management Strategies For 2023 , Atlas Systems, 23 Oct 2022. Accessed Nov. 2022.
Blank, Steve. "You're Better Off Being A Fast Follower Than An Originator." Business Insider. 5 Oct. 2010. Web.
Bridges, Jennifer . "IT Risk Management Strategies and Best Practices." Project Manager, 6 Dec 2019. Accessed Nov. 2022.
"Building a Technology Roadmap That Stabilizes and Transforms." Collegis Education. Accessed Dec 2022.
Collins, Gavin. "WHY AN IT INFRASTRUCTURE ROAD MAP?." Fifth Step, Date unknown. Accessed Nov. 2022.
"Define the Business Context Needed to Complete Strategic IT Initiatives: 2018 Blueprint - ResearchAndMarkets.com." Business Wire, 1 Feb. 2018. Accessed 9 June 2021.
De Vos, Colton. “Well-Developed IT Strategic Plan Example." Resolute Tech Solutions, 6 Jan 2020. Accessed Nov. 2022.
Gray, Dave. "Post-Up." Gamestorming, 15 Oct. 2010. Accessed 10 Nov 2022
Helm, Clay. "Majority of Surveyed Companies are Not Prepared for IT Needs of the Future." IBM Study, 4 Jan 2021. Accessed Nov. 2022.
Hertvik, Joe. "8 Components of A Great IT Strategy, BMC Blogs, 29 May. 2020. Accessed Nov. 2022.
ISACA, "Effective governance at your Fingertips". COBIT Framework, Accessed Dec 2022
"IT Guiding Principles." Office of Information Technology, NC State University, 2014-2020. Accessed 9 Nov 2022.
""IT Infrastructure That Makes Employees Happier." Network Doctor, 2021. Accessed Dec 2022
"IT Road mapping Helps Dura Remain at the Forefront of Auto Manufacturing." Performance Improvement Partners, ND. Accessed Dec 2022.
ITtoolkit.com. "The IT Vision: A Strategic Path to Lasting IT Business Alignment." ITtoolkit Magazine, 2020. Accessed 9 June 2021.
Kark, Khalid. "Survey: CIOs Are CEOs' Top Strategic Partner." CIO Journal, The Wall Street Journal, 22 May 2020. Accessed 11 May 2021.
Kimberling, Eric. "What is "Future State" and Why is it Important?" Third Stage Consulting, 11 June 2021. Accessed Nov. 2022.
Kishore. "The True Cost of Keeping the Lights On." Optanix, 1 Feb. 2017. Accessed Nov. 2022.
Lakein, Alan. Libquotes.
Mindsight. "THE ULTIMATE GUIDE TO CREATING A TECHNOLOGY ROADMAP" Mind sight, 12 Dec 2021. Accessed Nov. 2022.
Milani, F. (2019). Future State Analysis. In: Digital Business Analysis. Springer, Cham. https://doi.org/10.1007/978-3-030-05719-0_13
Newberry, Dennis. "Meeting the Challenges of Optimizing IT Cost and Capacity Management." BMC, 2021, Accessed 12 Nov 2022.
Peek, Sean. "What Is a Vision Statement?" Business News Daily, 7 May 2020. Accessed 10 Nov 2022.
Ramos, Diana. "Infrastructure Management 101: A Beginner's Guide to IT Infrastructure Management." Smartsheet.com. 30 Nov 2021. Accessed 09 Dec 2022.
Ramsey, Dave. "Dave Rant: How to Finally Take Control of Your Money." Ramseysolutions. 26 Aug 2021. Accessed 10 Nov 2022.
Richards-Gustafson, Flora. "5 Core Operational Strategies." Chron, 8 Mar 2019. Accessed 9 June 2021.
Richardson, Nigel. "What are the differences between current and future state maps?." Nexus, 18 Oct 2022. Accessed Nov. 2022.
Roush, Joe. "IT Infrastructure Planning: How To Get Started." BMC. 05 January, 2018. Accessed 24 Jan 2023.
Shields, Corey. "A Complete Guide to IT Infrastructure Management." Ntiva, 15 Sept. 2020. Accessed 28 Nov. 2022.
Snow, Shane. "Smartcuts: How Hackers, Innovators, and Icons Accelerate Success." Harper Business, 2014.
Strohlein, Marc. "The CIO's Guide to Aligning IT Strategy with the Business." IDC, 2019. Accessed Nov 2022.
Sull, Sull, and Yoder. "No One Knows Your Strategy — Not Even Your Top Leaders." MIT Sloan. 12 Feb 2018. Accessed 26 Jan 2023.
"Team Purpose & Culture." Hyper Island. Accessed 10 Nov. 2022
"Tech Spend Pulse, 2022." Flexera, Jan 2022, Accessed 15 Nov 2022
"Tech Spend Pulse." Flexera, Dec. 2022. Accessed Nov. 2022.
"The Definitive Guide to Developing an IT Strategy and Roadmap" CIO Pages.com , 5 Aug 13 2022. Accessed 30 Nov. 2022.
Wei, Jessica. "Don't Tell Me Where Your Priorities Are – James W. Frick." Due.com, 21 Mar 2022. Accessed 23 Nov 2022.
Zhu, Pearl. "How to Set Guiding Principles for an IT Organization." Future of CIO, 1 July 2013. Accessed 9 June 2021.
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Assess the stakeholder's influence, interest, standing, and support to determine priority for future actions
Develop your stakeholder management and communication plans
Measure and monitor the success of your stakeholder management process.
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
The focus of this phase is on revealing what designers do during the activity of designing, and on building an understanding of the nature of design ability. We will formally examine the many definitions of design thinking from experts in this field. At the core of this phase are several case studies that illuminate the various aspects of design thinking.
This phase will illustrate the relevance of design in strategy formulation and in service-design. At the core of this phase are several case studies that illuminate these aspects of design thinking. We will also identify the trends impacting your organization and establish a baseline of user-experience with the journeys orchestrated by your organization.
The focus of this phase is to:
Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.
The focus of this module is on revealing what designers do during the activity of designing, and on building an understanding of the nature of design ability. We will also review the report on the design-centricity of your organization and subsequently, earmark the areas for improvement.
An intimate understanding of the design thinking
An assessment of design-centricity of your organization and identification of areas for improvement
1.1 Discuss case studies on how designers think and work
1.2 Define design thinking
1.3 Review report from Info-Tech’s diagnostic: How design-centric is your organization?
1.4 Earmark areas for improvement to raise the design-centricity of your organization
Report from Info-Tech’s diagnostic: ‘How design-centric is your organization?’ with identified areas for improvement.
In this module, we will discuss the relevance of design in strategy formulation and service design. At the core of this module are several case studies that illuminate these aspects of design thinking. We will also identify the trends impacting your organization. We will establish a baseline of user experience with the journeys orchestrated by your organization.
An in-depth understanding of the relevance of design in strategy formulation and service design
An understanding of the trends that impact your organization
A taxonomy of critical customer journeys and a baseline of customers’ satisfaction with those
2.1 Discuss relevance of design in strategy through case studies
2.2 Articulate trends that impact your organization
2.3 Discuss service design through case studies
2.4 Identify critical customer journeys and baseline customers’ satisfaction with those
2.5 Run a simulation of design in practice
Trends that impact your organization.
Taxonomy of critical customer journeys and a baseline of customers’ satisfaction with those.
The focus of this module is to define an approach for a design program that suits your organization’s specific goals and culture.
An approach for the design program in your organization. This includes aspects of the design program such as its objectives and measures, its model (one of the five archetypes or a hybrid one), and its governance.
3.1 Identify objectives and key measures for your design thinking program
3.2 Structure your program after reviewing five main archetypes of a design program
3.3 Balance between incremental and disruptive innovation
3.4 Review best practices of a design organization
An approach for your design thinking program: objectives and key measures; structure of the program, etc.
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Define the problem and start ideating potential solutions.
Split off into prototyping teams to build and test the first-iteration prototypes
Integrate the best ideas from the first iterations and come up with a team solution to the problem.
Build and test the team’s integrated prototype, decide on next steps, and come up with a pitch to sell the solution to business executives.
Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.
Align the team around a well-defined business problem and start ideating solutions.
Ideate solutions in the face of organizational cconstraints and characterize the success of the prototype.
1.1 Frame the problem.
1.2 Develop evaluation criteria.
1.3 Diverge and converge.
Problem statement(s)
Evaluation criteria
Ideated solutions
Break off into teams to try and develop solutions that address the problem in unique ways.
Develop and test a first-iteration prototype.
2.1 Design first prototypes in teams.
2.2 Conduct UX testing.
First-iteration prototypes
User feedback and data
Bring the team back together to develop a team vision of the final prototype.
Integrated, second-iteration prototype.
3.1 Create and deliver prototype pitches.
3.2 Integrate prototypes.
Prototype practice pitches
Second-iteration prototype
Build and test the second prototype and prepare to sell it to business executives.
Second-iteration prototype and a budget pitch.
4.1 Conduct second round of UX testing.
4.2 Create one pager and budget pitch.
User feedback and data
Prototype one pager and budget pitch
Moreso than any other time, our world is changing. As a result, organizations – and their vendors – need to be able to adapt their strategic plans to accommodate risk on an unprecedented level.
A new global change will impact your organizational strategy at any given time. So, make sure your plans are flexible enough to manage the inevitable consequences.
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Use this research to identify and quantify the potential strategic impacts caused by vendors. Use Info-Tech’s approach to look at the strategic impact from various perspectives to better prepare for issues that may arise.
By playing the “what if” game and asking probing questions to draw out – or eliminate – possible negative outcomes, everyone involved adds their insight into parts of the organization to gather a comprehensive picture of potential impacts.
Like most people, organizations are poor at assessing the likelihood of risk. If the past few years have taught us anything, it is that the probability of a risk occurring is far more flexible in the formula Risk = Likelihood * Impact than we ever thought possible. The impacts of these risks have been catastrophic, and organizations need to be more adaptive in managing them to strengthen their strategic plans.
Frank Sewell,
Research Director, Vendor Management
Info-Tech Research Group
Moreso than any other time, our world is changing. As a result, organizations – and their vendors – need to be able to adapt their strategic plans to accommodate risk on an unprecedented level.
A new global change will impact your organizational strategy at any given time. So, make sure your plans are flexible enough to manage the inevitable consequences.
Identifying and managing a vendor’s potential strategic impact on your organization requires multiple people in the organization across several functions. Those people all need coaching on the potential changes in the market and how these changes affect strategic plans.
Organizational leadership is often taken unaware during crises, and their plans lack the flexibility needed to adjust to significant market upheavals.
Vendor management practices educate organizations on the different potential risks to vendors in your market and suggest creative and alternative ways to avoid and help manage them.
Prioritize and classify your vendors with quantifiable, standardized rankings.
Prioritize focus on your high-risk vendors.
Standardize your processes for identifying and monitoring vendor risks to manage potential impacts on your strategic plan with our Strategic Impacts Tool.
Organizations must evolve their strategic risk assessments to be more adaptive to respond to global changes in the market. Ongoing monitoring of the market and the vendors tied to company strategies is imperative to achieving success.
This series will focus on the individual components of vendor risk and how vendor management practices can facilitate organizations’ understanding of those risks.
This series will not tackle risk governance, determining overall risk tolerance and appetite, or quantifying inherent risk.
The IT market is constantly reacting to global influences. By anticipating changes, leaders can set expectations and work with their vendors to accommodate them.
When the unexpected happens, being able to adapt quickly to new priorities ensures continued long-term business success.
Below are some things no one expected to happen in the last few years:
of IT professionals are more concerned about being a victim of ransomware than they were a year ago.
of Microsoft’s non-essential employees shifted to working from home in 2020, joining the 18% already remote.
of organizations invested in web conferencing technology to facilitate collaboration.
Source: Info-Tech Tech Trends Survey 2022
Make sure you have the right people at the table to identify and plan to manage impacts.
Very few people could have predicted that a global pandemic would interrupt business on the scale experienced today. Organizations should look at their lessons learned and incorporate adaptable preparations into their strategic planning moving forward.
The IT market is an ever-shifting environment. Larger companies often gobble up smaller ones to control their sectors. Incorporating plans to manage those shifts in ownership will be key to many strategic plans that depend on niche vendor solutions for success. Be sure to monitor the potentially affected markets on an ongoing cadence.
Organizations need to accept that shortages will recur periodically and that preparing for them will significantly increase the success potential of long-term strategic plans. Understand what your business needs to stock for project needs and where those supplies are located, and plan how to rapidly access and distribute them as required if supply chain disruptions occur.
For example:
Sometimes an organization has the right mindset to take advantage of the changes in the market but can fail to plan for the particulars.
When your strategic plan changes, you need to revisit all the steps in the processes to ensure a successful outcome.
It is important to identify potential risks to strategic plans to manage the risk and be agile enough in planning to adapt to the changing environments.
Info-Tech Insight
Few organizations are good at identifying risks to their strategic plan. As a result, almost none realistically plan to monitor, manage, and adapt their strategies to those risks.
(Adapted from COSO)
Organizations build portions of their strategies around chosen vendors and should protect those plans against the risks of unforeseen acquisitions in the market.
Is your vendor solvent? Does it have enough staff to accommodate your needs? Has its long-term planning been affected by changes in the market? Is it unique in its space?
Organizations’ strategic plans need to be adaptable to avoid vendors’ negative actions causing an expedited shift in priorities.
For example, Philip's recall of ventilators impacted its products and the availability of its competitor’s products as demand overwhelmed the market.
Organizations need to become better at risk assessment and actively manage the identified risks to their strategic plans.
Few organizations are good at identifying risks to their strategic plan. As a result, almost none realistically plan to monitor, manage, and adapt their strategies to those risks.
Strategic risk impacts are often unanticipated, causing unforeseen downstream effects. Anticipating the potential changes in the global IT market and continuously monitoring vendors’ risk levels can help organizations modify their strategic alignment with the new norms.
Review your strategic plans for new risks and evolving likelihood on a regular basis.
Keep in mind Risk = Likelihood x Impact (R=L*I).
Impact (I) tends to remain the same, while Likelihood (L) is a very flexible variable.
Organizations need to be reviewing their strategic risk plans considering the likelihood of incidents in the global market.
Pandemics, extreme weather, and wars that affect global supply chains are a current reality, not unlikely scenarios.
Sometimes disasters occur despite our best plans to manage them.
When this happens, it is important to document the lessons learned and improve our plans going forward.
Vendor management professionals are in an excellent position to help senior leadership identify and pull together resources across the organization to determine potential risks. By playing the "what if" game and asking probing questions to draw out – or eliminate – possible adverse outcomes, everyone involved adds their insight into parts of the organization to gather a comprehensive picture of potential impacts.
Download the Strategic Risk Impact Tool
| Input | Output |
|---|---|
|
|
| Materials | Participants |
|
|
Industry: Airline
Impact categories: Pandemic, Lockdowns, Travel Bans, Increased Fuel Prices
The pandemic prompted systemic change to the overall strategic planning of the airline industry.
Organizations must evolve their strategic risk assessments to be more adaptive to respond to global changes in the market.
Ongoing monitoring of the market and the vendors tied to company strategies is imperative to achieving success.
Olaganathan, Rajee. “Impact of COVID-19 on airline industry and strategic plan for its recovery with special reference to data analytics technology.” Global Journal of Engineering and Technology Advances, vol 7, no 1, 2021, pp. 033-046.
Tonello, Matteo. “Strategic Risk Management: A Primer for Directors.” Harvard Law School Forum on Corporate Governance, 23 Aug. 2012.
Frigo, Mark L., and Richard J. Anderson. “Embracing Enterprise Risk Management: Practical Approaches for Getting Started.” COSO, 2011.
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Use Info-Tech's 2020 Applications Priorities Report to learn about the five initiatives that IT should prioritize for the coming year.
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
State the success criteria of your SDLC practice through the definition of product quality and organizational priorities. Define your SDLC current state.
Build your SDLC diagnostic framework based on your practice’s product and process objectives. Root cause your improvement opportunities.
Learn of today’s good SDLC practices and use them to address the root causes revealed in your SDLC diagnostic results.
Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.
Discuss your quality and product definitions and how quality is interpreted from both business and IT perspectives.
Review your case for strengthening your SDLC practice.
Review the current state of your roles, processes, and tools in your organization.
Grounded understanding of products and quality that is accepted across the organization.
Clear business and IT objectives and metrics that dictate your SDLC practice’s success.
Defined SDLC current state people, process, and technologies.
1.1 Define your products and quality.
1.2 Define your SDLC objectives.
1.3 Measure your SDLC effectiveness.
1.4 Define your current SDLC state.
Product and quality definitions.
SDLC business and technical objectives and vision.
SDLC metrics.
SDLC capabilities, processes, roles and responsibilities, resourcing model, and tools and technologies.
Discuss the components of your diagnostic framework.
Review the results of your SDLC diagnostic.
SDLC diagnostic framework tied to your SDLC objectives and definitions.
Root causes to your SDLC issues and optimization opportunities.
2.1 Build your diagnostic framework.
2.2 Diagnose your SDLC.
SDLC diagnostic framework.
Root causes to SDLC issues and optimization opportunities.
Discuss the SDLC practices used in the industry.
Review the scope and achievability of your SDLC optimization initiatives.
Knowledge of good practices that can improve the effectiveness and efficiency of your SDLC.
Realistic and achievable SDLC optimization roadmap.
3.1 Learn and adopt SDLC good practices.
3.2 Build your optimization roadmap.
Optimization initiatives and target state SDLC practice.
SDLC optimization roadmap, risks and mitigations, and stakeholder communication flow.
Seventy-four percent of organizations do not have a formal process for capturing and retaining knowledge - which, when lost, results in decreased productivity, increased risk, and money out the door.
Successful completion of the IT knowledge transfer project will result in the following outcomes:
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Minimize risk and IT costs resulting from attrition through effective knowledge transfer.
