Innovation
- Buy Link or Shortcode: {j2store}21|cart{/j2store}
- Parent Category Name: Strategy and Governance
- Parent Category Link: /strategy-and-governance
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Gain insight on the various factors that influence software satisfaction.
Reduce the size of your RFPs or skip them entirely to limit time spent watching vendor dog and pony shows.
Narrow the field to four contenders prior to in-depth comparison and engage in accelerated enterprise architecture oversight.
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
This research describes an approach to strategize and implement DLP solutions for cloud services.
Use this tool to identify and prioritize your data, then use that information to make decisions on DLP strategies based on classification and data environment.
Driven by reduced operational costs and improved agility, the migration to cloud services continues to grow at a steady rate. A recent report by Palo Alto Networks indicates workload in the cloud increased by 13% last year, and companies are expecting to move an additional 11% of their workload to the cloud in the next 24 months1.
However, moving to the cloud poses unique challenges for cyber security practitioners. Cloud services do not offer the same level of management and control over resources as traditional IT approaches. The result can be reduced visibility of data in cloud services and reduced ability to apply controls to that data, particularly data loss prevention (DLP) controls.
It’s not unusual for organizations to approach DLP as a point solution. Many DLP solutions are marketed as such. The truth is, DLP is a complex program that uses many different parts of an organization’s security program and architecture. To successfully implement DLP for data in the cloud, an organization should leverage existing security controls and integrate DLP tools, whether newly acquired or available in cloud services, with its existing security program.
Bob Wilson
CISSP
Research Director, Security and Privacy
Info-Tech Research Group
Your ChallengeOrganizations must prevent the misuse and leakage of data, especially sensitive data, regardless of where it’s stored. Organizations often have compliance obligations requiring protection of sensitive data. All stages of the data lifecycle exist in the cloud and all stages provide opportunity for data loss. Organizations must find ways to mitigate insider threats without impacting legitimate business access. |
Common ObstaclesMany organizations must handle a plethora of data in multiple varied environments. Organizations don’t know enough about the data they use or where it is located. Different systems offer differing visibility. Necessary privileges and access can be abused. |
Info-Tech’s ApproachThe path to data loss prevention is complex and should be taken in small and manageable steps. First, organizations must achieve data comprehension. Organizations must align DLP with their current security program and architecture. Organizations need to implement DLP with a distinct goal in mind. Once the components are in place it’s important to measure and improve. |
Data loss prevention is the outcome of a well-designed strategy that incorporates multiple, sometimes disparate, tools within your existing security program.
Data loss prevention doesn’t depend on a single tool. Many of the leading cloud service providers offer DLP controls with their services and these controls should be considered.
53%53% of a study’s respondents think it is more difficult to detect insider threats in the cloud. Source: "2023 Insider Threat Report," Cybersecurity Insiders, 2023 |
45%Only about 45% of organizations think native cloud app functionality is useful in detecting insider threats. Source: "2023 Insider Threat Report," Cybersecurity Insiders, 2023 |
An insider threat management (ITM) program focuses on the user. DLP programs focus on the data.
DLP is not just a single tool. It’s an additional layer of security that depends on different components of your security program, and it requires time and effort to mature.
Organizations should leverage existing security architecture with the DLP controls available in the cloud services they use.
Data loss prevention is the outcome of a well-designed strategy that incorporates multiple, sometimes disparate tools within your existing security program.
Start with the data that matters most to your organization.
Having a clearly defined objective will make implementing a DLP program much easier.
Data loss prevention is not foundational, and it depends on many other parts of a mature information security program.
Start your DLP implementation with a quick win in mind and build on small successes.
Your organization must be prepared to investigate alerts and respond to incidents.
Data loss prevention is not a point solution.
It’s the outcome of a well-designed strategy that incorporates multiple, sometimes disparate tools within your existing security program.
Leverage existing security tools where possible.
DLP is a set of technologies and processes that provides additional data protection by identifying, monitoring, and preventing data from being illicitly used or transmitted.
DLP depends on many components of a mature security program, including but not limited to:
DLP is achieved through some or all of the following tactics:
DLP is not foundational. Your information security program needs to be moderately mature to support a DLP strategy.
DLP uses a handful of techniques to achieve its tactics:
DLP has two primary approaches for applying techniques:
Some DLP tools use both approaches.
Different DLP products will support different methods. It is important to keep these in mind when choosing a DLP solution.
Who? Who owns the data? Who needs access? Who would be impacted if it was lost?
What? What data do you have? What type of data is it? In what format does it exist?
When? When is the data generated? When is it used? When is it destroyed?
Where? Where is the data stored? Where is it generated? Where is it used?
Why? Why is the data needed?
Use what you discover about your data to create a data inventory!
Compliance requirements often dictate what must be done to manage and protect data and vary from industry to industry.
Some examples of compliance requirements to consider:
Why is especially important. If you don’t need a specific piece of data, dispose of it to reduce risk and administrative overhead related to maintaining or protecting data.
Data classification is a process by which data is categorized.
Refer to our Discover and Classify Your Data blueprint for guidance on data classification.
Label |
Category |
Top Secret | Data that is mission critical and highly likely to negatively impact the organization if breached. The “crown jewels.” Examples: Trade secrets, military secrets |
Confidential | Data that must not be disclosed, either because of a contractual or regulatory requirement or because of its value to the organization. Examples: Payment card data, private health information, personally identifiable information, passwords |
Internal | Data that is intended for organizational use, which should be kept private. Examples: Internal memos, sales reports |
Limited | Data that isn’t generally intended for public consumption but may be made public. Examples: Employee handbooks, internal policies |
Public | Data that is meant for public consumption and anonymous access. Examples: Press releases, job listings, marketing material |
Data classification should be implemented as a continuous program, not a one-time project.
Data exists in three states, and each state presents different opportunities for risk. Different DLP methodologies will be appropriate for different states.
Data states
In use
In motion
At rest
The most common causes of data loss can be categorized by people, processes, and technology.
Check out our Combine Security Risk Management Components Into One Program blueprint for guidance on risk management, including how to do a full risk assessment.
Prioritizing the data that most needs protection will help define your DLP goals.
The prioritization of your data should be a business decision based on your comprehension of the data. Drivers for prioritizing data can include:
It’s not feasible for most organizations to apply DLP to all their data. Start with the most important data.
Input: Lists of data, data types, and data environments
Output: A list of data types with an estimated priority
Materials: Data Loss Prevention Strategy Planner worksheet
Participants: Security leader, Data owners
For this activity, you will use the Data Loss Prevention Strategy Planner workbook to prioritize your data.
