Develop the Right Message to Engage Buyers

Drive higher open rates, time-on-site, and click-through rates with buyer-relevant messaging.

Analyst Perspective

Develop the right message to engage buyers.

Marketers only have seven seconds to capture a visitor's attention but often don't realize that the space between competitors and their company is that narrow. They often miss the mark on content and create reams of product and company-focused messaging that result in high bounce rates, low page views, low return visits, low conversions, and low click-through rates.

We wouldn't want to sit in a conversation with someone who only speaks about themselves, so why would it be any different when we buy something? Today's marketers must quickly hook their visitors with content that answers the critical question of "What's in it for me?"

Our research finds that leading content marketers craft messaging that lets their audience ”know they know them,” points out what’s in it for them, and includes proof points of promised value. This simple, yet often missed approach, we call Message Mapping, which helps marketers grab a visitor’s initial attention and when applied throughout the customer journey will turn prospects into customers, lifelong buyers, advocates, and referrals.

Terra Higginson Marketing Research Director SoftwareReviews

Executive Summary

SoftwareReviews Insight

Marketing content that identifies the benefit of the product, along with a deep understanding of the buyer pain points, desired value, and benefit proof-points, is a key driver in delivering value to a prospect, thereby increasing marketing metrics such as open rates, time on site, page views, and click-through rates.

Your Challenge

65% of marketers find it challenging to produce engaging content. Globally, B2B SaaS marketers without the ability to consistently produce and activate quality content will experience: High website bounce rates and low time on site Low page views A low percentage of return visitors Low conversions Low open and click-through rates on email campaigns A staggering 60% of marketers find it hard to produce high-quality content consistently and 62% don’t know how to measure the ROI of their campaigns according to OptinMonster. SaaS marketers have an even more difficult job due to the technical nature of content production. Without an easy content development strategy, marketers have an insurmountable task of continually creating interesting content for an audience they don’t understand.

Over 64% of marketers want to learn how to build a better content (Source: OptinMonster, 2021)

Benchmark your content marketing

GrowRevenue, MarketingSherpa, Google Analytics, FirstPageSage, Google Analytics, HubSpot

Leaders will measure content marketing performance against these industry benchmarks. If your content performance falls below these benchmarks, your content architecture may be missing the mark with prospective buyers.

Common flaws in content messaging

Implications of poor content

Benefits of good content

Email & Social Post Example

Use the message mapping architecture to create other types of content.

Insight Summary

Create Content That Matters

Related SoftwareReviews Research

Create a Buyer Persona and Journey Make it easier to market, sell, and achieve product-market fit with deeper buyer understanding. Reduce time and treasure wasted chasing the wrong prospects. Improve product-market fit. Increase open and click-through rates in your lead gen engine. Perform more effective sales discovery and increase eventual win rates.

Diagnose Brand Health to Improve Business Growth Have a significant and well-targeted impact on business success and growth by knowing how your brand performs, identifying areas of improvement, and making data-driven decisions to fix it. Importance of brand is recognized, endorsed, and prioritized. Support and resources allocated. All relevant data and information collected in one place. Ability to make data-driven recommendations and decisions on how to improve.

Build a More Effective Go-to-Market Strategy Creating a compelling Go-to-Market strategy, and keeping it current, is a critical software company function – as important as financial strategy, sales operations, and even corporate business development – given its huge impact on the many drivers of sustainable growth. Align stakeholders on a common vision and execution plan. Build a foundation of buyer and competitive understanding. Deliver a team-aligned launch plan that enables commercial success.

Bibliography

Arakelyan, Artash. “How SaaS Companies Increase Their ROI With Content Marketing.” Clutch.co, 27 July 2018. Accessed July 2022.

Bailyn, Evan. “Average Session Duration: Industry Benchmarks.” FirstPageSage, 16 March 2022. Accessed July 2022.

Burstein, Daniel. “Marketing Research Chart: Average clickthrough rates by industry.” MarketingSherpa, 1 April 2014. Accessed July 2022.

Cahoon, Sam. “Email Open Rates By Industry (& Other Top Email Benchmarks).” HubSpot, 10 June 2021. Accessed July 2022.

Cialdini, Robert. Influence: Science and Practice. 5th ed. Pearson, 29 July 2008. Print.

Cialdini, Robert. Influence: The Psychology of Persuasion. Revised ed. Harper Business, 26 Dec. 2006. Print.

Content Marketing—Statistics, Evidence and Trends.” 1827 Marketing, 7 Jan. 2022. Accessed July 2022.

Devaney, Erik. “Content Mapping 101: The Template You Need to Personalize Your Marketing.” HubSpot, 21 April 2022. Accessed July 2022.

Hiscox Business Insurance. “Growing Your Business--and Protecting It Every Step of the Way.” Inc.com. 25 April 2022. Accessed July 2022.

Hurley Hall, Sharon. “85 Content Marketing Statistics To Make You A Marketing Genius.” OptinMonster, 14 Jan. 2021. Accessed July 2022.

Patel, Neil. “38 Content Marketing Stats That Every Marketer Needs to Know.” NeilPatel.com, 21 Jan. 2016. Web.

Prater, Meg. “SaaS Sales: 7 Tips on Selling Software from a Top SaaS Company.” HubSpot, 9 June 2021. Web.

Polykoff, Dave. “20 SaaS Content Marketing Statistics That Lead to MRR Growth in 2022.” Zenpost blog, 22 July 2022. Web.

Rayson, Steve. “Content, Shares, and Links: Insights from Analyzing 1 Million Articles.” Moz, 8 Sept. 2015. Accessed July 2022.

“SaaS Content Marketing: How to Measure Your SaaS Content’s Performance.” Ken Moo, 9 June 2022. Accessed July 2022.

Taylor Gregory, Emily. “Content marketing challenges and how to overcome them.” Longitude, 14 June 2022. Accessed July 2022.

Visitors Benchmarking Channels. Google Analytics, 2022. Accessed July 2022.

WBR Insights. “Here's How the Relationship Between B2B Buying, Content, and Sales Reps Has Changed.” Worldwide Business Research, 2022. Accessed July 2022.

“What’s a good bounce rate? (Here’s the average bounce rate for websites).” GrowRevenue.io, 24 Feb. 2020. Accessed July 2022.

Security Priorities 2023

How we live post pandemic

Each organization is different, so a generic list of priorities will not be applicable to every organization.

During 2022, ransomware campaigns declined from quarter to quarter due to the collapse of experienced groups. Several smaller groups are developing to recapture the lost ransomware market. However, ransomware is still the most worrying cyber threat.

Also in 2022, people returned to normal activities such as traveling and attending sports or music events but not yet to the office. The reasons behind this trend can be many fold, such as employees perceive that work from home (WFH) has positive productivity effects and time flexibility for employees, especially for those with families with younger children. On the other side of the spectrum, some employers perceive that WFH has negative productivity effects and thus are urging employees to return to the office. However, employers also understand the competition to retain skilled workers is harder. Thus, the trend is to have hybrid work where eligible employees can WFH for a certain portion of their work week.

Besides ransomware and the hybrid work model, in 2022, we saw an evolving threat landscape, regulatory changes, and the potential for a recession by the end of 2023, which can impact how we prioritize cybersecurity this year. Furthermore, organizations are still facing the ongoing issues of insufficient cybersecurity resources and organization modernization.

This report will explore important security trends, the security priorities that stem from these trends, and how to customize these priorities for your organization.

In Q2 2022, the median ransom payment was $36,360 (-51% from Q1 2022), a continuation of a downward trend since Q4 2021 when the ransom payment median was $117,116.
Source: Coveware, 2022

From January until October 2022, hybrid work grew in almost all industries in Canada especially finance, insurance, real estate, rental and leasing (+14.7%), public administration and professional services (+11.8%), and scientific and technical services (+10.8%).
Source: Statistics Canada, Labour Force Survey, October 2022; N=3,701

Hybrid work changes processes and infrastructure

Investment on remote work due to changes in processes and infrastructure

As part of our research process for the 2023 Security Priorities Report, we used the results from our State of Hybrid Work in IT Survey, which collected responses between July 10 and July 29, 2022 (total N=745, with n=518 completed surveys). This survey details what changes in processes and IT infrastructure are likely due to hybrid work.

Process changes to support hybrid work

Survey respondents (n=518) were asked what processes had the highest degree of change in response to supporting hybrid work. Incident management is the #1 result and service request support is #2. This is unsurprising considering that remote work changed how people communicate, how they access company assets, and how they connect to the company network and infrastructure.

Infrastructure changes to support hybrid work

For 2023, we believe that hybrid work will remain. The first driver is that employees still prefer to work remotely for certain days of the week. The second driver is the investment from employers on enabling WFH during the pandemic, such as updated network architecture (44%) and the infrastructure and day-to-day operations (41%) as shown on our survey.

Top cybersecurity concerns and organizational preparedness for them

Concerns may correspond to readiness.

In the Info-Tech Research Group 2023 Trends and Priorities Survey of IT professionals, we asked about cybersecurity concerns and the perception about readiness to meet current and future government legislation regarding cybersecurity requirements.

Cybersecurity issues

Survey respondents were asked how concerned they are about certain cybersecurity issues from 1 (not concerned at all) to 5 (very concerned). The #1 concern was talent shortages. Other issues with similar concerns included cyber risks not on leadership's radar, supply chain risks, and new regulations (n=507).

Cybersecurity legislation readiness

When asked about how confident organizations are about being prepared to meet current and future government legislation regarding cybersecurity requirements, from 1 (not confident at all) to 5 (very confident), the #1 response was 3 (n=499).

Unsurprisingly, the ever-changing government legislation environment in a world emerging from a pandemic and ongoing wars may not give us the highest confidence.

We know the concerns and readiness…

But what is the overall security maturity?

As part of our research process for the 2023 Security Priorities Report, we reviewed results of completed Info-Tech Research Group Security Governance and Management Benchmark diagnostics (N=912). This report details what we see in our clients' security governance maturity. Setting aside the perception on readiness – what are their actual security maturity levels?

Overall, assessed organizations are still scoring low (47%) on Security Culture and Policy and Process Governance. This justifies why most security incidents are still due to gaps in foundational security and security awareness, not lack of advanced controls such as event and incident management (58%).

And how will the potential recession impact security?

Organizations are preparing for recession, but opportunities for growth during recession should be well planned too.

As part of our research process for the 2023 Security Priorities Report, we reviewed the results of the Info-Tech Research Group 2023 Trends and Priorities Survey of IT professionals, which collected responses between August 9 and September 9, 2022 (total N=813 with n=521 completed surveys).

Expected organizational spending on cybersecurity compared to the previous fiscal year

Keeping the same spending is the #1 result and #2 is increasing spending up to 10%. This is a surprising finding considering the survey was conducted after the middle of 2022 and a recession has been predicted since early 2022 (n=489).

Five Security Priorities for 2023

Maintain Secure Hybrid Work

PRIORITY 01

• HOW TO STRATEGICALLY ACQUIRE, RETAIN, OR UPSKILL TALENT TO MAINTAIN SECURE SYSTEMS.

Executive summary

Background

If anything can be learned from COVID-19 pandemic, it is that humans are resilient. We swiftly changed to remote workplaces and adjusted people, processes, and technologies accordingly. We had some hiccups along the way, but overall, we demonstrated that our ability to adjust is amazing.

The pandemic changed how people work and how and where they choose to work, and most people still want a hybrid work model. However, the number of days for hybrid work itself varies. For example, from our survey in July 2022 (n=516), 55.8% of employees have the option of 2-3 days per week to work offsite, 21.0% for 1 day per week, and 17.8% for 4 days per week.

Furthermore, the investment (e.g. on infrastructure and networks) to initiate remote work was huge, and the cost doesn't end there, as we need to maintain the secure remote work infrastructure to facilitate the hybrid work model.

Current situation

Remote work: A 2022 survey by WFH Research (N=16,451) reports that ~14% of full-time employees are fully remote and ~29% are in a hybrid arrangement as of Summer-Fall 2022.

Security workforce shortage: A 2022 survey by Bridewell (N=521) reports that 68% of leaders say it has become harder to recruit the right people, impacting organizational ability to secure and monitor systems.

Confidence in the security practice: A 2022 diagnostic survey by Info-Tech Research Group (N=55) reports that importance may not correspond to confidence; for example, the most important selected cybersecurity area, namely Data Access/Integrity (93.7%), surprisingly has the lowest confidence of the practice (80.5%).

"WFH doubled every 15 years pre-pandemic. The increase in WFH during the pandemic was equal to 30 years of pre-pandemic growth."

Source: National Bureau of Economic Research, 2021

Leaders must do more to increase confidence in the security practice

Importance may not correspond to confidence

As part of our research process for the 2023 Security Priorities Report, we analyzed results from the Info-Tech Research Group diagnostics. This report details what we see in our clients' perceived importance of security and their confidence in existing security practices.

Cybersecurity importance

Cybersecurity importance areas

Confidence in cybersecurity practice

Confidence in cybersecurity practice areas

Diagnostics respondents (N=55) were asked about how important security is to their organization or department. Importance to the overall organization is 2.1 percentage points (pp) higher, but confidence in the organization's overall security is slightly lower (-0.4 pp).

If we break down to security areas, we can see that the most important area, Data Access/Integrity (93.7%), surprisingly has the lowest confidence of the practice: 80.5%. From this data we can conclude that leaders must build a strong cybersecurity workforce to increase confidence in the security practice.

Use this template to explain the priorities you need your stakeholders to know about.

Maintain secure hybrid work plan

Provide a brief value statement for the initiative.

Build a strong cybersecurity workforce to increase confidence in the security practice to facilitate hybrid work.

Initiative Description:

• Description must include what organization will undertake to complete the initiative.
• Review your security strategy for hybrid work.
• Identify skills gaps that hinder the successful execution of the hybrid work security strategy.
• Use the identified skill gaps to define the technical skill requirements for current and future work roles.
• Conduct a skills assessment on your current workforce to identify employee skill gaps.
• Decide whether to train, hire, contract, or outsource each skill gap.
  

Drivers:

List initiative drivers.

• Employees still prefer to WFH for certain days of the week.
• The investment on WFH during pandemic such as updated network architecture and infrastructure and day-to-day operations.
• Tech companies' huge layoffs, e.g. Meta laid off more than 11,000 employees.

Risks:

List initiative risks and impacts.

• Unskilled workers lacking certificates or years of experience who are trained and become skilled workers then quit or are hijacked by competitors.
• Organizational and cultural changes cause friction with work-life balance.
• Increased attack surface of remote/hybrid workforce.

Benefits:

List initiative benefits and align to business benefits or benefits for the stakeholder groups that it impacts.

• Increase perceived productivity by employees and increase retention.
• Increase job satisfaction and work-life balance.
• Hiring talent that has been laid off who are difficult to acquire in normal conditions.

Related Info-Tech Research:

• Close the InfoSec Skills Gap: Develop a Technical Skills Sourcing Plan
• Build an IT Employee Engagement Program
• Build an Information Security Strategy

Recommended Actions

1. Identify skill requirements to maintain secure hybrid work

Review your security strategy for hybrid work.

Determine the skill needs of your security strategy.

2. Identify skill gaps

Identify skills gaps that hinder the successful execution of the hybrid work security strategy.

Use the identified skill gaps to define the technical skill requirements for work roles.

3. Decide whether to build or buy skills

Conduct a skills assessment on your current workforce to identify employee skill gaps.

Decide whether to train, hire, contract, or outsource each skill gap.

Source: Close the InfoSec Skills Gap: Develop a Technical Skills Sourcing Plan, Info-Tech

Secure Organization Modernization

PRIORITY 02

• TRENDS SUGGEST MODERNIZATION SUCH AS DIGITAL
  TRANSFORMATION TO THE CLOUD, OPERATIONAL TECHNOLOGY (OT),
  AND THE INTERNET OF THINGS (IOT) IS RISING; ADDRESSING THE RISK
  OF CONVERGING ENVIRONMENTS CAN NO LONGER BE DEFERRED.

Executive summary

From computerized milk-handling systems in Wisconsin farms, to automated railway systems in Europe, to Ausgrid's Distribution Network Management System (DNMS) in Australia, to smart cities and beyond; system modernization poses unique challenges to cybersecurity.

The threats can be safety, such as the trains stopped in Denmark during the last weekend of October 2022 for several hours due to an attack on a third-party IT service provider; economics, such as a cream cheese production shutdown that occurred at the peak of cream cheese demand in October 2021 due to hackers compromising a large cheese manufacturer's plants and distribution centers; and reliability, such as the significant loss of communication for the Ukrainian military, which relied on Viasat's services.

Despite all the cybersecurity risks, organizations continue modernization plans due to the long-term overall benefits.

Current situation

• Pressure of operational excellence: Competitive markets cannot keep pace with demand without modernization. For example, in automated milking systems, the labor time saved from milking can be used to focus on other essential tasks such as the decision-making process.
• Technology offerings: Technologies are available and affordable such as automated equipment, versatile communication systems, high-performance human machine interaction (HMI), IIoT/Edge integration, and big data analytics.
• Higher risks of cyberattacks: Modernization enlarges attack surfaces, which are not only cyber but also physical systems. Most incidents indicate that attackers gained access through the IT network, which was followed by infiltration into OT networks.

IIoT market size is USD 323.62 billion in 2022 and projected to be around USD 1 trillion in 2028.

Source: Statista,
March 2022

Modernization brings new opportunities and new threats

Higher risks of cyberattacks on Industrial Control System (ICS)

Target: Australian sewage plant. Method: Insider attack. Impact: 265,000 gallons of untreated sewage released.	Target: Middle East energy companies. Method: Shamoon. Impact: Overwritten Windows-based systems files.	Target: German Steel Mill Method: Spear-phishing Impact: Blast furnace control shutdown failure.	Target: Middle East Safety Instrumented System (SIS). Method: TRISIS/TRITON. Impact: Modified safety system ladder logic.	Target: Viasat's KA-SAT Network. Method: AcidRain. Impact: Significant loss of communication for the Ukrainian military, which relied on Viasat's services.
Target: Marconi wireless telegraphs presentation. Method: Morse code. Impact: Fake message sent "Rats, rats, rats, rats. There was a young fellow of Italy, Who diddled the public quite prettily."	Target: Iranian uranium enrichment plant. Method: Stuxnet. Impact: Compromised programmable logic controllers (PLCs).	Target: ICS supply chain. Method: Havex. Impact: Remote Access Trojan (RAT) collected information and uploaded data to command-and-control (C&C) servers.	Target: Ukraine power grid. Method: BlackEnergy. Impact: Manipulation of HMI View causing 1-6 hour power outages for 230,000 consumers.	Target: Colonial Pipeline. Method: DarkSide ransomware. Impact: Compromised billing infrastructure halted the pipeline operation.

Sources:

• DOE, 2018
• CSIS, 2022
• MIT Technology Review, 2022

Info-Tech Insight

Most OT incidents start with attacks against IT networks and then move laterally into the OT environment. Therefore, converging IT and OT security will help protect the entire organization.

Use this template to explain the priorities you need your stakeholders to know about.

Secure organization modernization

Provide a brief value statement for the initiative.

The systems (OT, IT, IIoT) are evolving now – ensure your security plan has you covered.

Initiative Description:

• Description must include what organization will undertake to complete the initiative.
• Identify the drivers to align with your organization's business objectives.
• Build your case by leveraging a cost-benefit analysis and update your security strategy.
• Identify people, process, and technology gaps that hinder the modernization security strategy.
• Use the identified skill gaps to update risks, policies and procedures, IR, DR, and BCP.
• Evaluate and enable modernization technology top focus areas and refine security processes.
• Decide whether to train, hire, contract, or outsource to fill the security workforce gap.

Drivers:

List initiative drivers.

• Pressure of operational excellence
• Technology offerings
• Higher risks of cyberattacks

Risks:

List initiative risks and impacts.

• Complex systems with many components to implement and manage require diligent change management.
• Organizational and cultural changes cause friction between humans and machines.
• Increased attack surface of cyber and physical systems.

Benefits:

List initiative benefits and align to business benefits or benefits for the stakeholder groups that it impacts.

• Improve service reliability through continuous and real-time operation.
• Enhance efficiency through operations visibility and transparency.
• Gain cost savings and efficiency to automate operations of complex and large equipment and instrumentations.

Related Info-Tech Research:

• Industrial Control System (ICS) Modernization: Unlock the Value of Automation in Utilities
• Secure IT-OT Convergence
• Build an Information Security Strategy

Recommended Actions

1. Identify modernization business cases to secure

Identify the drivers to align with your organization's business objectives.

Build your case by leveraging a cost-benefit analysis, and update your security strategy.

2. Identify gaps

Identify people, process, and technology gaps that hinder the modernization
security strategy.

Use the identified skill gaps to update risks, policies and procedures, IR, DR, and BCP.

3. Decide whether to build or buy capabilities

Evaluate and enable modernization technology top focus areas and refine
security processes.

Decide whether to train, hire, contract, or outsource to fill the security workforce gap.

Sources:

Industrial Control System (ICS) Modernization: Unlock the Value of Automation in Utilities, Info-Tech

Secure IT-OT Convergence, Info-Tech

Develop a cost-benefit analysis

Identify a modernization business case for security.

An example of a cost-benefit analysis for ICS modernization

Sources:

Industrial Control System (ICS) Modernization: Unlock the Value of Automation in Utilities, Info-Tech

Lawrence Berkeley National Laboratory, 2021

IT-OT convergence demands new security approach and solutions

Identify gaps

Attack Vectors

IT

• User's compromised credentials
• User's access device, e.g. laptop, smartphone
• Access method, e.g. denial-of-service to modem, session hijacking, bad data injection

OT

• Site operations, e.g. SCADA server, engineering workstation, historian
• Controls, e.g. SCADA Client, HMI, PLCs, RTUs
• Process devices, e.g. sensors, actuators, field devices

Defense Strategies

• Limit exposure of system information
• Identify and secure remote access points
• Restrict tools and scripts
• Conduct regular security audits
• Implement a dynamic network environment

(Control System Defense: Know the Opponent, CISA)

An example of a high-level architecture of an electric utility's control system and its interaction with IT systems.

Source: ISA-99, 2007

RESPOND TO REGULATORY CHANGES

PRIORITY 03

• GOVERNMENT-ENACTED POLICY CHANGES AND INDUSTRY REGULATORY CHANGES COULD BE A COMPLIANCE BURDEN … OR PREVENT YOUR NEXT SECURITY INCIDENT.

Executive summary

Background

Government-enacted regulatory changes are occurring at an ever-increasing rate these days. As one example, on November 10, 2022, the EU Parliament introduced two EU cybersecurity laws: the Network and Information Security (NIS2) Directive (applicable to organizations located within the EU and organizations outside the EU that are essential within an EU country) and the Digital Operational Resilience Act (DORA). There are also industry regulatory changes such as PCI DSS v4.0 for the payment sector and the North American Electric Reliability Corporation Critical Infrastructure Protection (NERC CIP) for Bulk Electric Systems (BES).

Organizations should use regulatory changes as a means to improve security practices, instead of treating them as a compliance burden. As said by lead member of EU Parliament Bart Groothuis on NIS2, "This European directive is going to help around 160,000 entities tighten their grip on security […] It will also enable information sharing with the private sector and partners around the world. If we are being attacked on an industrial scale, we need to respond on an industrial scale."

Current situation

Stricter requirements and reporting: Regulations such as NIS2 include provisions for incident response, supply chain security, and encryption and vulnerability disclosure and set tighter cybersecurity obligations for risk management reporting obligations.

Broader sectors: For example, the original NIS directive covers 19 sectors such as Healthcare, Digital Infrastructure, Transport, and Energy. Meanwhile, the new NIS2 directive increases to 35 sectors by adding other sectors such as providers of public electronic communications networks or services, manufacturing of certain critical products (e.g. pharmaceuticals), food, and digital services.

High sanctions for violations: For example, Digital Services Act (DSA) includes fines of up to 6% of global turnover and a ban on operating in the EU single market in case of repeated serious breaches.

Approximately 100 cross-border data flow regulations exist in 2022.

Source: McKinsey, 2022

Stricter requirements for payments

Obligation changes to keep up with emerging threats and technologies

An example of new requirements for PCI DSS v4.0

Source: Prepare for PCI DSS v4.0, Info-Tech

Use this template to explain the priorities you need your stakeholders to know about.

Respond to regulatory changes

Provide a brief value statement for the initiative.

The compliance obligations are evolving – ensure your security plan has you covered.

Initiative Description:

Description must include what organization will undertake to complete the initiative.

• Identify relevant security and privacy compliance and conformance levels.
• Identify gaps for updated obligations, and map obligations into control framework.
• Review, update, and implement policies and strategy.
• Develop compliance exception process and forms.
• Develop test scripts.
• Track status and exceptions

Drivers:

List initiative drivers.

• Pressure of new regulations
• Governance, risk & compliance (GRC) tool offerings
• High administrative or criminal penalties of non-compliance

Risks:

List initiative risks and impacts.

• Complex structures and a great number of compliance requirements
• Restricted budget and lack of skilled workforce for organizations such as local municipalities and small or medium organizations compared to private counterparts
• Personal liability for some regulations for non-compliance

Benefits:

List initiative benefits and align to business benefits or benefits for the stakeholder groups that it impacts.

• Reduces compliance risk.
• Reduces complexity within the control environment by using a single framework to align multiple compliance regimes.
• Reduces costs and efforts related to managing IT audits through planning and preparation.

Related Info-Tech Research:

• Build a Security Compliance Program
• Prepare for PCI DSS v4.0
• Build an Information Security Strategy

Recommended Actions

1. Identify compliance obligations

Identify relevant security and privacy obligations and conformance levels.

Identify gaps for updated obligations, and map obligations into control framework.

2. Implement compliance strategy

Review, update, and implement policies and strategy.

Develop compliance exception process.

3. Track and report

Develop test scripts to check your remediations to ensure they are effective.

Track and report status and exceptions.

Sources: Build a Security Compliance Program and Prepare for PCI DSS v4.0, Info-Tech

Identify relevant security and privacy compliance obligations

Identify obligations

An example of security and privacy compliance obligations

How much does it cost to become compliant?

• It is important to understand the various frameworks and to adhere to the appropriate compliance obligations.
• Many factors influence the cost of compliance, such as the size of organization, the size of network, and current security readiness.
• To manage compliance obligations, it is important to use a platform that not only performs internal and external monitoring but also provides third-party vendors (if applicable) with visibility into potential threats in their organization.