Use this template to document the knowledge transfer stakeholder power map by identifying the stakeholder’s name and role, and identifying their position on the power map.
Use this template to communicate the value and rationale for knowledge transfer to key stakeholders.
Use this tool to identify and assess the knowledge and individual risk of key knowledge holders.
Use this template to track knowledge activities, intended recipients of knowledge, and appropriate transfer tactics for each knowledge source.
Use this template as a starting point for managers to interview knowledge sources to extract information about the type of knowledge the source has.
Use this template as a starting point to build your proposed IT knowledge transfer roadmap presentation to management to obtain formal sign-off and initiate the next steps in the process.
Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.
EXECUTIVE BRIEF
Your Challenge |
Common Obstacles |
Info-Tech’s Approach |
|---|---|---|
Seventy-four percent of organizations do not have a formal process for capturing and retaining knowledge1 which, when lost, results in decreased productivity, increased risk, and money out the door. You need to:
|
|
Our client-tested methodology and project steps allow you to tailor your knowledge transfer plan to any size of organization, across industries. Successful completion of the IT knowledge transfer project will result in the following outcomes:
|
Seventy-four percent of organizations do not have a formal process for capturing and retaining knowledge which, when lost, results in decreased productivity, increased risk, and money out the door.1
Today, the value of an organization has less to do with its fixed assets and more to do with its intangible assets. Intangible assets include patents, research and development, business processes and software, employee training, and employee knowledge and capability.
People (and their knowledge and capabilities) are an organization’s competitive advantage and with the baby boomer retirement looming, organizations need to invest in capturing employee knowledge before the employees leave. Losing employees in key roles without adequate preparation for their departure has a direct impact on the bottom line in terms of disrupted productivity, severed relationships, and missed opportunities.
Knowledge Transfer (KT) is the process and tactics by which intangible assets – expertise, knowledge, and capabilities – are transferred from one stakeholder to another. A well-devised knowledge transfer plan will mitigate the risk of knowledge loss, yet as many as 74%2 of organizations have no formal approach to KT – and it’s costing them money, reputation, and time.
84%of all enterprise value on the S&P 500 is intangibles.3
$31.5 billion lost annually by Fortune 500 companies failing to share knowledge. 1
74% of organizations have no formal process for facilitating knowledge transfer. 2
1 Shedding Light on Knowledge Management, 2004, p. 46
| 1 | Inefficiency due to “reinvention of the wheel.” When older workers leave and don’t effectively transfer their knowledge, younger generations duplicate effort to solve problems and find solutions. |
|---|---|
| 2 | Loss of competitive advantage. What and who you know is a tremendous source of competitive edge. Losing knowledge and/or established client relationships hurts your asset base and stifles growth, especially in terms of proprietary or unique knowledge. |
| 3 | Reduced capacity to innovate. Older workers know what works and what doesn’t, as well as what’s new and what’s not. They can identify the status quo faster, to make way for novel thinking. |
| 4 | Increased vulnerability. One thing that comes with knowledge is a deeper understanding of risk. Losing knowledge can impede your organizational ability to identify, understand, and mitigate risks. You’ll have to learn through experience all over again. |
55-60 |
67% |
78% |
$14k / minute |
|---|---|---|---|
the average age of mainframe workers – making close to 50% of workers over 60.2 |
of Fortune 100 companies still use mainframes3 requiring. specialized skills and knowledge |
of CIOs report mainframe applications will remain a key asset in the next decade.1 |
is the cost of mainframe outages for an average enterprise.1 |
A system failure to a mainframe could be disastrous for organizations that haven’t effectively transferred key knowledge. Now think past the mainframe to key processes, customer/vendor relationships, legal requirements, home grown solutions etc. in your organization.
What would knowledge loss cost you in terms of financial and reputational loss?
Source: 1 Big Tech Problem as Mainframes Outlast Workforce
Source: 2 IT's most wanted: Mainframe programmers
Source: 3The State of the Mainframe, 2022
Insurance organization fails to mitigate risk of employee departure and incurs costly consequences – in the millions
INDUSTRY: Insurance
SOURCE: ITRG Member
Challenge |
Solution |
Results |
|---|---|---|
|
|
|
IT knowledge transfer is a process that, at its most basic level, ensures that essential IT knowledge and capabilities don’t leave the organization – and at its most sophisticated level, drives innovation and customer service by leveraging knowledge assets.
Knowledge Transfer Risks: |
Knowledge Transfer Opportunities: |
|---|---|
|
✗ Increased training and development costs when key stakeholders leave the organization. ✗ Decreased efficiency through long development cycles. ✗ Late projects that tie up IT resources longer than planned, and cost overruns that come out of the IT budget. ✗ Lost relationships with key stakeholders within and outside the organization. ✗ Inconsistent project/task execution, leading to inconsistent outcomes. ✗ IT losing its credibility due to system or project failure from lost information. ✗ Customer dissatisfaction from inconsistent service. |
✓ Mitigated risks and costs from talent leaving the organization. ✓ Business continuity through redundancies preventing service interruptions and project delays. ✓ Operational efficiency through increased productivity by never having to start projects from scratch. ✓ Increased engagement from junior staff through development planning. ✓ Innovation by capitalizing on collective knowledge. ✓ Increased ability to adapt to change and save time-to-market. ✓ IT teams that drive process improvement and improved execution. |
How you build your knowledge transfer roadmap will not change drastically based on the size of your organization; however, the scope of your initiative, tactics you employ, and your communication plan for knowledge transfer may change.
How knowledge transfer projects vary by organization size:
Small Organization |
Medium Organization |
Large Organization |
|
|---|---|---|---|
Project Opportunities |
✓ Project scope is much more manageable. ✓ Communication and planning can be more manageable. ✓ Fewer knowledge sources and receivers can clarify prioritization needs. |
✓ Project scope is more manageable. ✓ Moderate budget for knowledge transfer activities. ✓ Communication and enforcement is easier. |
✓ Budget available to knowledge transfer initiatives. ✓ In-house expertise may be available. |
Project Risks |
✗ Limited resources for the project. ✗ In-house expertise is unlikely. ✗ Knowledge transfer may be informal and not documented. ✗ Limited overlap in responsibilities, resulting in fewer redundancies. |
✗ Limited staff with knowledge transfer experience for the project. ✗ Knowledge assets are less likely to be documented. ✗ Knowledge transfer may be a lower priority and difficult to generate buy-in. |
✗ More staff to manage knowledge transfer for, and much larger scope for the project. ✗ Impact of poor knowledge transfer can result in much higher costs. ✗Geographically dispersed business units make collaboration and communication difficult. ✗ Vast amounts of historical knowledge to capture. |
Explicit |
Tacit |
||
|
|
||
Types of explicit knowledge |
Types of tacit knowledge |
||
Information
|
Process
|
Skills
|
Expertise
|
Examples: reading music, building a bike, knowing the alphabet, watching a YouTube video on karate. |
Examples: playing the piano, riding a bike, reading or speaking a language, earning a black belt in karate. |
||
 |
No formal knowledge transfer program exists; knowledge transfer is ad hoc, or may be conducted through an exit interview only. 74% of organizations are at level 0.1 |
At level one, knowledge transfer is focused around ensuring that high risk, explicit knowledge is covered for all high-risk stakeholders. |
|
Organizations have knowledge transfer plans for all high-risk knowledge to ensure redundancies exist and leverage this to drive process improvements, effectiveness, and employee engagement. |
|
Increase end-user satisfaction and create a knowledge value center by leveraging the collective knowledge to solve repeat customer issues and drive new product innovation. |
I’m an IT Leader who…
Stabilize |
…has witnessed that new employees have recently left or are preparing to leave the organization, and worries that we don’t have their knowledge captured anywhere. …previously had to cut down our IT department, and as a result there is a lack of redundancy for tasks. If someone leaves, we don’t have the information we need to continue operating effectively. …is worried that the IT department has no succession planning in place and that we’re opening ourselves up to risk. |
|---|---|
Proactive |
…feels like we are losing productivity because the same problems are being solved differently multiple times. …worries that different employees have unique knowledge which is critical to performance and that they are the only ones who know about it. …has noticed that the processes people are using are different from the ones that are written down. …feels like the IT department is constantly starting projects from scratch, and employees aren’t leveraging each other’s information, which is causing inefficiencies. …feels like new employees take too long to get up to speed. …knows that we have undocumented systems and more are being built each day. |
Knowledge Culture |
…feels like we’re losing out on opportunities to innovate because we’re not sharing information, learning from others’ mistakes, or capitalizing on their successes. …notices that staff don’t have a platform to share information on a regular basis, and believes if we brought that information together, we would be able to improve customer service and drive product innovation. …wants to create a culture where employees are valued for their competencies and motivated to learn. …values knowledge and the contributions of my team. |
This blueprint can help you build a roadmap to resolve each of these pain points. However, not all organizations need to have a knowledge culture. In the next section, we will walk you through the steps of selecting your target maturity model based on your knowledge goals.
INDUSTRY: Electronics Engineering
SOURCE: KM Best Practices
Challenge | Solution | Results |
|---|---|---|
|
|
|
The Info-Tech difference:
Project outcomes |
1. Approval for IT knowledge transfer project obtained |
2. Knowledge and stakeholder risks identified |
3. Tactics for individuals’ knowledge transfer identified |
4. Knowledge transfer roadmap built |
5. Knowledge transfer roadmap approved |
|---|---|---|---|---|---|
Info-Tech tools and templates to help you complete your project deliverables |
Project Stakeholder Register Template |
IT Knowledge Transfer Risk Assessment Tool |
IT Knowledge Identification Interview Guide Template |
Project Planning and Monitoring Tool |
IT Knowledge Transfer Roadmap Presentation Template |
IT Knowledge Transfer Project Charter Template |
IT Knowledge Transfer Plan Template |
||||
Your completed project deliverables |
IT Knowledge Transfer Plans |
IT Knowledge Transfer Roadmap Presentation |
|||
IT Knowledge Transfer Roadmap |
|||||
1. Initiate |
2. Design |
3. Implement |
|
|---|---|---|---|
Phase Steps |
|
|
|
Phase Outcomes |
|
|
|
Each step of this blueprint is accompanied by supporting deliverables to help you accomplish your goals:
IT Knowledge Transfer Project Charter Establish a clear project scope, decision rights, and executive sponsorship for the project. |
 |
IT Knowledge Transfer Risk Assessment Tool Identify and assess the knowledge and individual risk of key knowledge holders. |
 |
IT Knowledge Identification Interview Guide Extract information about the type of knowledge sources have. |
 |
IT Knowledge Transfer Roadmap Presentation Communicate IT knowledge transfer recommendations to stakeholders to gain buy-in. |
 |
IT Knowledge Transfer Plan
Track knowledge activities, intended recipients, and appropriate transfer tactics for each knowledge source.
IT Benefits |
Business Benefits |
|
|
“ Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful.”
“Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track.”
“We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place.”
“Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project.”
| Phase 1 | Phase 2 | Phase 3 |
|---|---|---|
Call #1: Structure the project. Discuss transfer maturity goal and metrics. |
Call #2: Build knowledge transfer plans. Call #3: Identify priorities & review risk assessment tool. |
Call #4: Build knowledge transfer roadmap. Determine logistics of implementation. Call #5: Determine logistics of implementation. |
A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization. A typical GI is five to six calls.
Contact your account representative for more information.
workshops@infotech.com 1-888-670-8889
Day 1 |
Day 2 |
Day 3 |
Day 4 |
Day 5 |
|
|---|---|---|---|---|---|
Define the Current and Target State |
Identify Knowledge Priorities |
Build Knowledge Transfer Plans |
Define the Knowledge Transfer Roadmap |
Next Steps and |
|
Activities |
1.1 Have knowledge transfer fireside chat. 1.2 Identify current and target maturity. 1.3 Identify knowledge transfer metrics 1.4 Identify knowledge transfer project stakeholders |
2.1 Identify your knowledge sources. 2.2 Complete a knowledge risk assessment. 2.3 Identify knowledge sources’ level of knowledge risk. |
3.1 Build an interview guide. 3.2 Interview knowledge holders. |
4.1 Prioritize the sequence of initiatives. 4.2 Complete the project roadmap. 4.3 Prepare communication presentation. |
5.1 Complete in-progress deliverables from previous four days. 5.2 Set up review time for workshop deliverables and to discuss next steps. |
Deliverables |
|
|
|
|
Phase 1 |
Phase 2 |
Phase 3 |
|---|---|---|
1.1 Obtain approval for project 1.2 Identify knowledge and stakeholder risks |
2.1 Build knowledge transfer plans 2.2 Build knowledge transfer roadmap |
3.1 Communicate your roadmap |
This phase will walk you through the following activities:
This phase involves the following participants:
Activities
1.1.1 Hold a Working Session With Key Stakeholders
1.1.2 Conduct a Current and Target State Analysis.
1.1.3 Identify Key Metrics
1.1.4 Identify Your Project Team
1.1.5 Populate an RACI
1.1.6 Build the Project Charter and Obtain Approval
Initiate Your IT Knowledge Transfer Project
The primary goal of this section is to gain a thorough understanding of the reasons why your organization should invest in knowledge transfer and to identify the specific challenges to address.
Outcomes of this step
Organizational benefits and current pain points of knowledge transfer
Don’t build your project charter in a vacuum. Involve key stakeholders to determine the desired knowledge transfer goals, target maturity and KPIs, and ultimately build the project charter.
Building the project charter as a group will help you to clarify your key messages and help secure buy-in from critical stakeholders up-front, which is key.
In order to execute on the knowledge transfer project, you will need significant involvement from your IT leadership team. The trouble is that knowledge transfer can be inherently stressful for employees as it can cause concerns around job security. Members of your IT leadership team will also be individuals who need to participate in knowledge transfer, so get them involved upfront. The working session will help stakeholders feel more engaged in the project, which is pivotal for success.
You may feel like a full project charter isn’t necessary, and depending on your organizational size, it might not be. However, the exercise of building the charter is important regardless. No matter your current climate, some level of socializing the value and plans for knowledge transfer will be necessary.
Meeting Agenda
Led by: Project Sponsor
Led by: Project Manager
Led by: Project Manager
Led by: Project Manager
Led by: Project Manager
Identify the pain points you’re experiencing with knowledge transfer and some of the benefits which you’d like to see from a program to determine the key objectives By doing so, you’ll get a holistic view of what you need to achieve.
Collect this information by:
| Input | Output |
|
|
| Materials | Participants |
|
|
|
|
|
How to determine your current and target state of maturity:
| Input | Output |
|
|
| Materials | Participants |
|
|
Depending on the level of maturity you are trying to achieve, a knowledge transfer project could take weeks, months, or even years. Your maturity level depends on the business goal you would like to achieve, and impacts who and what your roadmap targets.
The maturity levels build on one another; if you start with a project, it is possible to move from a level 0 to a level 1, and once the project is complete, you can advance to a level 2 or 3. However, it’s important to set clear boundaries upfront to limit scope creep, and it’s important to set appropriate expectations for what the project will deliver.
Goal |
Description |
Time to implement |
Benefits |
|
|---|---|---|---|---|
Level 0: Accidental |
Not Prioritized |
|
N/A |
|
Level 1: Stabilize |
Risk Mitigation |
At level one, knowledge transfer is focused around ensuring that redundancies exist for explicit knowledge for:
Your high-risk knowledge is any information which is proprietary, unique, or specialized. High risk stakeholders are those individuals who are at a higher likelihood of departing the organization due to retirement or disengagement. |
0 – 6 months |
|
Goal | Description | Time to implement | Benefits | |
|---|---|---|---|---|
Level 2: Proactive | Operational Efficiency | Level 2 extends Level 1. Once stabilized, you can work on KT initiatives that allow you to be more proactive and cover high risk knowledge that may not be held by those see as high risk individuals. Knowledge transfer plans must exist for ALL high risk knowledge. | 3m – 1yr |
|
Level 3: Knowledge Culture | Drive Innovation Through Knowledge | Level 3 extends Level 2.
| 1-2 years |
|
You need to ensure your knowledge transfer initiatives are having the desired effect and adjust course when necessary. Establishing an upfront list of key performance indicators that will be benchmarked and tracked is a crucial step.
Many organizations overlook the creation of KPIs for knowledge transfer because the benefits are often one step removed from the knowledge transfer itself. However, there are several metrics you can use to measure success.
Hint: Metrics will vary based on your knowledge transfer maturity goals.
Creating KPIs for knowledge transfer is a crucial step that many organizations overlook because the benefits are often one step removed from the knowledge transfer itself. However, there are several qualitative and quantitative metrics you can use to measure success depending on your maturity level goals.
Stabilize
Be Proactive
Promote Knowledge Culture
How to determine knowledge transfer metrics:
| Input | Output |
|
|
| Materials | Participants |
|
|
Determine Project Participants |
Pick a Project Sponsor |
|
|
The project sponsor is the main catalyst for the creation of the roadmap. They will be the one who signs off on the project roadmap. The Project Participants are the key stakeholders in your organization whose input will be pivotal to the creation of the roadmap. The project stakeholders are the senior executives who have a vested interest in knowledge transfer. Following completion of this workshop, you will present your roadmap to these individuals for approval. |
|
How to define the knowledge transfer project team:
Project Stakeholder Register Template
| Input | Output |
|
|
| Materials | Participants |
|
|
If your IT leadership team isn’t on board, you’re in serious trouble! IT leaders will not only be highly involved in the knowledge transfer project, but they also may be participants, so it’s essential that you get their buy-in for the project upfront.
Document the results in the Project Stakeholder Register Template; use this as a guide to help structure your communication with stakeholders based on where they fall on the grid.