Click to download the Data Loss Prevention Strategy Planner
In the Data Loss Prevention Strategy Planner tool, start with tab “2. Setup.”
Next, move to tab “3. Data Prioritization.”
Click to download the Data Loss Prevention Strategy Planner
DLP objectives should achieve one or more of the following:
Example objectives:
Most common DLP use cases:
Having a clear idea of your objectives will make implementing a DLP program easier.
1. Data handling standards or guidelines: These specify how your organization will handle data, usually based on its classification. Your data handling standards will inform the development of DLP rules, and your employees will have a clear idea of data handling expectations.
2. Identity and access management (IAM): IAM will control the access users have to various resources and data and is integral to DLP processes.
3. Incident response policy or plan: Be sure to consider your existing incident handling processes when implementing DLP. Modifying your incident response processes to accommodate alerts from DLP tools will help you efficiently process and respond to incidents.
4. Existing security tools: Firewalls, email gateways, security information and event management (SIEM), and other controls should be considered or leveraged when implementing a DLP solution.
5. Acceptable use policy: An organization must set expectations for acceptable/unacceptable use of data and IT resources.
6. User education and awareness: Aside from baseline security awareness training, organizations should educate users about policies and communicate the risks of data leakage to reduce risk caused by user error.
Consider DLP as a secondary layer of protection; a safety net. Your existing security program should do most of the work to prevent data misuse.
A fundamental challenge with implementing DLP with cloud services is the reduced flexibility that comes with managing less of the technology stack. Each cloud model offers varying levels of abstraction and control to the user.
Infrastructure as a service (IaaS): This service model provides customers with virtualized technology resources, such as servers and networking infrastructure. IaaS allows users to have complete control over their virtualized infrastructure without needing to purchase and maintain hardware resources or server space. Popular examples include Amazon Web Servers, Google Cloud Engine, and Microsoft Azure.
Platform as a service (PaaS): This service model provides users with an environment to develop and manage their own applications without needing to manage an underlying infrastructure. Popular examples include Google Cloud Engine, OpenShift, and SAP Cloud.
Software as a service (SaaS): This service model provides customers with access to software that is hosted and maintained by the cloud provider. SaaS offers the least flexibility and control over the environment. Popular examples include Salesforce, Microsoft Office, and Google Workspace.
Cloud service providers may include DLP controls and functionality for their environments with the subscription. These tools are usually well suited for DLP functions on that platform.
DLP products often fall into general categories defined by where those tools provide protection. Some tools fit into more than one category.
Cloud DLP refers to DLP products that are designed to protect data in cloud environments.
Endpoint DLP: This DLP solution runs on an endpoint computing device and is suited to detecting and controlling data at rest on a computer as well as data being uploaded or downloaded. Endpoint DLP would be feasible for IaaS.
Network DLP: Network DLP, deployed on-premises or as a cloud service, enforces policies on network flows between local infrastructure and the internet.
DLP solution types that are better suited for SaaS: CASB and Integrated Tools
DLP solution types that are better suited for PaaS: CASB, Integrated Tools, Network DLP
DLP solution types that are better suited for IaaS: CASB, Integrated Tools, Network DLP, and Endpoint DLP
Click to download the Data Loss Prevention Strategy Planner
Check the tab labeled “6. DLP Features Reference” for a list of common DLP features.
Input: Knowledge of data states for data types
Output: A set of technical DLP policy rules for each data type by environment
Materials: The same Data Loss Prevention Strategy Planner worksheet from the earlier activity
Participants: Security leader, Data owners
Continue with the same workbook used in the previous activity.
Click to download the Data Loss Prevention Strategy Planner
Use tab “4. DLP Methods” to plan DLP rules and technical policies.
See tab “5. Results” for a summary of your DLP policies.
Click to download the Data Loss Prevention Strategy Planner
After a DLP program is implemented, alerts will need to be investigated and incidents will need a response. Be prepared for DLP to be a work multiplier!
DLP attempts to tackle the challenge of promptly detecting and responding to an incident.
To measure the effectiveness of your DLP program, compare the number of events, number of incidents, and mean time to respond to incidents from before and after DLP implementation.
A high number of false positives and rule exceptions may indicate that the rules are not working well and may be interfering with legitimate use.
It’s important to address these issues as the frustration felt by employees can undermine the DLP program.
Establish a process for routinely using metrics to tune rules.
This will improve performance and reduce friction.
Aside from performance-based tuning, it’s important to evaluate your DLP program periodically and after major system or business changes to maintain an awareness of your data environment.
|
Discover and Classify Your DataUnderstand where your data lives and who has access to it. This blueprint will help you develop an appropriate data classification system by conducting interviews with data owners and by incorporating vendor solutions to make the process more manageable and end-user friendly. |
|
Identify the Components of Your Cloud Security ArchitectureThis blueprint and associated tools are scalable for all types of organizations within various industry sectors. It allows them to know what types of risk they are facing and what security services are strongly recommended to mitigate those risks. |
|
Data Loss Prevention on SoftwareReviewsQuickly evaluate top vendors in the category using our comprehensive market report. Compare product features, vendor strengths, user-satisfaction, and more. Don’t settle for just any vendor – find the one you can trust. Use the Emotional Footprint report to see which vendors treat their customers right. |
Andrew Amaro
CSO and Founder
Klavan Physical and Cyber Security Services
Arshad Momin
Cyber Security Architect
Unicom Engineering, Inc.
James Bishop
Information Security Officer
StructureFlow
Michael Mitchell
Information Security and Privacy Compliance Manager
Unicom Engineering, Inc.