Adopt Next-Generation Cybersecurity Technologies

PRIORITY 04

• GOVERNMENTS AND HACKERS ARE RECOGNIZING THE IMPORTANCE OF EMERGING TECHNOLOGIES, SUCH AS ZERO TRUST ARCHITECTURE AND AI-BASED CYBERSECURITY. SO SHOULD YOUR ORGANIZATION.

Executive summary

Background

The cat and mouse game between threat actors and defenders is continuing. The looming question "can defenders do better?" has been answered with rapid development of technology. This includes the automation of threat analysis (signature-based, specification-based, anomaly-based, flow-based, content-based, sandboxing) not only on IT but also on other relevant environments, e.g. IoT, IIoT, and OT based on AI/ML.

More fundamental approaches such as post-quantum cryptography and zero trust (ZT) are also emerging.
ZT is a principle, a model, and also an architecture focused on resource protection by always verifying transactions using the least privilege principle. Hopefully in 2023, ZT will be more practical and not just a vendor marketing buzzword.

Next-gen cybersecurity technologies alone are not a silver bullet. A combination of skilled talent, useful data, and best practices will give a competitive advantage. The key concepts are explainable, transparent, and trustworthy. Furthermore, regulation often faces challenges to keep up with next-gen cybersecurity technologies, especially with the implications and risks of adoption, which may not always be explicit.

Current situation

ZT: Performing an accurate assessment of readiness and benefits to adopt ZT can be difficult due to ZT's many components. Thus, an organization needs to develop a ZT roadmap that aligns with organizational goals and focuses on access to data, assets, applications, and services; don't select solutions or vendors too early.

Post-quantum cryptography: Current cryptographic applications, such as RSA for PKI, rely on factorization. However, algorithms such as Shor's show quantum speedup for factorization, which can break current crypto when sufficient quantum computing devices are available. Thus, threat actors can intercept current encrypted information and store it to decrypt in the future.

AI-based threat management: AI helps in analyzing and correlating data extremely fast compared to humans. Millions of telemetries, malware samples, raw events, and vulnerability data feed into the AI system, which humans cannot process manually. Furthermore, AI does not get tired in processing this big data, thus avoiding human error and negligence.

Data breach mitigation cost without AI: USD 6.20 million; and with AI: USD 3.15 million

Source: IBM, 2022

Traditional security is not working

Alert Fatigue

Too many false alarms and too many events to process. Evolving threat landscapes waste your analysts' valuable time on mundane tasks, such as evidence collection. Meanwhile, only limited time is spared for decisions and conclusions, which results in the fear of missing an incident and alert fatigue.

Lack of Insight

To report progress, clear metrics are needed. However, cybersecurity still lacks in this area as the system itself is complex and some systems work in silos. Furthermore, lessons learned are not yet distilled into insights for improving future accuracy.

Lack of Visibility

System integration is required to create consistent workflows across the organization and to ensure complete visibility of the threat landscape, risks, and assets. Also, the convergence of OT, IoT, and IT enhances this challenge.

Source: IBM Security Intelligence, 2020

A business case for AI-based cybersecurity

Threat management

Prevention

Risk scores are generated by machine learning based on variables such as behavioral patterns and geolocation. Zero trust architecture is combined with machine learning. Asset management leverages visibility using machine learning. Comply with regulations by improving discovery, classification, and protection of data using machine learning. Data security and data privacy services use machine learning for data discovery.

Detection

AI, advanced machine learning, and static approaches, such as code file analysis, combine to automatically detect and analyze threats and prevent threats from spreading, assisted by threat intelligence.

Response

AI helps in orchestrating security technologies for organizations to reduce the number of security agents installed, which may not talk to each other or, worse, may conflict with each other.

Recovery

AI continuously tunes based on lessons learned, such as creating security policies for improving future accuracy. AI also does not get fatigue, and it assists humans in a faster recovery.

AI has been around since the 1940s, but why is it only gaining traction now? Because supporting technologies are only now available, including faster GPUs for complex computations and cheaper storage for massive volumes of data.

Use this template to explain the priorities you need your stakeholders to know about.

Adopt next-gen cybersecurity technologies

Use this template to explain the priorities you need your stakeholders to know about.

Develop a practical roadmap that shows the business value of next-gen cybersecurity technologies investment.

Initiative Description:

Description must include what organization will undertake to complete the initiative.

• Identify the stakeholders who will be affected by the next-gen cybersecurity technologies implementation and define responsibilities based on skillsets and the degree of support.
• Adopt well-established data governance practices for cross-functional teams.
• Conduct a maturity assessment of key processes and highlight interdependencies.
• Develop a baseline and periodically review risks, policies and procedures, and business plan.
• Develop a roadmap and deploy next-gen cybersecurity architecture and controls step by step, working with trusted technology partners.
• Monitor metrics on effectiveness and efficiency.

Drivers:

List initiative drivers.

• Pressure of attacks by sophisticated threat actors
• Next-gen cybersecurity technologies tool offerings
• High cost of traditional security, e.g. longer breach lifecycle

Risks:

List initiative risks and impacts.

• Lack of transparency of the model or bias, leading to non-compliance with policies/regulations
• Risks related with data quality and inadequate data for model training
• Adversarial attacks, including, but not limited to, adversarial input and model extraction

Benefits:

List initiative benefits and align to business benefits or benefits for the stakeholder groups that it impacts.

• Reduces the number of alerts, thus reduces alert fatigue.
• Increases the identification of unknown threats.
• Leads to faster detection and response.
• Closes skills gap and increases productivity.

Related Info-Tech Research:

• Build a Zero Trust Roadmap
• AI Governance
• Leverage AI in Threat Management (keynote presentation available on request)

Recommended Actions

1. People

Identify the stakeholders who will be affected by the next-gen cybersecurity technologies implementation and define responsibilities based on skillsets and the degree of support.

Adopt well-established data governance practices for cross-functional teams.

2. Process

Conduct a maturity assessment of key processes and highlight interdependencies.

Develop a baseline and periodically review risks, policies and procedures, and business plan.

3. Technology

Develop a roadmap and deploy next-gen cybersecurity architecture and controls step by step, working with trusted technology partners.

Monitor metrics on effectiveness and efficiency.

Source: Leverage AI in Threat Management (keynote presentation), Info-Tech

Secure Services and Applications

PRIORITY 05

• APIS ARE STILL THE #1 THREAT TO APPLICATION SECURITY.

Executive summary

Background

Software is usually produced as part of a supply chain instead of in silos. A vulnerability in any part of the supply chain can become a threat surface. We have learned this from recent incidents such as Log4j, SolarWinds, and Kaseya where attackers compromised a Virtual System Administrator tool used by managed service providers to attack around 1,500 organizations.

DevSecOps is a culture and philosophy that unifies development, security, and operations to answer this challenge. DevSecOps shifts security left by automating, as much as possible, development and testing. DevSecOps provides many benefits such as rapid development of secure software and assurance that, prior to formal release and delivery, tests are reliably performed and passed.

DevSecOps practices can apply to IT, OT, IoT, and other technology environments, for example, by integrating a Secure Software Development Framework (SSDF).

Current situation

Secure Software Supply Chain: Logging is a fundamental feature of most software, and recently the use of software components, especially open source, are based on trust. From the Log4j incident we learned that more could be done to improve the supply chain by adopting ZT to identify related components and data flows between systems and to apply the least privilege principle.

DevSecOps: A software error wiped out wireless services for thousands of Rogers customers across Canada in 2021. Emergency services were also impacted, even though outgoing 911 calls were always accessible. Losing such services could have been avoided, if tests were reliably performed and passed prior to release.

OT insecure-by-design: In OT, insecurity-by-design is still a norm, which causes many vulnerabilities such as insecure protocols implementation, weak authentication schemes, or insecure firmware updates. Additional challenges are the lack of CVEs or CVE duplication, the lack of Software Bill of Materials (SBOM), and product supply chains issues such as vulnerable products that are certified because of the scoping limitation and emphasis on functional testing.

Technical causes of cybersecurity incidents in EU critical service providers in 2019-2021 shows: software bug (12%) and faulty software changes/update (9%).

Source: CIRAS Incident reporting, ENISA (N=1,239)

Software development keeps evolving

DOD Maturation of Software Development Best Practices

Best practices in software development are evolving as shown on the diagram to the left. For example, 30 years ago the lifecycle was "Years or Months," while in the present day it is "Weeks or Days."

These changes also impact security such as the software architecture, which is no longer "Monolithic" but "Microservices" normally built within the supply chain.

The software supply chain has known integrity attacks that can happen on each part of it. Starting from bad code submitted by a developer, to compromised source control platform (e.g. PHP git server compromised), to compromised build platform (e.g. malicious behavior injected on SolarWinds build), to a compromised package repository where users are deceived into using the bad package by the similarity between the malicious and the original package name.

Therefore, we must secure each part of the link to avoid attacks on the weakest link.

Software supply chain guidance

Secure each part of the link to avoid attacks on the weakest link.

Source: "Securing the Software Supply Chain" series, Enduring Security Framework (ESF), 2022

"Most software today relies on one or more third-party components, yet organizations often have little or no visibility into and understanding of how these software components are developed, integrated, and deployed, as well as the practices used to ensure the components' security."

Source: NIST – NCCoE, 2022

Use this template to explain the priorities you need your stakeholders to know about.

Secure services and applications

Provide a brief value statement for the initiative.

Adopt recommended practices for securing the software supply chain.

Initiative Description:

Description must include what organization will undertake to complete the initiative.

• Define and keep security requirements and risk assessments up to date.
• Require visibility into provenance of product, and require suppliers' self-attestation of security hygiene.
• Verify distribution infrastructure, product and individual components integrity, and SBOM.
• Use multi-layered defenses, e.g. ZT for integration and control configuration.
• Train users on how to detect and report anomalies and when to apply updates to a system.
• Ensure updates from authorized and authenticated sources and verify the integrity of the updated SBOM.

Drivers:

List initiative drivers.

• Cyberattacks exploit the vulnerabilities of weak software supply chain
• Increased need to enhance software supply chain security, e.g. under the White House Executive Order (EO) 14028
• OT insecure-by-design hinders OT modernization

Risks:

List initiative risks and impacts.

Only a few developers and suppliers explicitly address software security in detail.

Time pressure to deliver functionality over security.

Lack of security awareness and lack of trained workforce.

Benefits:

List initiative benefits and align to business benefits or benefits for the stakeholder groups that it impacts.

Customers (acquiring organizations) achieve secure acquisition, deployment, and operation of software.

Developers and suppliers provide software security with minimal vulnerabilities in its releases.

Automated processes such as automated testing avoid error-prone and labor-intensive manual test cases.

Related Info-Tech Research:

• Build a Zero Trust Roadmap
• Embed Security Into the DevOps Pipeline

Recommended Actions

1. Procurement and Acquisition

Define and keep security requirements and risk assessments up to date.

Perform analysis on current market and supplier solutions and acquire security evaluation.

Require visibility into provenance of product, and require suppliers' self-attestation of security hygiene

2. Deployment

Verify distribution infrastructure, product and individual components integrity, and SBOM.

Save and store the tests and test environment and review and verify the
self-attestation mechanism.

Use multi-layered defenses, e.g. ZT for integration and control configuration.

3. Software Operations

Train users on how to detect and report anomalies and when to apply updates to a system.

Ensure updates from authorized and authenticated sources and verify the integrity of the updated SBOM.

Apply supply chain risk management (SCRM) operations.

Source: "Securing the Software Supply Chain" series, Enduring Security Framework (ESF), 2022

Bibliography

Aksoy, Cevat Giray, Jose Maria Barrero, Nicholas Bloom, Steven J. Davis, Mathias Dolls, and Pablo Zarate. "Working from Home Around the World." Brookings Papers on Economic Activity, 2022.
Barrero, Jose Maria, Nicholas Bloom, and Steven J. Davis. "Why working from home will stick." WFH Research, National Bureau of Economic Research, Working Paper 28731, 2021.
Boehm, Jim, Dennis Dias, Charlie Lewis, Kathleen Li, and Daniel Wallance. "Cybersecurity trends: Looking over the horizon." McKinsey & Company, March 2022. Accessed
31 Oct. 2022.
"China: TC260 issues list of national standards supporting implementation of PIPL." OneTrust, 8 Nov. 2022. Accessed 17 Nov. 2022.
Chmielewski, Stéphane. "What is the potential of artificial intelligence to improve cybersecurity posture?" before.ai blog, 7 Aug. 2022. Accessed 15 Aug. 2022.
Conerly, Bill. "The Recession Will Begin Late 2023 Or Early 2024." Forbes, 1 Nov. 2022. Accessed 8 Nov. 2022.
"Control System Defense: Know the Opponent." CISA, 22 Sep. 2022. Accessed 17 Nov. 2022.
"Cost of a Data Breach Report 2022." IBM, 2022.
"Cybersecurity: Parliament adopts new law to strengthen EU-wide resilience." European Parliament News, 10 Nov. 2022. Press Release.
"Cyber Security in Critical National Infrastructure Organisations: 2022." Bridewell, 2022. Accessed 7 Nov. 2022.
Davis, Steven. "The Big Shift to Working from Home." NBER Macro Annual Session On
"The Future of Work," 1 April 2022.
"Digital Services Act: EU's landmark rules for online platforms enter into force."
EU Commission, 16 Nov. 2022. Accessed 16 Nov. 2022.
"DoD Enterprise DevSecOps Fundamentals." DoD CIO, 12 May 2022. Accessed 21 Nov. 2022.
Elkin, Elizabeth, and Deena Shanker. "That Cream Cheese Shortage You Heard About? Cyberattacks Played a Part." Bloomberg, 09 Dec. 2021. Accessed 27 Oct. 2022.
Evan, Pete. "What happened at Rogers? Day-long outage is over, but questions remain." CBC News, 21 April 2022. Accessed 15 Nov. 2022.
"Fewer Ransomware Victims Pay, as Median Ransom Falls in Q2 2022." Coveware,
28 July 2022. Accessed 18 Nov. 2022.
"Fighting cybercrime: new EU cybersecurity laws explained." EU Commission, 10 Nov. 2022. Accessed 16 Nov. 2022.
"Guide to PCI compliance cost." Vanta. Accessed 18 Nov. 2022.
Hammond, Susannah, and Mike Cowan. "Cost of Compliance 2022: Competing priorities." Thomson Reuters, 2022. Accessed 18 Nov. 2022.
Hemsley, Kevin, and Ronald Fisher. "History of Industrial Control System Cyber Incidents." Department of Energy (DOE), 2018. Accessed 29 Aug. 2022.
Hofmann, Sarah. "What Is The NIS2 And How Will It Impact Your Organisation?" CyberPilot,
5 Aug. 2022. Accessed 16 Nov. 2022.
"Incident reporting." CIRAS Incident Reporting, ENISA. Accessed 21 Nov. 2022.
"Introducing SLSA, an End-to-End Framework for Supply Chain Integrity." Google,
16 June 2021. Accessed 25 Nov. 2022.
Kovacs, Eduard. "Trains Vulnerable to Hacker Attacks: Researchers." SecurityWeek, 29 Dec. 2015. Accessed 15 Nov. 2022.
"Labour Force Survey, October 2022." Statistics Canada, 4 Nov. 2022. Accessed 7 Nov. 2022.
Malacco, Victor. "Promises and potential of automated milking systems." Michigan State University Extension, 28 Feb. 2022. Accessed 15 Nov. 2022.
Maxim, Merritt, et al. "Planning Guide 2023: Security & Risk." Forrester, 23 Aug. 2022. Accessed 31 Oct. 2022.
"National Cyber Threat Assessment 2023-2024." Canadian Centre for Cyber Security, 2022. Accessed 18 Nov. 2022.
Nicaise, Vincent. "EU NIS2 Directive: what's changing?" Stormshield, 20 Oct. 2022. Accessed
17 Nov. 2022.
O'Neill, Patrick. "Russia hacked an American satellite company one hour before the Ukraine invasion." MIT Technology Review, 10 May 2022. Accessed 26 Aug. 2022.
"OT ICEFALL: The legacy of 'insecure by design' and its implications for certifications and risk management." Forescout, 2022. Accessed 21 Nov. 2022.
Palmer, Danny. "Your cybersecurity staff are burned out - and many have thought about quitting." ZDNet, 8 Aug. 2022. Accessed 19 Aug. 2022.
Placek, Martin. "Industrial Internet of Things (IIoT) market size worldwide from 2020 to 2028 (in billion U.S. dollars)." Statista, 14 March 2022. Accessed 15 Nov. 2022.
"Revised Proposal Attachment 5.13.N.1 ADMS Business Case PUBLIC." Ausgrid, Jan. 2019. Accessed 15 Nov. 2022.
Richter, Felix. "Cloudy With a Chance of Recession." Statista, 6 April 2022. Web.
"Securing the Software Supply Chain: Recommended Practices Guide for Developers." Enduring Security Framework (ESF), Aug. 2022. Accessed 22 Sep. 2022.
"Securing the Software Supply Chain: Recommended Practices Guide for Suppliers." Enduring Security Framework (ESF), Sep. 2022. Accessed 21 Nov. 2022.
"Securing the Software Supply Chain: Recommended Practices Guide for Customers." Enduring Security Framework (ESF), Oct. 2022. Accessed 21 Nov. 2022.
"Security Guidelines for the Electricity Sector: Control System Electronic Connectivity."
North American Electric Reliability Corporation (NERC), 28 Oct. 2013. Accessed 25 Nov. 2022.
Shepel, Jan. "Schreiber Foods hit with cyberattack; plants closed." Wisconsin State Farmer,
26 Oct. 2022. Accessed 15 Nov. 2022.
"Significant Cyber Incidents." Center for Strategic and International Studies (CSIS). Accessed
1 Sep. 2022.
Souppaya, Murugiah, Michael Ogata, Paul Watrobski, and Karen Scarfone. "Software Supply Chain and DevOps Security Practices: Implementing a Risk-Based Approach to DevSecOps." NIST - National Cybersecurity Center of Excellence (NCCoE), Nov. 2022. Accessed
22 Nov. 2022.
"Ten Things Will Change Cybersecurity in 2023." SOCRadar, 23 Sep. 2022. Accessed
31 Oct. 2022.
"The Nature of Cybersecurity Defense: Pentagon To Reveal Updated Zero-Trust Cybersecurity Strategy & Guidelines." Cybersecurity Insiders. Accessed 21 Nov. 2022.
What Is Threat Management? Common Challenges and Best Practices." IBM Security Intelligence, 2020.
Woolf, Tim, et al. "Benefit-Cost Analysis for Utility-Facing Grid Modernization Investments: Trends, Challenges, and Considerations." Lawrence Berkeley National Laboratory, Feb. 2021. Accessed 15 Nov. 2022.
Violino, Bob. "5 key considerations for your 2023 cybersecurity budget planning." CSO Online,
14 July 2022. Accessed 27 Oct. 2022

Research Contributors and Experts

Andrew Reese
Cybersecurity Practice Lead
Zones

Ashok Rutthan
Chief Information Security Officer (CISO)
Massmart

Chris Weedall
Chief Information Security Officer (CISO)
Cheshire East Council

Jeff Kramer
EVP Digital Transformation and Cybersecurity
Aprio

Kris Arthur
Chief Information Security Officer (CISO)
SEKO Logistics

Mike Toland
Chief Information Security Officer (CISO)
Mutual Benefit Group

Initiate Digital Accessibility For IT

Make accessibility accessible.

EXECUTIVE BRIEF

Analyst Perspective

Accessibility is a practice, not a project.

Accessibility is an organizational directive; however, IT plays a fundamental role in its success. As business partners require support and expertise to assist with their accessibility requirements IT needs to be ready to respond. Even if your organization hasn't fully committed to an accessibility standard, you can proactively get ready by planting the seeds to change the culture. By building understanding and awareness of the significant impact technology has on accessibility, you can start to change behaviors.

Implementing an accessibility program requires many considerations: legal requirements; international guidelines, such as Web Content Accessibility Guidelines (WCAG); training for staff; ongoing improvement; and collaborating with accessibility experts and people with disabilities. It can be overwhelming to know where to start. The tendency is to start with compliance, which is a fantastic first step. For a sustained program use, change management practices are needed to change behaviors and build inclusion for people with disabilities.

15% of the world's population identify as having some form of a disability (not including others that are impacted, e.g. caretakers, family). Why would anyone want to alienate over 1.1 billion people?

Heather Leier-Murray
Senior Research Analyst, People & Leadership
Info-Tech Research Group

Disability is part of being human

Merriam-Webster defines disability as a "physical, mental, cognitive, or developmental condition that impairs, interferes with, or limits a person's ability to engage in certain tasks or actions or participate in typical daily activities and interactions."(1)

The World Health Organization points out that a crucial part of the definition of disability is that it's not just a health problem, but the environment impacts the experience and extent of disability. Inaccessibility creates barriers for full participation in society.(2)

The likelihood of you experiencing a disability at some point in your life is very high, whether a physical or mental disability, seen or unseen, temporary or permanent, severe or mild.(2)

Many people acquire disabilities as they age yet may not identify as "a person with a disability."3 Where life expectancies are over 70 years of age, 11.5% of life is spent living with a disability. (4)

"Extreme personalization is becoming the primary difference in business success, and everyone wants to be a stakeholder in a company that provides processes, products, and services to employees and customers with equitable, person-centered experiences and allows for full participation where no one is left out."
– Paudie Healy, CEO, Universal Access

(1.) Merriam-Webster
(2.) World Health Organization, 2022
(3.) Digital Leaders, as cited in WAI, 2018
(4.) Disabled World, as cited in WAI, 2018

Executive Summary

Your Challenge

You know the push for accessibility is coming in your organization. You might even have a program started or approval to build one. But you're not sure if you and your team are ready to support and enable the organization on its accessibility journey.

Common Obstacles

Understanding where to start, where accessibility lives, and if or when you're done can be overwhelmingly difficult. Accessibility is an organizational initiative that IT enables; being able to support the organization requires a level of understanding of common obstacles.

• Determining IT requirements (legal and business needs) is overwhelming.
• Prioritizing people in the process is often overlooked.
• Mandating changes instead of motivating change isn't sustainable.

Info-Tech's Approach

Prepare your people for accessibility and inclusion, even if your organization doesn't have a formal standard yet. Take your accessibility from mandate to movement, i.e. from Phase 1 - focused on compliance to Phase 2 - driven by experience for sustained change.

• Use this blueprint to build your accessibility plan while prioritizing the necessary culture change.
• Use change management and communication practices to elicit the behavior shift needed to sustain accessibility.

Info-Tech Insight

Accessibility is a practice, not a project. Therefore, accessibility is an organizational initiative; however, IT support is critical. Use change management theory to guide the new behaviors, processes, and thinking to adopt accessibility beyond compliance. Determining where to start is challenging because the tendency is to start with tech or compliance; however, starting with the people is key. It must be a change in organizational culture.

Your challenge

This research is designed to help IT leaders who are looking to:

• Determine accessibility requirements of IT based on the business' needs and priorities, and the existing standards and regulations.
• Prepare the IT leaders to implement and sustain accessibility and prepare for the behavior shift that is necessary.
• Build the plan for IT as it pertains to accessibility, including a list of business needs and priorities, and prioritization of accessibility initiatives that IT is responsible for.
• Ensure that accessibility is sustained in the IT department by following phase 2 of this blueprint on using change management and communication to impact behavior and change the culture.

90% of companies claim to prioritize diversity.
Source: Harvard Business Review, 2020

Over 30% of those that claim to prioritize diversity are focused on compliance.
Source: Harvard Business Review, 2022

Accessibility is an organizational initiative

Is IT ready and capable to enable it?

• With increasing rates of lawsuits related to digital accessibility, more organizations are prioritizing initiatives to support increased accessibility. About 68% of Applause's survey respondents indicated that digital accessibility is a higher priority for their organization than it was last year.
• This increase in priority will trickle into IT's tasks – get ahead and start working toward accessibility proactively so you're ready when business requests start coming in.

A survey of nearly 1,800 respondents conducted by Applause found that:

• 79% of respondents rated digital accessibility either a top priority or important for their organizations.
• 42% of respondents indicated they have limited or no in-house expertise or resources to test accessibility.
  Source: Business Wire, May 2022

How organizations prioritize digital accessibility

• 43% rated accessibility as a top priority.
• 36% rated accessibility as important.
• Fewer than 5% rated accessibility as either low priority or not even on the radar.
• More than 65% agreed or strongly agreed that accessibility is a higher priority than last year.

Source: Angel Business Communications, 2022

Why organizations address accessibility

Top three reasons:

1. 61% To comply with laws
2. 62% To provide the best user experience
3. 78% To include people with disabilities
   Source: Level Access, 2022

Still, most businesses aren't meeting compliance standards. Even though legislation has been in place for over 30 years, a 2022 study by WebAIM of 1,000,000 homepages returned a 96.8% WCAG 2.0 failure rate.

Source: Institute for Disability Research, Policy, and Practice, 2022

Info-Tech's approach to Initiate Digital Accessibility

The Info-Tech difference:

1. Phase 1 of this blueprint gets you started and helps you build a plan to get you to the initial compliance driven maturity level. It's focused more on standards and regulations than on the user and employee experience.
2. Phase 2 takes you further in maturity and helps you become experience driven in your efforts. It focuses on building your accessibility maturity into the developing, defined, and managed levels, as well as balancing mandate and movement of the accessibility maturity continuum.

Determining conformance seems overwhelming

Unfortunately, it's the easier part.

• Focus on local regulations and what corporate leaders are setting as accessibility standards for the organization. This will narrow down the scope of what compliance looks like for your team.
• Look to best practices like WCAG guidelines to ensure digital assets are accessible and usable for all users. WCAG's international guideline outlines principles that can also aid in scoping.
• In phase 1 of this blueprint, use the Accessibility Compliance Tracking Toolto prioritize criteria and legislation for which IT is responsible.
• Engage with business partners and other areas of the organization to figure out what is needed from IT. Accessibility is an organizational initiative; it shouldn't be on IT to figure it all out. Determine what your team is specifically responsible for before tackling it all.

Motivating behavior change

This is the hard part.

Changing behaviors and mindsets is necessary to be experience driven and sustain accessibility.

• Compliance is the minimum when it comes to accessibility, much like employment or labor regulations.
• Making accessibility an organizational imperative is an iterative process. Managing the change is hard. People, culture, and behavior change matures accessibility from compliance driven to experience driven, increasing the benefits of accessibility.
• Focus accessibility initiatives on improving the experience of everyone and improving engagement (customer and employee).
• Being people focused and experience driven enables the organization to provide the best user experience and realize the benefits of accessibility.