How to Manage: |
Focus on increasing these stakeholders’ level of support!
|
 |
Capitalize on champions to drive the project/change.
|
How to Manage: |
How to Manage: |
Pick your battles – focus on your noise makers first, and then move on to your blockers.
|
Leverage this group where possible to help socialize the program and to help encourage dissenters to support.
|
How to Manage: |
Role |
Project Role |
|
|---|---|---|
Required |
CIO |
Will often play the role of project sponsor and should be involved in key decision points. |
IT Managers Directors |
Assist in the identification of high-risk stakeholders and knowledge and will be heavily involved in the development of each transfer plan. |
|
Project Manager |
Should be in charge of leading the development and execution of the project. |
|
Business Analysts |
Responsible for knowledge transfer elicitation analysis and validation for the knowledge transfer project. |
|
Situational |
Technical Lead |
Responsible for solution design where required for knowledge transfer tactics. |
HR |
Will aid in the identification of high-risk stakeholders or help with communication and stakeholder management. |
|
Legal |
Organizations that are subject to knowledge confidentiality, Sarbanes-Oxley, federal rules, etc. may need legal to participate in planning. |
Apps MGR |
Dev. MGR |
Infra MGR |
|
|---|---|---|---|
Build the project charter |
R |
R |
I |
Identify IT stakeholders |
R |
R |
I |
Identify high risk stakeholders |
R |
A | R |
Identify high risk knowledge |
I | C | C |
Validate prioritized stakeholders |
I | C | R |
Interview key stakeholders |
R | R | A |
Identify knowledge transfer tactics for individuals |
C | C | A |
Communicate knowledge transfer goals |
C | R | A |
Build the knowledge transfer roadmap |
C | R | A |
Approve knowledge transfer roadmap |
C | R | C |
How to define RACI for the project team:
Responsible: The one responsible for getting the job done.
Accountable: Only one person can be accountable for each task.
Consulted: Involvement through input of knowledge and information.
Informed: Receiving information about process execution and quality.
| Input | Output |
|
|
| Materials | Participants |
|
|
Build the project charter and obtain sign-off from your project sponsor. Use your organization’s project charter if one exists. If not, customize Info-Tech’s IT Knowledge Transfer Project Charter Template to suit your needs.
Activities
1.2.1 Identify Knowledge Sources
1.2.2 Complete a Knowledge Risk Assessment
1.2.3 Review the Prioritized List of Knowledge Sources
The primary goal of this section is to identify who your primary risk targets are for knowledge transfer.
Outcomes of this step
Throughout this section, we will walk through the following 3 activities in the tool to determine where you need to focus attention for your knowledge transfer roadmap based on knowledge value and likelihood of departure.
1. Identify Knowledge Sources
Create a list of knowledge sources for whom you will be conducting the analysis, and identify which sources currently have a transfer plan in place.
2. Value of Knowledge
Consider the type of knowledge held by each identified knowledge source and determine the level of risk based on the knowledge:
3. Likelihood of Departure
Identify the knowledge source’s risk of leaving the organization based on their:
This tool contains sensitive information. Do not share this tool with knowledge sources. The BA and Project Manager, and potentially the project sponsor, should be the only ones who see the completed tool.
Identify Key Roles
Hold a meeting with your IT Leadership team, or meet with members individually, and ask these questions to identify key roles:
Key roles include:
This step is meant to help speed up and simplify the process for large IT organizations. IT organizations with fewer than 30 people, or organizations looking to build a knowledge culture, can opt to skip this step and include all members of the IT team. This way, everyone is considered and you can prioritize accordingly.
| Input | Output |
|
|
| Materials | Participants |
|
|
Legend:
1. Document knowledge source information (name, department, and manager).
2. Select the current state of knowledge transfer plans for each knowledge source.
Once you have identified key roles, conduct a sanity check and ask – “did we miss anybody?” For example:
Municipal government learns the importance of thorough knowledge source identification after losing key stakeholder
INDUSTRY: Government
Challenge |
Solution |
Results |
|
|
|
Risk Parameter | Description | How to Collect this Data: |
Age Cohort |
| For those people on your shortlist, pull some hard demographic data. Compile a report that breaks down employees into age-based demographic groups. Flag those over the age of 50 – they’re in the “retirement zone” and could decide to leave at any time. Check to see which stakeholders identified fall into the “over 50” age demographic. Document this information in the IT Knowledge Transfer Risk Assessment Tool. |
150% of an employee’s base salary and benefits is the estimated cost of turnover according to The Society of Human Resource Professionals.1
1McLean & Company, Make the Case for Employee Engagement
Risk Parameter | Description | How to Collect this Data: |
Engagement | An engaged stakeholder is energized and passionate about their work, leading them to exert discretionary effort to drive organizational performance (lowest risk). An almost engaged stakeholder is generally passionate about their work. At times they exert discretionary effort to help achieve organizational goals. Indifferent employees are satisfied, comfortable, and generally able to meet minimum expectations. They see their work as “just a job,” prioritizing their needs before organizational goals. Disengaged employees have little interest in their job and the organization and often display negative attitudes (highest risk). | Option 1: The optimal approach for determining employee engagement is through an engagement survey. See McLean & Company for more details. Option 2: Ask the identified stakeholder’s manager to provide an assessment of their engagement either independently or via a meeting. |
Engaged employees are five times more likely than disengaged employees to agree that they are committed to their organization.1
1Source: McLean & Company, N = 13683
Risk Parameter | Description | How to Collect this Data: |
Criticality | Roles that are critical to the continuation of business and cannot be left vacant without risking business operations. Would the role, if vacant, create system, function, or process failure for the organization? | Option 1: (preferred) Meet with IT managers/directors over the phone or directly and review each of the identified reports to determine the risk. Option 2: Send the IT mangers/directors the list of their direct reports, and ask them to evaluate their knowledge type risk independently and return the information to you. Option 3: (if necessary) Review individual job descriptions independently, and use your judgment to come up with a rating for each. Send the assessment to the stakeholders’ managers for validation. |
Availability | Refers to level of redundancy both within and outside of the organization. Information which is highly available is considered lower risk. Key questions to consider include: does this individual have specialized, unique, or proprietary expertise? Are there internal redundancies? |
Complete a Tab 3 assessment for each of your identified Knowledge Sources. The Knowledge Source tab will pre-populate with information from Tab 2 of the tool. For each knowledge source, you will determine their likelihood of departure and degree of knowledge risk.
Likelihood of departure:
Degree of knowledge risk is based on:
| Input | Output |
|
|
| Materials | Participants |
|
|
Knowledge sources have been separated into the three maturity levels (Stabilize, Proactive, and Knowledge Culture) and prioritized within each level.
Focus first on your stabilize groups, and based on your target maturity goal, move on to your proactive and knowledge culture groups respectively.
Sequential Prioritization Orange line Level 1: Stabilize Blue Line Level 2: Proactive Green Line Level 3: Knowledge Culture |
Each pie chart indicates which of the stakeholders in that risk column currently has knowledge transfer plans. |
Each individual also has their own status ball on whether they currently have a knowledge transfer plan. |
Identify knowledge sources to focus on for the knowledge transfer roadmap. Review the IT Knowledge Transfer Map on Tab 5 to determine where to focus your knowledge transfer efforts
| Input | Output |
|
|
| Materials | Participants |
|
|
Phase 1 |
Phase 2 |
Phase 3 |
|---|---|---|
1.1 Obtain approval for project 1.2 Identify knowledge and stakeholder risks |
2.1 Build knowledge transfer plans 2.2 Build knowledge transfer roadmap |
3.1 Communicate your roadmap |
This phase will walk you through the following activities:
This phase involves the following participants:
Define what knowledge needs to be transferred |
Each knowledge source has unique information which needs to be transferred. Chances are you don’t know what you don’t know. The first step is therefore to interview knowledge sources to find out. |
Identify the knowledge receiver |
Depending on who the information is going to, the knowledge transfer tactic you employ will differ. Before deciding on the knowledge receiver and tactic, consider three key factors:
|
Identify which knowledge transfer tactics you will use for each knowledge asset |
Not all tactics are good in every situation. Always keep the “knowledge type” (information, process, skills, and expertise), knowledge sources’ engagement level, and the knowledge receiver in mind as you select tactics. |
This tool is built to accommodate up to 30 knowledge items; Info-Tech recommends focusing on the top 10-15 items.
These steps should be completed by the BA or IT Manager. The BA is helpful to have around because they can learn about the tactics and answer any questions about the tactics that the managers might have when completing the template.
Activities
2.1.1 Interview Knowledge Sources to Uncover Key Knowledge Items
2.1.2 Identify When to use Knowledge Transfer Tactics
2.1.3 Build Individual Knowledge Transfer Plans
The primary goal of this section is to build an interview guide and interview knowledge sources to identify key knowledge assets.
Outcomes of this step
The first step is for managers to interview knowledge sources in order to extract information about the type of knowledge the source has.
Meet with the knowledge sources and work with them to identify essential knowledge. Use the following questions as guidance:
| Input | Output |
|
|
| Materials | Participants |
|
|
| Input | Output |
|
|
| Materials | Participants |
|
|
Interviews provide an opportunity to meet one-on-one with key stakeholders to document key knowledge assets. Interviews can be used for explicit and tacit information, and in particular, capture processes, rules, coding information, best practices, etc.
Knowledge Types Information Process Skills Expertise | Dependencies Training: Minimal Technology Support: N/A Process Development: Minimal Duration: Annual | Participants Business analysts Knowledge source | Materials Interview guide Notepad Pen |
Business process mapping refers to building a flow chart diagram of the sequence of actions which defines what a business does. The flow chart defines exactly what a process does and the specific succession of steps including all inputs, outputs, flows, and linkages. Process maps are a powerful tool to frame requirements in the context of the complete solution.
Benefits:
How to get started:
Knowledge Types Information Process Skills Expertise | Dependencies Training: Minimal Technology Support: N/A Process Development: Minimal Duration: Annual | Participants Business analysts Knowledge source | Materials Whiteboard / flip-chart paper Marker |
Use case diagrams are a common transfer tactic where the BA maps out step-by-step how an employee completes a project or uses a system. Use cases show what a system or project does rather than how it does it. Use cases are frequently used by product managers and developers.
Benefits:
How to get started:
Knowledge Types Information Process Skills Expertise | Dependencies Training: Minimal Technology Support: N/A Process Development: Minimal Duration: Annual | Participants Business analysts Knowledge source | Materials Whiteboard / flip-chart paper Marker |
Job shadowing is a working arrangement where the “knowledge receiver” learns how to do a job by observing an experienced employee complete key tasks throughout their normal workday.
Benefits:
How to get started:
Knowledge Types Information Process Skills Expertise | Dependencies Training: Required Technology Support: N/A Process Development:Required Duration:Ongoing | Participants BA IT manager Knowledge source and receiver | Materials N/A |
Meeting or workshop where peers from different teams share their experiences and knowledge with individuals or teams that require help with a specific challenge or problem.
Benefits:
How to get started:
Knowledge Types Information Process Skills Expertise | Dependencies Training: Minimal Technology Support: N/A Process Development:Required Duration:Ongoing | Participants Knowledge sources Knowledge receiver BA to build a skill repository | Materials Intranet |
A half- to full-day exercise where an outgoing leader facilitates a knowledge transfer of key insights they have learned along the way and any high-profile knowledge they may have.
Benefits:
How to get started:
Knowledge Types Information Process Skills Expertise | Dependencies Training: Required Technology Support: Some Process Development: Some Duration:Ongoing | Participants IT leader Incoming IT team Key stakeholders | Materials Meeting space Video conferencing (as needed) |
Action Review is a team-based discussion at the end of a project or step to review how the activity went and what can be done differently next time. It is ideal for transferring expertise and skills.
Benefits:
How to get started:
Knowledge Types Information Process Skills Expertise | Dependencies Training:Minimal Technology Support: Minimal Process Development: Some Duration:Ongoing | Participants IT unit/group Any related IT stakeholder impacted by or involved in a project. | Materials Meeting space Video conferencing (as needed) |
Mentoring can be a formal program where management sets schedules and expectations. It can also be informal through an environment for open dialogue where staff is encouraged to seek advice and guidance, and to share their knowledge with more novice members of the organization.
Benefits:
How to get started:
Creating a mentorship program is a full project in itself. For full details on how to set up a mentorship program, see McLean & Company’s Build a Mentoring Program.
Knowledge Types Information Process Skills Expertise | Dependencies Training: Required Technology Support: N/a Process Development:Required Duration:Ongoing | Participants IT unit/group | Materials Meeting space Video conferencing (as needed) Documentation |
Knowledge sources use anecdotal examples to highlight a specific point and pass on information, experience, and ideas through narrative.
Benefits:
How to get started:
Knowledge Types Information Process Skills Expertise | Dependencies Training: Required Technology Support: Some Process Development:Required Duration:Ongoing | Participants Knowledge source Knowledge receiver Videographer (where applicable) | Materials Meeting space Video conferencing (as needed) Documentation |
Job share exists when at least two people share the knowledge and responsibilities of two job roles.
Benefits:
How to get started:
Knowledge Types Information Process Skills Expertise | Dependencies Training: Some Technology Support: Minimal Process Development:Required Duration:Ongoing | Participants IT manager HR Employees | Materials Job descriptions |
Communities of practice are working groups of individuals who engage in a process of regularly sharing information with each other across different parts of the organization by focusing on common purpose and working practices. These groups meet on a regular basis to work together on problem solving, to gain information, ask for help and assets, and share opinions and best practices.
Benefits:
How to get started:
Knowledge Types Information Process Skills Expertise | Dependencies Training:Required Technology Support: Required Process Development:Required Duration:Ongoing | Participants Employees BA (to assist in establishing) IT managers (rewards and recognition) | Materials TBD |
This table shows the relative strengths and weaknesses of each knowledge transfer tactic compared to four different knowledge types.
Not all techniques are effective for types of knowledge; it is important to use a healthy mixture of techniques to optimize effectiveness.
Very strong = Very effective
Strong = Effective
Medium = Somewhat effective
Weak = Minimally effective
Very weak = Not effective
Knowledge Type | ||||
Tactic | Explicit | Tacit | ||
Information | Process | Skills | Expertise | |
Interviews | Very strong | Strong | Strong | Strong |
Process mapping | Medium | Very strong | Very weak | Very weak |
Use cases | Medium | Very strong | Very weak | Very weak |
Job shadow | Very weak | Medium | Very strong | Very strong |
Peer assist | Strong | Medium | Very strong | Very strong |
Action review | Medium | Medium | Strong | Weak |
Mentoring | Weak | Weak | Strong | Very strong |
Transition workshop | Strong | Strong | Strong | Strong |
Story telling | Weak | Weak | Strong | Very strong |
Job share | Weak | Weak | Very strong | Very strong |
Communities of practice | Strong | Weak | Very strong | Very strong |
Level of Engagement | ||
Tactic | Disengaged/ Indifferent | Almost Engaged - Engaged |
Interviews | Yes | Yes |
Process mapping | Yes | Yes |
Use cases | Yes | Yes |
Job shadow | No | Yes |
Peer assist | Yes | Yes |
Action review | Yes | Yes |
Mentoring | No | Yes |
Transition workshop | Yes | Yes |
Story telling | No | Yes |
Job share | Maybe | Yes |
Communities of practice | Maybe | Yes |
When considering which tactics to employ, it’s important to consider the knowledge holder’s level of engagement. Employees whom you would identify as being disengaged may not make good candidates for job shadowing, mentoring, or other tactics where they are required to do additional work or are asked to influence others.
Knowledge transfer can be controversial for all employees as it can cause feelings of job insecurity. It’s essential that motivations for knowledge transfer are communicated effectively.
Pay particular attention to your communication style with disengaged and indifferent employees, communicate frequently, and tie communication back to what’s in it for them.
Putting disengaged employees in a position where they are mentoring others can be a risk. Their negativity could influence others not to participate as well or negate the work you’re doing to create a positive knowledge sharing culture.
There is a wide variety of different collaboration tools available to enable interpersonal and team connections for work-related purposes. Familiarize yourself with all types of collaboration tools to understand what is available to help facilitate knowledge transfer.
Collaboration Tools |
|||
Content Management |
Real Time Communication |
Community Collaboration |
Social Collaboration |
Tools for collaborating around documents. They store content and allow for easy sharing and editing, e.g. content repositories and version control. Can be used for:
|
Tools that enable real-time employee interactions. They permit “on-demand” workplace communication, e.g. IM, video and web conferencing. Can be used for:
|
Tools that allow teams and communities to come together and share ideas or collaborate on projects, e.g. team portals, discussion boards, and ideation tools. Can be used for:
|
Social tools borrow concepts from consumer social media and apply them to the employee-centric context, e.g. employee profiles, activity streams, and microblogging. Can be used for:
|
For more information on Collaboration Tools and how to use them, see Info-Tech’s Establish a Communication and Collaboration System Strategy.
Wherever possible, ask employees about their personal learning styles. It’s likely that a collaborative compromise will have to be struck for knowledge transfer to work well.
We will use the IT Knowledge Transfer Plans as the foundation for building your knowledge transfer roadmap.
The Strength Level column will indicate how well matched the tactic is to the type of knowledge.
| Input | Output |
|
|
| Materials | Participants |
|
|
Activities
2.2.1 Merge Your Knowledge Transfer Plans
2.2.2 Define Knowledge Transfer Initiatives’ Timeframes
The goal of this step is to build the logistics of the knowledge transfer roadmap to prepare to communicate it to key stakeholders.
Outcomes of this step
Depending on the desired state of maturity, the number of initiatives your organization has will vary and there could be a lengthy number of tasks and subtasks required to reach your organization knowledge transfer target state. The best way to plan, organize, and manage all of them is with a project roadmap.
Populate the task column of the Project Planning and Monitoring Tool. See the following slides for more details on how to do this.