One Anonymous Contributor
Alhindi, Hanan, Issa Traore, and Isaac Woungang. "Preventing Data Loss by Harnessing Semantic Similarity and Relevance." jisis.org Journal of Internet Services and Information Security, 31 May 2021. Accessed 2 March 2023. https://jisis.org/wp-content/uploads/2022/11/jisis-2021-vol11-no2-05.pdf
Cash, Lauryn. "Why Modern DLP is More Important Than Ever." Armorblox, 10 June 2022. Accessed 10 February 2023. https://www.armorblox.com/blog/modern-dlp-use-cases/
Chavali, Sai. "The Top 4 Use Cases for a Modern Approach to DLP." Proofpoint, 17 June 2021. Accessed 7 February 2023. https://www.proofpoint.com/us/blog/information-protection/top-4-use-cases-modern-approach-dlp
Crowdstrike. "What is Data Loss Prevention?" Crowdstrike, 27 Sept. 2022. Accessed 6 Feb. 2023. https://www.crowdstrike.com/cybersecurity-101/data-loss-prevention-dlp/
De Groot, Juliana. "What is Data Loss Prevention (DLP)? Definition, Types, and Tips." Digital Guardian, 8 February 2023. Accessed 9 Feb. 2023. https://digitalguardian.com/blog/what-data-loss-prevention-dlp-definition-data-loss-prevention
Denise. "Learn More About DLP Key Use Cases." CISO Platform, 28 Nov. 2019. Accessed 10 February 2023. https://www.cisoplatform.com/profiles/blogs/learn-more-about-dlp-key-use-cases
Google. "Cloud Data Loss Prevention." Google Cloud Google, n.d. Accessed 7 Feb. 2023. https://cloud.google.com/dlp#section-6
Gurucul. "2023 Insider Threat Report." Cybersecurity Insiders, 13 Jan. 2023. Accessed 23 Feb. 2023. https://gurucul.com/2023-insider-threat-report
IBM Security. "Cost of a Data Breach 2022." IBM Security, 1 Aug. 2022. Accessed 13 Feb. 2023. https://www.ibm.com/downloads/cas/3R8N1DZJ
Mell, Peter & Grance, Tim. "The NIST Definition of Cloud Computing." NIST CSRC NIST, Sept. 2011. Accessed 7 Feb. 2023. https://csrc.nist.gov/publications/detail/sp/800-145/final
Microsoft. "Plan for Data Loss Prevention (DLP)." Microsoft 365 Solutions and Architecture Microsoft, 6 Feb. 2023. Accessed 14 Feb. 2023. https://learn.microsoft.com/en-us/microsoft-365/compliance/dlp-overview-plan-for-dlp
Nanchengwa, Christopher. "The Four Questions for Successful DLP Implementation." ISACA Journal ISACA, 1 Jan. 2019. Accessed 6 Feb. 2023. https://www.isaca.org/resources/isaca-journal/issues/2019/volume-1/the-four-questions-for-successful-dlp-implementation
Palo Alto Networks. "The State of Cloud Native Security 2023." Palo Alto Networks, 2 March 2023. Accessed 23 March 2023. https://www.paloaltonetworks.com/content/dam/pan/en_US/assets/pdf/reports/state-of-cloud-native-security-2023.pdf
Pritha. "Top Six Metrics for your Data Loss Prevention Program." CISO Platform, 27 Nov. 2019. Accessed 10 Feb. 2023. https://www.cisoplatform.com/profiles/blogs/top-6-metrics-for-your-data-loss-prevention-program
Raghavarapu, Mounika. "Understand DLP Key Use Cases." Cymune, 12 June 2021. Accessed 7 Feb. 2023. https://www.cymune.com/blog-details/DLP-key-use-cases
Sheela, G. P., & Kumar, N. "Data Leakage Prevention System: A Systematic Report." International Journal of Recent Technology and Engineering BEIESP, 30 Nov. 2019. Accessed 2 March 2023. https://www.ijrte.org/wp-content/uploads/papers/v8i4/D6904118419.pdf
Sujir, Shiv. "What is Data Loss Prevention? Complete Guide [2022]." Pathlock, 15 Sep. 2022. Accessed 7 February 2023. https://pathlock.com/learn/what-is-data-loss-prevention-complete-guide-2022/
Wlosinski, Larry G. "Data Loss Prevention - Next Steps." ISACA Journal, 16 Feb. 2018. Accessed 21 Feb. 2023. https://www.isaca.org/resources/isaca-journal/issues/2018/volume-1/data-loss-preventionnext-steps
To remain competitive, enterprises must deliver products and services like a startup or a digital native enterprise. This requires enterprises to:
Organizations that implement this project will draw benefits in the following aspects:
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Collect data and stats that will help build a narrative for digital factory.
Discuss purpose, mission, organizational support, and leadership.
Discuss organizational structure, management, culture, teams, environment, technology, and KPIs.
Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.
Understand and gather data and stats for factors impacting digital transformation.
Develop a narrative for the digital factory.
Identification of key pain points and data collected
Narrative to support the digital factory
1.1 Understand the importance and urgency of digital transformation (DX).
1.2 Collect data and stats on the progress of DX initiatives.
1.3 Identify the factors that hamper DX and tie them to data/stats.
1.4 Build the narrative for the digital factory (DF) using the data/stats.
Identification of factors that hamper DX
Data and stats on progress of DX
Narrative for the digital factory
Discuss the factors that impact the success of establishing a digital factory.
A solid understanding and awareness that successful digital factories have clarity of purpose, organizational support, and sound leadership.
2.1 Discuss
2.2 Discuss what organizational support the digital factory will require and align and commit to it.
2.3 Discuss reference models to understand the dynamics and the strategic investment.
2.4 Discuss leadership for the digital age.
DF purpose and mission statements
Alignment and commitment on organizational support
Understanding of competitive dynamics and investment spread
Develop the profile of a digital leader
Understand the fundamentals of the operating model.
Understand the gaps and formulate the strategies.
Design of structure and organization
Design of culture aligned with organizational goals
Management practices aligned with the goals of the digital factory
3.1 Discuss structure and organization and associated organizational pathologies, with focus on hierarchy and silos, size and complexity, and project-centered mindset.
3.2 Discuss the importance of culture and its impact on productivity and what shifts will be required.
3.3 Discuss management for the digital factory, with focus on governance, rewards and compensation, and talent management.
Organizational design in the context of identified pathologies
Cultural design for the DF
Management practices and governance for the digital factory
Roles/responsibilities for governance
Understand the fundamentals of the operating model.
Understand the gaps and formulate the strategies.
Discuss agile teams and the roles for DF
Environment design that supports productivity
Understanding of existing and new platforms
4.1 Discuss teams and various roles for the DF.
4.2 Discuss the impact of the environment on productivity and satisfaction and discuss design factors.
4.3 Discuss technology and tools, focusing on existing and future platforms, platform components, and organization.
4.4 Discuss design of meaningful metrics and KPIs.
Roles for DF teams
Environment design factors
Platforms and technology components
Meaningful metrics and KPIs
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Define the current state of your data protection practices by documenting the backup process and identifying problems and opportunities for the desired state.
Understand the business priorities.
Determine the desired state.
Explore the component of governance required.
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.
Understand the drivers for your product transformation.
Define the drivers for your transition to product-centric delivery.
1.1 What is driving your organization to become product focused?
List of challenges and drivers
Understand the product transformation journey and differences.
Identify the cultural, behavioral, and leadership changes needed for a successful transformation.
2.1 Define the differences between projects and product delivery
List of differences
Understand why smaller iterations increase value realization and decrease accumulated risk.
Leverage smaller iterations to reduce time to value and accumulated risk to core operations.