"Compliance is the minimum. And when we look at web tech, people are still arguing about their positioning on the standards that need to be enforced in order to comply, forgetting that it isn't enough to comply."
-- Jordyn Zimmerman, M.Ed., Director of Professional Development, The Nora Project, and Appointee, President's Committee for People with Intellectual Disabilities.

To see more on the Info-Tech Accessibility Maturity Framework:

The Accessibility Business Case for IT

Think of accessibility like you think of IT security

Use IT security concepts to build your accessibility program.

• Risk management: identify and prioritize accessibility risks and implement controls to mitigate those risks.
• Compliance: use an IT security-style compliance approach to ensure that the accessibility program is compliant with the many accessibility regulations and standards.
• Defense in depth: implement multiple layers of accessibility controls to address different types of accessibility risks and issues.
• Response and recovery: quickly and effectively respond to accessibility issues, minimizing the potential impact on the organization and its users.
• End-user education: educate end users about accessibility best practices, such as how to use assistive technologies and how to report accessibility issues.
• Monitor and audit: use monitoring and auditing tools to ensure that accessibility remains over time and to identify and address issues that arise.
• Collaboration: ensure the accessibility program is effective and addresses the needs of all users by collaborating with accessibility experts and people with disabilities.

"As an organization matures, the impact of accessibility shifts. A good company will think of security at the very beginning. The same needs to be applied to accessibility thinking. At the peak of accessibility maturity an organization will have people with disabilities involved at the outset."
-- Cam Beaudoin, Owner, Accelerated Accessibility

Info-Tech's methodology for Initiate Digital Accessibility for IT

Insight summary

Overarching insight

Accessibility is a practice, not a project. Therefore, accessibility is an organizational initiative; however, IT support is critical. Use change management theory to guide the new behaviors, processes, and thinking to adopt accessibility beyond compliance. Determining where to start is challenging. The tendency is to start with tech or compliance; however, starting with the people is key. It must be a change in organizational culture.

Insight 1

Compliance is the minimum; people and behavior changes are the hardest part and have the largest impact on accessibility. Preparing for and building awareness of the reasons for accessibility makes the necessary behavior changes easier. Communicate, communicate, and communicate some more.

Insight 2

Think about accessibility like you think about IT security. Use IT security concepts that you and your team are already familiar with to initiate the accessibility program.

Insight 3

People are learning a new way to behave and think; this can be an unsettling period. Patience, education, communication, support, and time are keys for success of the implementation of accessibility. There is a transition period needed; people will gradually change their practices and attitudes. Celebrate small successes as they arise.

Insight 4

Accessibility isn't a project as there is no end. Effective planning and continuous reinforcement of "the new way of doing things" is necessary to enable accessibility as the new status quo.

Blueprint deliverables

Each step of this blueprint is accompanied by supporting deliverables to help you accomplish your goals.

IT Manager Meeting Template
Use this meeting slide deck to work with IT managers to build out the accessibility remediation plan and commitment statement.

Departmental Meeting Template
Use this meeting slide deck to introduce the concept of accessibility and communicate IT goals and objectives.

Accessibility Quick Cards
Using the Info-Tech IT Management and Governance Framework to identify key activities to help improve and maintain the accessibility of your organization and your core IT processes.

Key deliverable:

Accessibility Compliance Tracking Tool
This tool will assist you in identifying remediation priorities applicable to your organization.

Blueprint benefits

Measure the value of this blueprint

Improve IT effectiveness and employee buy-in to change.

Measuring the effectiveness of your program helps contribute to a culture of continuous improvement. Having consistent measures in place helps to inform decisions and enables your plan to be iterative to take advantage of emerging opportunities.

Monitor employee engagement, overall stakeholder satisfaction with IT, and the overall end-customer satisfaction.

Remember, accessibility is not a project – just because measures are positive does not mean your work is done.

In phase 1 of this blueprint, we will help you establish metrics for your organization.
In phase 2, we will help you develop a sustainment for achieving those metrics.

Info-Tech's IT Metrics Library

Executive brief case study

INDUSTRY: Technology

SOURCE: Microsoft.com
https://blogs.microsoft.com/accessibility/accessib...

Microsoft

Microsoft's accessibility journey starts with the goal of building a culture of accessibility and disability inclusion. They recognize that the starting point for the magnitude of organizational change is People.

"Accessibility in Action Badge"

Every employee at Microsoft is trained on accessibility to build understanding of why and how to be inclusive using accessibility. The program entails 90 minutes of virtual content.

Microsoft treats accessibility and inclusion like a business, managing and measuring it to ensure sustained growth and success. They have worked over the years to bust systemic bias company-wide and to build a program with accessibility criteria that works for their business.

Results

The program Microsoft has built allows them to shift the accessibility lens earlier in their processes and listen to its users' needs. This allows them to continuously mature their accessibility program, which means continuously improving its users' experience.

Info-Tech offers various levels of support to best suit your needs

DIY Toolkit

“Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful.”

Guided Implementation

“Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track.”

Workshop

“We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place.”

Consulting

“Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project.”

Diagnostics and consistent frameworks used throughout all four options

Guided implementation

What does a typical guided implementation (GI) on this topic look like?

A GI is a series of calls with an Info-Tech analyst to help implement our best practices in your organization.

A typical GI is eight to ten calls over the course of four to six months.

Workshop overview

Contact your account representative for more information.
workshops@infotech.com 1-888-670-8889

Phase 1

Planning IT's Accessibility Requirements.

Initiate Digital Accessibility For IT

This phase will walk you through the following activities:

• Analyzing stakeholders to determine accessibility needs of business for IT.
• Determining accessibility compliance requirements of IT.
• Build a manager communication deck.
• Assess current accessibility compliance and mitigation.
• Prioritize and assign timelines.
• Build a sunrise diagram to visualize your accessibility roadmap.
• Write an IT accessibility commitment statement.

This phase involves the following participants:

• CIO
• IT leadership team
• Business partners in other areas of the organization (e.g., HR, finance, communications)

Step 1.1

Determine the accessibility requirements of IT.

Activities

1.1.1 Determine what the business needs from IT
1.1.2 Complete the Accessibility Maturity Assessment (optional)
1.1.3 Determine IT compliance requirements
1.1.4 Define target state
1.1.5 Create a list of goals and objectives
1.1.6 Finalize key metrics
1.1.7 Prepare a meeting for IT managers

Prepare to support the organization with accessibility

This step involves the following participants:

• CIO
• IT senior leaders
• IT managers
• Business partners in other areas of the organization (e.g., HR, finance, communications)

Outcomes of this step

• Stakeholder analysis with business needs listed
• Defined target future state
• List of goals and objectives
• Key metrics
• Communication deck for IT management rollout meeting

While defining future state, consider your drivers

The Info-Tech Accessibility Maturity Framework identifies three key strategic drivers: compliance, experience, and incorporation.

• Over 30% of organizations are focused on compliance, according to a 2022 survey by Harvard Business Review and Slack's Future Forum. The survey asked more than 10,000 workers in six countries about their organizations' approach to diversity, equity, and inclusion (DEI).(2)
• Even though 90% of companies claim to prioritize diversity, over 30% are focused on compliance.(1)

1. Harvard Business Review, 2020
2. Harvard Business Review, 2022

Info-Tech accessibility maturity framework

Info-Tech Insight

IT typically works through maturity frameworks from the bottom to the top, progressing at each level until they reach the end. When it comes to IT accessibility initiatives, being especially thorough, thoughtful, and collaborative is critical to success. This will mean spending more time in the Developing, Defined, and Managed levels of maturity rather than trying to reach Optimized as quickly as you can. This may feel contrary to what IT historically considers as a successful implementation.

After initially ensuring your organization is compliant with regulations and standards, you will progress to building disciplined process and consistent standardized processes. Eventually you will build the ability for predictable process, and lastly, you'll optimize by continuously improving.

Depending on the level of maturity you are trying to achieve, it could take months or even years to implement. The important thing to understand, however, is that accessibility work is never done.

At all levels of the maturity framework, you must consider the interconnected aspects of people, process, and technology. However, as the organization progresses, the impact will shift from largely being focused on process and technology improvement to being focused on people.

Align the benefits of program drivers to organizational goals or outcomes

Although there will be various motivating factors, aligning the drivers of your accessibility program provides direction to the program. Connecting the advantages of program drivers to organizational goals builds the confidence of senior leaders and decision makers, increasing the continued commitment to invest in accessibility programming.

Accessibility maturity levels

Cheat sheet: Identify stakeholders

Ask stakeholders, "Who else should I be talking to?" to discover additional stakeholders and ensure you don't miss anyone.

Categorize your stakeholders with a stakeholder prioritization map

A stakeholder prioritization map help teams categorize their stakeholders by their level of influence and ownership.

There are four areas in the map, and the stakeholders within each area should be treated differently.

Players – Players have a high interest in the initiative and high influence to affect change over the initiative. Their support is critical, and a lack of support can cause significant impediment to the objectives. Mediators – Mediators have a low interest but significant influence over the initiative. They can help to provide balance and objective opinions to issues that arise. Noisemakers – Noisemakers have low influence but high interest. They tend to be very vocal and engaged, either positively or negatively, but have little ability to enact their wishes. Spectators – Generally, spectators are apathetic and have little influence over or interest in the initiative.

Strategize to engage stakeholders by type

Each group of stakeholders draws attention and resources away from critical tasks.

By properly identifying your stakeholder groups, you can develop corresponding actions to manage stakeholders in each group. This can dramatically reduce wasted effort trying to satisfy spectators and noisemakers while ensuring the needs of the mediators and players are met.

1.1.1 Determine what the business needs from IT (stakeholder analysis)

1.5 hours

1. Consider all the potential individuals or groups of individuals who will be impacted or influence the accessibility needs of IT.
2. List each of the stakeholders you identify. If in person, use sticky notes to define the target audiences. The individuals or group of individuals that potentially have needs from IT related to accessibility before, during, or after the initiative.
3. As you list each stakeholder, consider how they perceive IT. This perception could impact how you choose to interact with them.
4. For each stakeholder identified as potentially having a business need requirement for IT related to accessibility, conduct an analysis to understand their degree of influence or impact.
5. Based on the stakeholder, the influence or impact of the business need can inform the interaction and prioritization of IT requirements.
6. Update slide 9 of the IT Manager Meeting Template.

Input

• The change
• Why the change is needed
• Key stakeholder map from activity 2.1.1 of The Accessibility Business Case for IT (optional)

Output

• The degree of influence or impact each stakeholder has on accessibility needs from IT

Materials

• Stakeholder Management Analysis Tool (optional)

Participants

• CIO/ head of IT/ initiative lead
• Business partners

Proactively consider how accessibility could be received

Think about the positive and negative reactions you could face about implementing accessibility.

It's likely individuals will have an emotional reaction to change and may have different emotions at different times during the change process.
Plan for how to leverage support and deal with resistance to change by assessing people's emotional responses:

• What are possible questions, objections, suggestions, and concerns that might arise.
• How will you respond to the possible questions and concerns.
• Include proactive messaging in your communications that address possible objections.
• Express an understanding for others point of views by re-positioning objections and suggestions as questions.

Determine your level of maturity

Use Info-Tech's Accessibility Maturity Assessment.

On the accessibility questionnaire, tab 2, choose the amount you agree or disagree with each statement. Answer the questions based on your knowledge of your current state organizationally.

Once you've answered all the questions, see the results on the tab 3, Accessibility Results. You can see your overall maturity level and the maturity level for each of six dimensions that are necessary to increase the success of an accessibility program.

Click through to tab 4, Recommendations, to see specific recommendations based on your results and proven research to progress through the maturity levels. Keep in mind that not all organizations will or should aspire to the "Optimize" maturity level.

Download the Accessibility Maturity Assessment

1.1.2 Complete the Accessibility Maturity Assessment (optional)

1. Download the Accessibility Maturity Assessment and save it with the date so that as you work on your accessibility program, you can reassess later and track your progress.
2. Once you have saved the assessment, select the appropriate answer for each statement on tab 2, Accessibility Questions, based on your knowledge of the organization's approach.
3. After reviewing all the accessibility statements, see your maturity level results on tab 3, Accessibility Results. Then see tab 4, Recommendations, for suggestions based on your answers.
4. Document your accessibility maturity results on slides 12 and 13 of the IT Manager Meeting Template and slide 17 of the Departmental Meeting Template.
5. Use the maturity assessment results in activity 1.1.3.

Input

• Assess your current state of accessibility by choosing all the statements that apply to your organization

Output

• Identified accessibility maturity level

Materials

• Accessibility Maturity Assessment
• Accessibility Business Case Template

Participants

• Project leader/sponsor
• IT leadership team

1.1.3 Determine IT compliance responsibilities

1-3 hours

Before you start this activity, you may need to discuss with your organization's legal counsel to determine the legislation that applies to your organization.

1. Determine which controls apply to your organization based on your knowledge of the organization goals, stakeholders, and accessibility maturity target. If you haven't determined your current and future state maturity model, use the Info-Tech resource from the Accessibility Business Case for IT(see previous two slides).
2. Using the drop down in column J – Applies to My Org., select "Yes" or "No" for each control on each of the data entry tabs of the Accessibility Compliance Tracking Tool.
3. For each control you have selected "Yes" for in column J, identify the control owner in column I.
4. Update slide 10 in the IT Manager Meeting Template and slide 13 in the IT Departmental Meeting Template.

Input

• Local, regional, and/or global legislation and guidelines applicable to your organization
• Organizational accessibility standard
• Business needs list
• Completed Accessibility Maturity Assessment (optional)

Output

• List of legislation and standards requirements that are narrowed based on organization need

Materials

• Accessibility Maturity Assessment
• Accessibility Business Case Template

Participants

• CIO/ head of IT/ CAO/ initiative leader
• Legal counsel

Download the Accessibility Compliance Tracking Tool

1.1.4 Conduct future-state analysis*

Identify your target state of maturity.

1. Provide the group with the accessibility maturity levels to review as well as the slides on the framework and drivers (slides 27-29).
2. Ask the group to brainstorm pain points created by inaccessibility (e.g. challenges related to stakeholders, process issues).
3. Next, discuss opportunities to be gained from improving these practices.
4. Then, have everyone look at the accessibility maturity levels and, based on the descriptions, determine as a group the current maturity level of accessibility in your organization .
5. Next, review the benefits listed on the accessibility maturity levels slide to those that you named in step 3 and determine which maturity level best describes your target state. Discuss as a group and agree on one desired maturity level to reach.
6. Document your current and target states on slide 14 of the IT Manager Meeting Template.

*Note: If you've completed the Accessibility Business Case for IT blueprint you may already have this information compiled. Refer to activities 2.1.2 and 2.1.3.

Input

• Accessibility maturity levels chart, framework, and drivers slides
• Maturity level assessment results (optional)

Output

• Target maturity level documented

Materials

• Paper and pens
• Handouts of maturity levels

Participants

• CIO
• IT senior leaders

What does a good goal look like?

SMART is a common framework for setting effective goals. Make sure your goals satisfy these criteria to ensure you can achieve real results.

Use the SMART framework to build effective goals.

1.1.5 Create a list of goals and objectives*

Use the outcomes from activity 1.2.1.

1. Using the information from activity 1.2.1, develop goals.
2. Remember to use the SMART goal framework to build out each goal (see the previous slide for more information on SMART goals).
3. Ensure each goal supports departmental and organizational goals to ensure it is meaningful.
4. Document your goals and objectives on slides 6 and 9 in your IT Manager Meeting Template.

*Note: If you've completed the Accessibility Business Case for IT blueprint you may already have this information compiled. Refer to activity 2.2.1.

Input

• Outcomes of activity 1.2.1
• Organizational and departmental goals

Output

• Accessibility goals and objectives identified

Materials

• n/a

Participants

• CIO/ head of IT/ initiative lead
• IT senior leaders

Establish baseline metrics

Baseline metrics will be improved through:

1. Progressing through the accessibility maturity model.
2. Addressing accessibility earlier in processes with input from people with disabilities.
3. Motivating behavior changes and culture that supports accessibility and disability inclusion.
4. Ensuring compliance with regulations and standards.
5. Focusing on experience and building a disability inclusive culture.

1.1.6 Finalize key metrics*

Finalize key metrics the organization will use to measure accessibility success.

1. Brainstorm how you will measure the success of each goal you identified in the previous activity, based on the benefits, challenges, and risks you previously identified.
2. Write each of the metric ideas down and finalize three to five key metrics which you will track. The metrics you choose should relate to the key challenges or risks you have identified and match your desired maturity level and driver.
3. Document your key metrics on slide 15 of your IT Manager Meeting Templateand slide 23 of the Departmental Meeting Template.

Input

• Accessibility challenges and benefits
• Goals from activity 1.2.2

Output

• Three to five key metrics to track

Materials

• n/a

Participants

• IT leadership team
• Project lead/sponsor

*Note: If you've completed the Accessibility Business Case for IT blueprint you may already have this information compiled. Refer to activity 2.2.2.

Use Info-Tech's template to communicate with IT managers

Cascade messages down to IT managers next. This ensures they will have time to internalize the change before communicating it to others.

Communicate with and build the accessibility plan with IT managers by customizing Info-Tech's IT Manager Meeting Template, which is designed to effectively convey your key messages. Tailor the template to suit your needs.

It includes:

• Project scope and objectives
• Current state analysis
• Compliance planning
• Commitment statement drafting

Download the IT Manager Meeting Template

Info-Tech Insight

Preparing for and building awareness of the reasons for accessibility make the necessary behavior changes easier.

1.1.7 Prepare a meeting for IT managers

Now that you understand your current and desired accessibility maturity, the next step is to communicate with IT managers and begin planning your initiatives.

Know your audience:

1. Consider who will be included in your presentation audience.
2. You want your presentation to be succinct and hard-hitting. Managers are under huge demands and time is tight, they will lose interest if you drag out the delivery.
3. Contain the presentation and planning activities to no more than an afternoon. You want to ensure adequate time for questions and answers, as well as the planning activities necessary to inform the roll out to the larger IT department later.
4. Schedule a meeting with the IT managers.

Download the IT Manager Meeting Template

Input

• Activity results

Output

• A completed presentation to communicate your accessibility initiatives to IT managers

Materials

• IT Manager Meeting Template

Participants

• CIO/ head of IT/ initiative lead
• IT senior leaders
• IT managers

Step 1.2

Build the IT accessibility action plan.

Activities

1.2.1 Assess current accessibility compliance and mitigation

1.2.2 Decide on your priorities

1.2.3 Add priorities to the roadmap

1.2.4 Write an IT accessibility commitment statement

Planning IT's accessibility requirements

This step involves the following participants:

• CIO/ head of IT/ initiative lead
• IT senior leaders
• IT managers

Outcomes of this step

• Priority controls and mitigation list with identified control owners.
• IT accessibility commitment statement.
• Draft visualization of roadmap/sunrise diagram.

Involve managers in assessing current compliance

To know what work needs to happen you need to know what's already happening.

Use the spreadsheet from activity 1.1.3 where you identified which controls apply to your organization.

Have managers work in groups to identify which controls (of the applicable ones) are currently being met and which ones have an existing mitigation plan.

Info-Tech Insight

Based on EN 301 549 V3.2.1 (2021-03) as a basis for digital accessibility conformance. This tool is designed to assist you in building a priorities list of requirements that are applicable to your organization. EN 301 549 is currently the most robust accessibility regulation and encompasses other regulations within it. Although EN 301 549 is the European Standard, other countries are leaning on it as the standard they aspire to as well.

1.2.1 Assess current accessibility compliance and mitigation

1-3 hours

1. Share the Accessibility Compliance Tracking Tool with the IT leaders and managers during the meeting with IT management that you scheduled in activity 1.1.7.
2. Break into smaller groups (or if too small, continue as a single group):
   1. Divide up the controls between the small groups to work on assessing current compliance and mitigation plans.
   2. For each control that is identified as applying to your organization, identify if there currently is compliance by selecting "yes" from the drop-down. For controls where the organization is not compliant, select "no" and identify if there is a mitigation plan in place by selecting "yes" or "no" in column L.
   3. Use the comments column to add any pertinent information regarding the control.

Input

• List of IT compliance requirements applicable to the org. from activities 1.1.2 and 1.1.3

Output

• List of IT compliance requirements that have current compliance or mitigation plans

Materials

• Accessibility Compliance Tracking Tool

Participants

• CIO
• IT senior leaders
• IT managers

Download the Accessibility Compliance Tracking Tool

Involve managers in building accountability into the accessibility plan

Building accountability into your compliance tracking will help ensure accessibility is prioritized.

Use the spreadsheet from activity 1.3.1.

Have managers work in the same groups to prioritize controls by assigning a quarterly timeline for compliance.

1.2.2 Decide on your priorities

1-3 hours

1. In the same groups used in activity 1.2.1, prioritize the list of controls that have no compliance and no mitigation plan.
2. As you work through the spreadsheet again, assign a timeline using the drop-down menu in column M for each control that applies to the organization and has no current compliance. Consider the following in your prioritization:
   1. Does the control impact customers or is it public-facing?
   2. What are the business needs related to accessibility?
   3. Does the team currently have the skills and knowledge needed to address the control?
   4. What future state accessibility maturity are you targeting?
3. Be prepared to review with the larger group.

Input

• List from activity 1.2.1
• Business needs from activity 1.1.1

Output

• List of IT compliance requirements with accountability timelines

Materials

• Accessibility Compliance Tracking Tool

Participants

• CIO
• IT senior leaders
• IT managers

Download the Accessibility Compliance Tracking Tool

Review your timeline

Don't overload your team. Make sure the timelines assigned in the breakout groups make sense and are realistic.

Download the Accessibility Compliance Tracking Tool

Empty roadmap template

1.2.3 Add priorities to the roadmap

1 hour

1. Using the information entered in the compliance tracking spreadsheet during activities 1.2.1 and 1.2.2, build a visual representation to capture your strategic initiatives over time, using themes and timelines. Consider group initiatives in four categories, technology, people, process, and other.
2. Copy and paste the controls onto the roadmap from the Accessibility Compliance Tracking Toolto the desired time quadrant on the roadmap.
3. Set your desired timelines by changing the Q1-Q4 blocks (set the timelines that make sense for your situation).

Input

• Output of activity 1.2.2
• Roadmap template
• Other departmental project plans and timelines

Output

• Visual roadmap of accessibility compliance controls

Materials

• n/a

Participants

• CIO
• IT senior leaders
• IT managers

Communicate commitment

Support people leaders in leading by example with an accessibility commitment statement.

A commitment statement communicates why accessibility and disability inclusion are important and guides behaviors toward the ideal state. The statement will guide and align work, build accountability, and acknowledge the dedication of the leadership team to accessibility and disability inclusion. The statement will:

• Publicly commit the team to fostering disability inclusivity.
• Highlight related values and goals of the team or organization.
• Set expectations.
• Help build trust and increase feelings of belonging.
• Connect the necessary changes (people, process, and technology related) to organization strategy.

Take action! Writing the statement is only the first step. It takes more than words to build accessibility and make your work environment more disability inclusive.

Info-Tech Insight

Preparing for and building awareness of the reasons for accessibility make the necessary behavior changes easier.

Sample accessibility commitment statements

theScore

"theScore strives to provide products and services in a way that respects the dignity and independence of persons with disabilities. We are committed to giving persons with disabilities the same opportunity to access our products and services and allowing them to benefit from the same services, in the same place and in a similar way as other clients. We are also committed to meeting the needs of persons with disabilities in a timely manner, and we will meet applicable legislative requirements for preventing and removing barriers."(1)

Apple Canada

"Apple Canada is committed to ensuring equal access and participation for people with disabilities. Apple Canada is committed to treating people with disabilities in a way that allows them to maintain their dignity and independence. Apple Canada believes in integration and is committed to meeting the needs of people with disabilities in a timely manner. Apple Canada will do so by removing and preventing barriers to accessibility and meeting accessibility requirements under the AODA and provincial and federal laws across Canada." (2)

Google Canada

"We are committed to meeting the accessibility needs of people with disabilities in a timely manner, and will do so by identifying, preventing and removing barriers to accessibility, and by meeting the accessibility requirements under the AODA." (3)

Source 1: theScore
Source 2: Apple Canada
Source 3: Google Canada.

1.2.4 Write an IT accessibility commitment statement

45 minutes

1. As a group, brainstorm the key reasons and necessity for disability inclusion and accessibility for your organization, and the drivers and behaviors required. Record the ideas brainstormed by the group.
2. Break into smaller groups or pairs (or if too small, continue as a single group):
   • Each group uses the brainstormed ideas to draft an accessibility commitment statement.
3. Each smaller group shares their statement with the larger group and receives feedback. Smaller groups redraft their statements based on the feedback.
4. Post each redrafted statement and provide each person two dot stickers to place on the two statements that resonate the most with them.
5. Using the two statements with the highest number of dot votes, write the final accessibility commitment statement.
6. Add the commitment statement to slide 18 of the Departmental Meeting Template.

Input

• Business objectives
• Risks related to accessibility
• Target future accessibility maturity

Output

• IT accessibility commitment statement

Materials

• Whiteboard/flip charts
• Dot stickers or other voting mechanism

Participants

• CIO
• IT senior leaders
• IT managers

Phase 2

Change Enablement for Accessibility.

This phase will walk you through the following activities:

• Clarifying key messages
• IT department accessibility presentation
• Establishing a frequency and timeframe for communications
• Obtaining feedback
• Sustainment plan

This phase involves the following participants:

• CIO
• IT senior leaders
• IT managers
• Other key business stakeholders
• Marketing and communications team

Be experience driven

Building awareness and focusing on experience helps move along the accessibility maturity framework. Shifting from mandate to movement.

In this phase, start to move beyond compliance. Build the IT team's understanding of accessibility, disability inclusion, and their role.
Communicate the following messages to your team:

• The motivation behind the change.
• The reasons for the change.
• And encourage feedback.

Info-Tech Accessibility Maturity Framework

Info-Tech Insight

Compliance is the minimum; the people and behavior changes are the harder part and have the largest impact on accessibility. Preparing for and building awareness of the reasons for accessibility make the necessary behavior changes easier. Communicate, communicate, and communicate some more.

What is an organizational change?

Before communicating, understand the degree of change.

Consider the various impacts of the change

Invest time at the start to develop a detailed understanding of the impact of the change. This will help to create a plan that will simplify the change and save time. Evaluate the impact from a people, process, and technology perspective.