Effort by Stakeholder | |||||
Tactic | Business Analyst | IT Manager | Knowledge Holder | Knowledge Receiver | |
| Interviews | Medium | N/A | Low | Low | These tactics require the least amount of effort, especially for organizations that are already using these tactics for a traditional requirements gathering process. |
Process Mapping | Medium | N/A | Low | Low | |
Use Cases | Medium | N/A | Low | Low | |
Job Shadow | Medium | Medium | Medium | Medium | These tactics generally require more involvement from IT management and the BA in tandem for preparation. They will also require ongoing effort for all stakeholders. Stakeholder buy-in is key for success. |
Peer Assist | Medium | Medium | Medium | Medium | |
Action Review | Low | Medium | Medium | Low | |
Mentoring | Medium | High | High | Medium | |
Transition Workshop | Medium | Low | Medium | Low | |
Story Telling | Medium | Medium | Low | Low | |
Job Share | Medium | High | Medium | Medium | |
Communities of Practice | High | Medium | Medium | Medium | |
Implementation Dependencies | |||||
Tactic | Training | Technology Support | Process Development | Duration | |
| Interviews | Minimal | N/A | Minimal | Annual | Start your knowledge transfer project here to get quick wins for explicit knowledge. |
Process Mapping | Minimal | N/A | Minimal | Annual | |
Use Cases | Minimal | N/A | Minimal | Annual | |
Job Shadow | Required | N/A | Required | Ongoing | Don’t change too much too quickly or try to introduce all of the tactics at once. Focus on 1-2 key tactics and spend a significant amount of time upfront building an effective process and rolling it out. Leverage the effectiveness of the initial tactics to push these initiatives forward. |
| Peer Assist | Minimal | N/A | Required | Ongoing | |
| Action Review | Minimal | Minimal | Some | Ongoing | |
| Mentoring | Required | N/A | Required | Ongoing | |
| Transition Workshop | Required | Some | Some | Ongoing | |
| Story Telling | Some | Required | Required | Ongoing | |
| Job Share | Some | Minimal | Required | Ongoing | |
| Communities of Practice | Required | Required | Required | Ongoing | |
| Input | Output |
| |
| Materials | Participants |
|
|
| Input | Output |
|
|
| Materials | Participants |
|
|
Phase 1 | Phase 2 | Phase 3 |
|---|---|---|
1.1 Obtain approval for project 1.2 Identify knowledge and stakeholder risks | 2.1 Build knowledge transfer plans 2.2 Build knowledge transfer roadmap | 3.1 Communicate your roadmap |
This phase will walk you through the following activities:
This phase involves the following participants:
Activities
3.1.1 Prepare IT Knowledge Transfer Roadmap Presentation
The goal of this step is to be ready to communicate the roadmap with the project team, project sponsor, and other key stakeholders.
Outcomes of this step
Obtain approval for the IT Knowledge Transfer Roadmap by customizing Info-Tech’s IT Knowledge Transfer Roadmap Presentation Template designed to effectively convey your key messages. Tailor the template to suit your needs.
It includes:
The support of IT leadership is critical to the success of your roadmap roll-out. Remind them of the project benefits and impact them hard with the risks/pain points.
Know your audience:
| Input | Output |
|
|
| Materials | Participants |
|
|
Babcock, Pamela. “Shedding Light on Knowledge Management.” HR Magazine, 1 May 2004.
King, Rachael. "Big Tech Problem as Mainframes Outlast Workforce." Bloomberg, 3 Aug. 2010. Web.
Krill, Paul. “IT’s Most Wanted: Mainframe Programmers.” IDG Communications, Inc. 1 December 2011.
McLean & Company. “Mitigate the Risk of Baby Boomer Retirement with Scalable Succession Planning.” 7 March 2016.
McLean & Company. “Make the Case For Employee Engagement.” McLean and Company. 27 March 2014.
PwC. “15th Annual Global CEO Survey: Delivering Results Growth and Value in a Volatile World.” PwC, 2012.
Rocket Software, Inc. “Rocket Software 2022 Survey Report: The State of the Mainframe.” Rocket Software, Inc. January 2022. Accessed 30 April 2022.
Ross, Jenna. “Intangible Assets: A Hidden but Crucial Driver of Company Value.” Visual Capitalist, 11 February 2020. Accessed 2 May 2022.
Organizations are joining the wave and adopting machine learning and artificial intelligence (AI) to unlock the value in their data and power their competitive advantage. But to succeed with these complex analytics programs, they need to begin by looking at their data – empowering their people to realize and embrace the valuable insights within the organization’s data.
The key to achieve becoming a data-driven organization is to foster a strong data culture and equip employees with data skills through an organization-wide data literacy program.
Data literacy is critical to the success of digital transformation and AI analytics. Info-Tech’s approach to creating a sustainable and effective data literacy program is recognizing it is:
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Data literacy as part of the data governance strategic program should be launched to all levels of employees that will help your organization bridge the data knowledge gap at all levels of the organization. This research recommends approaches to different learning styles to address data skill needs and helps members create a practical and sustainable data literacy program.
Kick off a data awareness program that explains the fundamental understanding of data and its lifecycle. Explore ways to create or mature the data literacy program with smaller amounts of information on a more frequent basis.
“Digital transformation” and “data driven” are two terms that are inseparable. With organizations accelerating in their digital transformation roadmap implementation, organizations need to invest in developing data skills with their people. Talent is scarce and the demand for data skills is huge, with 70% of employees expected to work heavily with data by 2025. There is no time like the present to launch an organization-wide data literacy program to bridge the data knowledge gap and foster a data-driven culture.
Data literacy training is as important as your cybersecurity training. It impacts all levels of the organization. Data literacy is critical to success with digital transformation and AI analytics.
Principal Advisory Director, Data & Analytics Practice
Info-Tech Research Group
Your ChallengeOrganizations are joining the wave and adopting machine learning (ML) and artificial intelligence (AI) to unlock the value in their data and power their competitive advantage. But to succeed with these complex analytics programs, they need to begin by empowering their people to realize and embrace the valuable insights within the organization’s data. The key to becoming a data-driven organization is to foster a strong data culture and equip people with data skills through an organization-wide data literacy program. |
Common ObstaclesChallenges the data leadership is likely to face as digital transformation initiatives drive intensified competition:
|
Info-Tech's ApproachWe interviewed data leaders and instructors to gather insights about investing in data:
|
By thoughtfully designing a data literacy training program for the audience's own experience, maturity level, and learning style, organizations build the data-driven and engaged culture that helps them to unlock their data's full potential and outperform other organizations.
“Data literacy is the ability to read, work with, analyze, and communicate with data. It's a skill that empowers all levels of workers to ask the right questions of data and machines, build knowledge, make decisions, and communicate meaning to others.” – Qlik, n.d.
Source: Accenture, 2020.
Source: Qlik, 2022.
“[Data debt is] when you have undocumented, unused, incomplete, and inconsistent data,” according to Secoda (2023). “When … data debt is not solved, data teams could risk wasting time managing reports no one uses and producing data that no one understands.”
Signs of data debt when considering investing in data literacy:
of organizations say a backlog of data debt is impacting new data management initiatives.
of organizations say individuals within the business do not trust data insights.
of organizations are unable to become data-driven.
Source: Experian, 2020
Image source: Welocalize, 2020.
Data represents a discrete fact or event without relation to other things (e.g. it is raining). Data is unorganized and not useful on its own.
Information organizes and structures data so that it is meaningful and valuable for a specific purpose (i.e. it answers questions). Information is a refined form of data.
When information is combined with experience and intuition, it results in knowledge. It is our personal map/model of the world.
Knowledge set with context generates insight. We become knowledgeable as a result of reading, researching, and memorizing (i.e. accumulating information).
Wisdom means the ability to make sound judgments. Wisdom synthesizes knowledge and experiences into insights.
Data-driven culture refers to a workplace where decisions are made based on data evidence, not on gut instinct.
Phase Steps |
1. Define Data Literacy Objectives1.1 Understand organization’s needs 1.2 Create vision and objective for data literacy program |
2. Assess Learning Style and Align to Program Design2.1 Create persona and identify audience 2.2 Assess learning style and align to program design 2.3 Determine the right delivery method |
3. Socialize Roadmap and Milestones3.1 Establish a roadmap 3.2 Set key performance metrics and milestones |
Phase Outcomes |
Identify key objectives to establish and grow the data literacy program by articulating the problem and solutions proposed. |
Assess each audience’s learning style and adapt the program to their unique needs. |
Show a roadmap with key performance indicators to track each milestone and tell a data story. |
– Miro Kazakoff, senior lecturer, MIT Sloan, in MIT Sloan School of Management, 2021
By thoughtfully designing a data literacy training program personalized to each audience's maturity level, learning style, and experience, organizations can develop and grow a data-driven culture that unlocks the data's full potential for competitive differentiation.
We can learn a lot from each other. Literacy works both ways – business data stewards learn to “speak data” while IT data custodians understand the business context and value. Everyone should strive to exchange knowledge.
Avoid traditional classroom teaching – create a data literacy program that is learner-centric to allow participants to learn and experiment with data.
Aligning program design to those learning styles will make participants more likely to be receptive to learning a new skill.
A data literacy program isn’t just about data but rather encompasses aspects of business, IT, and data. With executive support and partnership with business, running a data literacy program means that it won’t end up being just another technical training. The program needs to address why, what, how questions.
A lot of programs don’t include the fundamentals. To get data concepts to stick, focus on socializing the data/information/knowledge/wisdom foundation.
Many programs speak in abstract terms. We present case studies and tangible use cases to personalize training to the audience’s world and showcase opportunities enabled through data.
"Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful."
"Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track."
"We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place."
"Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of the project."
Contact your account representative for more information.
workshops@infotech.com 1-888-670-8889
Session 1 | Session 2 | Session 3 | Session 4 | |
Activities | Define Data Literacy Objectives1.1 Review Data Culture Diagnostic results 1.2 Identify business context: business goals, initiatives 1.3 Create vision and objective for data literacy program | Assess Learning Style and Align to Program Design2.1 Identify audience 2.2 Assess learning style and align to program design 2.3 Determine the right delivery method | Build a Data Literacy Roadmap and Milestones3.1 Identify program initiatives and topics 3.2 Determine delivery methods 3.3 Build the data literacy roadmap | Operational Strategy to implement Data Literacy4.1 Identify key performance metrics 4.2 Identify owners and document RACI matrix 4.3 Discuss next steps and wrap up. |
Deliverables |
|
|
|
|
Foster Data-Driven Culture With Data Literacy
Input
|
Output
|
Materials
|
Participants
|
Contact your Info-Tech Account Representative for details on launching a Data Culture Diagnostic.
Input
| Output
|
Materials
| Participants
|
Data collected through Info-Tech’s Data Culture Diagnostic suggests three ways to improve data literacy:
think more can be done to define and document commonly used terms with methods such as a business data glossary.
think they can have a better understanding of the meaning of all data elements that are being captured or managed.
feel that they can have more training in terms of tools as well as on what data is available at the organization.
Source: Info-Tech Research Group's Data Culture Diagnostic, 2022; N=2,652
Start with real business problems in a hands-on format to demonstrate the value of data.
Treat data as a strategic asset to gain insight into our customers for all levels of organization.
"According to Forrester, 91% of organizations find it challenging to improve the use of data insights for decision-making – even though 90% see it as a priority. Why the disconnect? A lack of data literacy."
– Alation, 2020
Info-Tech provides various topics suited for a data literacy program that can accommodate different data skill requirements and encompasses relevant aspects of business, IT, and data.
Use discovery and diagnostics to understand users’ comfort level and maturity with data.
Foster Data-Driven Culture With Data Literacy
feel that training was too long to remember or to apply in their day-to-day work.
find training had insufficient follow-up to help them apply on the job.
Source: Grovo, 2018.
Input
| Output
|
Materials
| Participants
|
IT and data professionals need to understand the business as much as business needs to talk about data. Bidirectional learning and feedback improves the synergy between business and IT.
Choose a data role (e.g. data steward, data owner, data scientist).
Describe the persona based on goals, priorities, tenures, preferred learning style, type of work with data.
Identify data skill and level of skills required.
Tailor your data literacy program to meet your organization’s needs, filling your range of knowledge gaps and catering to different levels of users.
When it comes to rolling out a data literacy program, there is no one-size-fits-all solution. Your data literacy program is intended to spread knowledge throughout your organization. It should target everyone from executive leadership to management to subject matter experts across all functions of the business.
The imaginative learner group likes to engage in feelings and spend time on reflection. This type of learner desires personal meaning and involvement. They focus on personal values for themselves and others and make connections quickly.
For this group of learners, their question is: why should I learn this?
The analytical learner group likes to listen, to think about information, and to come up with ideas. They are interested in acquiring facts and delving into concepts and processes. They can learn effectively and enjoy doing independent research.
For this group of learners, their question is: what should I learn?
The common sense learner group likes thinking and doing. They are satisfied when they can carry out experiments, build and design, and create usability. They like tinkering and applying useful ideas.
For this group of learners, their question is: how should I learn?
The dynamic learner group learns through doing and experiencing. They are continually looking for hidden possibilities and researching ideas to make original adjustments. They learn through trial and error and self-discovery.
For this group of learners, their question is: what if I learn this?
There are four common ways to learn a new skill: by watching, conceptualizing, doing, and experiencing. The following are some suggestions on ways to implement your data literacy program through different delivery methods.
Foster Data-Driven Culture With Data Literacy
For the Gantt chart:
Input
| Output
|
Materials
| Participants
|
Name |
Position |
| Andrea Malick | Advisory Director, Info-Tech Research Group |
| Andy Neill | AVP, Data and Analytics, Chief Enterprise Architect, Info-Tech Research Group |
| Crystal Singh | Research Director, Info-Tech Research Group |
| Imad Jawadi | Senior Manager, Consulting Advisory, Info-Tech Research Group |
| Irina Sedenko | Research Director, Info-Tech Research Group |
| Reddy Doddipalli | Senior Workshop Director, Info-Tech Research Group |
| Sherwick Min | Technical Counselor, Info-Tech Research Group |
| Wayne Cain | Principal Advisory Director, Info-Tech Research Group |
Contact your account representative for more information.
workshops@infotech.com 1-888-670-8889
Session 1 |
Session 2 |
Session 3 |
Session 4 |
|
Activities |
Understand the WHY and Value of Data1.1 Business context, business objectives, and goals 1.2 You and data 1.3 Data journey from data to insights 1.4 Speak data – common terminology |
Learn about the WHAT Through Data Flow2.1 Data creation 2.2 Data ingestion 2.3 Data accumulation 2.4 Data augmentation 2.5 Data delivery 2.6 Data consumption |
Explore the HOW Through Data Visualization Training3.1 Ask the right questions 3.2 Find the top five data elements 3.3 Understand your data 3.4 Present your data story 3.5 Sharing of lessons learned |
Put Them All Together Through Data Governance Awareness4.1 Data governance framework 4.2 Data roles and responsibilities 4.3 Data domain and owners |
Deliverables |
|
|
|
|
Deliver measurable business value.
Key to building and fostering a data-driven culture.
Streamline your data management program with our simplified framework.
About Learning. “4MAT overview.” About Learning., 16 Aug. 2001. Web.
Accenture. “The Human Impact of Data Literacy,” Accenture, 2020. Web.
Anand, Shivani. “IDC Reveals India Data and Content Technologies Predictions for 2022 and onwards; Focus on Data Literacy for an Elevated data Culture.” IDC, 14 Mar. 2022. Web.
Belissent, Jennifer, and Aaron Kalb. “Data Literacy: The Key to Data-Driven Decision Making.” Alation, April 2020. Web.
Brown, Sara. “How to build data literacy in your company.” MIT Sloan School of Management, 9 Feb 2021. Web.
---. “How to build a data-driven company.” MIT Sloan School of Management, 24 Sept. 2020. Web.
Domo. “Data Never Sleeps 9.0.” Domo, 2021. Web.
Dykes, Brent. “Creating A Data-Driven Culture: Why Leading By Example Is Essential.” Forbes, 26 Oct. 2017. Web.
Experian. “10 signs you are sitting on a pile of data debt.” Experian, 2020. Accessed 25 June 2021. Web.
Experian. “2019 Global Data Management Research.” Experian, 2019. Web.
Knight, Michelle. “Data Literacy Trends in 2023: Formalizing Programs.” Dataversity, 3 Jan. 2023. Web.
Ghosh, Paramita. “Data Literacy Skills Every Organization Should Build.” Dataversity, 2 Nov. 2022. Web.
Johnson, A., et al., “How to Build a Strategy in a Digital World,” Compact, 2018, vol. 2. Web.
LifeTrain. “Learning Style Quiz.” EMTrain, Web.
Lambers, E., et al. “How to become data literate and support a data-drive culture.” Compact, 2018, vol. 4. Web.
Marr, Benard. “Why is data literacy important for any business?” Bernard Marr & Co., 16 Aug. 2022. Web.
Marr, Benard. “8 simple ways to enhance your data literacy skills.” Bernard Marr & Co., 16 Aug. 2022. Web/
Mendoza, N.F. “Data literacy: Time to cure data phobia” Tech Republic, 27 Sept. 2022. Web.
Mizrahi, Etai. “How to stay ahead of data debt and downtime?” Secoda, 17 April 2023. Web.
Needham, Mass., “IDC FutureScape: Top 10 Predictions for the Future of Intelligence.” IDC, 5 Dec. 2022. Web.
Paton, J., and M.A.P. op het Veld. “Trusted Analytics.” Compact, 2017, vol. 2. Web.
Qlik. “Data Literacy to be Most In-Demand Skill by 2030 as AI Transforms Global Workplaces.” Qlik., 16 Mar 2022. Web.
Qlik. “What is data literacy?” Qlik, n.d. Web.
Reed, David. Becoming Data Literate. Harriman House Publishing, 1 Sept. 2021. Print.