3.1 What is business agility?
Common understanding about the value of smaller iterations
Establish an organizational starting definition of products.
Tailor product management to meet the needs and vision of your organization.
4.1 What is a product? Who are your consumers?
4.2 Identify enablers and blockers of product ownership
4.3 Define a set of guiding principles for product management
Product definition
List of enablers and blockers of product ownership
Set of guiding principles for product management
Understand the relationship between product management and product delivery.
Optimize product management to prioritize the right changes for the right people at the right time.
5.1 Discussions
Common understanding
Personalize and commit to supporting product teams.
Embrace leadership and cultural changes needed to empower and support teams.
6.1 Your management culture
6.2 Personal Cultural Stop, Start, and Continue
6.3 Now, Next, Later to support product owners
Your management culture map
Personal Cultural Stop, Start, and Continue list
Now, Next, Later roadmap
To develop a common understanding and foundation for product management so we, as leaders, better understand how to lead product owners, product managers, and their teams.
Learn how enterprise agility can provide lasting value to the organization
Repeat workshops with different companies, operating units, departments, or teams as needed.
We WILL ENGAGE in discussions and activities:
This workshop will NOT be:
Facilitators
Participants
Your Challenge
Common Obstacles
Info-Tech's Approach
Info-Tech's approach will guide you through:
Capture in the Enable Product Delivery – Executive Leadership Workshop Outcomes and Next Steps.
Input
Output
Capture in the Enable Product Delivery – Executive Leadership Workshop Outcomes and Next Steps.
Output
Project Delivery | vs | Product Delivery |
---|---|---|
Point in time | What is changed | |
Method of funding changes | Needs an owner | |
Output
Capture in the Enable Product Delivery – Executive Leadership Workshop Outcomes and Next Steps.
Project | Product | ||
---|---|---|---|
Fund Projects | Funding | → | Fund Products or Teams |
Line of Business Sponsor | Prioritization | → | Product Owner |
Makes Specific Changes | Product Management | → | Improve Product Maturity |
Assign People to Work | Work Allocation | → | Assign Work |
Project Manager Manages | Capacity Management | → | Team Manages Capacity |
Product delivery requires significant shifts in the way you complete development work and deliver value to your users. Make the changes that support improving end user value and enterprise alignment.
Regardless of whether you recognize yourself as a "product-based" or "project-based" shop, the same basic principles should apply.
You go through a period or periods of project-like development to build a version of an application or product.
You also have parallel services along with your project development, which encompass the more product-based view. These may range from basic support and maintenance to full-fledged strategy teams or services like sales and marketing.
In Deliver on Your Digital Product Vision, we demonstrate how the product roadmap is core to value realization. The product roadmap is your communicated path, and as a product owner, you use it to align teams and changes to your defined goals while aligning your product to enterprise goals and strategy.
Adapted from: Pichler, "What Is Product Management?"
The quality of your product backlog – and your ability to realize business value from your delivery pipeline – is directly related to the input, content, and prioritization of items in your product roadmap.
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Organize your VMI and document internal processes, relationships, roles, and responsibilities. The main outcomes from this phase are organizational documents, a baseline VMI maturity level, and a desired future state for the VMI.
Configure and create the tools and templates that will help you run the VMI. The main outcomes from this phase are a clear understanding of which vendors are important to you, the tools to manage the vendor relationships, and an implementation plan.
Begin operating the VMI. The main outcomes from this phase are guidance and the steps required to implement your VMI.
Identify what the VMI should stop doing, start doing, and continue doing as it improves and matures. The main outcomes from this phase are ways to advance the VMI and maintain internal alignment.
Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.
Getting Organized
Defined Roles and Goals for the VMI
1.1 Mission Statement and Goals
1.2 Scope
1.3 Strengths and Obstacles
1.4 Roles and Responsibilities – OIC Chart
1.5 Process Mapping
1.6 Vendor Inventory Tool (Overview)
Completed Mission Statement and Goals
List of Items In Scope and Out of Scope for the VMI
List of Strengths and Obstacles for the VMI
Completed OIC Chart
Sample Process Map for One Process
Begun Using Vendor Inventory Tool
Build VMI Tools and Templates
Configured Tools and Templates for the VMI Based on Its Roles and Goals
2.1 Maturity Assessment
2.2 Structure and Job Descriptions
2.3 Attributes of a Valuable Vendor
2.4 Classification Model
2.5 Risk Assessment Tool
2.6 Scorecards and Feedback
2.7 Business Alignment Meeting Agenda
Completed Maturity Assessment.
Sample Job Descriptions and Phrases.
List of Attributes of a Valuable Vendor.
Configured Classification Model.
Configured Risk Assessment Tool.
Configured Scorecard and Feedback Questions.
Configured Business Alignment Meeting Agenda.
Continue Building VMI Tools and Templates
Configured Tools and Templates for the VMI Based on Its Roles and Goals
3.1 Relationship Alignment Document
3.2 Vendor Orientation
3.3 Policies and Procedures
3.4 3-Year Roadmap
3.5 90-Day Plan
3.6 Quick Wins
3.7 Reports
3.8 Kickoff Meeting
Relationship Alignment Document Sample and Checklist
Vendor Orientation Checklist
Policies and Procedures Checklist
Completed 3-Year Roadmap
Completed 90-Day Plan
List of Quick Wins
List of Reports
Review the Past 12 Months of VMI Operations and Improve
Keeping the VMI Aligned With the Organization’s Goals and Ensuring the VMI Is Leveraging Leading Practices
4.1 Develop/Improve Vendor Relationships.
4.2 Assess Compliance.
4.3 Incorporate Leading Practices.
4.4 Leverage Lessons Learned.
4.5 Maintain Internal Alignment.
4.6 Update Governances.
When you read the phrase “vendor management,” what comes to mind? This isn’t a rhetorical question. Take your time … I’ll wait.
Unfortunately, those words conjure up a lot of different meanings, and much of that depends on whom you ask. Those who work in the vendor management field will provide a variety of answers. To complicate matters, those who are vendor management “outsiders” will have a totally different view of what vendor management is. Why is this important? Because we need a common definition to communicate more effectively, even if the definition is broad.
Let’s start creating a working definition that is not circular. Vendor management is not simply managing vendors. That expression basically reorders the words and does nothing to advance our cause; it only adds to the existing confusion surrounding the concept.
Vendor management is best thought of as a spectrum or continuum with many points rather than a specific discipline like accounting or finance. There are many functions and activities that fall under the umbrella term of vendor management: some of them will be part of your vendor management initiative (VMI), some will not, and some will exist in your organization but be outside the VMI. This is the unique part of vendor management – the part that makes it fun, but also the part that leads to the confusion. For example, accounts payable sits within the accounting department almost exclusively, but contract management can sit within or outside the VMI. The beauty of vendor management is its flexibility; your VMI can be created to meet your specific needs and goals while leveraging common vendor management principles.