Leverage a design thinking principle: Empathize with the stakeholder – what will change?

Change depends on how well people understand it

Help people internalize what they can do to make the organization more inclusive.

Anticipate responses to change:

1. Emotional reaction – different people require different styles of management to guide them through the change. Individual's may have different emotions at different times during the change process. The more easily you can identify persona characteristics, the better you can manage them.
2. Level of impact – the higher level of change on an individual's day-to-day, the more difficult it will be to adjust to the change. The more impactful the change, the more time focused on people management.

Quickly assess the size of change by answering these questions:

1. Will the change affect your staff's daily work?
2. Is the change high urgency?
3. Is there a change in reporting relationships?
4. Is there a change in skills required for staff to be successful?
5. Will the change modify entrenched cultural practices?
6. Is there a change in the mission or vision of the role?

If you answered "Yes" to two or more questions, the change is bigger than you think. Your staff will feel the impact.

Ensure effective communication by focusing on four key elements

1. Audience

• Stakeholders (either groups or individuals) who will receive the communication.

• Person who delivers the communication to the audience. The communicator and owner are two different things.

Step 2.1

Build awareness and define key messages for IT.

This step involves the following participants:

• IT leadership team
• Marketing/communications (optional)

Outcomes of this step

• Key accessibility messages

Determine the desired outcome of communicating within IT

This phase is focused on communicating within IT. All communication has an overall goal. This outcome or purpose of communicating is often dependent on the type of influence the stakeholder wields within the organization as well as the type of impact the change will have on them. Consider each of the communication outcomes listed below.

Communicating within IT

• Obtain buy-in
• Inform about the IT change
• Create a training plan
• Inform about department changes
• Inform about organization changes
• Inform about a crisis
• Obtain adoption related to the change
• Distribute key messages to change agents

Departmental Meeting Template

Accessibility Quick Cards

Establish and define key messages based on organizational objectives

What are key messages?

1. Key messages guide all internal communications to ensure they are consistent, unified, and straightforward.
2. Distill key messages down from organizational objectives and use them to reinforce the organization's strategic direction. Key messages should inspire employees to act in a way that will help the organization reach its objectives.

How to establish key messages

Ground key messages in organizational strategy and culture. These should be the first places you look to determine the organization's key messages:

• Refer to organizational strategy documents. What needs to be reinforced in internal communications to ensure the organization can achieve its strategy? This is a key message.
• Look at the organization's values. How do values guide how work should be done? Do employees need to behave in a certain way or keep a certain value top of mind? This is a key message.

The intent of key messages is to convey important information in a way that is relatable and memorable, to promote reinforcement, and ultimately, to drive action.

Info-Tech Insight

Empathizing with the audience is key to anticipating and addressing objections as well as identifying benefits. Customize messaging based on audience attributes such as work model (e.g. hybrid), anticipated objections, what's in it for me?, and specific expectations.

2.1.1 Clarify the key messages

30 minutes

1. Brainstorm the key stakeholders and target audiences you will likely need to communicate with to sustain the accessibility initiative (depending on the size of your group, you might break into pairs or smaller groups and each work on one target audience).
2. Based on the outcome expected from engaging the target audience in communications, define one to five key messages that should be expressed about accessibility.
3. The key messages should highlight benefits anticipated, concerns anticipated, details about the change, plan of action, or next steps. The goal here is to ensure the target audience is included in the communication process.
4. The key messages should be focused on how the target audience receives a consistent message, especially if different communication messengers are involved.
5. Document the key messages on Tab 3 of the Communications Planner Tool.

Download the Communications Planner Tool

Input

• The change
• Target audience
• Communication outcomes

Output

• Key messages to support a consistent approach

Materials

• Communications Planner Tool
• Sticky notes
• Whiteboard

Participants

• IT leadership team
• Marketing/communications partner (optional)

Step 2.2

Support new behaviors.

Activities

2.2.1 Prepare for IT department meeting

2.2.2 Practice delivery of your presentation

2.2.3 Hold department meeting

This step involves the following participants:

• Entire IT department

Outcomes of this step

• IT departmental meeting slides
• Accessibility quick cards
• Task list of how each IT team will support the accessibility roadmap

Key questions to answer with change communication

To effectively communicate change, answer questions before they're asked, whenever possible. To do this, outline at each stage of the change process what's happening next for the audience, as well as answer other anticipated questions. Pair key questions with core messages.

Examples of key questions by change stage include:

2.2.1 Prepare for the IT departmental meeting

2 hours

1. Download the IT Department Presentation Template and follow the instructions on each slide to update for your organization.
2. Insert information on the current accessibility maturity level. If you haven't determined your current and future state maturity level, use the Info-Tech resource from The Accessibility Business Case for IT.
3. Review the presentation with the information added.
4. Consider what could be done to make the presentation better:
   1. Concise: Identify opportunities to remove unnecessary information.
   2. Clear: It uses only terms or language the target audience would understand.
   3. Relevant: It matters to the target audience and the problems they face.
   4. Consistent: The message could be repeated across audiences.
5. Schedule a departmental meeting or add the presentation to an existing departmental meeting.

Download the Departmental Presentation Template

Input

• Organizational accessibility risks
• Accessibility maturity current state
• Outputs from manager presentation
• Key messages

Output

• Prepared presentation to introduce accessibility to the entire IT department

Materials

• Departmental Presentation Template

Participants

• CIO/ head of IT/ CAO/ initiative leader

Hone presentation skills before meeting with key stakeholders

Using voice and body

Think about the message you are trying to convey and how your body can support that delivery. Hands, stance, frame – all have an impact on what might be conveyed.

If you want your audience to lean in and be eager about your next point, consider using a pause or softer voice and volume.

Be professional and confident

State the main points of your presentation confidently. While this should be obvious, it is essential. Your audience should be able to clearly see that you believe the points you are stating.

Present in a way that is genuine to you and your voice. Whether you have an energetic personality or calm and composed personality, the presentation should be authentic to you.

Connect with your audience

Look each member of the audience in the eye at least once during your presentation. Avoid looking at the ceiling, the back wall, or the floor. Your audience should feel engaged – this is essential to keeping their attention.

Avoid reading from your slides. If there is text on a slide, paraphrase it while maintaining eye contact.

Info-Tech Insight

You are responsible for the response of your audience. If they aren't engaged, it is on you as the communicator.

2.2.2 Practice delivery of your presentation and schedule department meeting

45 minutes

1. Take ten minutes to think about how to deliver your presentation. Where will you emphasize words, speak louder, softer, lean in, stand tall, make eye contact, etc.?
2. Set a timer on your phone or watch. Record yourself if possible.
3. Take a few seconds to center yourself and prepare to deliver your pitch.
4. Practice delivery of your presentation out loud. Don't forget to use your body language and your voice to deliver.
5. Listen to the recording. Are the ideas communicated correctly? Are you convinced?
6. Review and repeat.

Input

• Presentation deck from activity 2.2.1
• Best practices for delivering

Output

• An ability to deliver the presentation in a clear and concise manner that creates understanding

Materials

• Recorder
• Timer

Participants

• CIO/ head of IT/ initiative leader

2.2.3 Lead the IT department meeting

1–2 hours

1. Gather the IT department in a manner appropriate for your organization and facilitate the meeting prepared in activity 2.2.1.
2. Within the meeting, capture all key action items and outcomes from the Quick Cards Development and Roadmap Planning.
3. Following the meeting, review the quick cards that everyone built and share these with all IT participants.
4. Update your sunrise diagram to include any initiatives that came up in the team meetings to support moving to experiential.

Input

• Presentation deck from activity 2.2.1

Output

• A shared understanding of accessibility at your organization and everyone's role
• Area task list (including behavior change needs)
• Accessibility quick cards

Materials

• Accessibility Quick Cards template

Participants

• CIO/ head of IT/ initiative leader

Download the Accessibility Quick Cards template

Step 2.3

Continuous reinforcement – keep the conversation going – sustain the change.

Activities

2.3.1 Establish a frequency and timeframe for communications

2.3.2 Obtain feedback and improve

2.3.3 Sustainment plan

This step involves the following participants:

• CIO/ head of IT/ initiative lead
• IT leadership team

Outcomes of this step

• Assigned roles for ongoing program monitoring
• Communication plan
• Accessibility maturity monitoring plan
• Program evaluation

Communication is ongoing before, during, and after implementing a change initiative

Just because you've rolled out the plan doesn't mean you can stop talking about it.

Don't forget: Cascade messages down through the organization to ensure those who need to deliver messages have time to internalize the change before communicating it to others. Include a mix of personal and organizational messages, but where possible, separate personal and organizational content into different communications.

2.3.1 Establish a frequency and timeframe

30 minutes

1. For each row in Tab 3, determine how frequently that communication needs to take place and when that communication needs to be completed by.
   • Frequency: How often the communication will be delivered to the audience (e.g. one-time, monthly, as needed).
   • Timeframe: When the communication will be delivered to the audience (e.g. a planned period or a specific date).
2. When selecting the timeframe, consider what dependencies need to take place prior to that communication. For example, IT employees should not be communicated with on anything that has not yet been approved by the CEO. Also consider when other communications might be taking place so that the message is not lost in the noise.
3. For frequency, the only time that a communication needs to take place once is when presenting up to senior leaders of the organizations. And even then, it will sometimes require more than one conversation. Be mindful of this.

Input

• The change
• Target audience
• Communication outcome
• Communication channel

Output

• Frequency and timeframe of the communication

Materials

• Communications Planner Tool
• Sticky notes
• Whiteboard

Participants

• Changes based on those who would be relevant to your initiative

Download the Communications Planner Tool

Ensure feedback mechanisms are in place

Soliciting and acting on feedback involves employees in the decision-making process and demonstrates to them that their contributions matter.

Make sure you have established feedback mechanisms to collect feedback on both the messages delivered and how they were delivered. Some ways to collect feedback include:

• Evaluating intranet comments and interactions (e.g. likes, etc.) if this function is enabled.
• Measuring comprehension and satisfaction through surveys and polls.
• Looking for themes in the feedback and questions employees bring forward to managers during in-person briefings.

Feedback Mechanisms:

• CIO business vision survey
• Engagement surveys
• Focus groups
• Suggestion boxes
• Team meetings
• Random sampling
• Informal feedback
• Direct feedback
• Audience body language
• Repeating the message back

Gather feedback on plan and iterate

Who

The project team gathers feedback from:

• As many members of impacted groups as possible, as it helps build broad buy-in for the plan.
• All levels (e.g. frontline employees, managers, directors).

What

Gather feedback on:

• How to implement tactics successfully.
• The timing of implementation (helps inform the next slide).
• The resources required (helps inform the next slide).
• Potential unforeseen impacts, questions, and concerns.

How

• Use focus groups to gather feedback.
• Adjust sustainment plan based on feedback.

Use Info-Tech's Standard Focus Group Guide

2.3.2 Obtain feedback and improve

20 minutes

1. Evenly distribute the number of rows in the communication plan to all those involved. Consider a metric that would help inform whether the communication outcome was achieved.
2. For each row, identify a feedback mechanism (slide 75) that could be used to enable the collection and confirm a successful outcome.
3. Come back as a group and validate the feedback mechanisms selected.
4. The important aspect here is not just to measure if the desired outcome was achieved. If the desired outcome is not achieved, consider what you might do to change or enable better communication to that target audience.
5. Every communication can be better. Feedback, whether it be tactical or strategic, will help inform methods to improve future communication activities.

Input

• Communication outcome
• Target audience
• Communication channel

Output

• A mechanism to measure communication feedback and adjust future communications when necessary

Materials

• Communications Planner Tool
• Sticky notes
• Whiteboard

Participants

• Changes based on those who would be relevant to your initiative

Download the Communications Planner Tool

Identify owners and assign other roles

• Eventually there needs to be a hand off to leaders to sustain accessibility. Senior leaders continue to play the role of guide and facilitator, helping the team identify owners and transfer ownership.
• Guide the team to work with owners to assign roles to other stakeholders. Spread responsibility across multiple people to avoid overload.

Identify required resources and secure budget

Sustainment is critical to success of accessibility

• This step (i.e. sustainment) often gets overlooked because leaders are focused on the implementation. It takes resources and budget to sustain a plan and change as well.
• Resorting to the old way is more likely to occur when you don't plan to support sustainment with ongoing resources and budget that's required.

Resources

Identify resources required for sustainment components using metrics and input from implementation owners, subject matter experts, and frontline managers.

For example:

• Inventory
• Collateral for communications
• Technology
• Physical space
• People resources (FTE)

Budget

Estimate the budget required for resources based on past projects that used similar resources, and then estimate the time it will take until the change evolves into "business as usual" (e.g. 6 months, 12 months).

Monitor accessibility maturity

If you haven't already performed the Accessibility Maturity Assessment, complete it in the wake of the accessibility initiative to assess improvements and progress toward target future accessibility maturity.
As your accessibility program starts to scale out over a range of projects, revisit the assessment on a quarterly or bi-annual basis to help focus your improvement efforts across the six accessibility categories.

• Vendor relations
• Products and services
• Policy and process
• Support and accommodation
• Communication
• People and culture

Info-Tech Insight

To drive continual improvement of your organizational accessibility and disability inclusion, continue to share progress, wins, challenges, feedback, and other accessibility related concerns with stakeholders. At the end of the day, IT's efforts to become a change leader and support organizational accessibility will come down to stakeholder perceptions based upon employee morale and benefits realized.

Download the Accessibility Maturity Assessment

Evaluate and iterate the program on an ongoing basis

1. Continually monitor the results of project metrics.
   • Track progress toward goals and metrics set at the beginning of the initiative to gauge the success of the program.
   • Analyze metrics at the work-unit level to highlight successes and challenges in accessibility and disability inclusion and the parameters around it for each impacted unit.
2. Regularly gather feedback on program effectiveness using questions such as:
   • Has the desired culture been effectively communicated and leveraged, or has the culture changed?
   • Collect feedback through regular channels (e.g. manager check-ins) and set up a cadence to survey employees on the program (e.g. three months after rollout and then annually).
3. Determine if changes to the program structure are needed.
   • Revisit the accessibility maturity framework and the compliance requirements of IT. Understand what is being experienced; it may be necessary to select a different target or adjust the parameters to mitigate the common challenges.
   • Evaluate the effectiveness of current internal processes to determine if the program would benefit from a dedicated resource.

2.3.3 Sustain the change

1. Identify who will own what pieces of the program going forward and assign roles to transition the initiative from implementation to the new normal.
2. Continue to communicate with stakeholders about accessibility and disability inclusion initiatives, controls, and requirements.
3. Identify required resources and secure any budget that will be needed to support the accessibility program. Think about employee training, consulting needs, assistive technology requirements, human resources (FTE), etc.
4. Continue to monitor your accessibility maturity. Use the Accessibility Maturity Assessment tool to periodically evaluate progress on goals and targets. Also, use this tool to communicate progress with senior leaders and executives.
5. Strive for continuous improvement by evaluating and iterating the program on an ongoing basis.

Input

• Activity outputs from this blueprint

Output

• Ongoing continuous improvement and progress related to accessibility
• Demonstrable results

Materials

• n/a

Participants

• CIO/ head of IT/ initiative Lead
• IT senior leaders
• IT managers

Related Info-Tech Research

The Accessibility Business Case for IT

• Take away the overwhelm that many feel when they hear "accessibility" and make the steps for your organization approachable.
• Clearly communicate why accessibility is critical and how it supports the organization's key objectives and initiatives.
• Understand your current state related to accessibility and identify areas for key initiatives to become part of the IT strategic roadmap.

Lead Staff through Change

• Anticipate and respond to staff questions about the change in order to keep messages consistent, organized, and clear.
• Manage staff based on their specific concerns and change personas to get the best out of your team during the transition through change.
• Maintain a feedback loop between staff, executives, and other departments in order to maintain the change momentum and reduce angst throughout the process.

IT Diversity and Inclusion Tactics

• Although inclusion is key to the success of a diversity and inclusion (D&I) strategy, the complexity of the concept makes it a daunting pursuit.
• This is further complicated by the fact that creating inclusion is not a one-and-done exercise. Rather, it requires the ongoing commitment of employees and managers to reassess their own behaviors and to drive a cultural shift.

Implement and Mature Your User Experience Design Practice

• Create a practice that is focused on human outcomes; it starts and ends with the people you are designing for. This includes:
• Establishing a practice with a common vision.
• Enhancing the practice through four design factors.
• Communicating a roadmap to improve your business through design.

Works cited

"2021 State of Digital Accessibility." Level Access, n.d. Accessed 10 Aug. 2022
"Apple Canada Accessibility Policy & Plan." Apple Canada, 11 March 2019. .
Casey, Caroline. "Do Your D&I Efforts Include People With Disabilities?" Harvard Business Review, 19 March 2020. Accessed 28 July 2022.
Digitalisation World. "Organisations failing to meet digital accessibility standards." Angel Business Communications, 19 May 2022. Accessed Oct. 2022.
"disability." Merriam-Webster.com Dictionary, Merriam-Webster, . Accessed 10 Aug. 2022.
"Disability." World Health Organization, 2022. Accessed 10 Aug 2022.
"Google Canada Corporation Accessibility Policy and Multi Year Plan." Google Canada, June 2020. .
Hypercontext. "The State of High Performing Teams in Tech 2022." Hypercontext. 2022..
Lay-Flurrie, Jenny. "Accessibility Evolution Model: Creating Clarity in your Accessibility Journey." Microsoft, 2023. <https://blogs.microsoft.com/accessibility/accessibility-evolution-model/>.
Maguire, Jennifer. "Applause 2022 Global Accessibility Survey Reveals Organizations Prioritize Digital Accessibility but Fall Short of Conformance with WCAG 2.1 Standards." Business Wire, 19 May 2022. . Accessed 2 January 2023.
"The Business Case for Digital Accessibility." W3C Web Accessibility Initiative (WAI), 9 Nov. 2018. Accessed 4 Aug. 2022.
"THESCORE's Commitment to Accessibility." theScore, May 2021. .
"The WebAIM Million." Web AIM, 31 March 2022. Accessed 28 Jul. 2022.
Washington, Ella F. "The Five Stages of DEI Maturity." Harvard Business Review, November - December 2022. Accessed 7 Nov. 2022.
Web AIM. "The WebAIM Million." Institute for Disability Research, Policy, and Practice, 31 March 2022. Accessed 28 Jul. 2022.

Analyst Perspective

"Customer service issues are rarely based on personality but are almost always a symptom of poor and inconsistent process. When service desk managers are looking to hire to resolve customer service issues and executives are pushing back, it’s time to look at improving process and the support strategy to make the best use of technicians’ time, tools, and knowledge sharing. Once improvements have been made, it’s easier to make the case to add people or introduce automation.

Replacing service desk solutions will also highlight issues around poor process. Without fixing the baseline services, the new solution will simply wrap your issues in a prettier package.

Ultimately, the service desk needs to be the entry point for users to get help and the rest of IT needs to provide the appropriate support to ensure the first line of interaction has the knowledge and tools they need to resolve quickly and preferably on first contact. If your plans include optimization to self-serve or automation, you’ll have a hard time getting there without standardizing first."

Sandi Conrad

Principal Research Director, Infrastructure & Operations Practice

Info-Tech Research Group

A method for getting your service desk out of firefighter mode

This Research Is Designed For:

• The CIO and senior IT management who need to increase service desk effectiveness and timeliness and improve end-user satisfaction.
• The service desk manager who wants to lead the team from firefighting mode to providing consistent and proactive support.

This Research Will Also Assist:

• Service desk teams who want to increase their own effectiveness and move from a help desk to a service desk.
• Infrastructure and applications managers who want to decrease reactive support activities and increase strategic project productivity by shifting repetitive and low-value work left.

This Research Will Help You:

• Create a consistent customer service experience for service desk patrons.
• Increase efficiency, first-call resolution, and end-user satisfaction with the Service Desk.
• Decrease time and cost to resolve service desk tickets.
• Understand and address reporting needs to address root causes and measure success.
• Build a solid foundation for future IT service improvements.

Executive Summary

Situation

• The CIO and senior IT management who need to increase service desk effectiveness and timeliness and improve end-user satisfaction.
• If only the phone could stop ringing, the Service Desk could become proactive, address service levels, and improve end-user IT satisfaction.

Complication

• Not everyone embraces their role in service support. Specialists would rather work on projects than provide service support.
• The Service Desk lacks processes and workflows to provide consistent service. Service desk managers struggle to set and meet service-level expectations, which further compromises end-user satisfaction.

Resolution

• Go beyond the blind adoption of best-practice frameworks. No simple formula exists for improving service desk maturity. Use diagnostic tools to assess the current state of the Service Desk. Identify service support challenges and draw on best-practice frameworks intelligently to build a structured response to those challenges.
• An effective service desk must be built on the right foundations. Understand how:
  • Service desk structure affects cost and ticket volume capacity.
  • Incident management workflows can improve ticket handling, prioritization, and escalation.
  • Request fulfillment processes create opportunities for streamlining and automating services.
  • Knowledge sharing supports the processes and workflows essential to effective service support.

Info-Tech Insight

Service desk improvement is an exercise in organizational change. Engage specialists across the IT organization in building the solution. Establish a single service-support team across the IT group and enforce it with a cooperative, customer-focused culture. Don’t be fooled by a tool that’s new. A new service desk tool alone won’t solve the problem. Service desk maturity improvements depend on putting in place the right people and processes to support the technology

Directors and executives understand the importance of the service desk and believe IT can do better

Source: Info-Tech, 2019 Responses (N=189 organizations)

Service Desk Importance Scores

No Importance: 1.0-6.9

Limited Importance: 7.0-7.9

Significant Importance: 8.0-8.9

Critical Importance: 9.0-10.0

Service Desk Effectiveness Scores

Not in Place: N/A

Not Effective: 0.0-4.9

Somewhat Ineffective: 5.0-5.9

Somewhat Effective: 6.0-6.9

Very Effective: 7.0-10.0

Info-Tech Research Group’s IT Management and Governance Diagnostic (MGD) program assesses the importance and effectiveness of core IT processes. Since its inception, the MGD has consistently identified the service desk as an area to leverage.

Having an effective and timely service desk correlates with higher end-user satisfaction with all other IT services

On average, organizations that were satisfied with service desk effectiveness rated all other IT processes 46% higher than dissatisfied end users.

Organizations that were satisfied with service desk timeliness rated all other IT processes 37% higher than dissatisfied end users.

“Satisfied” organizations had average scores =8.“Dissatisfied" organizations had average scores “Dissatisfied" organizations had average scores =6. Source: Info-Tech Research Group, 2019 (N=18,500+ respondents from 75 organizations)

Standardize the service desk the Info-Tech way to get measurable results

More than one hundred organizations engaged with Info-Tech, through advisory calls and workshops, for their service desk projects in 2016. Their goal was either to improve an existing service desk or build one from scratch.

Organizations that estimate the business impact of each project phase help us shed light on the average measured value of the engagements.

"The analysts are an amazing resource for this project. Their approach is very methodical, and they have the ability to fill in the big picture with detailed, actionable steps. There is a real opportunity for us to get off the treadmill and make real IT service management improvements"

- Rod Gula, IT Director

American Realty Advisors

Info-Tech’s approach to service desk standardization focuses on building service management essentials

Info-Tech draws on the COBIT framework, which focuses on consistent delivery of IT services across the organization

The service desk is the foundation of all other service management processes.

Standardize the Service Desk – project overview

Info-Tech delivers: Use our tools and templates to accelerate your project to completion

Project Summary

Service Desk Standard Operating Procedures

Service Desk Maturity Assessment Tool

Service Desk Implementation Roadmap

Incident, knowledge, and request management workflows

Workshop Overview

Contact your account representative or email Workshops@InfoTech.com for more information.

Phase 1

Step 1.1:Assess current state

Standardizing the service desk benefits the whole business

Embrace standardization

• Standardization prevents wasted energy on reinventing solutions to recurring issues.
• Standardized processes are scalable so that process maturity increases with the size of your organization.

Increase business satisfaction

• Improve confidence that the service desk can meet service levels.
• Create a single point of contact for incidents and requests and escalate quickly.
• Analyze trends to forecast and meet shifting business requirements.

Reduce recurring issues

• Create tickets for every task and categorize them accurately.
• Generate reliable data to support root-cause analysis.

Increase efficiency and lower operating costs

• Empower end users and technicians with a targeted knowledgebase (KB).
• Cross-train to improve service consistency.

Assess current service desk maturity to establish a baseline and create a plan for service desk improvement

A current-state assessment will help you build a foundation for process improvements. Current-state assessments follow a basic formula:

1. Determine the current state of the service desk.
2. Determine the desired state of the service desk.
3. Build a practical path from current to desired state.

Ideally, the current-state assessment should align the delivery of IT services with organizational needs. The assessment should achieve the following goals:

1. Identify service desk pain points.
2. Map each pain point to business services.
3. Assign a broad business value to the resolution of each pain point.
4. Map each pain point to a process.

Expert Insight

“How do you know if you aren’t mature enough? Nothing – or everything – is recorded and tracked, customer satisfaction is low, frustration is high, and there are multiple requests and incidents that nobody ever bothers to address.”

Rob England

IT Consultant & Commentator

Owner Two Hills

Also known as The IT Skeptic

Assess the process maturity of the service desk to determine which project phase and steps will bring the most value

1.1.2 Measure which activity will have the greatest impact

The Service Desk Maturity Assessmenttool helps organizations assess their service desk process maturity and focus the project on the activities that matter most.

The tool will help guide improvement efforts and measure your progress.

• The second tab of the tool walks through a qualitative assessment of your service desk practices. Questions will prompt you to evaluate how you are executing key activities. Select the answer in the drop-down menus that most closely aligns with your current state.
• The third tab displays your rate of process completeness and maturity. You will receive a score for each phase, an overall score, and advice based on your performance.
• Document the results of the efficiency assessment in the Service Desk Project Summary.

The tool is intended for periodic use. Review your answers each year and devise initiatives to improve the process performance where you need it most.

Where do I find the data?

Consult:

• Service Manager
• Service Desk Tools

Step 1.2:Review service support best practices

This step will walk you through the following activities:

1. 1.2.1 Identify roles and responsibilities in your organization
2. 1.2.2 Map out the current and target structure of the service desk

This step involves the following participants:

• Project Sponsor
• IT Director, CIO
• IT Managers and Service Desk Manager(s)
• Representation from tier 2 and tier 3 specialists

Outcomes

Identifying who is accountable for different support practices in the service desk will allow workload to be distributed effectively between functional teams and individuals. Closing the gaps in responsibilities will enable the execution of a shift-left strategy.