Salomonsen, Summer. “Grovo’s First-Time Manager Microlearning® Program Will Help Your New Managers Thrive in 2018.” Grovos Blog, 5 Dec. 2018. Web.
Webb, Ryan. “More Than Just Reporting: Uncovering Actionable Insights From Data.” Welocalize, 1 Sept. 2020. Web.
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Read our concise Executive Brief to find out why you should automate testing, review Info-Tech’s methodology, and understand the four ways we can support you in completing this project.
Develop and implement practices that mature your automated testing capabilities.
Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.
Understand the goals of and your vision for your automated testing practice.
Develop your automated testing foundational practices.
Adopt good practices for each test type.
Level set automated testing expectations and objectives.
Learn the key practices needed to mature and streamline your automated testing across all test types.
1.1 Build a foundation.
1.2 Automate your test types.
Automated testing vision, expectations, and metrics
Current state of your automated testing practice
Ownership of the implementation and execution of automated testing foundations
List of practices to introduce automation to for each test type
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Our systematic approach will ensure that the correct procedure for selecting a security outsourcing partner is implemented. This blueprint will help you build and implement your security policy program by following our three-phase methodology: determine what to outsource, select the right MSSP, and manage your MSSP.
This modifiable template is designed to introduce consistency and outline key requirements during the request for proposal phase of selecting an MSSP.
The need for specialized security services is fast becoming a necessity to most organizations. However, resource challenges will always mean that organizations will still have to take practical measures to ensure that the time, quality, and service that they require from outsourcing partners have been carefully crafted and packaged to elicit the right services that cover all their needs and requirements.
Organizations must ensure that security partners are aligned not only with their needs and requirements, but also with the corporate culture. Rather than introducing hindrances to daily operations, security partners must support business goals and protect the organization’s interests at all times.
And as always, outsource only your responsibilities and do not outsource your accountability, as that will cost you in the long run.
Danny Hammond
Research Analyst
Security, Risk, Privacy & Compliance Practice
Info-Tech Research Group
Your ChallengeA lack of high-skill labor increases the cost of internal security, making outsourcing more appealing. A lack of time and resources prevents your organization from being able to enable security internally. Due to a lack of key information on the subject, you are unsure which functions should be outsourced versus which functions should remain in-house. Having 24/7/365 monitoring in-house is not feasible for most firms. There is difficulty measuring the effectiveness of managed security service providers (MSSPs). |
Common ObstaclesInfoSec leaders will struggle to select the right outsourcing partner without knowing what the organization needs, such as:
InfoSec leaders must understand the business environment and their own internal security needs before they can select an outsourcing partner that fits. |
Info-Tech’s ApproachInfo-Tech’s Select a Security Outsourcing Partner takes a multi-faceted approach to the problem that incorporates foundational technical elements, compliance considerations, and supporting processes:
|
Mitigate security risks by developing an end-to-end process that ensures you are outsourcing your responsibilities and not your accountability.
This research is designed to help organizations select an effective security outsourcing partner.
Outsourcing is effective, but only if done right
The problem with selecting an outsourcing partner isn’t a lack of qualified partners, it’s the lack of clarity about an organization's specific security needs.
Source: IBM, 2022 Cost of a Data Breach; N=537.
Determine what responsibilities you can outsource to a service partner. Analyze which responsibilities you should outsource versus keep in-house? Do you require a service partner based on identified responsibilities?
Refine the list of role-based requirements, variables, and features you will require. Use a well-known list of critical security controls as a framework to determine these activities and send out RFPs to pick the best candidate for your organization.
Adopt a program to manage your third-party service security outsourcing. Trust your managed security service providers (MSSP) but verify their results to ensure you get the service level you were promised.
IT/InfoSec BenefitsReduces complexity within the MSSP selection process by highlighting all the key steps to a successful selection program. Introduces a roadmap to clearly educate about the do’s and don’ts of MSSP selection. Reduces costs and efforts related to managing MSSPs and other security partners. |
Business BenefitsAssists with selecting outsourcing partners that are essential to your organization’s objectives. Integrates outsourcing into corporate culture, leveraging organizational requirements while maximizing value of outsourcing. Reduces security outsourcing risk. |
Overarching insight: You can outsource your responsibilities but not your accountability.
Determine what to outsource: Assess your responsibilities to determine which ones you can outsource. It is vital that an understanding of how outsourcing will affect the organization, and what cost savings, if any, to expect from outsourcing is clear in order to generate a list of responsibilities that can/should be outsourced.
Select the right partner: Create a list of variables to evaluate the MSSPs and determine which features are important to you. Evaluate all potential MSSPs and determine which one is right for your organization
Manage your MSSP: Align the MSSP to your organization. Adopt a program to monitor the MSSP which includes a long-term strategy to manage the MSSP.
Identifying security needs and requirements = Effective outsourcing program: Understanding your own security needs and requirements is key. Ensure your RFP covers the entire scope of your requirements; work with your identified partner on updates and adaptation, where necessary; and always monitor alignment to business objectives.
Phase |
Purpose |
Measured Value |
| Determine what to outsource | Understand the value in outsourcing and determining what responsibilities can be outsourced. | Cost of determining what you can/should outsource:
|
| Select the right partner | Select an outsourcing partner that will have the right skill set and solution to identified requirements. | Cost of ranking and selecting your MSSPs:
|
| Manage your third-party service security outsourcing | Use Info-Tech’s methodology and best practices to manage the MSSP to get the best value. | Cost of creating and implementing a metrics program to manage the MSSP:
|
After each Info-Tech experience, we ask our members to quantify the real-time savings, monetary impact, and project improvements our research helped them achieve.
Overall Impact: 8.9 /10
Overall Average Cost Saved: $22,950
Overall Average Days Saved: 9
DIY Toolkit
"Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful."
Guided Implementation
"Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track."
Workshop
"We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place."
Consulting
"Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project."
Provide better end-user device support to a remote workforce:
Approach zero-touch provisioning and patching from the end user’s experience:
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Design the user’s experience and build a vision to direct your zero-touch provisioning project. Update your ITAM practices to reflect the new experience.
Leverage new tools to manage remote endpoints, keep those devices patched, and allow users to get the apps they need to work.
Create a roadmap for migrating to zero-touch provisioning.
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Read our executive brief to understand our approach to SDLC optimization and why we advocate a holistic approach for your company.
This phase helps you understand your business goals and priorities. You will document your current SDLC process and find where the challenges are.
Prioritize your initiatives and formalize them in a roll-out strategy and roadmap. Communicate your plan to all your stakeholders.
By signing an agreement with Gert Taeymans bvba, Client declares that he agrees with the Terms and Conditions referred to hereafter. Terms and conditions on Client's order form or any other similar document shall not be binding upon Gert Taeymans bvba.
The prices, quantities and delivery time stated in any quotation are not binding upon Gert Taeymans bvba. They are commercial estimates only which Gert Taeymans bvba will make reasonable efforts to achieve. Prices quoted in final offers will be valid only for 30 days. All prices are VAT excluded and do not cover expenses, unless otherwise agreed in writing. Gert Taeymans bvba reserves the right to increase a quoted fee in the event that Client requests a variation to the work agreed.
The delivery times stated in any quotation are of an indicative nature and not binding upon Gert Taeymans bvba, unless otherwise agreed in writing. Delivery times will be formulated in working days. In no event shall any delay in delivery be neither cause for cancellation of an order nor entitle Client to any damages.
Amendments or variations of the initial agreement between Client and Gert Taeymans bvba will only be valid when accepted by both parties in writing.
Any complaints concerning the performance of services must be addressed to Gert Taeymans bvba in writing and by registered mail within 7 working days of the date of the performance of the services.
In no event shall any complaint be just cause for non-payment or deferred payment of invoices. Any invoice and the services described therein will be deemed irrevocably accepted by Client if no official protest of non-payment has been sent by Client within 7 working days from the date of the mailing of the invoice.
Client shall pay all invoices of Gert Taeymans bvba within thirty (30) calendar days of the date of invoice unless otherwise agreed in writing by Gert Taeymans bvba. In the event of late payment, Gert Taeymans bvba may charge a monthly interest on the amount outstanding at the rate of two (2) percent with no prior notice of default being required, in which case each commenced month will count as a full month. Any late payment will entitle Gert Taeymans bvba to charge Client a fixed handling fee of 300 EUR. All costs related to the legal enforcement of the payment obligation, including lawyer fees, will be charged to Client.
In no event will Gert Taeymans bvba be liable for damages of any kind, including without limitation, direct, incidental or consequential damages (including, but not limited to, damages for lost profits, business interruption and loss of programs or information) arising out of the use of Gert Taeymans bvba services.
Gert Taeymans bvba collects personal data from Client for the performance of its services and the execution of its contracts. Such personal data can also be used for direct marketing, allowing Gert Taeymans bvba to inform Client of its activities on a regular basis. If Client objects to the employment of its personal data for direct marketing, Client must inform Gert Taeymans bvba on the following address: gert@gerttaeymans.consulting.
Client can consult, correct or amend its personal data by addressing such request to Gert Taeymans bvba by registered mail. Personal data shall in no event be sold, rented or made available to other firms or third parties where not needed for the execution of the contract. Gert Taeymans bvba reserves the right to update and amend its privacy policy from time to time to remain consistent with applicable privacy legislation.
The logo of the Client will be displayed on the Gert Taeymans bvba website, together with a short description of the project/services.
Any changes to Client’s contact information such as addresses, phone numbers or e-mail addresses must be communicated to Gert Taeymans bvba as soon as possible during the project.
Both parties shall maintain strict confidence and shall not disclose to any third party any information or material relating to the other or the other's business, which comes into that party's possession and shall not use such information and material. This provision shall not, however, apply to information or material, which is or becomes public knowledge other than by breach by a party of this clause.
Gert Taeymans bvba has the right at any time to change or modify these terms and conditions at any time without notice.
The agreement shall be exclusively governed by and construed in accordance with the laws of Belgium. The competent courts of Antwerp, Belgium will finally settle any dispute about the validity, the interpretation or the execution of this agreement.
These Terms and Conditions are the only terms and conditions applicable to both parties.
If any provision or provisions of these Terms and Conditions shall be held to be invalid, illegal or unenforceable, such provision shall be enforced to the fullest extent permitted by applicable law, and the validity, legality and enforceability of the remaining provisions shall not in any way be affected or impaired thereby.
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
This phase will walk you through the following activities:
This phase will help you customize Level 1 Project Gates with appropriate roles and responsibilities.
This phase will help you customize Level 2 Project Gates with appropriate roles and responsibilities.
This phase will help you customize Level 3 Project Gates with appropriate roles and responsibilities. It will also help you determine next steps and milestones for the adoption of the new process.
Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.
Understand the role of gating and why we need it.
Determine what projects will follow the gating process and how to classify them.
Establish the role of the project sponsor throughout the entire project lifecycle.
Get stakeholder buy-in for the process.
Ensure there is a standard leveling process to determine size, risk, and complexity of requests.
Engage the project sponsor throughout the portfolio and project processes.
1.1 Project Gating Review
1.2 Establish appropriate project levels
1.3 Define the role of the project sponsor
Project Intake Classification Matrix
Project Sponsor Role Description Template
This phase will help you customize Level 1 Project Gates with appropriate roles and responsibilities.
Create a lightweight project gating process for small projects.
2.1 Review level 1 project gating process
2.2 Determine what gates should be part of your custom level 1 gating process
2.3 Establish required artifacts for each gate
2.4 Define the stakeholder’s roles and responsibilities at each gate
Documented outputs in the Project Gating Strategic Template
This phase will help you customize Level 2 Project Gates with appropriate roles and responsibilities.
Create a heavier project gating process for medium projects.
3.1 Review level 2 project gating process
3.2 Determine what gates should be part of your custom level 2 gating process
3.3 Establish required artifacts for each gate
3.4 Define the stakeholder’s roles and responsibilities at each gate
This phase will help you customize Level 3 Project Gates with appropriate roles and responsibilities.
Come up with a roadmap for the adoption of the new project gating process.
Create a comprehensive project gating process for large projects.
4.1 Review level 3 project gating process
4.2 Determine what gates should be part of your custom level 3 gating process
4.3 Establish required artifacts for each gate
4.4 Define the stakeholder’s roles and responsibilities at each gate
4.5 Determine next steps and milestones for process adoption
Documented outputs in the Project Gating Strategic Template
Documented Project Gating Reference Document for all stakeholders
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Our concise executive brief shows why you should create or refresh your business intelligence (BI) strategy. We'll show you our methodology and the ways we can help you in handling this.
Upon ordering you receive the complete guide with all files zipped.
Understand critical business information and analyze your current business intelligence landscape.
Assess your current maturity level and define the future state.
Create business intelligence focused initiatives for continuous improvement.
When the economy is negatively influenced by factors beyond any organization’s control, the impact can be felt almost immediately on the bottom line. This decline in revenue as a result of a weakening economy will force organizations to reconsider every dollar they spend.
By following our process, we can provide your organization with the direction, tools, and best practices to lay off employees. This will need to be done with careful consideration into your organization’s short- and longer-term strategic goals.
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Understand the most effective cost-cutting solutions and set layoff policies and guidelines.
Develop an objective layoff selection method and plan for the transfer of essential responsibilities.
Plan logistics, training, and a post-layoff plan communication.
Collaborate with necessary departments and deliver layoffs notices.
Plan communications for affected employee groups and monitor organizational performance.
Brilliant little and very amusing way to deal with a scammer.
But do not copy this method as it will actually reveal quite a bit and confirm that your email is valid and active.
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
This storyboard will help you craft a continual improvement register and a workflow to ensure sustained service improvements that fulfill ongoing increases in stakeholder expectations.
Use the Continual Improvement Register and Continual Improvement Workflow to help you brainstorm improvement items, get a better visibility into the items, and plan to execute improvements.
IT managers often learn how to standardize IT services. Where they usually fail is in keeping these improvements sustainable. It’s one thing to build a quality process, but it’s another challenge entirely to keep momentum and know what to do next.
To fill the gap, build a continual improvement plan to continuously increase value for stakeholders. This plan will help connect services, products, and practices with changing business needs.
Without a continual improvement plan, managers may find themselves lost and wonder what’s next. This will lead to misalignment between ongoing and increasingly high stakeholder expectations and your ability to fulfill these requirements.
Build a continual improvement program to engage executives, leaders, and subject matter experts (SMEs) to go beyond break fixes, enable proactive enhancements, and sustain process changes.
|
Mahmoud Ramin, Ph.D.
Senior Research Analyst Infrastructure and Operations Info-Tech Research Group |
Your Challenge
|
Common Obstacles
|
Info-Tech’s Approach
|
Without continual improvement, any process maturity achieved around service quality will not be sustained. Organizations need to put in place an ongoing program to maintain their current maturity and continue to grow and improve by identifying new services and enhancing existing processes.
Purpose of continual improvementThere should be alignment between ongoing improvements of business products and services and management of these products and services. Continual improvement helps service providers adapt to changing environments. No matter how critical the service is to the business, failure to continually improve reduces the service value.
Continual improvement is one of the five elements of ITIL’s Service Value System (SVS). | Continual improvement should be documented in an improvement register to record and manage improvement initiatives.Continual improvement is a proactive approach to service management. It involves measuring the effectiveness and efficiency of people, processes, and technology to:
A continual improvement process helps service management move away from a reactive approach that focuses only on fixing problems as they occur. Info-Tech InsightMake sure the basics are in place before you embark on a continual improvement initiative. |
Encourage end users to provide feedback on service quality.
|
Provide an opportunity to stakeholders to define requirements and raise their concerns. |
Embed continual improvement in all service delivery procedures. |
Turn failures into improvement opportunities rather than contributing to a blame culture. |
Improve practice effectiveness that enhances IT efficiency. |
Improve end-user satisfaction that positively impacts brand reputation. |
Improve operational costs while maintaining a high level of satisfaction. |
Help the business become more proactive by identifying and improving services. |
It’s the responsibility of the organization’s leaders to develop and promote a continual improvement culture. Work with the business unit leads and communicate the benefits of continual improvement to get their buy-in for the practice and achieve the long-term impact.
A well-maintained continual improvement process creates a proper feedback mechanism for the following stakeholder groups:
|
An efficient feedback mechanism should be constructed around the following initiatives:
|
Stakeholders who participate in feedback activities should feel comfortable providing suggestions for improvement.
Work closely with the service desk team to build communication channels to conduct surveys. Avoid formal bureaucratic communications and enforce openness in communicating the value of feedback the stakeholders can provide. |
When conducting feedback activities with users, keep surveys anonymous and ensure users’ information is kept confidential. Make sure everyone else is comfortable providing feedback in a constructive way so that you can seek clarification and create a feedback loop.
| Build a six-step process for your continual improvement plan. Make it a loop, in which each step becomes an input for the next step. | 
|
|
Understand the high-level business objectives to set the vision for continual improvement in a way that will align IT strategies with business strategies. Obtaining a clear picture of your organization’s goals and overall corporate strategy is one of the crucial first steps to continual improvement and will set the stage for the metrics you select. Document your continual improvement program goals and objectives. Knowing what your business is doing and understanding the impact of IT on the business will help you ensure that any metrics you collect will be business focused. Understanding the long-term vision of the business and its appetite for commitment and sponsorship will also inform your IT strategy and continual improvement goals. |
At this stage, you need to visualize improvement, considering your critical success factors.
Critical success factors (CSFs) are higher-level goals or requirements for success, such as improving end-user satisfaction. They’re factors that must be met in order to reach your IT and business strategic vision.
Select key performance indicators (KPIs) that will identify useful information for the initiative: Define KPIs for each CSF. These will usually involve a trend, as an increase or decrease in something. If KPIs already exist for your IT processes, re-evaluate them to assess their relevance to current strategy and redefine if necessary. Selected KPIs should provide a full picture of the health of targeted practice.