Every conversation around vendor management needs to begin with “What do you mean by that?” Only then can we home in on the scope and nature of what people are discussing. “Managing vendors” is too narrow because it often ignores many of the reasons organizations create VMIs in the first place: to reduce costs, to improve performance, to improve processes, to improve relationships, to improve communication, and to manage risk better.
Vendor management is a strategic initiative that takes the big picture into account … navigating the cradle to grave lifecycle to get the most out of your interactions and relationships with your vendors. It is flexible and customizable; it is not plug and play or overly prescriptive. Tools, principles, templates, and concepts are adapted rather than adopted as is. Ultimately, you define what vendor management is for your organization.
We look forward to helping you on your vendor management journey no matter what it looks like. But first, let’s have a conversation about how you want to define vendor management in your environment.
Phil Bode
Principal Research Director, Vendor Management
Info-Tech Research Group
Each year, IT organizations “outsource” tasks, activities, functions, and other items. During 2021:
*Source: Information Services Group, Inc., 2022.
This leads to more spend, less control, and more risk for IT organizations. Managing this becomes a higher priority for IT, but many IT organizations are ill-equipped to do this proactively.As new contracts are negotiated and existing contracts are renegotiated or renewed, there is a perception that the contracts will yield certain results, output, performance, solutions, or outcomes. The hope is that these will provide a measurable expected value to IT and the organization. Oftentimes, much of the expected value is never realized. Many organizations don’t have a VMI to help:
Vendor management is a proactive, cross-functional lifecycle. It can be broken down into four phases:
The Info-Tech process addresses all four phases and provides a step-by-step approach to configure and operate your VMI. The content in this blueprint helps you quickly establish your VMI and set a solid foundation for its growth and maturity.
Vendor management is not a one-size-fits-all initiative. It must be configured:
Spend on managed service providers and as-a-service providers continues to increase. In addition, IT services vendors continue to be active in the mergers and acquisitions arena. This increases the need for a VMI to help with the changing IT vendor landscape. In 2021, there was increases of:
Spend on As-a-Service Providers
Spend on Managed Services Providers
IT Services Merger & Acquisition Growth (Transactions)
Source: Information Services Group, Inc., 2022.
When organizations execute, renew, or renegotiate a contract, there is an “expected value” associated with that contract. Without a robust VMI, most of the expected value will never be realized. With a robust VMI, the realized value significantly exceeds the expected value during the contract term.
Source: Based on findings from Geller & Company, 2003.
A sound, cyclical approach to vendor management will help you create a VMI that meets your needs and stays in alignment with your organization as they both change (i.e. mature and grow).
Phase 1: Plan | Phase 2: Build | Phase 3: Run | Phase 4: Review | |
---|---|---|---|---|
Phase Steps |
1.1 Mission Statement and Goals 1.2 Scope 1.3 Strengths and Obstacles 1.4 Roles and Responsibilities 1.5 Process Mapping 1.6 Charter 1.7 Vendor Inventory 1.8 Maturity Assessment 1.9 Structure |
2.1 Classification Model |
3.1 Classify Vendors |
4.1 Assess Compliance |
Phase Outcomes |
This phase helps you organize your VMI and document internal processes, relationships, roles, and responsibilities. The main outcomes from this phase are organizational documents, a baseline VMI maturity level, and a desired future state for the VMI. | This phase helps you configure and create the tools and templates that will help you run the VMI. The main outcomes from this phase are a clear understanding of which vendors are important to you, the tools to manage the vendor relationships, and an implementation plan. | This phase helps you begin operating the VMI. The main outcomes from this phase are guidance and the steps required to implement your VMI. | This phase helps the VMI identify what it should stop doing, start doing, and continue doing as it improves and matures. The main outcomes from this phase are ways to advance the VMI and maintain internal alignment. |
Vendor management is not “plug and play” – each organization’s vendor management initiative (VMI) needs to fit its culture, environment, and goals. While there are commonalities and leading practices associated with vendor management, your initiative won’t look exactly like another organization’s. The key is to adapt vendor management principles to fit your needs.
All vendors are not of equal importance to your organization. Internal resources are a scarce commodity and should be deployed so that they provide the best return on the organization’s investment. Classifying or segmenting your vendors allows you to focus your efforts on the most important vendors first, allowing your VMI to have the greatest impact possible.
Having a solid foundation is critical to the VMI’s ongoing success. Whether you will be creating a formal vendor management office or using vendor management techniques, tools, and templates “informally,” starting with the basics is essential. Make sure you understand why the VMI exists and what it hopes to achieve, what is in and out of scope for the VMI, what strengths the VMI can leverage and the obstacles it will have to address, and how it will work with other areas within your organization.
The four phases of creating and running a vendor management initiative are supported with configurable tools, templates, and checklists to help you stay aligned internally and achieve your goals.
VMI Tools and Templates
Build a solid foundation for your VMI and configure tools and templates to help you manage your vendor relationships.
A suite of tools and templates to help you create and implement your vendor management initiative.
Baseline metrics will be improved through:
Using the Maturity Assessment and 90-Day Plan tools, track how well you are able to achieve your goals and objectives:
1-Year Maturity Roadmap(by Category) | Target Maturity (Total Points) | Actual Maturity (Total Points) |
---|---|---|
Contracts | 12 | 12 |
Risk | 8 | 7 |
Vendor Selection | 9 | 9 |
Vendor Relationships | 21 | 21 |
VMI Operations | 24 | 16 |
90-Day Plan (by Activity) | Activity Completed |
---|---|
Finalize mission and goals; gain executive approval | Yes |
Finalize OIC chart; gain buy-in from other departments | Yes |
Classify top 40 vendors by spend | Yes |
Create initial scorecard | Yes |
Develop the business alignment meeting agenda | Yes |
Conduct two business alignment meetings | No |
Update job descriptions | Yes |
Map two VMI processes | No |
“Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful.”
“Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track.”
“We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place.”
“Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project.”
What does a typical GI on this topic look like?