Deliverables

• Roles & responsibilities guide
• Service desk structure

A RACI chart outlines which positions are Responsible, Accountable, Consulted, and Informed

Build a single point of contact for the service desk

Regardless of the service desk structure chosen to meet your service support requirements, end users should be in no doubt about how to access the service.

Provide end users with:

• A single phone number.
• A single email address.
• A single web portal for all incidents and requests.

A single point of contact will ensure:

• An agent is available to field incidents and requests.
• Incidents and requests are prioritized according to impact and urgency.
• Work is tracked to completion.

This prevents ad hoc ticket channels such as shoulder grabs or direct emails, chats, or calls to a technician from interrupting work.

A single point of contact does not mean the service desk is only accessible through one intake channel, but rather all tickets are directed to the service desk (i.e. tier 1) to be resolved or redirected appropriately.

Directors and executives understand the importance of the service desk and believe IT can do better

Source: Info-Tech, 2019 Responses (N=189 organizations)

Service Desk Importance Scores

No Importance: 1.0-6.9

Limited Importance: 7.0-7.9

Significant Importance: 8.0-8.9

Critical Importance: 9.0-10.0

Service Desk Effectiveness Scores

Not in Place: N/A

Not Effective: 0.0-4.9

Somewhat Ineffective: 5.0-5.9

Somewhat Effective: 6.0-6.9

Very Effective: 7.0-10.0

Info-Tech Research Group’s IT Management and Governance Diagnostic (MGD) program assesses the importance and effectiveness of core IT processes. Since its inception, the MGD has consistently identified the service desk as an area to leverage.

Business stakeholders consistently rank the service desk as one of the top five most important services that IT provides

Since 2013, Info-Tech has surveyed over 40,000 business stakeholders as part of our CIO Business Vision program.

Business stakeholders ranked the following 12 core IT services in terms of importance:

*Note: IT Security was added to CIO Business Vision 2.0 in 2019

Top IT Services for Business Stakeholders

1. Network Infrastructure
2. IT Security*
3. Data Quality
4. Service Desk
5. Business Applications
6. Devices
7. Client-Facing Technology
8. Analytical Capability
9. IT Innovation Leadership
10. Projects
11. Work Orders
12. IT Policies
13. Requirements Gathering

Source: Info-Tech Research Group, 2019 (N=224 organizations)

Having an effective and timely service desk correlates with higher end-user satisfaction with all other IT services

On average, organizations that were satisfied with service desk effectiveness rated all other IT processes 46% higher than dissatisfied end users.

“Satisfied” organizations had average scores =8.“Dissatisfied" organizations had average scores “Dissatisfied" organizations had average scores =6. Source: Info-Tech Research Group, 2019 (N=18,500+ respondents from 75 organizations)

Standardize the service desk the Info-Tech way to get measurable results

More than one hundred organizations engaged with Info-Tech, through advisory calls and workshops, for their service desk projects in 2016. Their goal was either to improve an existing service desk or build one from scratch.

Organizations that estimate the business impact of each project phase help us shed light on the average measured value of the engagements.

"The analysts are an amazing resource for this project. Their approach is very methodical, and they have the ability to fill in the big picture with detailed, actionable steps. There is a real opportunity for us to get off the treadmill and make real IT service management improvements"

- Rod Gula, IT Director

American Realty Advisors

Info-Tech’s approach to service desk standardization focuses on building service management essentials

Info-Tech draws on the COBIT framework, which focuses on consistent delivery of IT services across the organization

The service desk is the foundation of all other service management processes.

Info-Tech offers various levels of support to best suit your needs

DIY Toolkit

“Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful.”

Guided Implementation

“Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track.”

Workshop

“We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place.”

Consulting

“Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project.”

Diagnostics and consistent frameworks used throughout all four options

Standardize the Service Desk – project overview

Info-Tech delivers: Use our tools and templates to accelerate your project to completion

Project Summary

Service Desk Standard Operating Procedures

Service Desk Maturity Assessment Tool

Service Desk Implementation Roadmap

Incident, knowledge, and request management workflows

The project’s key deliverable is a service desk standard operating procedure

Benefits of documented SOPs:

Improved training and knowledge transfer: Routine tasks can be delegated to junior staff (freeing senior staff to work on higher priority tasks).

IT automation, process optimization, and consistent operations: Defining, documenting, and then optimizing processes enables IT automation to be built on sound processes, so consistent positive results can be achieved.

Compliance: Compliance audits are more manageable because the documentation is already in place.

Transparency: Visually documented processes answer the common business question of “why does that take so long?”

Cost savings: Work solved at first contact or with a minimal number of escalations will result in greater efficiency and more cost-effective support. This will also lead to better customer service.

Impact of undocumented/undefined SOPs:

Tasks will be difficult to delegate, key staff become a bottleneck, knowledge transfer is inconsistent, and there is a longer onboarding process for new staff

IT automation built on poorly defined, unoptimized processes leads to inconsistent results.

Documenting SOPs to prepare for an audit becomes a major time-intensive project.

Other areas of the organization may not understand how IT operates, which can lead to confusion and unrealistic expectations.

Support costs are highest through inefficient processes, and proactive work becomes more difficult to schedule, making the organization vulnerable to costly disruptions.

Workshop Overview

Contact your account representative or email Workshops@InfoTech.com for more information.

Phase 1

Lay Service Desk Foundations

Step 1.1:Assess current state

This step will walk you through the following activities:

• 1.1.1 Outline service desk challenges
• 1.1.2 Assess the service desk maturity

This step involves the following participants:

• Project Sponsor
• IT Director, CIO
• IT Managers and Service Desk Manager(s)
• Representation from tier 2 and tier 3 specialists

Outcomes

Alignment on the challenges that the service desk faces, an assessment of the current state of service desk processes and technologies, and baseline metrics against which to measure improvements.

Deliverables

• Service Desk Maturity Assessment

Standardizing the service desk benefits the whole business

Embrace standardization

• Standardization prevents wasted energy on reinventing solutions to recurring issues.
• Standardized processes are scalable so that process maturity increases with the size of your organization.

Increase business satisfaction

• Improve confidence that the service desk can meet service levels.
• Create a single point of contact for incidents and requests and escalate quickly.
• Analyze trends to forecast and meet shifting business requirements.

Reduce recurring issues

• Create tickets for every task and categorize them accurately.
• Generate reliable data to support root-cause analysis.

Increase efficiency and lower operating costs

• Empower end users and technicians with a targeted knowledgebase (KB).
• Cross-train to improve service consistency.

Case Study: The CIO of Westminster College took stock of existing processes before moving to empower the “helpless desk”

Scott Lowe helped a small staff of eight IT professionals formalize service desk processes and increase the amount of time available for projects.

When he joined Westminster College as CIO in 2006, the department faced several infrastructure challenges, including:

• An unreliable network
• Aging server replacements and no replacement plan
• IT was the “department of no”
• A help desk known as the “helpless desk”
• A lack of wireless connectivity
• Internet connection speed that was much too slow

As the CIO investigated how to address the infrastructure challenges, he realized people cared deeply about how IT spent its time.

The project load of IT staff increased, with new projects coming in every day.

With a long project list, it became increasingly important to improve the transparency of project request and prioritization.

Some weeks, staff spent 80% of their time working on projects. Other weeks, support requirements might leave only 10% for project work.

He addressed the infrastructure challenges in part by analyzing IT’s routine processes.

Internally, IT had inefficient support processes that reduced the amount of time they could spend on projects.

They undertook an internal process analysis effort to identify processes that would have a return on investment if they were improved. The goal was to reduce operational support time so that project time could be increased.

Five years later, they had a better understanding of the organization's operational support time needs and were able to shift workloads to accommodate projects without compromising support.

Common challenges experienced by service desk teams

Unresolved issues

• Tickets are not created for all incidents.
• Tickets are lost or escalated to the wrong technicians.
• Poor data impedes root-cause analysis of incidents.

Lost resources/accountability

• Lack of cross-training and knowledge sharing.
• Lack of skills coverage for critical applications and services.
• Time is wasted troubleshooting recurring issues.
• Reports unavailable due to lack of data and poor categorization.

High cost to resolve

• Tier 2/3 resolve issues that should be resolved at tier 1.
• Tier 2/3 often interrupt projects to focus on service support.

Poor planning

• Lack of data for effective trend analysis leads to poor demand planning.
• Lack of data leads to lost opportunities for templating and automation.

Low business satisfaction

• Users are unable to get assistance with IT services quickly.
• Users go to their favorite technician instead of using the service desk.

Outline the organization’s service desk challenges

1.1.1 Brainstorm service desk challenges

Estimated Time: 45 minutes

A. As a group, outline the areas where you think the service desk is experiencing challenges or weaknesses. Use sticky notes or a whiteboard to separate the challenges into People, Process, and Technology so you have a wholistic view of the constraints across the department.

B. Think about the following:

• What have you heard from users? (e.g. slow response time)
• What have you heard from executives? (e.g. poor communication)
• What should you start doing? (e.g. documenting processes)
• What should you stop doing? (e.g. work that is not being entered as tickets)

C. Document challenges in the Service Desk Project Summary.

Participants:

• CIO
• IT Managers
• Service Desk Manager
• Service Desk Agents

Assess current service desk maturity to establish a baseline and create a plan for service desk improvement

A current-state assessment will help you build a foundation for process improvements. Current-state assessments follow a basic formula:

1. Determine the current state of the service desk.
2. Determine the desired state of the service desk.
3. Build a practical path from current to desired state.

Ideally, the current-state assessment should align the delivery of IT services with organizational needs. The assessment should achieve the following goals:

1. Identify service desk pain points.
2. Map each pain point to business services.
3. Assign a broad business value to the resolution of each pain point.
4. Map each pain point to a process.

Expert Insight

“How do you know if you aren’t mature enough? Nothing – or everything – is recorded and tracked, customer satisfaction is low, frustration is high, and there are multiple requests and incidents that nobody ever bothers to address.”

Rob England

IT Consultant & Commentator

Owner Two Hills

Also known as The IT Skeptic

Assess the process maturity of the service desk to determine which project phase and steps will bring the most value

1.1.2 Measure which activity will have the greatest impact

The Service Desk Maturity Assessmenttool helps organizations assess their service desk process maturity and focus the project on the activities that matter most.

The tool will help guide improvement efforts and measure your progress.

• The second tab of the tool walks through a qualitative assessment of your service desk practices. Questions will prompt you to evaluate how you are executing key activities. Select the answer in the drop-down menus that most closely aligns with your current state.
• The third tab displays your rate of process completeness and maturity. You will receive a score for each phase, an overall score, and advice based on your performance.
• Document the results of the efficiency assessment in the Service Desk Project Summary.

The tool is intended for periodic use. Review your answers each year and devise initiatives to improve the process performance where you need it most.

Consult:

• Service Manager
• Service Desk Tools

Step 1.2:Review service support best practices

This step will walk you through the following activities:

1. 1.2.1 Identify roles and responsibilities in your organization
2. 1.2.2 Map out the current and target structure of the service desk

This step involves the following participants:

• Project Sponsor
• IT Director, CIO
• IT Managers and Service Desk Manager(s)
• Representation from tier 2 and tier 3 specialists

Outcomes

Identifying who is accountable for different support practices in the service desk will allow workload to be distributed effectively between functional teams and individuals. Closing the gaps in responsibilities will enable the execution of a shift-left strategy.

Deliverables

• Roles & responsibilities guide
• Service desk structure

Everyone in IT contributes to the success of service support

Regardless of the service desk structure chosen to meet an organization’s service support requirements, IT staff should not doubt the role they play in service support.

If you try to standardize service desk processes without engaging specialists in other parts of the IT organization, you will fail. Everyone in IT has a role to play in providing service support and meeting service-level agreements.

Service Support Engagement Plan

• Identify who is accountable for different service support processes.
• Outline the different responsibilities of service desk agents at tier 1, tier 2, and tier 3 in meeting service-level agreements for service support.
• Draft operational-level agreements between specialty groups and the service desk to improve accountability.
• Configure the service desk tool to ensure ticket visibility and ownership across queues.
• Engage tier 2 and tier 3 resources in building workflows for incident management, request fulfilment, and writing knowledgebase articles.
• Emphasize the benefits of cooperation across IT silos:
  • Better customer service and end-user satisfaction.
  • Shorter time to resolve incidents and implement requests.
  • A higher tier 1 resolution rate, more efficient escalations, and fewer interruptions from project work.

Info-Tech Insight

Specialists tend to distance themselves from service support as they progress through their career to focus on projects.

However, their cooperation is critical to the success of the new service desk. Not only do they contribute to the knowledgebase, but they also handle escalations from tiers 1 and 2.

Clear project complications by leveraging roles and responsibilities

R

Responsible: This person is the staff member who completes the work. Assign at least one Responsible for each task, but this could be more than one.

A

Accountable: This team member delegates a task and is the last person to review deliverables and/or task. Sometimes Responsible and Accountable can be the same staff. Make sure that you always assign only one Accountable for each task and not more.

C

Consulted: People who do not carry out the task but need to be consulted. Typically, these people are subject matter experts or stakeholders.

I

Informed: People who receive information about process execution and quality and need to stay informed regarding the task.

A RACI analysis is helpful with the following:

• Workload Balancing: Allowing responsibilities to be distributed effectively between functional teams and individuals.
• Change Management: Ensuring key functions and processes are not overlooked during organizational changes.
• Onboarding: New employees can identify their own roles and responsibilities.

A RACI chart outlines which positions are Responsible, Accountable, Consulted, and Informed

Create a list of roles and responsibilities in your organization

1.2.1 Create RACI matrix to define responsibilities

1. Use the Service Desk Roles and Responsibilities Guidefor a better understanding of the roles and responsibilities of different service desk tiers.
2. In the RACI chart, replace the top row with specific roles in your organization.
3. Modify or expand the process tasks, as needed, in the left column.
4. For each role, identify the responsibility values that the person brings to the service desk. Fill out each column.
5. Document in the Service Desk SOP. Schedule a time to share the results with organization leads.
6. Distribute the chart between all teams in your organization.

Notes:

• Assign one Accountable for each task.
• Have at least one Responsible for each task.
• Avoid generic responsibilities, such as “team meetings.”
• Keep your RACI definitions in your documents, as they are sometimes tough to remember.

Participants

• CIO
• IT Managers
• Service Desk Manager
• Service Desk Agents

What You'll Need

• Service Desk SOP
• Roles and Responsibilities Guide
• Flip Chart
• Whiteboard

Build a tiered generalist service desk to optimize costs

A tiered generalist service desk with a first-tier resolution rate greater than 60% has the best operating cost and customer satisfaction of all competing service desk structural models.

The success of a tiered generalist model depends on standardized, defined processes

Define the structure of the service desk

1.2.2 Map out the current and target structure of the service desk

Estimated Time: 45 minutes

Instructions:

1. Using the model from the previous slides as a guide, discuss how closely it matches the current service desk structure.
2. Map out a similar diagram of your existing service desk structure, intake channels, and escalation paths.
3. Review the structure and discuss any changes that could be made to improve efficiency. Revise as needed.
4. Document the outcome in the Service Desk Project Summary.

Participants

• CIO
• IT Managers
• Service Desk Manager
• Service Desk Agents

Use a shift-left strategy to lower service support costs, reduce time to resolve, and improve end-user satisfaction

Shift-left strategy:

• Shift service support tasks from specialists to generalists.
• Implement self-service.
• Automate incident resolution.

Work through the implications of adopting a shift-left strategy

Overview:

Identify process gaps that you need to fill to support the shift-left strategy and discuss how you could adopt or improve the shift-left strategy, using the discussion questions below as a guide.

Which process gaps do you need to fill to identify ticket trends?

• What are your most common incidents and service requests?
• Which tickets could be resolved at tier 1?
• Which tickets could be resolved as self-service tickets?
• Which tickets could be automated?

Which processes do you most need to improve to support a shift-left strategy?

• Which incident and request processes are well documented?
• Do you have recurring tickets that could be automated?
• What is the state of your knowledgebase maintenance process?
• Which articles do you most need to support tier 1 resolution?
• What is the state of your web portal? How could it be improved to support self-service?

Document in the Project Summary

Step 1.3: Identify service desk metrics and reports

This step will walk you through the following activities:

• 1.3 Create a list of required reports to identify relevant metrics

This step involves the following participants:

• Project Sponsor
• IT Managers and Service Desk Manager(s)
• Representation from tier 2 and tier 3 specialists

Outcomes

Managers and analysts will have service desk metrics and reports that help set expectations and communicate service desk performance.

Deliverables

• A list of service desk performance metrics and reports

Engage business unit leaders with data to appreciate needs

Service desk reports are an opportunity to communicate the story of IT and collect stakeholder feedback. Interview business unit leaders and look for opportunities to improve IT services.

Start with the following questions:

• What are you hearing from your team about working with IT?
• What are the issues that are contributing to productivity losses?
• What are the workarounds your team does because something isn’t working?
• Are you able to access the information you need?

Work with business unit leaders to develop an action plan.

Remember to communicate what you do to address stakeholder grievances.

The service recovery paradox is a situation in which end users think more highly of IT after the organization has corrected a problem with their service compared to how they would regard the company if the service had not been faulty in the first place.

The point is that addressing issues (and being seen to address issues) will significantly improve end-user satisfaction. Communicate that you’re listening and acting, and you should see satisfaction improve.

Info-Tech Insight

Presentation is everything:

If you are presenting outside of IT, or using operational metrics to create strategic information, be prepared to:

• Discuss trends.
• Identify organizational and departmental impacts.
• Assess IT costs and productivity.

For example, “Number of incidents with ERP system has decreased by 5% after our last patch release. We are working on the next set of changes and expect the issues to continue to decrease.”

Engage technicians to ensure they input quality data in the service desk tool

You need better data to address problems. Communicate to the technical team what you need from them and how their efforts contribute to the usefulness of reports.

Tickets MUST:

• Be created for all incidents and service requests.
• Be categorized correctly, and categories updated when the ticket is resolved.
• Be closed after the incidents and service requests are resolved or implemented.

Emphasize that reports are analyzed regularly and used to manage costs, improve services, and request more resources.

Info-Tech Insight

Service Desk Manager: Technical staff can help themselves analyze the backlog and improve service metrics if they’re looking at the right information. Ensure their service desk dashboards are helping them identify high-priority and quick-win tickets and anticipate potential SLA breaches.

Produce service desk reports targeted to improve IT services

Use metrics and reports to tell the story of IT.

Metrics should be tied to business requirements and show how well IT is meeting those requirements and where obstacles exist.

Tailor metrics and reports to specific stakeholders.

Technicians require mostly real-time information in the form of a dashboard, providing visibility into a prioritized list of tickets for which they are responsible.

Supervisors need tactical information to manage the team and set client expectations as well as track and meet strategic goals.

Managers and executives need summary information that supports strategic goals. Start by looking at executive goals for the support team and then working through some of the more tactical data that will help support those goals.

One metric doesn’t give you the whole picture

• Don’t put too much emphasis on a single metric. At best, it will give you a distorted picture of your service desk performance. At worst, it will distort the behavior of your agents as they may adopt poor practices to meet the metric.
• The solution is to use tension metrics: metrics that work together to give you a better sense of the state of operations.
• Tension metrics ensure a balanced focus toward shared goals.

Example:

First-call resolution (FCR), end-user satisfaction, and number of tickets reopened all work together to give you a complete picture. As FCR goes up, so should end-user satisfaction, as number of tickets re-opened stays steady or declines. If the three metrics are heading in different directions, then you know you have a problem.

Rely on internal metrics to measure and improve performance

External metrics provide useful context, but they represent broad generalizations across different industries and organizations of different sizes. Internal metrics measured annually are more reliable.

Internal metrics provide you with information about your actual performance. With the right continual improvement process, you can improve those metrics year over year, which is a better measure of the performance of your service desk.

Whether a given metric is the right one for your service desk will depend on several different factors, not the least of which include:

• The maturity of your service desk processes.
• Your ticket volume.
• The complexity of your tickets.
• The degree to which your end users are comfortable with self-service.

Info-Tech Insight

Take external metrics with a grain of salt. Most benchmarks represent what service desks do across different industries, not what they should do. There also might be significant differences between different industries in terms of the kinds of tickets they deal with, differences which the overall average obscures.

Use key service desk metrics to build a business case for service support improvements

The right metrics can tell the business how hard IT works and how many resources it needs to perform:

1. End-User Satisfactions:
   • The most important metric for measuring the perceived value of the service desk. Determine this based on a robust annual satisfaction survey of end users and transactional satisfaction surveys sent with a percentage of tickets.
2. Ticket Volume and Cost per Ticket:
   • A key indicator of service desk efficiency, computed as the monthly operating expense divided by the average ticket volume per month.
3. First-Contact Resolution Rate:
   • The biggest driver of end-user satisfaction. Depending on the kind of tickets you deal with, you can measure first-contact, first-tier, or first-day resolution.
4. Average Time to Resolve (Incident) or Fulfill (Service Requests):
   • An assessment of the service desk's ability to resolve tickets effectively, measuring the time elapsed between the moment the ticket status is set to “open” and the moment it is set to “resolved.”

Info-Tech Insight

Metrics should be tied to business requirements. They tell the story of how well IT is meeting those requirements and help identify when obstacles get in the way. The latter can be done by pointing to discrepancies between the internal metrics you expected to reach but didn’t and external metrics you trust.

Use service desk metrics to track progress toward strategic, operational, and tactical goals

Cost per ticket and customer satisfaction are the foundation metrics of service support

Ultimately, everything boils down to cost containment (measured by cost per ticket) and quality of service (measured by customer satisfaction).

Cost per ticket is a measure of the efficiency of service support:

• A higher than average cost per ticket is not necessarily a bad thing, particularly if accompanied by higher-than-average quality levels.
• Conversely, a low cost per ticket is not necessarily good, particularly if the low cost is achieved by sacrificing quality of service.

Cost per ticket is the total monthly operating expense of the service desk divided by the monthly ticket volume. Operating expense includes the following components:

• Salaries and benefits for desktop support technicians
• Salaries and benefits for indirect personnel (team leads, supervisors, workforce schedulers, dispatchers, QA/QC personnel, trainers, and managers)
• Technology expense (e.g. computers, software licensing fees)
• Telecommunications expenses
• Facilities expenses (e.g. office space, utilities, insurance)
• Travel, training, and office supplies

Create a list of required reports to identify metrics to track

1.3.1 Start by identifying the reports you need, then identify the metrics that produce them

1. Answer the following questions to determine the data your reports require:
   • What strategic initiatives do you need to track?
     • Example: reducing mean time to resolve, meeting SLAs
   • What operational areas need attention?
     • Example: recurring issues that need a permanent resolution
   • What kind of issues do you want to solve?
     • Example: automate tasks such as password reset or software distribution
   • What decisions or processes are held up due to lack of information?
     • Example: need to build a business case to justify infrastructure upgrades
   • How can the data be used to improve services to the business?
     • Example: recurring issues by department
2. Document report and metrics requirements in Service Desk SOP.
3. Provide the list to your tool administrator to create reports with auto-distribution.

Participants

• CIO
• IT Managers
• Service Desk Manager
• Service Desk Agents

What You'll Need

• Service Desk SOP
• Flip Chart
• Whiteboard

Step 1.4: Review ticket handling procedures

This step will walk you through the following activities:

• 1.4.1 Review ticket handling practices
• 1.4.2 Identify opportunities to automate ticket creation and reduce recurring tickets

This step involves the following participants:

• Project Sponsor
• IT Managers and Service Desk Manager(s)
• Representation from tier 2 and tier 3 specialists

Outcomes

Managers and analysts will have best practices for ticket handling and troubleshooting to support ITSM data quality and improve first-tier resolution.

DELIVERABLES

• List of ticket templates and recurring tickets
• Ticket and Call QA Template and ticket handling best practices

Start by reviewing the incident intake process to find opportunities for improvement

If end users are avoiding your service desk, you may have an intake problem. Create alternative ways for users to seek help to manage the volume; keep in mind not every request is an emergency.

Identify opportunities for improvement in your ticket channels

The two most efficient intake channels should be encouraged for the majority of tickets.

• Build a self-service portal.
  • Do users know where to find the portal?
  • How many tickets are created through the portal?
  • Is the interface easy to use?
• Deal efficiently with email.
  • How quickly are messages picked up?
  • Are they manually transferred to a ticket or does the service desk tool automatically create a ticket?

The two most traditional and fastest methods to get help must deal with emergencies and escalation effectively.

• Phone should be the fastest way to get help for emergencies.
  • Are enough agents answering calls?
  • Are voicemails picked up on time?
  • Are the automated call routing prompts clear and concise?
• Are walk-ins permitted and formalized?
  • Do you always have someone at the desk?
  • Is your equipment secure?
  • Are walk-ins common because no one picks up the phone or is the traffic as you’d expect?

Ensure technicians create tickets for all incidents and requests

Why Collect Ticket Data?

If many tickets are missing, help service support staff understand the need to collect the data. Reports will be inaccurate and meaningless if quality data isn’t entered into the ticketing system.

Set ticket handling expectations to drive a consistent process

Set expectations:

• Create and update tickets, but not at the expense of good customer service. Agents can start the ticket but shouldn’t spend five minutes creating the ticket when they should be troubleshooting the problem.
• Update the ticket when the issue is resolved or needs to be escalated. If agents are escalating, they should make sure all relevant information is passed along to the next technician.
• Update user of ETA if issue cannot be resolved quickly.
• Ticket templates for common incidents can lead to fast creation, data input, and categorizations. Templates can reduce the time it takes to create tickets from two minutes to 30 seconds.
• Update categories to reflect the actual issue and resolution.
• Reference or link to the knowledgebase article as the documented steps taken to resolve the incident.
• Validate incident is resolved with client; automate this process with ticket closure after a certain time.
• Close or resolve the ticket on time.

Use the Ticket and Call Quality Assessment Tool to improve the quality of service desk data

Build a process to check-in on ticket and call quality monthly

Better data leads to better decisions. Use the Ticket and Call Quality Assessment Toolto check-in on the ticket and call quality monthly for each technician and improve service desk data quality.

1. Fill tab 1 with technician’s name.
2. Use either tab 2 (auto-scoring) or tab 3 (manual scoring) to score the agent. The assessment includes ticket evaluation, call evaluation, and overall metric.
3. Record the results of each review in the score summary of tab 1.