KPIs should cover these four vectors of practice performance:
|
|
Examples of key CSFs and KPIs for continual improvement
CSF |
KPI |
| Adopt and maintain an effective approach for continual improvement | Improve stakeholder satisfaction due to implementation of improvement initiatives. |
| Enhance stakeholder awareness about continual improvement plan and initiatives. | |
| Increase continual improvement adoption across the organization. | |
| Commit to effective continual improvement across the business | Improve the return on investment. |
| Increase the impact of the improvement initiatives on process maturity. | |
| Increase the rate of successful improvement initiatives. |
IT goals will help identify the target state, IT capabilities, and the initiatives that will need to be implemented to enable those capabilities. The vision statement is expressed in the present tense. It seeks to articulate the desired role of IT and how IT will be perceived. |
Strong IT vision statements have the following characteristics:
|
| Make sure to allocate continual improvement activities to the available resources and assess the requirement to bring in others to fulfill all tasks.
Brainstorm what steps should be included in a continual improvement program:
|
Match stakeholder skill sets with available resources to ensure continual improvement processes are handled properly. Brainstorm skills specific to the program:
|
The continual improvement activities will only be successful if specific roles and responsibilities are clearly identified.
Depending on available staff and resources, you may be able to have full-time continual improvement roles, or you may include continual improvement activities in individuals’ job descriptions. Each improvement action that you identify should have clear ownership and accountability to ensure that it is completed within the specified timeframe. Roles and responsibilities can be reassigned throughout the continual improvement process. Info-Tech InsightCreate cross-functional teams to improve perspective and not focus on only one small group when trying to problem solve. Having other teams hear and reframe the issue or talk about how they can help to solve issues as a team can create bigger solutions that will help the entire IT team, not just one group. | Consider assigning dedicated continual improvement roles
|
You need to understand the current state of service operations to understand how you can provide value through continual improvement. Give everyone an opportunity to provide feedback on IT services. Use Info-Tech’s End User Satisfaction Survey to define the state of your core IT services. Info-Tech InsightBecome proactive to improve satisfaction. Continual improvement is not only about identifying pain points and improving them. It enables you to proactively identify initiatives for further service improvement using both practice functionality and technology enablement. | Understand the current state of your IT practices Determine the maturity level of your IT areas to help you understand which processes need improvement. Involve the practice team in maturity assessment activities to get ideas and input from them. This will also help you get their buy-in and engagement for improvement. Leverage performance metrics to analyze performance level. Metrics play a key role in understanding what needs improvement. After you implement metrics, have an impact report regularly generated to monitor them. Use problem management to identify root causes for the identified gaps. Potential sources of problems can be:
|
|
A CIR is a document used for recording your action plan from the beginning to the end of the improvement project. If you just sit and plan for improvements without acting on them, nothing will improve. CIR helps you create an action plan and allows you to manage, track, and prioritize improvement suggestions. Consider tracking the following information in your CIR, adjusted to meet the needs of your organization:
|
Populate your register with ideas that come from your first round of assessments and use this document to continually add and track new ideas as they emerge. You can also consider using the register to track the outcomes and benefits of improvement initiatives after they have been completed. |
|
|
Download the Continual Improvement Register template
Input
|
Output
|
Materials
|
Participant
|
4. Prioritize initiativesPrioritization should be transparent and available to stakeholders.Some initiatives are more critical than others to achieve and should be prioritized accordingly. Some improvements require large investments and need an equally large effort, while some are relatively low-cost, low-effort improvements. Focus on low-hanging fruit and prioritize low-cost, low-effort improvements to help the organization with rapid growth. This will also help you get stakeholder buy-in for the rest of your continual improvement program. Prioritize improvement initiatives in your CIR to increase visibility and ensure larger improvement initiatives are done the next cycle. As one improvement cycle ends, the next cycle begins, which allows the continual improvement team to keep pace with changing business requirements. |
|
01 |
Keep the scope of the continual improvement process manageable at the beginning by focusing on a few key areas that you want to improve. |
|
02 |
From your list of proposed improvements, focus on a few of the top pain points and plan to address those. | |
03 |
Choose the right services to improve at the first stage of continual improvement to ensure that the continual improvement process delivers value to the business. |
2-3 hours
Input: List of initiatives for continual improvement
Output: Prioritized list of initiatives
Materials: Continual improvement register, Whiteboard/flip charts, Markers, Laptops
Participants: CIO, IT managers, Project managers, Continual improvement manager
Download the Continual Improvement Register template
Download the Continual Improvement Workflow template
|
||||||
| Make a business case for your action plan | Determine budget for implementing the improvement and move to execution. | Find out how long it takes to build the improvement in the practice. | Confirm the resources and skill sets you require for the improvement. | Communicate the improvement plan across the business for better visibility and for seamless organizational change management, if needed. | Lean into incremental improvements to ensure practice quality is sustained, not temporary. | Put in place an ongoing process to audit, enhance, and sustain the performance of the target practice. |
As part of the continual improvement plan, identify specific actions to be completed, along with ownership for each action.
The continual improvement process must:
|
For each action, identify:
|
Choose timelines:
|
Every organization is unique in terms of its services, processes, strengths, weaknesses, and needs, as well as the expectations of its end users. There is no single action plan that will work for everyone. The improvement plan will vary from organization to organization, but the key elements of the plan (i.e. specific priorities, timelines, targets, and responsibilities) should always be in place.
1. Throughout the improvement process, share information about both the status of the project and the impact of the improvement initiatives.
| 2. The end users should be kept in the loop so they can feel that their contribution is valued.
Info-Tech InsightTo be effective, continual improvement requires open and honest feedback from IT staff. Debriefings work well for capturing information about lessons learned. Break down the debriefings into smaller, individual activities completed within each phase of the project to better capture the large amount of data and lessons learned within that phase. |
|
|
Adjust improvement priority based on updated objectives. Justify the reason. Refer to your CIR to document it.
| Did you get there? Part of the measurement should include a review of CSFs and KPIs determined in step 1 (assess the future state). Some may need to be replaced.
| Outcomes of the continual improvement process should include:
For a guideline to determine a list of metrics, refer to Info-Tech’s blueprints: Info-Tech InsightMake sure you’re measuring the right things and considering all sources of information. Don’t rely on a single or very few metrics. Instead, consider a group of metrics to help you get a better holistic view of improvement initiatives and their impact on IT operations. |
What did you learn?
|
What obstacles prevented you from reaching your target condition?
|
| Info-Tech InsightRegardless of the cause, large differences between the EC and the AC provide great learning opportunities about how to approach change in the future. |
|
|
Think long-term to sustain changesThe continual improvement process is ongoing. When one improvement cycle ends, the next should begin in order to continually measure and evaluate processes.The goal of any framework is steady and continual improvement over time that resets the baseline to the current (and hopefully improved) level at the end of each cycle.Have processes in place to ensure that the improvements made will remain in place after the change is implemented. Each completed cycle is just another step toward your target state.
|
|
Build a Business-Aligned IT Strategy
Success depends on IT initiatives clearly aligned to business goals, IT excellence, and driving technology innovation. |
|
Develop Meaningful Service Metrics
Reinforce service orientation in your IT organization by ensuring your IT metrics generate value-driven resource behavior. |
|
Improve Incident and Problem Management
Rise above firefighter mode with structured incident management to enable effective problem management. |
“Continual Improvement ITIL4 Practice Guide.” AXELOS, 2020. Accessed August 2022.
“5 Tips for Adopting ITIL 4’s Continual Improvement Management Practice.” SysAid, 2021. Accessed August 2022.
Jacob Gillingham. “ITIL Continual Service Improvement And 7-Step Improvement Process” Invensis Global Learning Services, 2022. Accessed August 2022.
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Build a strong foundation for the project to increase the chances of success.
Identify which technologies are specific to certain services.
Determine which technologies underpin the existence of user-facing services.
Document the roles and responsibilities required to deliver each user-facing service.
Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.
Build a foundation to kick off the project.
A carefully selected team of project participants.
Identified stakeholders and metrics.
1.1 Create a communication plan
1.2 Complete the training deck
Project charter
Understanding of the process used to complete the definitions
Determine the technologies that support the user-facing services.
Understanding of what is required to run a service.
2.1 Determine service-specific technology categories
2.2 Identify service-specific technologies
2.3 Determine underpinning technologies
Logical buckets of service-specific technologies makes it easier to identify them
Identified technologies
Identified underpinning services and technologies
Discover the roles and responsibilities required to deliver each user-facing service.
Understanding of what is required to deliver each user-facing service.
3.1 Determine roles required to deliver services based on organizational structure
3.2 Document the services
Mapped responsibilities to each user-facing service
Completed service definition visuals
Create a central hub (database) of all the technical components required to deliver a service.
Single source of information where IT can see what is required to deliver each service.
Ability to leverage the extended catalog to benefit the organization.
4.1 Document all the previous steps in the service definition chart and visual diagrams
4.2 Review service definition with team and subject matter experts
Completed service definition visual diagrams and completed catalog
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Understand the different social media services, their unique value propositions for customer interaction, and the content and timing best practices for each.
Leverage different social media services to create a market coverage model and assign responsibilities.
Conduct an audit to stay on top of changing trends.
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
The Launch the Project phase will walk through completing Info-Tech's project charter template. This phase will help build a balanced project team, create a change message and communication plan, and achieve buy-in from key stakeholders.
The Identify and Define Enterprise Services phase will help to target enterprise services offered by the IT team. They are offered to everyone in the organization, and are grouped together in logical categories for users to access them easily.
After completing this phase, all services IT offers to each LOB or functional group should have been identified. Each group should receive different services and display only these services in the catalog.
Completing the Services Definition Chart will help the business pick which information to include in the catalog. This phase also prepares the catalog to be extended into a technical service catalog through the inclusion of IT-facing fields.
Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.
The purpose of this module is to help engage IT with business decision making.
This module will help build a foundation for the project to begin. The buy-in from key stakeholders is key to having them take onus on the project’s completion.
1.1 Assemble the project team.
1.2 Develop a communication plan.
1.3 Establish metrics for success.
1.4 Complete the project charter.
A list of project members, stakeholders, and a project leader.
A change message, communication strategy, and defined benefits for each user group.
Metrics used to monitor the usefulness of the catalog, both from a performance and monetary perspective.
A completed project charter to engage users in the initiative.
The purpose of this module is to review services which are offered across the entire organization.
A complete list of enterprise services defined from the user’s perspective to help them understand what is available to them.
2.1 Identify enterprise services used by almost everyone across the organization.
2.2 Categorize services into logical groups.
2.3 Define the services from the user’s perspective.
A complete understanding of enterprise services for both IT service providers and business users.
Logical groups for organizing the services in the catalog.
Completed definitions in business language, preferably reviewed by business users.
The purpose of this module is to define the remaining LOB services for business users, and separate them into functional groups.
Business users are not cluttered with LOB definitions that do not pertain to their business activities.
Business users are provided with only relevant IT information.
3.1 Identify the LOBs.
3.2 Determine which one of two methodologies is more suitable.
3.3 Identify LOB services using appropriate methodology.
3.4 Define services from a user perspective.
A structured view of the different functional groups within the business.
An easy to follow process for identifying all services for each LOB.
A list of every service for each LOB.
Completed definitions in business language, preferably reviewed by business users.
The purpose of this module is to guide the client to completing their service record definitions completely.
This module will finalize the deliverable for the client by defining every user-facing service in novice terms.
4.1 Understand the components to each service definition (information fields).
4.2 Pick which information to include in each definition.
4.3 Complete the service definitions.
A selection of information fields to be included in the service catalog.
A selection of information fields to be included in the service catalog.
A completed service record design, ready to be implemented with the right tool.
The catalog defines, documents, and organizes the services that IT delivers to the organization. The catalog also describes the features of the services and how the services are intended to be used.
The user-facing service catalog creates benefits for both the business and IT.
User-friendly, intuitive, and simple overview of the services that IT provides to the business.
The items you would see on the menu at a restaurant are an example of User Facing. The content is relatable and easy to understand.
Series of technical workflows, supporting services, and the technical components that are required to deliver a service.
The recipe book with cooking instructions is an example of Technical Facing. This catalog is intended for the IT teams and is “behind the scene.”
The sum of the people, processes, and technologies required to enable users to achieve a business outcome is a Service.
A service is used directly by the end users and is perceived as a coherent whole.
Business Users →Service = Application & Systems + People & Processes
In other words, put on your user hat and leave behind the technical jargons!
|
|
|
|
23% of IT is still viewed as a cost center. |
47% of business executives believe that business goals are going unsupported by IT. |
92% of IT leaders see the need to prove the business value of IT’s contribution. |
|
How a Service Catalog can help: |
||
|---|---|---|
|
Use the catalog to demonstrate how IT is an integral part of the organization and IT services are essential to achieve business objectives. |
Transform the perception of IT by articulating all the services that are provided through the service catalog in a user-friendly language. Source: Info-Tech Benchmarking and Diagnostic Programs |
Increase IT-business communication and collaboration through the service catalog initiative. Move from technology focused to service-oriented. |
The team must be balanced between representatives from the business and IT.
Communication plan to facilitate input from both sides and gain adoption.
Metrics should reflect the catalog benefits. Look to reduced number of service desk inquiries.
Project charter helps walk you through project preparation.
2.1 Identify the services that are used across the entire organization.
2.2 Users must be able to identify with the service categories.
2.3 Create basic definitions for enterprise services.
3.1 Identify the different lines of business (LOBs) in the organization.
3.2 Understand the differences between our two methodologies for identifying LOB services.
3.3 Use methodology 1 if you have thorough knowledge of the business.
3.4 Use methodology 2 if you only have an IT view of the LOB.
4.1 Understand the different components to each service definition, or the fields in the service record.
4.2 Identify which information to include for each service definition.
4.3 Define each enterprise service according to the information and field properties.
4.3 Define each LOB service according to the information and field properties.
Trying to implement too many services at once can be overwhelming for both IT and the users. You don’t have to define and implement all of your services in one release of the catalog.
Info-Tech recommends implementing services themselves in batches, starting with enterprise, and then grouping LOB services into separate releases. Why? It benefits both IT and business users:
Improve IT’s visibility within the organization by creating a single source of information for all the value creating services IT has to offer. The service catalog helps the business understand the value IT brings to each service, each line of business, and the overall organization.
The service catalog contains information which empowers business users to access IT services and information without the help of IT support staff. The reduction in routine inquiries decreases workload and increases morale within the IT support team, and allows IT to concentrate on providing higher value services.
Service catalog brings more control to your IT environment by reducing shadow IT activities. The service catalog communicates business requests responsively in a language the business users understand, thus eliminating the need for users to seek outside help.
The language of IT is often confusing for the business and the users don’t know what to do when they have a concern. With a user-facing service catalog, business users can access information through a single source of information, and better understand how to request access or receive support for a service through clear, consistent, and business-relevant language.
The service catalog enables users to “self-serve” IT services. Instead of calling the service desk every time an issue occurs, the users can rely on the service catalog for information. This simplified process not only reduces routine service requests, but also provides information in a faster, more efficient manner that increases productivity for both IT and the business.
With every service clearly defined, business users can better understand the current support level, communicate their expectation for IT accountability, and help IT align services with critical business strategies.
A project charter template with a few samples completed. The project charter helps you govern the project progress and responsibilities.
A full list of enterprise definitions with features and descriptions pre-populated. These are meant to get you on your feet defining your own enterprise services, or editing the ones already there.
Similar to the enterprise services deliverable, but with two separate deliverables focusing on different perspectives – functional groups services (e.g. HR and finance) and industry-specific services (e.g. education and government).
Get a taste of a completed service catalog with full service definitions and service record design. This is the final product of the service catalog design once all the steps and activities have been completed.
Need an IT-friendly breakdown of each service?
Keep better record of what technical components are required to deliver a service. The technical service catalog is the IT version of a user-facing catalog.
Want to know how much each IT service is costing you?
Get a better grip on the true cost of IT. Using service-based costing can help justify IT expenses and increase budgetary allotment.
Want to hold each business unit accountable for the IT services they use?
Some business units abuse their IT services because they are thought to be free. Keep them accountable and charge them for what they use.
No matter what size organization you may be, every organization can create a service catalog. Small businesses can benefit from the catalog the same way a large organization can. We have an easy step-by-step methodology to help introduce a catalog to your business.
It is common that users do not know where to go to obtain services from IT… We always end up with a serious time-crunch at the beginning of a new school year. With automated on- and off-boarding services, this could change for the better.
– Dean Obermeyer, Technology Coordinator, Los Alamos Public Schools
As the CIO and the project sponsor, you need to spearhead the development of the service catalog and communicate support to drive engagement and adoption.
The project leader acts on behalf of the CIO and must be a senior level staff member who has extensive knowledge of the organization and experiences marshalling resources.
Developing a service catalog requires dedication from many groups within IT and outside of IT.
The project leader must hold a visible, senior position and can marshal all the necessary resources to ensure the success of the project. Ability to exert impact and influence around both IT and the business is a must.
The user-facing service catalog cannot be successful if business input is not received.
The project leader must leverage his/her existing relationship with the business to test out the service definitions and the service record design.
Creating a service catalog is not an easy job and the project leader must continuously engage the team members to drive results and efficiency.
The highly visible nature of the service catalog means the project leader must produce a high-quality outcome that satisfies the business users.
Municipal Government
The IT department of a large municipal government in the United States provides services to a large number of customers in various government agencies.
Service Catalog Initiative
The municipal government allocated a significant amount of resources to answer routine inquiries that could have been avoided through user self-service. The government also found that they do not organize all the services IT provides, and they could not document and publish them to the customer. The government has already begun the service catalog initiative, but was struggling with how to identify services. Progress was slow because people were arguing amongst themselves – the project team became demoralized and the initiative was on the brink of failure.