Phase 1 | Phases 2 & 3 | Phase 4 | |
---|---|---|---|
Call #1: Mission statement and goals, scope, and strengths and obstacles. |
Call #5: Classification model. |
Call #9: Policies and procedures and reports. |
Call #12: Assess compliance, incorporate leading practices, leverage lessons learned, maintain internal alignment, and update governances. |
Call #2: Roles and responsibilities and process mapping. |
Call #6: Risk assessment. |
Call #10: 3-year roadmap. |
|
Call #3: Charter and vendor inventory. |
Call #7: Scorecards and feedback and business alignment meetings. |
Call #11: 90-day plan and quick wins. |
|
Call #4: Maturity assessment and VMI structure. |
Call #8: Relationship alignment document, vendor orientation, and job descriptions. |
Contact your account representative for more information.
workshops@infotech.com 1-888-670-8889
Day 1 | Day 2 | Day 3 | Day 4 | |
---|---|---|---|---|
Plan | Plan/Build/Run | Build/Run | Review | |
Activities |
1.1 Mission Statement and Goals 1.2 Scope 1.3 Strengths and Obstacles 1.4 Roles and Responsibilities 1.5 Process Mapping 1.6 Charter 1.7 Vendor Inventory 1.8 Maturity Assessment 1.9 Structure |
2.1 Classification Model |
3.1 Classify Vendors |
4.1 Assess Compliance |
Deliverables |
|
|
|
1.1 Mission Statement and Goals
1.2 Scope
1.3 Strengths and Obstacles
1.4 Roles and Responsibilities
1.5 Process Mapping
1.6 Charter
1.7 Vendor Inventory
1.8 Maturity Assessment
1.9 Structure
Phase 1 | Phase 2 | Phase 3 | Phase 4 |
---|---|---|---|
1.1 Mission Statement and Goals 1.2 Scope 1.3 Strengths and Obstacles 1.4 Roles and Responsibilities 1.5 Process Mapping 1.6 Charter 1.7 Vendor Inventory 1.8 Maturity Assessment 1.9 Structure |
2.1 Classification Model |
3.1 Classify Vendors |
4.1 Assess Compliance |
Organize your VMI and document internal processes, relationships, roles, and responsibilities. The main outcomes from this phase are organizational documents, a baseline VMI maturity level, and a desired future state for the VMI.
Phase 1: Plan focuses on getting organized. Foundational elements (mission statement, goals, scope, strengths and obstacles, roles and responsibilities, and process mapping) will help you define your VMI. These and the other elements of this Phase will follow you throughout the process of standing up your VMI and running it.
Spending time up front to ensure that everyone is on the same page will help avoid headaches down the road. The tendency is to skimp (or even skip) on these steps to get to “the good stuff.” To a certain extent, the process provided here is like building a house. You wouldn’t start building your dream home without having a solid blueprint. The same is true with vendor management. Leveraging vendor management tools and techniques without the proper foundation may provide some benefit in the short term, but in the long term it will ultimately be a house of cards waiting to collapse.
Whether you are starting your vendor management journey or are already down the path, it is important to know why the vendor management initiative exists and what it hopes to achieve. The easiest way to document this is with a written declaration in the form of a mission statement and goals. Although this is the easiest way to proceed, it is far from easy.
The mission statement should identify at a high level the nature of the services provided by the VMI, who it will serve, and some of the expected outcomes or achievements. The mission statement should be no longer than one or two sentences.
The complement to the mission statement is the list of goals for the VMI. Your goals should not be a reassertion of your mission statement in bullet format. At this stage it may not be possible to make them SMART (Specific, Measurable, Achievable/Attainable, Relevant, Time-Bound/Time-Based), but consider making them as SMART as possible. Without some of the SMART parameters attached, your goals are more like dreams and wishes. At a minimum, you should be able to determine the level of success achieved for each of the VMI goals.
Although the VMI’s mission statement will stay static over time (other than for significant changes to the VMI or organization as a whole), the goals should be re-evaluated periodically using a SMART filter and adjusted as needed.
Regardless of where your VMI resides or how it operates, it will be working with other areas within your organization. Some of the activities performed by the VMI will be new and not currently handled by other groups or individuals internally; at the same time, some of the activities performed by the VMI may be currently handled by other groups or individuals internally. In addition, executives, stakeholders, and other internal personnel may have expectations or make assumptions about the VMI. As a result, there can be a lot of confusion about what the VMI does and doesn’t do, and the answers cannot always be found in the VMI’s mission statement and goals.
One component of helping others understand the VMI landscape is formalizing the VMI scope. The scope will define boundaries for the VMI. The intent is not to fence itself off and keep others out but provide guidance on where the VMI’s territory begins and ends. Ultimately, this will help clarify the VMI’s roles and responsibilities, improve workflow, and reduce errant assumptions.
When drafting your VMI scoping document, make sure you look at both sides of the equation (similar to what you would do when following best practices for a statement of work): Identify what is in scope and what is out of scope. Be specific when describing the individual components of the VMI scope, and make sure executives and stakeholders are on board with the final version.
A SWOT analysis (strengths, weaknesses, opportunities, and threats) is a valuable tool, but it is overkill for your VMI at this point. However, using a modified and simplified form of this tool (strengths and obstacles) will yield significant results and benefit the VMI as it grows and matures.
Your output will be two lists: the strengths associated with the VMI and the obstacles facing the VMI. For example, strengths could include items such as smart people working within the VMI and executive support. Obstacles could include items such as limited headcount and training required for VMI staff.
The goals are 1) to harness the strengths to help the VMI be successful and 2) to understand the impact of the obstacles and plan accordingly. The output can also be used to enlighten executives and stakeholders about the challenges associated with their directives or requests (e.g. human bandwidth may not be sufficient to accomplish some of the vendor management activities and there is a moratorium on hiring until the next budget year).
For each strength identified, determine how you will or can leverage it when things are going well or when the VMI is in a bind. For each obstacle, list the potential impact on the VMI (e.g. scope, growth rate, and number of vendors that can actively be part of the VMI).
As you do your brainstorming, be as specific as possible and validate your lists with stakeholders and executives as needed.
Download the Info-Tech Jump – Phase 1 Tools and Templates Compendium
One crucial success factor for VMIs is gaining and maintaining internal alignment. There are many moving parts to an organization, and a VMI must be clear on the various roles and responsibilities related to the relevant processes. Some of this information can be found in the VMI’s scope, referenced in Step 1.2, but additional information is required to avoid stepping on each other’s toes since many of the processes require internal departments to work together. (For example, obtaining requirements for a request for proposal takes more than one person or one department to complete this process.) While it is not necessary to get too granular, it is imperative that you have a clear understanding of how the VMI activities will fit within the larger vendor management lifecycle (which is comprised of many sub processes) and who will be doing what.
As we have learned through our workshops and guided implementations, a traditional RACI* or RASCI* chart does not work well for this purpose. These charts are not intuitive, and they lack the specificity required to be effective. For vendor management purposes, a higher-level view and a slightly different approach provide much better results.