Use ticket templates to make ticket creation, updating, and resolution more efficient

Implement measures to improve ticket handling and identify ticket template candidates

1.4.1 Identify opportunities to automate ticket creation

1. Poll the team and discuss.
   • How many members of the team are not creating tickets? Why?
   • How can we address those barriers?
   • What are the expectations of management?
2. Brainstorm five to ten good candidates for ticket templates.
   • What data can auto-fill?
   • What will help process the ticket faster?
   • What automations can we build to ensure a fast, consistent service?
   • Note:
     • Ticket template name
     • Information that will auto-fill from AD and other applications
     • Categories and resolution codes
     • Automated routing and email responses
3. Document ticket template candidates in the Service Desk Roadmap to capture the actions.

Participants

• Service Desk Manager
• Service Desk Agents

What You'll Needs

• Flip Chart
• Whiteboard

Phase 2

Design Incident Management Processes

Step 2.1: Build incident management workflows

This step will walk you through the following activities:

• 2.1.1 Review incident management challenges
• 2.1.2 Define the incident management workflow
• 2.1.3 Define the critical incident management workflow
• 2.1.4 Design critical incident communication plan

This step involves the following participants:

• IT Managers
• Service Desk Manager(s)
• Representation from tier 2 and tier 3 specialists

Outcomes

Workflows for incident management and critical incident management will improve the consistency and quality of service delivery and prepare the service desk to negotiate reliable service levels with the organization.

DELIVERABLES

• Incident management workflows
• Critical incident management workflows
• Critical incident communication plan

Communicate the great incident resolution work that you do to improve end-user satisfaction

End users think more highly of IT after the organization has corrected a problem with their service than they would have had the service not been faulty in the first place.

Info-Tech Insight

Use the service recovery paradox to your advantage. Address service desk challenges explicitly, develop incident management processes that get services back online quickly, and communicate the changes.

If you show that the service desk recovered well from the challenges end users raised, you will get greater loyalty from them.

Assign incident roles and responsibilities to promote accountability

The role of an incident coordinator or manager can be assigned to anyone inside the service desk that has a strong knowledge of incident resolution, attention to detail, and knows how to herd cats.

In organizations with high ticket volumes, a separate role may be necessary.

Everyone must recognize that incident management is a cross-IT organization process and it does not have to be a unique service desk process.

An incident coordinator is responsible for:

• Improving incident management processes.
• Tracking metrics and producing reports.
• Developing and maintaining the incident management system.
• Developing and maintaining critical incident processes.
• Ensuring the service support team follows the incident management process.
• Gathering post-mortem information from the various technical resources on root cause for critical or severity 1 incidents.

The Director of IT Services invested in incident management to improve responsiveness and set end-user expectations

Practitioner Insight

Ben Rodrigues developed a progressive plan to create a responsive, service-oriented culture for the service support organization.

"When I joined the organization, there wasn’t a service desk. People just phoned, emailed, maybe left [sticky] notes for who they thought in IT would resolve it. There wasn’t a lot of investment in developing clear processes. It was ‘Let’s call somebody in IT.’

I set up the service desk to clarify what we would do for end users and to establish some SLAs.

I didn’t commit to service levels right away. I needed to see how many resources and what skill sets I would need. I started by drafting some SLA targets and plugging them into our tracking application. I then monitored how we did on certain things and established if we needed other skill sets. Then I communicated those SOPs to the business, so that ‘if you have an issue, this is where you go, and this is how you do it,’ and then shared those KPIs with them.

I had monthly meetings with different function heads to say, ‘this is what I see your guys calling me about,’ and we worked on something together to make some of the pain disappear."

-Ben Rodrigues

Director, IT Services

Gamma Dynacare

Sketch out incident management challenges to focus improvements

Common Incident Management Challenges

End Users

• No faith in the service desk beyond speaking with their favorite technician.
• No expectations for response or resolution time.
• Non-IT staff are disrupted as people ask their colleagues for IT advice.

Technicians

• No one manages and escalates incidents.
• Incidents are unnecessarily urgent and more likely to have a greater impact.
• Agents are flooded with requests to do routine tasks during desk visits.
• Specialist support staff are subject to constant interruptions.
• Tickets are lost, incomplete, or escalated incorrectly.
• Incidents are resolved from scratch rather than referring to existing solutions.

Managers

• Tickets are incomplete or lack historical information to address complaints.
• Tickets in system don’t match the perceived workload.
• Unable to gather data for budgeting or business analysis.

Info-Tech Insight

Consistent incident management processes will improve end-user satisfaction with all other IT services.

However, be prepared to overcome these common obstacles as you put the process in place, including:

• Absence of management or staff commitment.
• Lack of clarity on organizational needs.
• Outdated work practices.
• Poorly defined service desk goals and responsibilities.
• Lack of a reliable knowledgebase.
• Inadequate training.
• Resistance to change.

Prepare to implement or improve incident management

2.1.1 Review incident management challenges and metrics

1. Review your incident management challenges and the benefits of addressing them.
2. Review the level of service you are providing with the current resources. Define clear goals and deliverables for the improvement initiative.
3. Decide how the incident management process will interface with the service desk. Who will take on the responsibility for resolving incidents? Specifically, who will:
   • Log incidents.
   • Perform initial incident troubleshooting.
   • Own and monitor tickets.
   • Communicate with end users.
   • Update records with the resolution.
   • Close incidents.
   • Implement next steps (e.g. initiate problem management).
4. Document recommendations and the incident management process requirements in the Service Desk SOP.

Participants

• Service Desk Manager
• Service Desk Agents

What You’ll Need

• Service Desk SOP
• Flip Chart
• Whiteboard

Distinguish between different kinds of tickets for better SLAs

Different ticket types are associated with radically different prioritization, routing, and service levels. For instance, most incidents are resolved within a business day, but requests take longer to implement.

If you fail to distinguish between ticket types, your metrics will obscure service desk performance.

Common Service Desk Tickets

• Incidents
  • An unanticipated interruption of a service.
    • The goal of incident management is to restore the service as soon as possible, even if the resolution involves a workaround.
• Problems
  • The root cause of several incidents.
    • The goal of problem management is to detect the root cause and provide long-term resolution and prevention.
• Requests
  • A generic description for small changes or service access
    • Requests are small, frequent, and low risk. They are best handled by a process distinct from incident, change, and project management.
• Changes
  • Modification or removal of anything that could influence IT services.
    • The scope includes significant changes to architectures, processes, tools, metrics, and documentation.

Info-Tech Insight

Organizations sometimes mistakenly classify small projects as service requests, which can compromise your data, resulting in a negative impact to the perceived value of the service desk.

Separate incidents and service requests for increased customer service and better-defined SLAs

Defining the differences between service requests and incidents is not just for reporting purposes. It also has a major impact on how service is delivered.

Incidents are unexpected disruptions to normal business processes and require attempts to restore services as soon as possible (e.g. the printer is not working).

Service requests are tasks that don’t involve something that is broken or has an immediate impact on services. They do not require immediate resolution and can typically be scheduled (e.g. new software).

Focus on the big picture first to capture and streamline how your organization resolves incidents

Document your incident management workflow to identify opportunities for improvement

Workflow should include:

• Ticket creation and closure
• Triage
• Troubleshooting
• Escalations
• Communications
• Change management
• Documentation
• Vendor escalations

Notes:

• Notification and alerts should be used to set or reset expectations on delivery or resolution
• Identify all the steps where a customer is informed and ensure we are not over or under communicating

Collaborate to define each step of the incident management workflow

2.1.2 Define the incident management workflow

Estimated Time: 60 minutes

Option 1: Whiteboard

1. Discuss the workflow and draw it on the whiteboard.
2. Assess whether you are using the best workflow. Modify it if necessary.
3. Engage the team in refining the process workflow.
4. Transfer data to Visio and add to the SOP.

Option 2: Tabletop Exercise

1. Distribute index cards to each member of the team.
2. Have each person write a single task they perform on the index card. Be granular. Include the title or the name of the person responsible.
3. Mark cards that are decision points. Use a card of a different color or use a marker to make a colored dot.
4. Arrange the index cards in order, removing duplicates.
5. Assess whether you are using the best workflow. Engage the team to refine it if necessary.
6. Transfer data to Visio and add to the Service Desk SOP.

Participants

• Service Manager
• Service Desk Support
• Applications or Infrastructure Support

What You’ll Need

• Flip Chart Paper
• Sticky Notes
• Pens
• Service Desk SOP
• Project Summary

Formalize the process for critical incident management to reduce organizational impact

Discuss these elements to see how the organization will handle them.

• Communication plan:
  • Who communicates with end users?
  • Who communicates with the executive team?
It’s important to separate the role of the technician trying to solve a problem with the need to communicate progress.
• Change management:
Define a separate process for regular and emergency change management to ensure changes are timely and appropriate.
• Business continuity plan:
Identify criteria to decide when a business continuity plan (BCP) must be implemented during a critical incident to minimize the business impact of the incident.
• Post-mortems:
Formalize the process of discussing and documenting lessons learned, understanding outstanding issues, and addressing the root cause of incidents.
• Source of incident notification:
Does the process change if users notify the service desk of an issue or if the systems management tools alert technicians?

Critical incidents are high-impact, high-urgency events that put the effectiveness and timeliness of the service desk center stage.

Build a workflow that focuses on quickly bringing together the right people to resolve the incident and reduces the chances of recurrence.

Document your critical incident management workflow to identify opportunities for improvement

Workflow should include:

• Ticket creation and closure
• Triage
• Troubleshooting
• Escalations
• Communications plan
• Change management
• Disaster recovery or business continuity plan
• Documentation
• Vendor escalations
• Post-mortem

Collaborate to define each step of the critical incident management workflow

2.1.3 Define the critical incident management workflow

Estimated Time: 60 minutes

Option 1: Whiteboard

1. Discuss the workflow and draw it on the whiteboard.
2. Assess whether you are using the best workflow. Modify it if necessary.
3. Engage the team in refining the process workflow.
4. Transfer data to Visio and add to the SOP.

Option 2: Tabletop Exercise

1. Distribute index cards to each member of the team.
2. Have each person write a single task they perform on the index card. Be granular. Include the title or the name of the person responsible.
3. Mark cards that are decision points. Use a card of a different color or use a marker to make a colored dot.
4. Arrange the index cards in order, removing duplicates.
5. Assess whether you are using the best workflow. Engage the team to refine it if necessary.
6. Transfer data to Visio and add to the Service Desk SOP.

Participants

• Service Manager
• Service Desk Support
• Applications or Infrastructure Support

What You’ll Need

• Flip Chart Paper
• Sticky Notes
• Pens
• Service Desk SOP

Establish a critical incident management communication plan

When it comes to communicating during major incidents, it’s important to get the information just right. Users don’t want too little, they don’t want too much, they just want what’s relevant to them, and they want that information at the right time.

As an IT professional, you may not have a background in communications, but it becomes an important part of your job. Broad guidelines for good communication during a critical incident are:

1. Communicate as broadly as the impact of your incident requires.
2. Communicate as much detail as a specific audience requires, but no more than necessary.
3. Communicate as far ahead of impact as possible.

Why does communication matter?

Sending the wrong message, at the wrong time, to the wrong stakeholders, can result in:

• Drop in customer satisfaction.
• Wasted time and resources from multiple customers contacting you with the same issue.
• Dissatisfied executives kept in the dark.
• Increased resolution time if the relevant providers and IT staff are not informed soon enough to help.

Info-Tech Insight

End users understand that sometimes things break. What’s important to them is that (1) you don’t repeatedly have the same problem, (2) you keep them informed, and (3) you give them enough notice when their systems will be impacted and when service will be returned.

Automate communication to save time and deliver consistent messaging to the right stakeholders

In the middle of resolving a critical incident, the last thing you have time for is worrying about crafting a good message. Create a series of templates to save time by providing automated, tailored messages for each stage of the process that can be quickly altered and sent out to the right stakeholders.

Once templates are in place, when the incident occurs, it’s simply a matter of:

1. Choosing the relevant template.
2. Updating recipients and messaging if necessary.
3. Adding specific, relevant data and fields.
4. Sending the message.

When to communicate?

Tell users the information they need to know when they need to know it. If a user is directly impacted, tell them that. If the incident does not directly affect the user, the communication may lead to decreased customer satisfaction or failure to pay attention to future relevant messaging.

What to say?

• Keep messaging short and to the point.
• Only say what you know for sure.
• Provide only the details the audience needs to know to take any necessary action or steps on their side and no more. There’s no need to provide details on the reason for the failure before it’s resolved, though this can be done after resolution and restoration of service.

You’ll need distinct messages for distinct audiences. For example:

• To incident resolvers: “Servers X through Y in ABC Location are failing intermittently. Please test the servers and all the connections to determine the exact cause so we can take corrective action ASAP.”
• To the IT department head: “Servers X through Y in ABC Location are failing intermittently. We are beginning tests. We will let you know when we have determined the exact cause and can give you an estimated completion time.”
• To executives: “We’re having an issue with some servers at ABC Location. We are testing to determine the cause and will let you know the estimated completion time as soon as possible.”
• To end users: “We are experience some service issues. We are working on a resolution diligently and will restore service as soon as possible.”

Map out who will need to be contacted in the event of a critical incident

2.1.4 Design the critical incident communication plan

• Identify critical incidents that require communication.
• Identify stakeholders who will need to be informed about each incident.
• For each audience, determine:
  1. Frequency of communication
  2. Content of communication

Some questions to assist you:

• Whose work will be interrupted, either by their services going down or by their workers having to drop everything to solve the incident?
• What would happen if we didn’t notify this person?
• What level of detail do they need?
• How often would they want to be updated?

Measure and improve customer satisfaction with the use of relationship and transactional surveys

Customer experience programs with a combination of relationship and transactional surveys tend to be more effective. Merging the two will give a wholistic picture of the customer experience.

Relationship Surveys

Relationship surveys focus on obtaining feedback on the overall customer experience.

• Inform how well you are doing or where you need improvement in the broad services provided.
• Provide a high-level perspective on the relationship between the business and IT.
• Help with strategic improvement decisions.
• Should be sent over a duration of time and to the entire customer base after they’ve had time to experience all the services provided by the service desk. This can be done as frequently as per quarter or on a yearly basis.
• E.g. An annual satisfaction survey such as Info-Tech’s End User Satisfaction Diagnostic.

Transactional Surveys

Transactional surveys are tied to a specific interaction or transaction your end users have with a specific product or service.

• Help with tactical improvement decisions.
• Questions should point to a specific interaction.
• Usually only a few questions that are quick and easy to complete following the transaction.
• Since transactional surveys allow you to improve individual relationships, they should be sent shortly after the interaction with the service desk has occurred.
• E.g. How satisfied are you with the way your ticket was resolved?

Add transactional end-user surveys at ticket close to escalate unsatisfactory results

A simple quantitative survey at the closing of a ticket can inform the service desk manager of any issues that were not resolved to the end user’s satisfaction. Take advantage of workflows to escalate poor results immediately for quick follow-up.

If a more complex survey is required, you may wish to include some of these questions:

Please rate your overall satisfaction with the way your issue was handled (1=unsatisfactory, 5=fantastic)

• The professionalism of the analyst.
• The technical skills or knowledge of the analyst.
• The timeliness of the service provided.
• The overall service experience.

Add an open-ended, qualitative question to put the number in context, and solicit critical feedback:

What could the service desk have done to improve your experience?

Define a process to respond to both negative and positive feedback

Successful customer satisfaction programs respond effectively to both positive and negative outcomes. Late or lack of responses to negative comments may increase customer frustration, while not responding at all to the positive comments may give the perception of indifference. If customers are taking the time to fill out the survey, good or bad, they should be followed up with

Take these steps to handle survey feedback:

1. Assign resources to receive, read, and track responses. The entire team doesn’t need to receive every response, while a single resource may not have capacity to respond in a timely manner. Decide what makes the most sense in your environment.
2. Respond to negative feedback: It may not be possible to respond to every customer that fills out a survey. Set guidelines for responding to negative surveys with no details on the issue; don’t spend time guessing why they were upset, simply ask the user why they were unsatisfied. The critical piece of taking advantage of the service recovery paradox is in the follow-up to the customer.
3. Investigate and improve: Make sure you investigate the issue to ensure that it is a justified complaint or whether the issue is a symptom of another issue’s root cause. Identify remediation steps to ensure the issue does not repeat itself, and then communicate to the customer the action you have taken to improve.
4. Act on positive feedback as well: If it’s easy for customers to provide feedback, then make room in your process for handling the positive results. Appreciate the time and effort your customers take to give kudos and use it as a tool to build a long-term relationship with that user. Saying thank you goes a long way and when customers know their time matters, they will be encouraged to fill out those surveys. This is also a good way to show what a great job the service desk team did with the interaction.

Analyze survey feedback month over month to complement and justify metric results already in place

When you combine the tracking and analysis of relationship and transactional survey data you will be able to dive into specific issues, identify trends and patterns, assess impact to users, and build a plan to make improvements.

Once the survey data is centralized, categorized, and available you can start to focus on metrics. At a minimum, for transactional surveys, consider tracking:

• Breakdown of satisfaction scores with trends over time
• Unsatisfactory surveys that are related to incidents and service requests
• Total surveys that have been actioned vs pending

For relationship surveys, consider tracking:

• Satisfaction scores by department and seniority level
• Satisfaction with IT services, applications, and communication
• Satisfaction with IT’s business enablement

Image Source: Info-Tech End User Satisfaction Report

Prioritize company-wide improvement initiatives by those that have the biggest impact to the entire customer base first and then communicate the plan to the organization using a variety of communication channels that will draw your customers in, e.g. dashboards, newsletters, email alerts.

Info-Tech Insight

Consider automating or using your ITSM notification system as a direct communication method to inform the service desk manager of negative survey results.

Step 2.2: Design ticket categorization

This step will walk you through the following activities:

• 2.2.1 Assess ticket categorization
• 2.2.2 Enhance ticket categories with resolution and status codes

This step involves the following participants:

• IT Managers
• Service Desk Manager(s)
• Representation from tier 2 and tier 3 specialists

Outcomes

The reviewed ticket categorization scheme will be easier to use and deploy more consistently, which will improve the categorization of data and the reliability of reports.

DELIVERABLES

• Optimized ticket categorization

Design a ticket classification scheme to produce useful reports

Reliable reports depend on an effective categorization scheme.

Too many options cause confusion; too few options provide little value. As you build the classification scheme over the next few slides, let call routing and reporting requirements be your guide.

Effective classification schemes are concise, easy to use correctly, and easy to maintain.

Keep these guidelines in mind:

• A good categorization scheme is exhaustive and mutually exclusive: there’s a place for every ticket and every ticket fits in only one place.
• As you build your classification scheme, ensure the categories describe the actual asset or service involved based on final resolution, not how it was reported initially.
• Pre-populate ticket templates with relevant categories to dramatically improve reporting and routing accuracy.
• Use a tiered system to make the categories easier to navigate. Three tiers with 6-8 categories per tier provides up to 512 sub-categories, which should be enough for the most ambitious team.
• Track only what you will use for reporting purposes. If you don’t need a report on individual kinds of laptops, don’t create a category beyond “laptops.”
• Avoid “miscellaneous” categories. A large portion of your tickets will eventually end up there.

Info-Tech Insight

Don’t do it alone! Collaborate with managers in the specialized IT groups responsible for root-cause analysis to develop a categorization scheme that makes sense for them.

The first approach to categorization breaks down the IT portfolio into asset types

WHY SHOULD I START WITH ASSETS?

Start with asset types if asset management and configuration management processes figure prominently in your practice or on your service management implementation roadmap.

Building the Categories

Ask these questions:

• Type: What kind of asset am I working on?
• Category: What general asset group am I working on?
• Subcategory: What particular asset am I working on?

Need to make quick progress? Use Info-Tech Research Group’s Service Desk Ticket Categorization Schemes template.

Info-Tech Insight

Think about how you will use the data to determine which components need to be included in reports. If components won’t be used for reporting, routing, or warranty, reporting down to the component level adds little value.

The second approach to categorization breaks down the IT portfolio into types of services

WHY SHOULD I START WITH SERVICES?

Start with asset services if service management generally figures prominently in your practice, especially service catalog management.

Building the Categories

Ask these questions:

• Type: What kind of service am I working on?
• Category: What general service group am I working on?
• Subcategory: What particular service am I working on?

Need to make quick progress? Use Info-Tech Research Group’s Service Desk Ticket Categorization Schemes template.

Info-Tech Insight

Remember, ticket categories are not your only source of reports. Enhance the classification scheme with resolution and status codes for more granular reporting.

Improve the categorization scheme to enhance routing and reporting

2.2.1 Assess whether the service desk can improve its ticket categorization

1. As a group, review existing categories, looking for duplicates and designations that won’t affect ticket routing. Reconcile duplicates and remove non-essential categories.
2. As a group, re-do the categories, ensuring that the new categorization scheme will meet the reporting requirements outlined earlier.
   • Are categories exhaustive and mutually exclusive?
   • Is the tier simple and easy to use (i.e. 3 tiers x 8 categories)?
3. Test against recent tickets to ensure you have the right categories.
4. Record the ticket categorization scheme in the Service Desk Ticket Categorization Schemes template.

Participants

• Service Desk Manager
• Service Desk Agents

What You’ll Need

• Flip Chart
• Whiteboard
• Service Desk Ticket Categorization Scheme

Enhance the classification scheme with resolution and status codes for more granular reporting

Resolution codes differ from detailed resolution notes.

• A resolution code is a field within the ticketing system that should be updated at ticket close to categorize the primary way the ticket was resolved.
• This is important for reporting purposes as it adds another level to the categorization scheme and can help you identify knowledgebase article candidates, training needs, or problems.

Ticket statuses are a helpful field for both IT and end users to identify the current status of the ticket and to initiate workflows.

• The most common statuses are open, pending/in progress, resolved, and closed (note the difference between resolved and closed).
• Waiting on user or waiting on vendor are also helpful statuses to stop the clock when awaiting further information or input.

Common Examples:

Resolution Codes

• How to/training
• Configuration change
• Upgrade
• Installation
• Data import/export/change
• Information/research
• Reboot

Status Fields

• Declined
• Open
• Closed
• Waiting on user
• Waiting on vendor
• Reopened by user

Identify and document resolution and status codes

2.2.2 Enhance ticket categories with resolution codes

Discuss:

• How can we use resolution information to enhance reporting?
• Are current status fields telling the right story?
• Are there other requirements like project linking?

Draft:

1. Write out proposed resolution codes and status fields and critically assess their value.
2. Resolutions can be further broken down by incident and service request if desired.
3. Test resolution codes against a few recent tickets.
4. Record the ticket categorization scheme in the Service Desk SOP.

Participants

• CIO
• Service Desk Manager
• Service Desk Technician(s)

What You’ll Need

• Whiteboard or Flip Chart
• Markers

Step 2.3: Design incident escalation and prioritization

This step will walk you through the following activities:

• 2.3.1 Build a small number of rules to facilitate prioritization
• 2.3.2 Define escalation rules
• 2.3.3 Define automated escalations
• 2.3.4 Provide guidance to each tier around escalation steps and times

This step involves the following participants:

• IT Managers
• Service Desk Manager(s)
• Representation from tier 2 and tier 3 specialists

Outcomes

The reviewed ticket escalation and prioritization will streamline queue management, improve the quality of escalations, and ensure agents work on the right tickets at the right time.

DELIVERABLES

• Optimized ticket prioritization scheme
• Guidelines for ticket escalations
• List of automatic escalations

Build a ticket prioritization matrix to make escalation assessment less subjective

Most IT leaders agree that prioritization is one of the most difficult aspects of IT in general. Set priorities based on business needs first.

Mission-critical systems or problems that affect many people should always come first (i.e. Severity Level 1).

The bulk of reported problems, however, are often individual problems with desktop PCs (i.e. Severity Level 3 or 4).

Some questions to consider when deciding on problem severity include:

• How is productivity affected?
• How many users are affected?
• How many systems are affected?
• How critical are the affected systems to the organization?

Decide how many severity levels the organization needs the service desk to have. Four levels of severity are ideal for most organizations.

Collect the ticket prioritization scheme in one diagram to ensure service support aligns to business requirements

Prioritize incidents based on severity and urgency to foreground critical issues

2.3.1 Build a clearly defined priority scheme

Estimated Time: 60 minutes

1. Decide how many levels of severity are appropriate for your organization.
2. Build a prioritization matrix, breaking down priority levels by impact and urgency.
3. Build out the definitions of impact and urgency to complete the prioritization matrix.
4. Run through examples of each priority level to make sure everyone is on the same page.

Document in the SOP

Participants

• Service Managers
• Service Desk Support
• Applications or Infrastructure Support

What You'll Need

• Flip Chart Paper
• Sticky Notes
• Pens
• Service Desk SOP

Define response and resolution targets for each priority level to establish service-level objectives for service support

Build clear rules to help agents determine when to escalate

2.3.2 Assign response, resolution, and escalation times to each priority level

Estimated Time: 60 minutes

Instructions:

For each incident priority level, define the associated:

1. Response time – time from when incident record is created to the time the service desk acknowledges to the customer that their ticket has been received and assigned.
2. Resolution time – time from when the incident record is created to the time that the customer has been advised that their problem has been resolved.
3. Escalation time – maximum amount of time that a ticket should be worked on without progress before being escalated to someone else.

Participants

• Service Managers
• Service Desk Support
• Applications or Infrastructure Support

What You'll Need

• Flip Chart Paper
• Sticky Notes
• Pens

Use the table on the previous slide as a guide.

Discuss the possible root causes for escalation issues

WHY IS ESCALATION IMPORTANT?

Escalation is not about admitting defeat, but about using your resources properly.

Defining procedures for escalation reduces the amount of time the service desk spends troubleshooting before allocating the incident to a higher service tier. This reduces the mean time to resolve and increases end-user satisfaction.

You can correlate escalation paths to ticket categories devised in step 2.2.

Build decision rights to help agents determine when to escalate

2.3.3 Provide guidance to each tier around escalation steps and times

Estimated Time: 60 minutes

Instructions

1. For each support tier, define escalation rules for troubleshooting (steps that each tier should take before escalation).
2. For each support tier, define maximum escalation times (maximum amount of time to work on a ticket without progress before escalating).