Results
With Info-Tech’s onsite support, the government was able to follow a standardized methodology to identify and define services from the user perspective. The government was able to successfully communicate the initiative to the business before the full adoption of the service catalog.
We’re in demos with vendors right now to purchase an ITSM tool, and when the first vendor looked at our finished catalog, they were completely impressed.
- Client Feedback
[We feel] very confident. The group as a whole is pumped up and empowered – they're ready to pounce on it. We plan to stick to the schedule for the next three months, and then review progress/priorities. - Client Feedback
Healthcare Provider
The organization is a healthcare provider in Canada. It treats patients with medical emergencies, standard operations, and manages a faculty of staff ranging from nurses and clerks, to senior doctors. This organization is run across several hospitals, various local clinics, and research centers.
Service Catalog Initiative
Because the organization is publicly funded, it is subject to regular audit requirements – one of which is to have a service catalog in place.
The organization also would like to charge back its clients for IT-related costs. In order to do this, the organization must be able to trace it back to each service. Therefore, the first step would be to create a user-facing service catalog, followed by the technical service catalog, which then allows the organization to do service-based costing and chargeback.
Results
By leveraging Info-Tech’s expertise on the subject, the healthcare provider was able to fast-track its service catalog development and establish the groundwork for chargeback abilities.
"There is always some reticence going in, but none of that was apparent coming out. The group dynamic was very good. [Info-Tech] was able to get that response, and no one around the table was silent.
The [expectation] of the participants was that there was a purpose in doing the workshop. Everybody knew it was for multiple reasons, and everyone had their own accountability/stakes in the development of it. Highly engaged." - Client Feedback
“Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful.”
“Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track.”
“We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place.”
“Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project.”
|
Launch the Project |
Identify Enterprise Services |
Identify Line of Business Services |
Complete Service Definitions |
|
|---|---|---|---|---|
| Best-Practice Toolkit |
1.1 Assemble the project team. 1.2 Develop a communication plan. 1.3 Establish metrics for success. 1.4 Complete the project charter. |
2.1 Identify services available organization-wide. 2.2 Categorize services into logical groups. 2.3 Define the services. |
3.1 Identify different LOBs. 3.2 Pick one of two methodologies. 3.3 Use method to identify LOB services. |
4.1 Learn components to each service definition. 4.2 Pick which information to include in each definition. 4.3 Define each service accordingly. |
| Guided Implementations | Identify the project leader with the appropriate skills.
Assemble a well-rounded project team. Develop a mission statement and change messages. |
Create a comprehensive list of enterprise services that are used across the organization.
Create a categorization scheme that is based on the needs of the business users. |
Walk through the two Info-Tech methodologies and understand which one is applicable. Define LOB services using the appropriate methodology. |
Decide what should be included and what should be kept internal for the service record design. Complete the full service definitions. |
| Onsite Workshop | Phase 1 Results: Clear understanding of project objectives and support obtained from the business. |
Phase 2 Results: Enterprise services defined and categorized. |
Phase 3 Results: LOB services defined based on user perspective. |
Phase 4 Results: Service record designed according to how IT wishes to communicate to the business. |
Contact your account representative or email Workshops@InfoTech.com for more information.
| Workshop Day 1 | Workshop Day 2 | Workshop Day 3 | Workshop Day 4 | |
|---|---|---|---|---|
| Activities | Launch the Project | Identify Enterprise Services | Identify Line of Business Services | Complete Service Definitions |
1.1 Assemble the project team. 1.2 Develop a communication plan. 1.3 Establish metrics for success. 1.4 Complete the project charter. | 2.1 Identify services available organization-wide. 2.2 Categorize services into logical groups. 2.3 Define the services. | 3.1 Identify different LOBs. 3.2 Pick one of two methodologies. 3.3 Use method to identify LOB services. | 4.1 Learn components to each service definition. 4.2 Pick which information to include in each definition. 4.3 Define each service accordingly. | |
| Deliverables |
|
|
|
|
Design & Build a User-Facing Service Catalog
Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.
Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.
| Guided Implementation 1: Launch the project Proposed Time to Completion: 2 weeks |
|
|---|---|
| Step 1.2: Create change messages |
Step 1.2: Create change messages |
|
Start with an analyst kick off call:
|
Review findings with analyst:
|
|
Then complete these activities… |
Then complete these activities… |
|
With these tools & templates: Service Catalog Project Charter |
With these tools & templates: Service Catalog Project Charter |
The following section of slides outline how to effectively use Info-Tech’s sample project charter.
The Project Charter is used to govern the initiative throughout the project. IT should provide the foundation for project communication and monitoring.
It has been pre-populated with information appropriate for Service Catalog projects. Please review this sample text and change, add, or delete information as required.
Building the charter as a group will help you to clarify your key messages and help secure buy-in from critical stakeholders upfront.
You may feel like a full charter isn’t necessary, and depending on your organizational size, it might not be. However, the exercise of building the charter is important none-the-less. No matter your current climate, some elements of communicating the value and plans for implementing the catalog will be necessary.
Use Info-Tech’s Service Catalog Project Charter.
Good mission statements are directive, easy to understand, narrow in focus, and favor substance over vagueness.
While building your mission statement, think about what it is intended to do, i.e. keep the project team engaged and engage others to adopt the service catalog. Included in the project charter’s mission statement section is a brief description of the goals and objectives of the service catalog.
Info-Tech’s project charter contains two sample mission statements, along with additional tips to help you create yours.
Project leader will be the main catalyst for the creation of the catalog. This person is responsible for driving the whole initiative.
IT project participants’ input and business input will be pivotal to the creation of the catalog.
The project stakeholders are the senior executives who have a vested interest in the service catalog. IT must produce periodic and targeted communication to these stakeholders.
Your project team will be a major success factor for your service catalog. Involvement from IT management and the business is a must.
IT Service Desk Manager
Senior Manager/Director of Application
Senior Manager/Director of Infrastructure
Business IT Liaison
Business representatives from different LOBs
Input your project team, their roles, and relevant contact information into your project charter, Section 2.
Obtain explicit buy-in from both IT and business stakeholders.
The stakeholders could be your biggest champions for the service catalog initiative, or they could pull you back significantly. Engage the stakeholders at the start of the project and communicate the benefits of the service catalog to them to gain their approval.
| Stakeholders |
Benefits |
|---|---|
| CIO |
|
|
Manager of Service Desk |
|
|
Senior Manager/Director of Application & Infrastructure |
|
|
Senior Business Executives from Major LOBs |
|
Document a list of stakeholders, their involvement in the process (why they are stakeholders), and their contact information in Section 3.
Spread the word of service catalog implementation. Bring attention to your change message through effective mediums and organizational changes.
The methods of communication (e.g. newsletters, email broadcast, news of the day, automated messages) notify users of implementation.
In addition, it is important to know who will deliver the message (delivery strategy). Talking to the business leaders is very important, and you need IT executives to deliver the message. Work hard on obtaining their support as they are the ones communicating to their staff and could be your project champions.
The communication plan should consist of changes that will affect the way users interact with the catalog. Users should know of any meetings pertinent to the maintenance and improvement of the catalog, and ways to access the catalog (e.g. link on desktop/start menu).
The Qualities of Leadership: Leading Change
Your communication plan should serve as a rough guide. Communication happens in several unpredictable happenstances, but the overall message should be contained within.
One of the top challenges for organizations that are implementing a service catalog is the acceptance and adoption of the change. Effective planning for implementation and communication is pivotal. Ensure you create tailored plans for communication and understand how the change will impact staff.
“Better Service, Better Value.” It is important to have two change messages prepared: one for the IT department and one for business users.
Outline a few of the key benefits each user group will gain from adopting the service catalog (e.g. Faster, ease of use, convenient, consistent…)
Anticipate some resistances of service catalog adoption and prepare responses. These may be the other benefits which were not included in the change message (e.g. IT may be reluctant to think in business language.)
Host lunch & learns to demonstrate the value of the service catalog to both business and IT user groups.
These training sessions also serve as a great way to gather feedback from users regarding style and usability.
Pick your communication medium, and then identify your target audience. You should have a change message for each: the IT department and the business users. Pay careful consideration to wording and phrasing with regard for each.
In order to measure the success of your service catalog, you must establish baseline metrics to determine how much value the catalog is creating for your business.
The number of service catalog requests should be carefully monitored so that it does not fluctuate too greatly. In general, the number of requests via the service catalog should increase, which indicates a higher level of self-serve.
The number of inquiry calls should decrease because customers are able to self-serve routine IT inquiries that would otherwise have gone through the service desk.
The organization could adopt the following sample survey questions:
From 0-5: How satisfied are you with the functionality of the service catalog? How often do you turn to the service catalog first to solve IT problems?
The number of non-standard requests should decrease because a majority of services should eventually be covered in the service catalog. Users should be able to solve nearly any IT related problem through navigating the service catalog.
| Metric Description | Current Metric | Future Goal |
|---|---|---|
| Number of service requests via the Service Catalog | ||
| Number of inquiry calls to the service desk | ||
| Customer Satisfaction – specific question | ||
| Number of non-standard requests |
When measuring against your baseline, you should expect to see the following two monetary improvements:
(# of routine inquiry calls reduced) x (average time for a call) x (average service desk wage)
Routine inquiries often take up a significant portion of the service desk’s effort, and the majority of them can be answered via the service catalog, thus reducing the amount of time required for a service desk employee to engage in routine solutions. The reduction in routine inquiries allows IT to allocate resources to high-value services and provide higher quality of support.
Originally, the service desk of an organization answers 850 inquiries per month, and around 540 of them are routine inquiries requesting information on when a service is available, who they can contact if they want to receive a service, and what they need to do if they want access to a service, etc.
IT successfully communicated the introduction of the service catalog to the business and 3 months after the service catalog was implemented, the number of routine inquiries dropped to 60 per month. Given that the average time for IT to answer the inquiry is 10 minutes (0.167 hour) and the hourly wage of a service desk technician is $25, the monthly monetary cost saving of the service catalog is:
(540 – 60) x 0.167 x 25 = $2004.00
(Average additional cost of non-standard request) x (Reduction of non-standard request)
+
(Extra time IT spends on non-standard request fulfilment) x (Average wage)
Non-standard requests require a lot of time, and often a lot of money. IT frequently incurs additional cost because the business is not aware of how to properly request service or support. Not only can the service catalog standardize and streamline the service request process, it can also help IT define its job boundary and say no to the business if needed.
The IT department of an organization often finds itself dealing with last-minute, frustrating service requests from the business. For example, although equipment requests should be placed a week in advance, the business often requests equipment to be delivered the next day, leaving IT to pay for additional expedited shipping costs and/or working fanatically to allocate the equipment. Typically, these requests happen 4 times a month, with an additional cost of $200.00. IT staff work an extra 6 hours per each non-standard request at an hourly wage of $30.00.
With the service catalog, the users are now aware of the rules that are in place and can submit their request with more ease. IT can also refer the users to the service catalog when a non-standard request occurs, which helps IT to charge the cost to the department or not meet the terms of the business.
The monthly cost saving in this case is:
$200.00 x 4 + 6 hours x 30 = $980.00
The project charter is an important document to govern your project process. Support from the project sponsors is important and must be documented. Complete the following steps working with Info-Tech’s sample Project Charter.
The nature of government IT is quite complex: there are several different agencies located in a number of different areas. It is extremely important to communicate the idea of the service catalog to all the users, no matter the agency or location.
The IT department had yet to let business leaders of the various agencies know about the initiative and garner their support for the project. This has proven to be prohibitive for gaining adoption from all users.
The IT leaders met and identified all the opportunities to communicate the service catalog to the business leaders and end users.
To meet with the business leaders, IT leaders hosted a service level meeting with the business directors and managers. They adopted a steering committee for the continuation of the project.
To communicate with business users, IT leaders published announcements on the intranet website before releasing the catalog there as well.
Because IT communicated the initiative, support from business stakeholders was obtained early and business leaders were on board shortly after.
IT also managed to convince key business stakeholders to become project champions, and leveraged their network to communicate the initiative to their employees.
With this level of adoption, it meant that it was easier for IT to garner business participation in the project and to obtain feedback throughout.
The project received buy-in from the CIO and director of infrastructure. Together they assembled a team and project leader.
The two struggled to get buy-in from the rest of the team, however. They didn’t understand the catalog or its benefits and objectives. They were reluctant to change their old ways. They didn’t know how much work was required from them to accomplish the project.
With the Info-Tech analyst on site, the client was able to discuss the benefits within their team as well as the project team responsibilities.
The Info-Tech analyst convinced the group to move towards focusing on a business- and service-oriented mindset.
The workshop discussion was intended to get the entire team on board and engaged with meeting project objectives.
The project team had experienced full buy-in after the workshop. The CIO and director relived their struggles of getting project members on-board through proper communication and engagement.
Engaging the members of the project team with the discussion was key to having them take ownership in accomplishing the project.
The business users understood that the service catalog was to benefit their long-term IT service development.
| The following are sample activities that will be conducted by Info-Tech analysts with your team: | ||
|---|---|---|
| 1.1 | 
|
Begin your project with a mission statement A strong mission statement that outlines the benefits of the project is needed to communicate the purpose of the project. The onsite Info-Tech analysts will help you customize the message and establish the foundation of the project charter. |
| 1.2 |
|
Identify project team members Our onsite analysts will help you identify high-value team members to contribute to this project. |
| 1.3 |
|
Identify important business and IT stakeholders Buy-in from senior IT and business management is a must. Info-Tech will help you identify the stakeholders and determine their level of influence and impact. |
| 1.4 |
|
Create a change message for the business and IT It is important to communicate changes early and the message must be tailored for each target audience. Our analysts will help you create an effective message by articulating the benefits of the service catalog to the business and to IT. |
| 1.5 |
|
Determine service project metrics To demonstrate the value of the service catalog, IT must come up with tangible metrics. Info-Tech’s analysts will provide some sample metrics as well as facilitate a discussion around which metrics should be tracked and monitored. |
Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.
Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.
| Guided Implementation 2: Define Enterprise Services Proposed Time to Completion: 4 weeks | |
|---|---|
Step 2.1: Identify enterprise services | Step 2.2: Create service categories |
Start with an analyst kick off call:
| Review findings with analyst:
|
Then complete these activities…
| Then complete these activities…
|
With these tools & templates: Service Sample Enterprise Services | With these tools & templates: Sample Enterprise Services |
Documentation of all business-facing IT services is an intimidating task, and a lack of parameters around this process often leads to longer project times and unsatisfactory outcomes.
To streamline this process, separating enterprise services from line of business services allows IT to effectively and efficiently organize these services. This method increases the visibility of the service catalog through user-oriented communication plans.
If you are unsure whether a service is enterprise wide, ask yourself these two questions:
Included with this blueprint is Info-Tech’s Sample Enterprise Services definitions.
The sample contains dozens of services common across most organizations; however, as a whole, they are not complete for every organization. They must be modified according to the business’ needs. Phase two will serve as a guide to identifying an enterprise service as well as how to fill out the necessary fields.
Keep track of which services you either modify or delete. You will have to change the same services in the final Info-Tech deliverable.
The next slide will introduce you to the information for each service record that can be edited.
Below is an example of a service record and its necessary fields of information. This is information that can be kept, deleted, or expanded upon.
|
Name the service unambiguously and from the user’s perspective. |
Brief description of how the service allows users to perform tasks. |
Describe the functionality of the service and how it helps users to achieve their business objectives. |
Cluster the services into logical groups. |
| Service Name | Description | Features | Category |
|---|---|---|---|
| Email communication to connect with other employees, suppliers, and customers |
|
Communications |
Web Conferencing has already been defined as a service. Is Audio Conferencing its own service or a feature of Web Conferencing?
Info-Tech Tip: Is Audio Conferencing run by the same application as the Web Conferencing? Does it use the same equipment? If not, Audio Conferencing is probably its own service.
Web Conferencing has already been defined as a service. Is “Screen Sharing” its own service or a feature of Web Conferencing?
Info-Tech Tip: It depends on how the user interacts with Screen Sharing. Do they only screen share when engaged in a Web Conference? If so, Screen Sharing is a feature and not a service itself.
VoIP is a popular alternative to landline telephone nowadays, but should it be part of the telephony service or a separate service?
Info-Tech Tip: It depends on how the VoIP phone is set up.
If the user uses the VoIP phone the same way they would use a landline phone – because the catalog is user facing – consider the VoIP as part of the telephone service.
If the user uses their computer application to call and receive calls, consider this a separate service on its own.
While there are some best practices for coming up with service definitions, it is not an exact science and you cannot accommodate everyone. When in doubt, think how most users would perceive the service.
You need to be as comprehensive as possible and try to capture the entire breadth of services IT provides to the business.
To achieve this, a three-step process is recommended.
IT Focus Group:
Have your user hat on when documenting service features and descriptions. Try to imagine how the users interact with each service.
Similar to the services and their features, there is no right or wrong way to categorize. The best approach is to do what makes sense for your organization and understand what your users think.
Categories organize services into logical groups that the users can identify with. Services with similar functions are grouped together in a common category.
| Enterprise Service Categories |
|---|
| Accounts and Access |
| Collaboration |
| Communication |
| Connectivity |
| Consulting |
| Desktop, Equipment, & Software |
| Employee Services |
| Files and Documents |
| Help & Support |
| Training |
Sample categories
There is no right or wrong way to categorize services; it is subjective to how they are provided by IT and how they are used by the business. Use the aforementioned categories to group the following services. Sample solutions are provided on the following slide.
| Service Name |
|---|
| Telephone |
| Remote access |
| Internet |
| BYOD (wireless access) |
| Instant Messaging |
| Video Conferencing |
| Audio Conferencing |
| Guest Wi-Fi |
| Document Sharing |
| Example 1 | Example 2 | ||
|---|---|---|---|
|
Desktop, Equipment, & Software Services |
Connectivity |
Mobile Devices |
Communications |
|
Internet |
Telephone |
BYOD (wireless access) |
Telephone |
|
Guest Wi-Fi |
Internet |
|
|
|
Remote Access |
Instant Messaging |
||
|
Video Conferencing |
|||
|
Audio Conferencing |
|||
| Communications |
Collaboration |
Storage and Retrieval |
Accounts and Access |
|
Telephone |
|
Document Sharing |
Remote access |
|
Instant Messaging |
Connectivity |
||
|
Mobile Devices |
Video Conferencing |
Internet | |
|
BYOD (wireless access) |
Audio Conferencing |
Guest Wi-Fi |
|
|
Guest Wi-Fi |
Document Sharing |
||
Services can have multiple categories only if it means the users will be better off. Try to limit this as much as possible.