This step will lead your through the creation of an OIC* chart to determine vendor management lifecycle roles and responsibilities. Afterward, you’ll be able to say, “Oh, I see clearly who is involved in each part of the process and what their role is.”
*RACI – Responsible, Accountable, Consulted, Informed
*RASCI – Responsible, Accountable, Support, Consulted, Informed
*OIC – Owner, Informed, Contributor
To start, define the vendor management lifecycle steps or process applicable to your VMI. Next, determine who participates in the vendor management lifecycle. There is no need to get too granular – think along the lines of departments, subdepartments, divisions, agencies, or however you categorize internal operational units. Avoid naming individuals other than by title; this typically happens when a person oversees a large group (e.g. the CIO [chief information officer] or the CPO [chief procurement officer]). Be thorough, but the chart can get out of hand quickly. For each role and step of the lifecycle, ask whether the entry is necessary – does it add value to the clarity of understanding the responsibilities associated with the vendor management lifecycle? Consider two examples, one for roles and one for lifecycle steps: 1) Is IT sufficient or do you need IT Operations and IT Development? 2) Is “negotiate contract documents” sufficient or do you need “negotiate the contract” and “negotiate the renewal”? The answer will always depend on your culture and environment, but be wary of creating a spreadsheet that requires an 85-inch monitor to view it in its entirety.
After defining the roles (departments, divisions, agencies) and the vendor management lifecycle steps or process, assign one of three letters to each box in your chart:
This activity can be started by the VMI or done as a group with representatives from each of the named roles. If the VMI starts the activity, the resulting chart should be validated by the each of the named roles.
Download the Info-Tech Jump – Phase 1 Tools and Templates Compendium
Although policies and procedures are important, their nature can make it difficult to grasp how things work at a high level (or even at the detail level). To help bridge the gap, map the applicable processes (determined by how deep and wide you want to go) involving the VMI. To start, look at the OIC chart from Step 1.4. You can expand the breadth and depth of your mapping to include the VMI scope, the 3-year roadmap (see Step 2.9), and the processes driven by the day-to-day work within the VMI.
Various mapping tools can be used. Three common approaches that can be mixed and matched are:
Your goal is not to create an in-depth diagram for every step of the vendor management lifecycle. However, for steps owned by the VMI, the process map should include sufficient details for the owner and the contributors (see Step 1.4) to understand what is required of them to support that step in the lifecycle.
For VMI processes that don’t interact with other departments, follow the same pattern as outlined above for steps owned by the VMI.
Whatever methodology you use to create your process map, make sure it includes enough details so that readers and users can identify the following elements:
Download the Info-Tech Jump – Phase 1 Tools and Templates Compendium
As you continue getting organized by working through steps 1.1-1.5, you may want to document your progress in a charter and add some elements. Basically, a charter is a written document laying out how the VMI will operate within the organization. It clearly states the VMI’s mission, goals, scope, roles and responsibilities, and vendor governance model. In addition, it can include a list of team members and sponsors.
Whether you create a VMI charter will largely depend on:
If you decide to create a VMI charter, this is a good place in the process to create an initial draft. As you continue working through the blueprint and your VMI matures, update the VMI charter as needed.
VMI Charter:
Download the Info-Tech Jump – Phase 1 Tools and Templates Compendium
As you prepare your VMI for being operational, it’s critical to identify all of your current vendors providing IT products or services to the organization. This can be tricky and may depend on how you view things internally. For example, you may have traditional IT vendors that are managed by IT, and you may have IT vendors that are managed by other internal departments (shadow IT or out-in-the-open IT). If it wasn’t determined with the help of stakeholders and executives before now, make sure you establish the purview of the VMI at this point. What types of vendors are included and excluded from the VMI?
You may find that a vendor can be included and excluded based on the product or service they provide. A vendor may provide a service that is managed by IT and a service that is managed/controlled by another department. In this instance, a good working relationship and clearly defined roles and responsibilities between the VMI and the other department will be required. But, it all starts with compiling a list of vendors and validating the VMI’s purview (and any limitations) for the vendors with stakeholders and executives.
At a minimum, the VMI should be able to quickly retrieve key information about each of “its” vendors:
Not all of this information will be available at this point, but you can begin designing or configuring your tool to meet your needs. As your VMI enters Phase 3: Run and continues to mature, you will return to this tool and update the information. For example, the vendor classification category won’t be known until Phase 3, and it can change over time.
Meet with the participants and review the Jump – Phase 1 Tools and Templates Compendium, Tab 1.7 Vendor Inventory. Determine whether the VMI wants to collect and/or monitor additional information and make any necessary modifications to the tool.
Enter the “Annual IT Vendor Spend” amount in the appropriate cell toward the top of the spreadsheet. This is for IT spend for vendor-related activities within the VMI’s scope; include shadow IT spend and “non-shadow” IT spend if those vendors will be included in the VMI’s scope.
Populate the data fields for your top 50 vendors by annual spend; you may need multiple entries for the same vendor depending on the nature of the products and services they provide.
Ignore the “Classification” column for now; you will return to this later when classification information is available.
Ignore the “Percentage of IT Budget” column as well; it uses a formula to calculate this information.
Download the Info-Tech Jump – Phase 1 Tools and Templates Compendium
Knowing where you are and where you want to go are essential elements for any journey in the physical world, and the same holds true for your VMI journey. Start by assessing your current-state VMI maturity. This will provide you with a baseline to measure progress against. Next, using the same criteria, determine the level of VMI maturity you would like to achieve one year in the future. This will be your future-state VMI maturity. Lastly, identify the gaps and plot your course.
The maturity assessment provides three main benefits:
The Info-Tech VMI Maturity Assessment tool evaluates your maturity across several criteria across multiple categories. Once completed, the assessment will specify:
Many organizations will be tempted to mature too quickly. Resource constraints and other items from Step 1.3 (Strengths and Obstacles) will impact how quickly you can mature. Being aggressive is fine, but it must be tempered with a dose of reality. Otherwise, morale, perception, and results can suffer.
There are two parts to the VMI structure:
VMI Organization Structure
The decision regarding who owns the VMI can follow one of two paths:
Many organizations overlook the importance of this decision. The VMI’s position on the organization chart can aid or hinder its success. Whether the decision has already been made or not, this is the perfect time to evaluate the decision or options based on the following question: Why is the VMI being created and how will it operate? Review the documents you created during Steps 1.1-1.8 and other factors to answer this question.