Create a list of application specialists to get the escalation right the first time

2.3.4 Define automated escalations

Estimated Time: 60 minutes

1. Identify applications that will require specialists for troubleshooting or access rights.
2. Identify primary and secondary specialists for each application.
3. Identify vendors that will receive escalations either immediately or after troubleshooting.
4. Set up application groups in the service desk tool.
5. Set up workflows in the service desk tool where appropriate.
6. Document the automated escalations in the categorization scheme developed in step 2.2 and in the Service Desk Roles and Responsibilities Guide.

Participants

• Service Managers
• Service Desk Support
• Applications or Infrastructure Support

What You'll Need

• Flip Chart Paper
• Sticky Notes
• Pens

Phase 3

Design Request Fulfilment Processes

Step 3.1: Build request workflows

This step will walk you through the following activities:

• 3.1.1 Distinguish between requests and small projects
• 3.1.2 Define service requests with SLAs
• 3.1.3 Build and critique request workflows

This step involves the following participants:

• IT Managers
• Service Desk Manager(s)
• Representation from tier 2 and tier 3 specialists

Outcomes

Workflows for service requests will improve the consistency and quality of service delivery and prepare the service desk to negotiate reliable service levels with the organization.

DELIVERABLES

• Workflows for the most common service requests
• An estimated service level for each service request
• Request vs. project criteria

Standardize service requests for more efficient delivery

Definitions:

• An incident is an unexpected disruption to normal business processes and requires attempts to restore service as soon as possible (e.g. printer not working).
• A service request is a request where nothing is broken or impacting a service and typically can be scheduled rather than requiring immediate resolution (e.g. new software application).

• Service requests are repeatable, predictable, and easier to commit to SLAs.
• By committing to SLAs, expectations can be set for users and business units for service fulfillment.
• Workflows for service requests should be documented and reviewed to ensure consistency of fulfillment.
• Documentation should be created for service request procedures that are complex.
• Efficiencies can be created through automation such as with software deployment.
• All service requests can be communicated through a self-service portal or service catalog.

PREPARE A FUTURE SERVICE CATALOG

Standardize requests to develop a consistent offering and prepare for a future service catalog.

Document service requests to identify time to fulfill and approvals.

Identify which service requests can be auto-approved and which will require a workflow to gain approval.

Document workflows and analyze them to identify ways to improve SLAs. If any approvals are interrupting technical processes, rearrange them so that approvals happen before the technical team is involved.

Determine support levels for each service offering and ensure your team can sustain them.

Where it makes sense, automate delivery of services such as software deployment.

Distinguish between service requests and small projects to ensure agents and end users follow the right process

The distinction between service requests and small projects has two use cases, which are two sides of the same resourcing issue.

• Service desk managers need to understand the difference to ensure the right approval process is followed. Typically, projects have more stringent intake requirements than requests do.
• PMOs need to understand the difference to ensure the right people are doing the work and that small, frequent changes are standardized, automated, and taken out of the project list.

What’s the difference between a service request and a small project?

• The key differences involve resource scope, frequency, and risk.
• Requests are likely to require fewer resources than projects, be fulfilled more often, and involve less risk.
• Requests are typically done by tier 1 and 2 employees throughout the IT organization.
• A request can turn into a small project if the scope of the request grows beyond the bounds of a normal request.

Example: A mid-sized organization goes on a hiring blitz and needs to onboard 150 new employees in one quarter. Submitting and scheduling 150 requests for onboarding new employees would require much more time and resources.

Projects are different from service requests and have different criteria

A project, by terminology, is a temporary endeavor planned around producing a specific organizational or business outcome.

Common Characteristics of Projects:

• Time sensitive, temporary, one-off.
• Uncertainty around how to create the unique thing, product, or service that is the project’s goal.
• Non-repetitive work and sizeable enough to introduce heightened risk and complexity.
• Strategic focus, business case-informed capital funding, and execution activities driven by a charter.
• Introduces change to the organization.
• Multiple stakeholders involved and cross-functional resourcing.

Info-Tech Insight

Projects require greater risk, effort, and resources than a service request and should be redirected to the PMO.

Standard service requests vs. non-standard service requests: criteria to make them distinct

• If there is no differentiation between standard and non-standard requests, those tickets can easily move into the backlog, growing it very quickly.
• Create a process to easily identify non-standard requests when they enter the ticket queue to ensure customers are made aware of any delay of service, especially if it is a product or service currently not offered. This will give time for any approvals or technical solutioning that may need to occur.
• Take recurring non-standard requests and make them standard. This is a good way to determine if there are any gaps in services offered and another vehicle to understand what your customers want.

Standard Requests

• Very common requests, delivered on an on-going basis
• Defined process
• Measured in hours or days
• Uses service catalog, if it exists
• Formalized and should already be documented
• The time to deal with the request is defined

Non-Standard Requests

• Higher level complexity than standard requests
• Cannot be fulfilled via service catalog
• No defined process
• Not supplied by questions that Service Request Definition (SRD) offers
• Product or service is not currently offered, and it may need time for technical review, additional approvals, and procurement processes

The right questions can help you distinguish between standard requests, non-standard requests, and projects

Where do we draw the line between a standard and non-standard request and a project?

The service desk can’t and shouldn’t distinguish between requests and projects on its own. Instead, engage stakeholders to determine where to draw the line.

Whatever criteria you choose, define them carefully.

Be pragmatic: there is no single best set of criteria and no single best definition for each criterion. The best criteria and definitions will be the ones that work in your organizational context.

Common distinguishing factors and thresholds:

Distinguish between standard and non-standard service requests and projects

3.1.1 Distinguish between service requests and projects

1. Divide the group into two small teams.
2. Each team will brainstorm examples of service requests and small projects.
3. Identify factors and thresholds that distinguish between the two groups of items.
4. Bring the two groups together and discuss the two sets of criteria.
5. Consolidate one set of criteria that will help make the distinction between projects and service requests.
6. Capture the table in the Service Desk SOP.

Participants

• Service Desk Manager
• Service Desk Agents

What You'll Need

• Service Desk SOP
• Flip Chart
• Whiteboard

Distinguishing factors and thresholds

Don’t standardize request fulfilment processes alone

Everyone in IT contributes to the fulfilment of requests, but do they know it?

New service desk managers sometimes try to standardize request fulfilment processes on their own only to encounter either apathy or significant resistance to change.

Moving to a tiered generalist service desk with a service-oriented culture, a high first-tier generalist resolution rate, and collaborative T2 and T3 specialists can be a big change. It is critical to get the request workflows right.

Don’t go it alone. Engage a core team of process champions from all service support. With executive support, the right process building exercises can help you overcome resistance to change.

Consider running the process building activities in this project phase in a working session or a workshop setting.

Info-Tech Insight

If they build it, they will come. Service desk improvement is an exercise in organizational change that crosses IT disciplines. Organizations that fail to engage IT specialists from other silos often encounter resistance to change that jeopardizes the process improvements they are trying to make. Overcome resistance by highlighting how process changes will benefit different groups in IT and solicit the feedback of specialists who can affect or be affected by the changes.

Define standard service requests with SLAs and workflows

WHY DO I NEED WORKFLOWS?

Move approvals out of technical IT processes to make them more efficient. Evaluate all service requests to see where auto-approvals make sense. Where approvals are required, use tools and workflows to manage the process.

Example:

Approvals can be the main roadblock to fulfilling service requests

Review the general standard service request and inquiry fulfillment processes

As standard service requests should follow standard, repeatable, and predictable steps to fulfill, they can be documented with workflows.

Review the general standard service request and inquiry fulfillment processes

Ensure there is a standard and predictable methodology for assessing non-standard requests; inevitably those requests may still cause delay in fulfillment.

Create a process to ensure reasonable expectations of delivery can be set with the end user and then identify what technology requests should become part of the existing standard offerings.

Document service requests to ensure consistent delivery and communicate requirements to users

3.1.2 Define service requests with SLAs

1. On a flip chart, list standard service requests.
2. Identify time required to fulfill, including time to schedule resources.
3. Identify approvals required; determine if approvals can be automated through defining roles.
4. Discuss opportunities to reduce SLAs or automate, but recognize that this may not happen right away.
5. Discuss plans to communicate SLAs to the business units, recognizing that some users may take a bit of time to adapt to the new SLAs.
6. Work toward improving SLAs as new opportunities for process change occur.
7. Document SLAs in the Service Desk SOP and update as SLAs change.
8. Build templates in the service desk tool that encapsulate workflows and routing, SLAs, categorization, and resolution.

Participants

• Service Desk Managers
• Service Desk Agents

What You'll Need

• Service Desk SOP
• Flip Chart
• Whiteboard

Info-Tech Insight

These should all be scheduled services. Anything that is requested as a rush needs to be marked as a higher urgency or priority to track end users who need training on the process.

Analyze service request workflows to improve service delivery

3.1.3 Build and critique request workflows

1. Divide the group into small teams.
2. Each team will choose one service request from the list created in the previous module and then draw the workflow. Include decision points and approvals.
3. Discuss availability and technical support:
   • Can the service be fulfilled during regular business hours or 24x7?
   • Is technical support and application access available during regular business hours or 24x7?
4. Reconvene and present workflows to the group.
5. Document workflows in Visio and add to the Service Desk SOP. Where appropriate, enter workflows in the service desk tool.

Critique workflows for efficiencies and effectiveness:

• Do the workflows support the SLAs identified in the previous exercise?
• Are the workflows efficient?
• Is the IT staff consistently following the same workflow?
• Are approvals appropriate? Is there too much bureaucracy or can some approvals be removed? Can they be preapproved?
• Are approvals interrupting technical processes? If so, can they be moved?

Participants

• Service Desk Managers
• Service Desk Agents

What You'll Need

• Service Desk SOP
• Project Summary
• Flip Chart
• Whiteboard

Step 3.2: Build a targeted knowledgebase

This step will walk you through the following activities:

• 3.2.1 Design knowledge management processes
• 3.2.2 Create actionable knowledgebase articles

This step involves the following participants:

• IT Managers
• Service Desk Manager(s)
• Representation from tier 2 and tier 3 specialists

Outcomes

The section will introduce service catalogs and get the organization to envision what self-service tools it might include.

DELIVERABLES

• Knowledgebase policy and process

A knowledgebase is an essential tool in the service management toolbox

Knowledge Management

Gathering, analyzing, storing & sharing knowledge to reduce the need to rediscover known solutions.

Knowledgebase

Organized repository of IT best practices and knowledge gained from practical experiences.

• End-User KB

Give end users a chance to resolve simple issues themselves without submitting a ticket.

• Internal KB

Shared resource for service desk staff and managers to share and use knowledge.

Use the knowledgebase to document:

• Steps for pre-escalation troubleshooting.
• Known errors.
• Workarounds or solutions to recurring issues.
• Solutions that require research or complex troubleshooting.
• Incidents that have many root causes. Start with the most frequent solution and work toward less likely issues.

Draw on organizational goals to define the knowledge transfer target state

*Source: McLean & Company, 2013; N=120

It’s better to start small than to have nothing at all

Service desk teams are often overwhelmed by the idea of building and maintaining a comprehensive integrated knowledgebase that covers an extensive amount of information.

Don’t let this idea stop you from building a knowledgebase! It takes time to build a comprehensive knowledgebase and you must start somewhere.

Start with existing documentation or knowledge that depends on the expertise of only a few people and is easy to document and you will already see the benefits.

Then continue to build and improve from there. Eventually, knowledge management will be a part of the culture.

Engage the team to build a knowledgebase targeted on your most important incidents and requests

WHERE DO I START?

Inventory and consolidate existing documentation, then evaluate it for audience relevancy, accuracy, and usability. Use the exercise and the next slides to develop a knowledgebase template.

Produce a plan to improve the knowledgebase.

• Identify the current top five or ten incidents from the service desk reports and create related knowledgebase articles.
• Evaluate for end-user self-service or technician resolution.
• Note any resolutions that require access rights to servers.
• Assign documentation creation tasks for the knowledgebase to individual team members each week.
• Apply only one incident per article.
• Set goals for each technician to submit one or two meaningful articles per month.
• Assign a knowledge manager to monitor creation and edit and maintain the database.
• Set policy to drive currency of the knowledgebase. See the Service Desk SOP for an example of a workable knowledge policy.

Use a phased approach to build a knowledgebase

Use a quarterly, phased approach to continue to build and maintain your knowledgebase

Continual Knowledgebase Maintenance:

• Once a knowledgebase is in place, future articles should be written using established templates.
• Articles should be regularly reviewed and monitored for usage. Outdated information will be retired and archived.
• Ticket trend analysis should be done on an ongoing basis to identify new articles.
• A proactive approach will anticipate upcoming issues based on planned upgrades and maintenance or other changes, and document resolution steps in knowledgebase articles ahead of time.

Every Quarter:

1. Conduct a ticket trend analysis. Identify the most important and common tickets.
2. Review the knowledgebase to identify relevant articles that need to be revised or written.
3. Use data from knowledge management tool to track expiring content and lesser used articles.
4. Assign the task of writing articles to all IT staff members.
5. Build and revise ticket templates for incident and service requests.

Assign a knowledge manager role to ensure accountability for knowledgebase maintenance

Assign a knowledge manager to monitor creation and edit and maintain database.

Knowledge Manager/Owner Role:

• Has overall responsibility for the knowledgebase.
• Ensures content is consistent and maintains standards.
• Regularly monitors and updates the list of issues that should be added to the knowledgebase.
• Regularly reviews existing knowledgebase articles to ensure KB is up to date and flags content to retire or review.
• Assigns content creation tasks.
• Optimizes knowledgebase structure and organization.
• See Info-Tech’s knowledge manager role description if you need a hand defining this position.

The knowledge manager role will likely be a role assigned to an existing resource rather than a dedicated position.

Develop a template to ensure knowledgebase articles are easy to read and write

QUICK TIPS

• Use non-technical language whenever possible to help less-technical readers.
• Identify error messages and use screenshots where it makes sense.
• Take advantage of social features like voting buttons to increase use.
• Use Info-Tech’s Knowledge Base Article Template to get you started.

Analyze the necessary features for your knowledgebase and compare them against existing tools

Service desk knowledgebases range in complexity from simple FAQs to fully integrated software suites.

Options include:

• Article search with negative and positive filters.
• Tagging, with the option to have keywords generate top matches.
• Role-based permissions (to prevent unauthorized deletions).
• Ability to turn a ticket resolution into a knowledgebase article (typically only available if knowledgebase tool is part of the service desk tool).
• Natural language search.
• Partitioning so relevant articles only appear for specific audiences.
• Editorial workflow management.
• Ability to set alerts for scheduled article review.
• Article reporting (most viewed, was it useful?).
• Rich text fields for attaching screenshots.

Determine which features your organization needs and check to see if your tools have them.

For more information on knowledgebase improvement, refer to Info-Tech’s Optimize the Service Desk With a Shift-Left Strategy.

Document your knowledge management maintenance workflow to identify opportunities for improvement

Workflow should include:

• How you will identify top articles that need to be written
• How you will ensure articles remain relevant
• How you will assign new articles to be written, inclusive of peer review

Design knowledgebase management processes

3.2.1 Design knowledgebase management processes

1. Assign a knowledge manager to monitor creation and edit and maintain the database. See Info-Tech’s knowledge manager role description if you need a hand defining this position.
2. Discuss how you can use the service desk tool to integrate the knowledgebase with incident management, request fulfilment, and self-service processes.
3. Discuss the suitability of a quarterly process to build and edit articles for a target knowledgebase that covers your most important incidents and requests.
4. Set knowledgebase creation targets for tier 1, 2, and 3 analysts.
5. Identify relevant performance metrics.
6. Brainstorm elements that might be used as an incentive program to encourage the creation of knowledgebase articles and knowledge sharing more generally.
7. Set policy to drive currency of knowledgebase. See the Service Desk SOP for an example of a workable knowledge policy.

Participants

• Service Desk Manager
• Service Desk Agents

What You’ll Need

• Service Desk SOP
• Flip Chart
• Whiteboard

Create actionable knowledgebase articles

3.2.2 Run a knowledgebase working group

Write and critique knowledgebase articles.

1. On a whiteboard, build a list of potential knowledgebase articles divided by audience: Technician or End User.
2. Each team member chooses one topic and spends 20 minutes writing.
3. Each team member either reads the article and has the team critique or passes to the technician to the right for peer review. If there are many participants, break into smaller groups.
4. Set a goal with the team for how, when, and how often knowledgebase articles will be created.
5. Capture knowledgebase processes in the Service Desk SOP.

Audience: Technician

• Password update
• VPN printing
• Active directory – policy, procedures, naming conventions
• Cell phones
• VPN client and creation set-up

Audience: End users

• Set up email account
• Password creation policy
• Voicemail – access, change greeting, activities
• Best practices for virus, malware, phishing attempts
• Windows 10 tips and tricks

Participants

• Service Desk Manager
• Service Desk Agents

What You’ll Need

• Service Desk SOP
• Flip Chart
• Whiteboard

Step 3.3: Prepare for a self-service portal project

This step will walk you through the following activities:

• 3.3.1 Develop self-service tools for the end user
• 3.3.2 Make a plan for creating or improving the self-service portal

This step involves the following participants:

• IT Managers
• Service Desk Manager(s)
• Representation from tier 2 and tier 3 specialists

Outcomes

The section prepares you to tackle a self-service portal project once the service desk standardization is complete.

DELIVERABLES

• High-level activities to create a self-service portal

Design the self-service portal with the users’ computer skills in mind

A study by the OECD offers a useful reminder of one of usability’s most hard-earned lessons: you are not the user.

• There is an important difference between IT professionals and the average user that’s even more damaging to your ability to predict what will be a good self-service tool: skills in using computers, the internet, and technology in general.
• An international research study explored the computer skills of 215,942 people aged 16-65 in 33 countries.
• The results show that across 33 rich countries, only 5% of the population has strong computer-related abilities and only 33% of people can complete medium-complexity computer tasks.
• End users are skilled, they just don’t have the same level of comfort with computers as the average IT professional. Design your self-service tools with that fact in mind.

Take an incremental and iterative approach to developing your self-service portal

Use a web portal to offer self-serve functionality or provide FAQ information to your customers to start.

• Don’t build from scratch. Ideally, use the functionality included with your ITSM tool.
• If your ITSM tool doesn’t have an adequate self-service portal functionality, then harness other tools that IT already uses. Common examples include Microsoft SharePoint and Google Forms.
• Make it as easy as possible to access the portal:
  • Deploy an app to managed devices or put the app in your app store.
  • Create a shortcut on people’s start menus or home screens.
  • Print the URL on swag such as mousepads.
• Follow Info-Tech’s approach to developing your user facing service catalog.

Some companies use vending machines as a form of self serve. Users can enter their purchase code and “buy” a thin client, mouse, keyboard, software, USB keys, tablet, headphones, or loaners.

Info-Tech Insight

Building the basics first will provide your users with immediate value. Incrementally add new features to your portal.

Optimize the portal: self-service should be faster and more convenient than the alternative

Design the portal by demand, not supply

Don’t build a portal framed around current offerings and capabilities just for the sake of it. Build the portal based on what your users want and need if you want them to use it.

Make user experience a top priority

The portal should be designed for users to self-serve, and thus self-service must be seamless, clear, and attractive to users.

Speak your users’ language

Keep in mind that users may not have high technical literacy or be familiar with terminology that you find commonplace. Use terms that are easy to understand.

Appeal to both clickers and searchers

Ensure that users can find what they’re looking for both by browsing the site and by using search functionality.

Use one central portal for all departments

If multiple departments (i.e. HR, Finance) use or will use a portal, set up a shared portal so that users won’t have to guess where to go to ask for help.

You won’t know unless you test

You will know how to navigate the portal better than anyone, but that doesn’t mean it’s intuitive for a new user. Test the portal with users to collect and incorporate feedback.

Self-service portal examples (1/2)

Image source: Cherwell Service Management

Self-service examples (2/2)

Image source: Team Dynamix

Keep the end-user facing knowledgebase relevant with workflows, multi-device access, and social features

Workflows:

• Easily manage peer reviews and editorial and relevance review.
• Enable links and importing between tickets and knowledgebase articles.
• Enable articles to appear based on ticket content.

Multi-device access:

• Encourage users to access self-service.
• Enable technicians to solve problems from anywhere.

Social features:

• Display most popular articles first to solve trending issues.
• Enable voting to improve usability of articles.
• Allow collaboration on self-service.

For more information on building self-service portal, refer to Info-Tech’s Optimize the Service Desk with a Shift-Left Strategy

Draft a high-level project plan for a self-service portal project

3.3.1 Draft a high-level project plan for a self-service portal project

1. Identify stakeholders who can contribute to the project.
   • Who will help with FAQ creation?
   • Who can design the self-service portal?
   • Who needs to sign off on the project?
2. Identify the high-level tasks that need to be done.
   • How many FAQs need to be created?
   • How will we design the service catalog’s web portal?
   • What might a phased approach look like?
   • How can we break down the project into design, build, and implementation tasks?
   • What is the rough timeline for these tasks?
3. Capture the high-level activities in the Service Desk Roadmap.

Participants

• Service Desk Manager
• Service Desk Agents

What You’ll Need

• Flip Chart
• Whiteboard
• Implementation Roadmap

Once you have a service portal, you can review the business requirements for a service catalog

A service catalog is a communications device that lists the IT services offered by an organization. The service catalog is designed to enable the creation of a self-service portal for the end user. The portal augments the service desk so analysts can spend time managing incidents and providing technical support.

The big value comes from workflows:

• Improved economics and a means to measure the costs to serve over time.
• Incentive for adoption because things work better.
• Abstracts delivery from offer to serve so you can outsource, insource, crowdsource, slow, speed, reassign, and cover absences without involving the end user.

There are three types of catalogs:

• Static:Informational only, so can be a basic website.
• Routing and workflow: Attached to service desk tool.
• Workflow and e-commerce: Integrated with service desk tool and ERP system.

Image courtesy of University of Victoria

Understand the time and effort involved in building a service catalog

A service catalog will streamline IT service delivery, but putting one together requires a significant investment. Service desk standardization comes first.

• Workflows and back-end services must be in place before setting up a service catalog.
Think of the catalog as just the delivery mechanism for service you currently provide. If they aren’t running well and delivery is not consistent, you don’t want to advertise SLAs and options.
• Service catalogs require maintenance.
It’s not a one-time investment – service catalogs must be kept up to date to be useful.
• Service catalog building requires input from VIPs.
Architects and wordsmiths are not the only ones that spend effort on the service catalog. Leadership from IT and the business also provide input on policy and content.

Sample Service Catalog Efforts

• A college with 17 IT staff spent one week on a simple service catalog.
• A law firm with 110 IT staff spent two months on a service catalog project.
• A municipal government with 300 IT people spent over seven months and has yet to complete the project.
• A financial organization with 2,000 IT people has spent seven months on service catalog automation alone! The whole project has taken multiple years.

“I would say a client with 2,000 users and an IT department with a couple of hundred, then you're looking at six months before you have the catalog there.”

– Service Catalog Implementation Specialist,

Health Services

Draft a high-level project plan for a self-service portal project

3.2.2 Make a plan for creating or improving the self-service portal

Identify stakeholders who can contribute to the project.

• Who will help with FAQs creation?
• Who can design the self-service portal?
• Who needs to sign off on the project?

Evaluate tool options.

• Will you stick with your existing tool or invest in a new tool?

Identify the high-level tasks that need to be done.

• How will we design the web portal?
• What might a phased approach look like?
• What is the rough timeline for these tasks?
• How many FAQs need to be created?
• Will we have a service catalog, and what type?

Document the plan and tasks in the Service Desk Roadmap.

Examples of publicly posted service catalogs:

University of Victoria is an example of a catalog that started simple and now includes multiple divisions, notifications, systems status, communications, e-commerce, incident registration, and more.

Indiana University is a student, faculty, and staff service catalog and self-service portal that goes beyond IT services.

If you are ready to start building a service catalog, use Info-Tech’s Design and Build a User-Facing Service Catalog blueprint to get started.

Phase 4

Plan the Implementation of the Service Desk

Step 4.1: Build communication plan

This step will walk you through the following activities:

• 4.1.1 Create the communication plan

This step involves the following participants:

• CIO
• IT Director
• IT Managers
• Service Desk Manager(s)
• Representation from tier 2 and tier 3 specialists

Outcomes

The communication plan and project summary will help project managers outline recommendations and communicate their benefits.

DELIVERABLES

• Communication plan
• Project summary

Effectively communicate the game plan to IT to ensure the success of service desk improvements

Communication is crucial to the integration and overall implementation of your service desk improvement.

An effective communication plan will:

• Gain support from management at the project proposal phase.
• Create end-user buy-in once the program is set to launch.
• Maintainthe presence of the program throughout the business.
• Instill ownership throughout the business, from top-level management to new hires.

Build a communication plan to:

1. Communicate benefits to IT:
   • Share the standard operating procedures for training and feedback.
   • Train staff on policies as they relate to end users and ensure awareness of all policy changes.
   • As changes are implemented, continue to solicit feedback on what is and is not working and communicate adjustments as appropriate.
2. Train technicians:
   • Make sure everyone is comfortable communicating changes to customers.
3. Measure success:
   • Review SLAs and reports. Are you consistently meeting SLAs?
   • Is it safe to communicate with end users?

Create your communication plan to anticipate challenges, remove obstacles, and secure buy-in

Why:

• What problems are you trying to solve?

What:

• What processes will it affect (that will affect me)?

Who:

• Who will be affected?
• Who do I go to if I have issues with the new process?

When:

• When will this be happening?
• When will it affect me?

How:

• How will these changes manifest themselves?

Goal:

• What is the final goal?
• How will it benefit me?

Create a communication plan to outline the project benefits

Improved business satisfaction:

• Improve confidence that the service desk can solve issues within the service-level agreement.
• Channel incidents and requests through the service desk.
• Escalate incidents quickly and accurately.

Fewer recurring issues:

• Tickets are created for every incident and categorized correctly.
• Reports can be used for root-cause analysis.

Increased efficiency or lower cost to serve:

• Use FAQs to enable end users to self-solve.
• Use knowledgebase to troubleshoot once, solve many times.
• Cross-train to improve service consistency.

Enhanced demand planning:

• Trend analysis and reporting improve IT’s ability to forecast and address the demands of the business.

Organize the information to manage the deployment of key messages

Create the communication plan

4.1.1 Create the communication plan

Estimated Time: 45 minutes

Develop a stakeholder analysis.

1. Identify everyone affected by the project.
2. Assess their level of interest, value, and influence.
3. Develop a communication strategy tailored to their level of engagement.