Neither of these two examples are the correct answer, and no such thing exists. The answers you came up with may well be better suited for the users in your business.
Before you start, you must have a modified list of all defined enterprise services and a modified list of categories.
Because of the breadth of services IT provides across several agencies, it was challenging to identify what was considered enterprise beyond just the basic ones (email, internet, etc.)
IT recognized that although the specific tasks of service could be different, there are many services that are offered universally across the organization and streamlining the service request and delivery process would reduce the burden on IT.
The client began with services that users interact with on a daily basis; this includes email, wireless, telephone, internet, printing, etc.
Then, they focused on common service requests from the users, such as software and hardware provisioning, as well as remote access.
Lastly, they began to think of other IT services that are provided across the organization, such as RFP/RFI support, project management analysis, employee onboarding/off-boarding, etc.
By going through the lists and enterprise categories, the government was able to come up with a comprehensive list of all services IT provides to the business.
Classifying services such as onboarding meant that IT could now standardize IT services for new recruits and employee termination.
By capturing all enterprise services offered to the organization, IT centralized its management of services instead of having scattered request processes.
For some services, the project team had difficulty deciding on what was a service and what was a feature. They found it hard to distinguish between a service with features or multiple services.
For example, the client struggled to define the Wi-Fi services because they had many different user groups and different processes to obtain the service. Patients, visitors, doctors, researchers, and corporate employees all use Wi-Fi, but the service features for each user group were different.
The Info-Tech analyst came on-site and engaged the project team in a discussion around how the users would view the services.
The analyst also provided tips and techniques on identifying services and their features.
Because patients and visitors do not access Wi-Fi or receive support for the service in the same way as clinical or corporate employees, Wi-Fi was separated into two services (one for each user group).
Using the tips and techniques that were provided during the onsite engagement, the project team was able to have a high degree of clarity on how to define the services by articulating who the authorized users are, and how to access the process.
This allowed the group to focus on the users’ perspective and create clear, unambiguous service features so that users could clearly understand eligibility requirements for the service and how to request them.
| The following are sample activities that will be conducted by Info-Tech analysts with your team: | ||
|---|---|---|
| 2.1 | 
|
Understand what enterprise services are The project team must have a clear understanding of what qualifies as an enterprise service. The onsite analysts will also promote a user-oriented mindset so the catalog focuses on business needs. |
| 2.2 | 
|
Identify enterprise services The Info-Tech analysts will provide a list of ready-to-use services and will work with the project team to change, add, and delete service definitions and to customize the service features. |
| 2.3 | 
|
Identify categories for enterprise services The Info-Tech analyst will again emphasize the importance of being service-oriented rather than IT-oriented. This will allow the group to come up with categories that are intuitive to the users. |
Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.
Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.
Guided Implementation 3: Define LOB Services Proposed Time to Completion: 4 weeks | |
|---|---|
Step 3.1: Identify LOB services | Step 3.2: Define LOB services |
Start with an analyst kick off call:
| Review findings with analyst:
|
Then complete these activities…
| Then complete these activities…
|
With these tools & templates: Service LOB Services – Functional Group | With these tools & templates: LOB Services – Functional Group |
Within a business unit, there are user groups that use unique applications and IT services to perform business activities. IT must understand which group is consuming each service to document to their needs and requirements. Only then is it logical to group services into lines of business.
Covering every LOB service is a difficult task. Info-Tech offers two approaches to identifying LOB services, though we recommend working alongside business user groups to have input on how each service is used directly from the users. Doing so makes the job of completing the service catalog easier, and the product more detailed and user friendly.
Some helpful questions to keep in mind when characterizing user groups:
With business user input, you can answer questions as specific as “What requirements are necessary for IT to deliver value to each line of business?” and “What does each LOB need in order to run their operation?”
Business View is the preferred method for IT departments with a better understanding of business operations. This is because they can begin with input from the user, enabling them to more successfully define every service for each user group and LOB.
In addition, IT will also have a chance to work together with the business and this will improve the level of collaboration and communication. However, in order to follow this methodology, IT needs to have a pre-established relationship with the business and can demonstrate their knowledge of business applications.
The IT view begins with considering each business application used within the organization’s lines of business. Start with a broad view, following with a process of narrowing down, and then iterate for each business application.
This process leads to each unique service performed by every application within the business’ LOBs.
The IT view does not necessarily require a substantial amount of information about the business procedures. IT staff are capable of deducing what business users often require to maintain their applications’ functionality.
If you do have knowledge of business operations, using the business view is the better option and the service definition will be more relatable to the users.
For organizations that don’t have established relationships with the business or detailed knowledge of business activities, IT can decompose the application into services. They have more familiarity and comfort with the business applications than with business activities.
It is important to continue after the service is identified because it helps confirm and solidify the names and features. Determining the business activity and the user groups can help you become more user-oriented.
We will illustrate the two methodologies with the same example.
If you have established an ongoing relationship with the business and you are familiar with their business operations, starting with the LOB and user groups will ensure you cover all the services IT provides to the business and create more relatable service names.
If you want to understand what services IT provides to the Sales functional group, and you don’t have comprehensive knowledge of the department, you need to start with the IT perspective.
If you are concerned about the fact that people always associate a service with an application, you can include the application in the service name or description so users can find the service through a search function.
Like categories for enterprise services in Phase Two, LOB services are grouped into functional groups. Functional groups are the components of an organizational chart (HR, Finance, etc.) that are found in a company’s structure.
Functional groups enable a clear view for business users of what services they need, while omitting services that do not apply to them. This does not overwhelm them, and provides them with only relevant information.
To be clear, industry services can be put into functional groups.
Info-Tech provides a few sample industry services (without their functional group) to give an idea of what LOB service is specific to these industries. Try to extrapolate from these examples to create LOB services for your business.
Use Info-Tech’s Sample LOB Services – Functional Group and Sample LOB Services – Industry Specific documents.
Keep track of which services you either modify or delete. You will have to change the same services in the final Info-Tech deliverable.
Only perform this activity if you have a relationship with the business that can enable you to generate business input on service identifications and definitions.
In a group of your project participants, repeat the sequence for each LOB.
Only perform this activity if you cannot generate business input through your relationships, and must begin service definitions with business applications.
In a group of your project participants, repeat the sequence for each application.
→ Optional
Coming up with LOB service definitions is challenging for IT because it requires comprehension of all lines of business within the organization as well as direct interaction with the business users.
After completing the LOB service definitions, IT must talk to the business to ensure all the user groups and business activities are covered and all the features are accurate.
Here are some tips to reviewing your LOB Service Catalog generated content:
Go through the service in batches. Present 5-10 related services to the business first. Start with the service name and then focus on the features.
In the meeting, discuss whether the service features accurately sum up the business activities, or if there are missing key activities. Also discuss whether certain services should be split up into multiple services or combined into one.
There were many users from different LOBs, and IT provided multiple services to all of them. Tracking them and who had access to what was difficult.
IT didn’t understand who provided the services (service owner) and who the customers were (business owner) for some of the services.
After identifying the different Lines of Business, they followed the first approach (Business View) for those that IT had sufficient knowledge of in terms of business operations:
For the LOBs they weren’t familiar with, they used the IT view method, beginning with the application:
Through these two methodologies, IT was able to define services according to how the users both perceive and utilize them.
IT was able to capture all the services it provides to each line of business effectively without too much help from the business representatives.
By capturing all enterprise services offered to the organization, IT centralized its management of services instead of having scattered request processes.
Challenge
The organization uses a major application containing several modules used by different users for various business activities.
The challenge was to break down the application into multiple services in a way that makes sense to the business users. Users should be able to find services specific to them easily.
Therefore, the project team must understand how to map the modules to different services and user groups.
Solution
The project team identified the major lines of business and took various user groups such as nurses and doctors, figured out their daily tasks that require IT services, and mapped each user-facing service to the functionality of the application.
The project team then went back to the application to ensure all the modules and functionalities within the application were accounted for. This helped to ensure that services for all user groups were covered and prepared to be released in the catalog.
Results
Once the project team had come up with a comprehensive list of services for each line of business, they were able to sit with the business and review the services.
IT was also able to use this opportunity to demonstrate all the services it provides. Having all the LOB services demonstrates IT has done its preparation and can show the value they help create for the business in a language the users can understand. The end result was a strengthened relationship between the business and the IT department.
| The following are sample activities that will be conducted by Info-Tech analysts with your team: | ||
|---|---|---|
| 3.1 | 
|
Understand what Line of Business services are The onsite analysts will provide a clear distinction between enterprise services and LOB services. The analysts will also articulate the importance of validating LOB services with the business. |
| 3.2 | 
|
Identify LOB services using the business’ view There are two methods for coming up with LOB services. If IT has comprehensive knowledge of the business, they can identify the services by outlining the user groups and their business activities. |
| 3.3 | 
|
Identify LOB services using IT’s view If IT does not understand the business and cannot obtain business input, Info-Tech’s analysts will present the second method, which allows IT to identify services with more comfortability through business applications/systems. |
| 3.4 | 
|
Categorize the LOB services into functional groups The analysts will help the project team categorize the LOB services based on user groups or functional departments. |
Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.
Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.
Guided Implementation 4: Complete service definitions | |
|---|---|
Step 4.1: Design service record | Step 4.2: Complete service definitions |
Start with an analyst kick off call:
| Review findings with analyst:
|
Then complete these activities…
| Then complete these activities…
|
With these tools & templates: Service Services Definition Chart | With these tools & templates: Services Definition Chart |
Info-Tech has provided a sample Services Definition Chart with standard service definitions and pre-populated fields. It is up to you throughout this step to decide which fields are necessary to your business users, as well as how much detail you wish to include in each of them.
Keep track of which services you either modify or delete. You will have to change the same services in the final Info-Tech deliverable.
The majority of the fields in the service catalog are user facing, which means they must be written in business language that the users can understand.
If there is any confusion or disagreement in filling out the fields, a facilitator is required to lead the working groups in coming up with a definitive answer. If a decision is still not reached, it should be escalated to the decision maker (usually the service owner).
There are IT facing fields that should not be published to the business users – they are for the benefit of IT. For example, you may want to keep Performance Metrics internal to IT until you are ready to discuss it with the business.
If the organization is interested in creating a Technical Service Catalog following this initiative, these fields will provide a helpful starting place for IT to identify the people, process, and technology required to support user-facing services.
It is important for IT-facing fields to be kept internal. If business users are having trouble with a service and the service owner’s name is available to them, they will phone them for support even if they are not the support owner.
When completing the service record, adopt the principle that “Less is More.” Keep it simple and write the service description from the user’s perspective, without IT language. From the list below, pick which fields of information are important to your business users.
What do the users need to access the service quickly and with minimal assistance?
Description: Delivers electronic messages to and from employees.
Features:
Category: Communications
Who is responsible for the delivery of the service and what are their roles?
Service owner → the IT member who is responsible and accountable for the delivery of the service.
Business owner → the business partner of the service owner who ensures the provided service meets business needs.
Service Owner: Manager of Business Solutions
Business Owner: VP of Human Resources
For enterprise services that are used by almost everyone in the organization, the business owner is the CIO.
“Who is authorized to access this service? How do they access it?”
Authorized users → who can access the service.
Request process → how to request access to the service.
Approval requirement/process → what the user needs to have in place before accessing the service.
Authorized Users: All people on site not working for the company
Request Process: Self-Service through website for external visitors
Approval Requirement/Process: N/A
Clearly defining how to access a service saves time and money by decreasing calls to the service desk and getting users up and running faster. The result is higher user productivity.
“Who is authorized to access this service? How do they access it?”
Requirements & pre-requisites → details of what must happen before a service can be provided.
Turnaround time → how much time it will take to grant access to the service.
User responsibility → What the user is expected to do to acquire the service.
Requirements & Pre-requisites: Disclaimer of non-liability and acceptance
Turnaround time: Immediate
User Responsibility: Adhering to policies outlined in the disclaimer
Clearly defining how to access a service saves time and money by decreasing calls to the service desk and getting users up and running faster. The result is higher user productivity.
“When is this service available to users? What service levels can the user expect?”
Support hours → what days/times is this service available to users?
Hours of availability/planned downtime → is there scheduled downtime for maintenance?
Performance metrics → what level of performance can the user expect for this service?
Support Hours: Standard business hours
Hours of Availability/Planned Downtime: Standard business hours; can be agreed to work beyond operating hours either earlier or later
Performance Metrics: N/A
Manage user expectations by clearly documenting and communicating service levels.
“How do I obtain support for this service?”
Support process → what is the process for obtaining support for this service?
Support owner → who can users contact for escalations regarding this service?
Support documentation → where can users find support documentation for this service?
Support Process: Contact help desk or submit a ticket via portal
Support Owner: Manager, client support
Support Documentation: .pdf of how-to guide
Clearly documenting support procedures enables users to get the help they need faster and more efficiently.
“Is there a cost for this service? If so, how much and who is expensing it?”
Internal Cost → do we know the total cost of the service?
Customer Cost → a lot of services are provided without charge to the business; however, certain service requests will be charged to a department’s budget.
Internal Cost: For purposes of audit, new laptops will be expensed to IT.
Customer Cost: Cost to rush order 10 new laptops with retina displays for the graphics team. Charged for extra shipment cost, not for cost of laptop.
Set user expectations by clearly documenting costs associated with a service and how to obtain approval for these costs if required.
This is the final activity to completing the service record design. It has been a long journey to make it here; now, all that is left is completing the fields and transferring information from previous activities.
Don’t forget to delete or bring over the edited LOB and Enterprise services from the phase 2 and 3 deliverables.
Now that you have completed the first run of service definitions, you can go back and complete the rest of the identified services in batches. You should observe increased efficiency and effectiveness in filling out the service definitions.
This blueprint’s purpose is to help you design a service catalog. There are a number of different platforms to build the catalog offered by application vendors. The sophistication of the catalog depends on the size of your business. It may be as simple as an Excel book, or something as complex as a website integrated with your service desk.
There are various levels of maturity to consider when you are thinking about how to deploy your service catalog.
| 1. Website/User Portal | 2. Catalog Module Within ITSM Tool |
3. Homegrown Solution |
|
|---|---|---|---|
|
Prerequisite |
An internet website, or a user portal |
An existing ITSM tool with a built-in service catalog module |
Database development capabilities Website development capabilities |
|
Pros |
Low cost Low effort |
Easy to deploy |
Customized solution tailored for the organization High flexibility regarding how the service catalog is published |
| Cons |
Not aesthetically appealing Lacking sophistication |
Difficult to customize to organization’s needs Limitation on how the service catalog info is published |
High effort High cost |
| → |
→ Maturity Level → |
→ |
The client had collected a lot of good information, but they were not sure about what to include to ensure the users could understand the service clearly.
They were also not sure what to keep internal so the service catalog did not increase IT’s workload. They want to help the business, but not appear as if they are capable of solving everything for everyone immediately. There was a fear of over-commitment.
The government created a Customer Responsibility field for each service, so it was not just IT who was providing solutions. Business users needed to understand what they had to do to receive some services.
The Service Owner and Business Owner fields were also kept internal so users would go through the proper request channel instead of calling Service Owners directly.
Lastly, the Performance Metrics field was kept internal until IT was ready to present service metrics to the business.
The business was provided clarity on their responsibility and what was duly owed to them by IT staff. This established clear boundaries on what was to be expected of IT services projected into the future.
The business users knew what to do and how to obtain the services provided to them. In the meantime, they didn’t feel overwhelmed by the amount of information provided by the service catalog.
There is a lack of clarity and a lack of agreement between the client’s team members regarding the request/approval processes for certain services. This was an indication that there is a level of ambiguity around process. Members were not sure what was the proper way to access a service and could not come up with what to include in the catalog.
Different people from different teams had different ways of accessing services. This could be true for both enterprise and LOB services.
The Info-Tech analyst facilitated a discussion about workflows and business processes.
In particular, the discussion focused around the approval/authorization process, and IT’s workflows required to deliver the service. The Info-Tech analyst on site walked the client through their different processes to determine which one should be included in the catalog.
The discussion brought clarity to the project team around both IT and business process. Using this new information, IT was able to communicate to the business better, and create consistency for IT and the users of the catalog.
The catalog design was a shared space where IT and business users could confer what the due process and responsibilities were from both sides. This increased accountability for both parties.
| The following are sample activities that will be conducted by Info-Tech analysts with your team: | ||
|---|---|---|
| 4.1 | 
|
Determine which fields should be included in the record design The analysts will present the sample service definitions record and facilitate a discussion to customize the service record so unique business needs are captured. |
| 4.2 | 
|
Determine which fields should be kept internal The onsite analysts will explain why certain fields are used but not published. The analysts will help the team determine which fields should be kept internal. |
| 4.3 | 
|
Complete the service definitions The Info-Tech analysts will help the group complete the full service definitions. This exercise will also provide the organization with a clear understanding of IT workflows and business processes. |
Client Project: Design and Build a User-Facing Service Catalog
This project has the ability to fit the following formats:
Establish a Service-Based Costing Model
Develop the right level of service-based costing capability by applying our methodology.