Craft key messages tailored to each stakeholder group.

Finalize the communication plan.

1. Examine your roadmap and determine the most appropriate timing for communications.
2. Assess when communications must happen with executives, business unit leaders, end users, and technicians.
3. Identify any additional communication challenges that have come up.
4. Identify who will send out the communications.
5. Identify multiple methods for getting the messages out (newsletters, emails, posters, company meetings).
6. For inspiration, you can refer to the Sample Communication Plan for the project.

Participants

• CIO
• IT Managers
• Service Desk Manager
• Service Desk Agents

Step 4.2: Build implementation roadmap

This step will walk you through the following activities:

• 4.2.1 Build implementation roadmap

This step involves the following participants:

• CIO
• IT Director
• IT Managers
• Service Desk Manager
• Representation from tier 2 and tier 3 specialists

Outcomes

The implementation plan will help track and categorize the next steps and finalize the project.

DELIVERABLES

• Implementation roadmap

Collaborate to create an implementation plan

4.2.1 Create the implementation plan

Estimated Time: 45 minutes

Determine the sequence of improvement initiatives that have been identified throughout the project.

The purpose of this exercise is to define a timeline and commit to initiatives to reach your goals.

Instructions:

1. Review the initiatives that will be taken to improve the service desk and revise tasks, as necessary.
2. Input each of the tasks in the data entry tab and provide a description and rationale behind the task.
3. Assign an effort, priority, and cost level to each task (high, medium, low).
4. Assign ownership to each task.
5. Identify the timeline for each task based on the priority, effort, and cost (short, medium, and long term).
6. Highlight risk for each task if it will be deferred.
7. Track the progress of each task with the status column.

Participants

• CIO
• IT Managers
• Service Desk Manager
• Service Desk Agents

Document using the Roadmap tool.

Related Info-Tech Research

ImplementHardware and Software Asset Management

The Standardize blueprint reviews service desk structures and metrics and builds essential processes and workflows for incident management, service request fulfillment, and knowledge management practices.

Once the service desk is operational, there are three paths to basic ITSM maturity:

• Having the incident management processes and workflows built allows you to:
  • Introduce Change Management to reduce change-related incidents.
  • Introduce Problem Management to reduce incident recurrence.
  • Introduce Asset Management to augment service management processes with reliable data.

Solicit targeted department feedback on core IT service capabilities, IT communications, and business enablement. Use the results to assess the satisfaction of end users, with each service broken down by department and seniority level.

Works cited

“Help Desk Staffing Models: Simple Analysis Can Save You Money.” Giva, Inc., 2 Sept. 2009. Web.

Marrone et al. “IT Service Management: A Cross-national Study of ITIL Adoption.” Communications of the Association for Information Systems: Vol. 34, Article 49. 2014. PDF.

Rumburg, Jeff. “Metric of the Month: First Level Resolution Rate.” MetricNet, 2011. Web.

“Service Recovery Paradox.” Wikipedia, n.d. Web.

Tang, Xiaojun, and Yuki Todo. “A Study of Service Desk Setup in Implementing IT Service Management in Enterprises.” Technology and Investment: Vol. 4, pp. 190-196. 2013. PDF.

“The Survey of Adult Skills (PIAAC).” Organisation for Economic Co-operation and Development (OECD), 2016. Web.

Contributors

• Jason Aqui, IT Director, Bellevue College
• Kevin Sigil, IT Director, Southwest Care Centre
• Lucas Gutierrez, Service Desk Manager, City of Santa Fe
• Rama Dhuwaraha, CIO, University of North Texas System
• Annelie Rugg, CIO, UCLA Humanities
• Owen McKeith, Manager IT Infrastructure, Canpotex
• Rod Gula, IT Director, American Realty Association
• Rosalba Trujillo, Service Desk Manager, Northgate Markets
• Jason Metcalfe, IT Manager, Mesalabs
• Bradley Rodgers, IT Manager, SecureTek
• Daun Costa, IT Manager, Pita Pit
• Kari Petty, Service Desk Manager, Mansfield Oil
• Denis Borka, Service Desk Manager, PennTex Midstream
• Lateef Ashekun, IT Manager, City of Atlanta
• Ted Zeisner, IT Manager, University of Ottawa Institut de Cardiologie

Data and Analytics Trends Report 2023

SOONER OR LATER, YOU WILL BE IN THE DATA BUSINESS!

Nine Data Trends for 2023

In this report, we explore nine data use cases for emerging technologies that can improve on capabilities needed to compete in the data-driven economy. Use cases combine emerging data trends and modernization of existing capabilities.

1. VOLUME
   • Data Gravity
2. VELOCITY

• Democratizing Real-Time Data

• Augmented Data Management

• Identity Authenticity

• Data Monetization

• Adaptive Data Governance

• AI-Driven Storytelling & Augmented Analytics

• Data Marketplace

• DevOps – DataOps – XOps

VOLUME

Data Gravity

Trend 01 Demand for storage and bandwidth continues to grow

When organizations begin to prioritize data, they first consider the sheer volume of data, which will influence data system design. Your data systems must consider the existing and growing volume of data by assessing industry initiatives such as digital transformation, Industry 4.0, IoT, consumer digital footprint, etc.

VOLUME

Data Gravity

Data attracts more data and an ecosystem of applications and services

SharePoint, OneDrive, Google Drive, and Dropbox offer APIs and integration opportunities for developers to enhance their products.

Social media platforms thought about this early by allowing for an ecosystem of filters, apps, games, and effects that engage their users with little to no additional effort from internal resources.

VOLUME

Data Gravity

Focus on data gravity and avoid cloud repatriation

Data gravity is the tendency of data to attract applications, services, and other data. A growing number of cloud migration decisions will be made based on the data gravity concept. It will become increasingly important in data strategies, with failure potentially resulting in costly cloud repatriations.

Emerging technologies and capabilities:

Data Lakehouse, Data Mesh, Data Fabric, Hybrid Data, Cloud Data, Edge Computing

Source: CIO, 2022

VOLUME

Data Gravity

What worked for terabytes is ineffective for petabytes

When compared to on-premises infrastructure, cloud computing is less expensive and easier to implement. However, poor data replication and data gravity can significantly increase cloud costs to the point of failure. Data gravity will help organizations make better cloud migration decisions.

It is also critical to recognize changes in the industry landscape. The goal of data processing and analytics is to generate the right data for users to act on. In most cases, the user is a human being, but in the case of autonomous driving (AD), the car takes on the role of the user (DXC Technology).

To avoid cloud repatriation, it will become prudent for all organizations to consider data gravity and the timing of cloud migration.

VELOCITY

Democratizing Real-Time Data

Trend 02 Real-time analytics presents an important differentiator

The velocity element of data can be assessed from two standpoints: the speed at which data is being generated and how fast the organization needs to respond to the incoming information through capture, analysis, and use. Traditionally data was processed in a batch format (all at once or in incremental nightly data loads). There is a growing demand to process data continuously using streaming data-processing techniques.

Emerging technologies and capabilities:

Edge Computing

VELOCITY

Democratizing Real-Time Data

Make data accessible to everyone in real time

• 90% of an organization’s data is replicated or redundant.
• Build API and web services that allow for live access to data.
• Most social media platforms, like Twitter and Facebook, have APIs that offer access to incredible amounts of data and insights.

VELOCITY

Democratizing Real-Time Data

Trend in Data Velocity

Data democratization means data is widely accessible to all stakeholders without bottlenecks or barriers. Success in data democratization comes with ubiquitous real-time analytics. Google highlights a need to address democratization in two different frames:

1. Democratizing stream analytics for all businesses to ensure real-time data at the company level.
2. Democratizing stream analytics for all personas and the ability of all users to generate real-time insights.

Emerging technologies and capabilities:

Data Lakehouse, Streaming API Ecosystem, Industry 4.0, Zero-Copy Cloning

Nearly 70% of all new vehicles globally will be connected to the internet by 2023.

Source: “Connected light-duty vehicles,” Statista, 2022

VELOCITY

Democratizing Real-Time Data

Enable real-time processing with API

In the past, data democratization has largely translated into a free data set and open data portals. This has allowed the government to freely share data with the public. Also, the data science community has embraced the availability of large data sets such as weather data, stock data, etc. In the future, more focus will be on the combination of IoT and steaming analytics, which will provide better responsiveness and agility.

Many researchers, media companies, and organizations now have easy access to the Twitter/Facebook API platform to study various aspects of human behavior and sentiments. Large technology companies have already democratized their data using real-time APIs.

Thousands of sources for open data are available at your local municipalities alone.

6G will push Wi-Fi connectivity to 1 terabyte per second! This is expected to become commercially available by 2030.

VARIETY

Augmented Data Management

Trend 03 Need to manage unstructured data

The variety of data types is increasingly diverse. Structured data often comes from relational databases, while unstructured data comes from several sources such as photos, video, text documents, cell phones, etc. The variety of data is where technology can drive business value. However, unstructured data also poses a risk, especially for external data.

VARIETY

Augmented Data Management

Employ AI to automate data management

New tools will enhance many aspects of data management:

• Data preparation, integration, cataloging, and quality
• Metadata management
• Master data management

Enabling AI-assisted decision-making tools

VARIETY

Augmented Data Management

Trend in Data Variety

Augmented data management will enhance or automate data management capabilities by leveraging AI and related advanced techniques. It is quite possible to leverage existing data management tools and techniques, but most experts have recognized that more work and advanced patterns are needed to solve many complex data problems.

Emerging technologies and capabilities:

Data Factory, Data Mesh, Data Fabric, Artificial Intelligence, Machine Learning

VARIETY

Augmented Data Management

Data Fabric vs. Data Mesh: The Data Journey continues at an accelerated pace

More Unstructured Data

95% of businesses cite the need to manage unstructured data as a problem for their business.

VERACITY

Identity Authenticity

Trend 04 Veracity of data is a true test of your data capabilities

Data veracity is defined as the accuracy or truthfulness of a data set. More and more data is created in semi-structured and unstructured formats and originates from largely uncontrolled sources (e.g. social media platforms, external sources). The reliability and quality of the data being integrated should be a top concern. The veracity of data is imperative when looking to use data for predictive purposes. For example, energy companies rely heavily on weather patterns to optimize their service outputs, but weather patterns have an element of unpredictability.

VERACITY

Identity Authenticity

Veracity of data is a true test of your data capabilities

• Stop creating your own identity architectures and instead integrate a tried-and-true platform.
• Aim for a single source of truth for digital identity.
• Establish data governance that can withstand scrutiny.
• Imagine a day in the future where verified accounts on social media platforms are available.
• Zero-trust architecture should be used.

VERACITY

Identity Authenticity

Trend in Data Veracity

Veracity is a concept deeply linked to identity. As the value of the data increases, a greater degree of veracity is required: We must provide more proof to open a bank account than to make friends on Facebook. As a result, there is more trust in bank data than in Facebook data. There is also a growing need to protect marginalized communities.

Emerging technologies and capabilities:

Zero Trust, Blockchain, Data Governance, IoT, Cybersecurity

VERACITY

Identity Authenticity

The identity discussion is no longer limited to people or organizations. The development of new technologies, such as the IoT phenomenon, will lead to an explosion of objects, from refrigerators to shipping containers, coming online as well. If all these entities start communicating with each other, standards will be needed to establish who or what they are.

The IoT market is expected to grow 18% to 14.4 billion in 2022 and 27 billion by 2025.

Source: IoT Analytics, 2022

VALUE

Data Monetization

Trend 05 Not Many organization know the true value of their data

Data can be valuable if used effectively or dangerous if mishandled. The rise of the data economy has created significant opportunities but also has its challenges. It has become urgent to understand the value of data, which may vary for stakeholders based on their business model and strategy. Organizations first need to understand ownership of their data by establishing a data strategy, then they must improve data maturity by developing a deeper understanding of data value.

VALUE

Data Monetization

Start developing your data business

• Blockbuster ran its business well, but Netflix transformed the video rental industry overnight!
• Big players with data are catching up fast.
• You don’t have to be a giant to monetize data.
• Data monetization is probably closer than you think.
• You simply need to find it, catalog it, and deliver it.

VALUE

Data Monetization

Trend in Data Value

Data monetization is the transformation of data into financial value. However, this does not imply selling data alone. Monetary value is produced by using data to improve and upgrade existing and new products and services. Data monetization demands an organization-wide strategy for value development.

Emerging technologies and capabilities:

Data Strategy, Data Monetization Strategy, Data Products

Netflix uses big data to save $1 billion per year on customer retention.

Source: Logidots, 2021

VALUE

Data Monetization

Data is a strategic asset

Data is beyond currency, assets, or commodities and needs to be a category
of its own.

• Data always outlives people, processes, and technology. They all come and go while data remains.
• Oil is a limited resource. Data is not. Unlike oil, data is likely to grow over time.
• Data is likely to outlast all other current popular financial instruments, including currency, assets, or commodities.
• Data is used internally and externally and can easily be replicated or combined.

Data monetization is currently in the speculative territory, which is unacceptable. It should instead be guided by sound data management theory.

VIRTUE

Adaptive Data Governance

Trend 06 Five Core Virtues: Resilience, Humility, Grit, Liberal Education, Empathy (Forbes, 2020)

We have become more and more dependent on data, analytics, and organizational protection policies. Data virtue is about leveraging data securely and ethically. This topic has become more critical with the advent of GDPR, the right to be forgotten, and related regulations. Data governance, which seeks to establish an oversight framework that manages the creation, acquisition, integrity, security, compliance, and quality of data, is essential for any organization that makes decisions about data.

VIRTUE

Adaptive Data Governance

Encourage noninvasive and automated data governance

• Data governance affects the entire organization, not just data.
• The old model for data governance was slow and clumsy.
• Adaptive data governance encourages faster decision making and a more collaborative approach to governance.
• Agile data governance allows for faster and more flexible decision making.
• Automated data governance will simplify execution across the organization.
• It is great for compliance, quality, impact tracking, and cross-referencing and offers independence to data users.

VIRTUE

Adaptive Data Governance

Trend in Data Virtue

Adaptive data governance encourages a flexible approach that allows an organization to employ multiple data governance strategies depending on changing business situations. The other aspect of adaptive data governance is moving away from manual (and often slow) data governance and toward aggressive automation.

Emerging technologies and capabilities:

AI-Powered Data Catalog and Metadata Management,
Automated Data Policy Enforcement

VIRTUE

Data Governance Automation

Simple and easy Data Governance

Tools are not the ultimate answer to implementing data governance. You will still need to secure stakeholders' buy-in and engagement in the data process. Data governance automation should be about simplifying the execution of roles and responsibilities.

“When you can see where your data governance strategy can be improved, it’s time to put in place automation that help to streamline processes.”

Source: Nintex, 2021

VISUALIZATION

AI-Driven Storytelling & Augmented Analytics

Trend 07 Automated and augmented data storytelling is not that far away

Today, data storytelling is led by the user. It’s the manual practice of combining narrative with data to deliver insights in a compelling form to assist decision makers in engaging with data and analytics. A story backed by data is more easily consumed and understood than a dashboard, which can be overwhelming. However, manual data storytelling has some major shortcomings.

Problem # 1: Telling stories on more than just the insights noticed by people

Problem # 2: Poor data literacy and the limitations of manual self-service

Problem # 3: Scaling data storytelling across the business

VISUALIZATION

AI-Driven Storytelling & Augmented Analytics

Use AI to enhance data storytelling

• Tableau, Power BI, and many other applications already use
  AI-driven analytics.
• Power BI and SharePoint can use AI to generate visuals for any SharePoint list in a matter of seconds.

VISUALIZATION

AI-Driven Storytelling & Augmented Analytics

Trend in Data Visualization

AI and natural language processing will drive future visualization and data storytelling. These tools and techniques are improving rapidly and are now designed in a streamlined way to guide people in understanding what their data means and how to act on it instead of expecting them to do self-service analysis with dashboards and charts and know what to do next. Ultimately, being able to understand how to translate emotion, tropes, personal interpretation, and experience and how to tell what’s most relevant to each user is the next frontier for augmented and automated analytics

Emerging technologies and capabilities:

AI-Powered Data Catalog and Metadata Management,
Automated Data Policy Enforcement

VISUALIZATION

Data Storytelling

Augmented data storytelling is not that far away

Emotions are a cornerstone of human intelligence and decision making. Mastering the art of storytelling is not easy.

Industry experts predict the combination of data storytelling with augmented and automated techniques; these capabilities are more than capable of generating and automating parts of a data story’s creation for end users.

The next challenge for AI is translating emotion, tropes, personal interpretation, and experience into what is most essential to end users.

Source: Yellowfin, 2021

VIRALITY

Data Marketplace

Trend 08 Missing data marketplace

Data virality measures data spread and popularity. However, for data virality to occur, an ecosystem comparable to that of traditional or modern digital marketplaces is required. Organizations must reevaluate their data strategies to ensure investment in appropriate data domains by understanding data virality. Data virality is the exact opposite of dark data.

Dark data is “all the information companies collect in their regular business processes, don’t use, have no plans to use, but will never throw out.”

Source: Forbes, 2019

VIRALITY

Data Marketplace

Make data easily accessible

• Making data accessible to a broader audience is the key to successful virality.
• Data marketplaces provide a location for you to make your data public.
• Why do this? Contributing to public data marketplaces builds credibility, just like contributing to public GitHub projects.
• Big players like Microsoft, Amazon, and Snowflake already do this!
• Snowflake introduced zero-copy cloning, which allows users to interact with source data without compromising the integrity of the original source.

VIRALITY

Data Marketplace

Trend in Data Virality

The data marketplace can be defined as a dynamic marketplace where users decide what has the most value. Companies can gauge which data is most popular based on usage and decide where to invest. Users can shop for data products within the marketplace and then join these products with other ones they’ve created to launch truly powerful data-driven projects.

Emerging technologies and capabilities:

AI-Powered Data Catalog and Metadata Management,
Automated Data Policy Enforcement

“Data is like garbage. You’d better know what you are going to do with it before you collect it.”

– Mark Twain

VIRALITY

Data Marketplace

Journey from siloed data platforms to dynamic data marketplaces

Data remains a complex topic due to many missing foundational components and infrastructure. Interoperability, security, quality, discoverability, speed, and ease are some of those missing foundational components that most organizations face daily.

Data lacks an ecosystem that is comparable to those of traditional assets or commodities. Data must be available in open or closed data marketplaces to measure its value. These data marketplaces are still in their infancy.

“Data markets are an important component of the data economy that could unleash the full potential of data generated by the digital economy and human activity in general.”

Source: ITU Journal, 2018

VISCOSITY

DevOps – DataOps – XOps

Trend 09 Increase efficiency by removing bottlenecks

Compared to water, a fluid with a high viscosity flows more slowly, like honey. Data viscosity measures the resistance to flow in a volume of data. The data resistance may come from other Vs (variety, velocity, etc.).

VISCOSITY

DevOps – DataOps – XOps

Increase efficiency by removing bottlenecks

Consider XOps for a second. It makes no difference what X is. What's important is matching operational requirements to enterprise capabilities.

• For example, Operations must meet the demands of Sales – hence SalesOps
  or S&Op.
• Development resources must meet the demands of Operations – hence DevOps.
• Finally, Data must also meet the demand of Operations.

These Operations guys are demanding!!

VISCOSITY

DevOps – DataOps – XOps

Trend in Data Viscosity

The merger of development (Dev) and IT Operations (Ops) started in software development with the concept of DevOps. Since then, new Ops terms have formed rapidly (AIOps, MLOps, ModelOps, PlatformOps, SalesOps, SecOps, etc.). All these methodologies come from Lean manufacturing principles, which seek to identify waste by focusing on eliminating errors, cycle time, collaboration, and measurement. Buzzwords are distractions, and the focus must be on the underlying goals and principles. XOps goals should include the elimination of errors and improving efficiencies.

Emerging technologies and capabilities:

Collaborative Data Management, Automation Tools

VISCOSITY

DataOps → Data Observability

Data observability, a subcomponent of DataOps, is a set of technical practices, cultural norms, and architecture that enables low error rates. Data observability focuses on error rates instead of only measuring data quality at a single point in time.

What’s next? Go beyond the buzzwords.

Avoid following trends solely for the sake of following them. It is critical to comprehend the concept and apply it to your industry. Every industry has its own set of problems and opportunities.

Highlight the data trends (or lack thereof) that have been most beneficial to you in your organizations. Follow Info-Tech’s approach to building a data practice and platform to develop your data capabilities through the establishment of data goals.

Research Authors

Rajesh Parab Director, Research & Advisory Data and Analytics	Chris Dyck Research Lead Data and Analytics

“Data technologies are rapidly evolving. Understanding what’s possible is critical. Adapting to these upcoming data trends requires a solid data management foundation.”

– Rajesh Parab

Contributing Experts

Carlos Thomas Executive Counselor Info-Tech Research Group	John Walsh Executive Counselor Info-Tech Research Group

Bibliography

Bean, Randy. “Why Becoming a Data-Driven Organization Is So Hard.” Harvard Business Review, 24 Feb. 2022. Accessed Oct. 2022.
Brown, Annie. “Utilizing AI And Big Data To Reduce Costs And Increase Profits In Departments Across An Organization.” Forbes, 13 April 2021.
Accessed Oct. 2022.
Burciaga, Aaron. “Five Core Virtues For Data Science And Artificial Intelligence.” Forbes, 27 Feb. 2020. Accessed Aug. 2022.
Cadwalladr, Carole, and Emma Graham-Harrison. “Revealed: 50 million Facebook profiles harvested for Cambridge Analytica in major data breach.”
The Guardian, 17 March 2018. Accessed Aug. 2022.
Carlier, Mathilde. “Connected light-duty vehicles as a share of total vehicles in 2023.” Statista, 31 Mar. 2021. Accessed Oct. 2022.
Carter, Rebekah. “The Ultimate List of Big Data Statistics for 2022.” Findstack, 22 May 2021. Accessed Oct. 2022.
Castelvecchi, Davide. “Underdog technologies gain ground in quantum-computing race.” Nature, 6 Nov. 2023. Accessed Feb. 2023.
Clark-Jones, Anthony, et al. “Digital Identity:” UBS, 2016. Accessed Aug 2022.
“The Cost of Bad Data – Infographic.” Pragmatic Works, 25 May 2017. Accessed Oct. 2022.
Demchenko, Yuri, et al. “Data as Economic Goods: Definitions, Properties, Challenges, Enabling Technologies for Future Data Markets.“ ITU Journal: ICT Discoveries, Special Issue, no. 2, vol. 23, Nov. 2018. Accessed Aug 2022.
Feldman, Sarah. ”20 Years of Quantum Computing Growth.” Statista, 6 May 2019. Accessed Oct. 2022.
“Genomic Data Science.” NIH, National Human Genome Research Institute, 5 April 2022. Accessed Oct. 2022.

Bibliography

Hasbe, Sudhir, and Ryan Lippert. “The democratization of data and insights: making real-time analytics ubiquitous.” Google Cloud, 15 Jan. 2021.
Accessed Aug. 2022.
Helmenstine, Anne. “Viscosity Definition and Examples.” Science Notes, 3 Aug. 2021. Accessed Aug. 2022.
“How data storytelling and augmented analytics are shaping the future of BI together.” Yellowfin, 19 Aug. 2021. Accessed Aug. 2022.
“How Netflix Saves $1B Annually using AI?” Logidots, 24 Sept. 2021. Accessed Oct. 2022
Hui, Kenneth. “The AWS Love/Hate Relationship with Data Gravity.” Cloud Architect Musings, 30 Jan. 2017. Accessed Aug 2022.
ICD. “The Growth in Connected IoT Devices Is Expected to Generate 79.4ZB of Data in 2025, According to a New IDC Forecast.” Business Wire, 18 June 2019. Accessed Oct 2022.
Internet of Things (IoT) and non-IoT active device connections worldwide from 2010 to 2025” Statista, 27 Nov. 2022. Accessed Nov. 2022.
Koch, Gunter. “The critical role of data management for autonomous driving development.” DXC Technology, 2021. Accessed Aug. 2022.
Morris, John. “The Pull of Data Gravity.” CIO, 23 Feb. 2022. Accessed Aug. 2022.
Nield, David. “Google's Quantum Computer Is 100 Million Times Faster Than Your Laptop.” ScienceAlert, 9 Dec. 2015. Accessed Oct. 2022.
Redman, Thomas C. “Seizing Opportunity in Data Quality.” MIT Sloan Management Review, 27 Nov. 2017. Accessed Oct. 2022.
Segovia Domingo, Ana I., and Álvaro Martín Enríquez. “Digital Identity: the current state of affairs.” BBVA Research, 2018. Accessed Aug. 2022.

Bibliography

“State of IoT 2022: Number of connected IoT devices growing 18% to 14.4 billion globally.” IOT Analytics, 18 May 2022. Accessed. 14 Nov. 2022.
Strod, Eran. “Data Observability and Monitoring with DataOps.” DataKitchen, 10 May 2021. Accessed Aug. 2022.
Sujay Vailshery, Lionel. “Edge computing market value worldwide 2019-2025.” Statista, 25 Feb. 2022. Accessed Oct 2022.
Sujay Vailshery, Lionel. “IoT and non-IoT connections worldwide 2010-2025.” Statista, 6 Sept. 2022. Accessed Oct. 2022.
Sumina, Vladimir. “26 Cloud Computing Statistics, Facts & Trends for 2022.” Cloudwards, 7 June 2022. Accessed Oct. 2022.
Taulli, Tom. “What You Need To Know About Dark Data.” Forbes, 27 Oct. 2019. Accessed Oct. 2022.
Taylor, Linnet. “What is data justice? The case for connecting digital rights and freedoms globally.“ Big Data & Society, July-Dec 2017. Accessed Aug 2022.
“Twitter: Data Collection With API Research Paper.” IvyPanda, 28 April 2022. Accessed Aug. 2022.
“Using governance automation to reduce data risk.” Nintex, 15 Nov. 2021. Accessed Oct. 2022
“Volume of data/information created, captured, copied, and consumed worldwide from 2010 to 2020, with forecasts from 2021 to 2025.” Statista, 8 Sept. 2022. Accessed Oct 2022.
Wang, R. “Monday's Musings: Beyond The Three V's of Big Data – Viscosity and Virality.” Forbes, 27 Feb. 2012. Accessed Aug 2022.
“What is a data fabric?” IBM, n.d. Accessed Aug 2022.
Yego, Kip. “Augmented data management: Data fabric versus data mesh.” IBM, 27 April 2022. Accessed Aug 2022.