Based on your work product from Steps 1.1-1.8 and other factors, select where the VMI will be best located from the following areas/offices or their equivalent:
Without the proper support and placement in the organization chart, the VMI can fail. It is important for the VMI to find a suitable home with a direct connection to one of the sponsors identified above and for the VMI lead to have significant stature (aka title) within the organization. For example, if the VMI lead is a “manager” level who is four reporting layers away from the chief officer/sponsor, the VMI will have an image issue within and outside of the sponsor’s organization (as well as within the vendor community). While this is not to say that the VMI lead should be a vice president* or senior director, our experience and research indicate that the VMI and the VMI lead will be taken more seriously when the VMI lead is at least a director level reporting directly to a CXO.
*For purposes of the example above, the reporting structure hierarchy used is manager, senior manager, director, senior director, vice president, CXO.
VMI Reporting Structure
As previously mentioned, the VMI reporting structure describes and identifies the job functions, titles, and lines of accountability. Whether you have a formal vendor management office or you are leveraging the principles of vendor management informally, your VMI reporting structure design will involve some solid lines and some dotted lines. In this instance, the dotted lines represent part-time participation or people/areas that will assist the VMI in some capacity. For example, if the VMI sits within IT, a dotted line to Procurement will show that a good working relationship is required for both parties to succeed; or a dotted line to Christina in Legal will indicate that Christina will be helping the VMI with legal issues.
There is no one-size-fits-all reporting structure for VMIs, and your approach must leverage the materials from Steps 1.1-1.8, your culture, and your needs. By way of example, your VMI may include some or all of the following functions:
Once you’ve identified the functional groups, you can assign titles, responsibilities, and reporting relationships. A good diagram goes a long way to helping others understand your organization. Traditional organization charts work well with VMIs, but a target diagram allows for rapid absorption of the dotted-line relationships. Review the two examples below and determine an approach that works best for you.
![]() |
![]() |
Phase 1 | Phase 2 | Phase 3 | Phase 4 |
---|---|---|---|
1.1 Mission Statement and Goals 1.2 Scope 1.3 Strengths and Obstacles 1.4 Roles and Responsibilities 1.5 Process Mapping 1.6 Charter 1.7 Vendor Inventory 1.8 Maturity Assessment 1.9 Structure | 2.1 Classification Model | 3.1 Classify Vendors | 4.1 Assess Compliance |
Configure and create the tools and templates that will help you run the VMI. The main outcomes from this phase are a clear understanding of which vendors are important to you, the tools to manage the vendor relationships, and an implementation plan.
Phase 2: Build focuses on creating and configuring the tools and templates that will help you run your VMI. Vendor management is not a plug-and-play environment, and unless noted otherwise, the tools and templates included with this blueprint require your input and thought. The tools and templates must work in concert with your culture, values, and goals. That will require teamwork, insights, contemplation, and deliberation.
During this Phase, you’ll leverage the various templates and tools included with this blueprint and adapt them for your specific needs and use. In some instances, you’ll be starting with mostly a blank slate; while in others, only a small modification may be required to make it fit your circumstances. However, it is possible that a document or spreadsheet may need heavy customization to fit your situation. As you create your VMI, use the included materials for inspiration and guidance purposes rather than as absolute dictates.
One of the functions of a VMI is to allocate the appropriate level of vendor management resources to each vendor since not all vendors are of equal importance to your organization. While some people may be able intuitively to sort their vendors into vendor management categories, a more objective, consistent, and reliable model works best. Info-Tech’s COST model helps you assign your vendors to the appropriate vendor management category so that you can focus your vendor management resources where they will do the most good.
COST is an acronym for Commodity, Operational, Strategic, and Tactical. Your vendors will occupy one of these vendor management categories, and each category helps you determine the nature of the resources allocated to that vendor, the characteristics of the relationship desired by the VMI, and the governance level used.
The easiest way to think of the COST model is as a 2x2 matrix or graph. The model should be configured for your environment so that the criteria used for determining a vendor’s classification align with what is important to you and your organization. However, at this point in your VMI’s maturation, a simple approach works best. The Classification Model included with this blueprint requires minimal configuration to get you started and that is discussed on the activity slide associated with this Step 2.1.
↑ Speed ↑ |
Operational | Strategic |
---|---|---|
Commodity | Tactical | |
→→→ Criticality and Risk to the Organization |
Operational | Strategic |
---|---|
|
|
Commodity | Tactical |
|
|
Source: Compiled in part from Stephen Guth, “Vendor Relationship Management Getting What You Paid for (And More)”
Download the Info-Tech Jump – Phase 2 Vendor Risk Assessment Tool
One of the typical drivers of a VMI is risk management. Organizations want to get a better handle on the various risks their vendors pose. Vendor risks originate from many areas: financial, performance, security, legal, and many others. However, security risk is the high-profile risk and the one organizations often focus on almost exclusively, which leaves the organization vulnerable in other areas.
Risk management is a program, not a project – there is no completion date. A proactive approach works best and requires continual monitoring, identification, and assessment. Reacting to risks after they occur can be costly and can have other detrimental effects on the organization. Any risk that adversely affects IT will adversely affect the entire organization.
While the VMI won’t necessarily be quantifying or calculating the risk directly, it generally is the aggregator of risk information across the risk categories, which it then includes in its reporting function. (See Steps 2.12 and 3.8.)
At a minimum, your risk management strategy should involve:
Vendor risk is a fact of life, but you do have options for how you handle it. Be proactive and thoughtful in your approach, and focus your resources on what is important.
Download the Info-Tech Jump – Phase 2 Vendor Risk Assessment Tool
A vendor management scorecard is a great tool for measuring, monitoring, and improving relationship alignment. In addition, it is perfect for improving communication between you and the vendor.
Conceptually, a scorecard is similar to a report card you received when you were in school. At the end of a learning cycle, you received feedback on how well you did in each of your classes. For vendor management, the scorecard is also used to provide periodic feedback, but there are some different nuances and some additional benefits and objectives when compared to a report card.
Although scorecards can be used in a variety of ways, the main focus here will be on vendor management scorecards – contract management, project management, and other types of scorecards will not be included in the materials covered in this Step 2.3 or in Step 3.4.
Category 1 | Score | ||
---|---|---|---|
Vendor | Objective A | 4 | ↓ |
Objective B | 3 | ↓ | |
Objective C | 5 | ↑ | |
Objective D | 4 | ! |
The Info-Tech Scorecard includes five areas:
An overall score is calculated based on the rating for each criteria and the measurement category weights.
Scorecards can be used for a variety of reasons. Some of the common ones are listed below:
Identifying your scorecard drivers first will help you craft a suitable scorecard.
Info-Tech recommends starting with simple scorecards to allow you and the vendors to acclimate to the new process and information. As you build your scorecards, keep in mind that internal personnel will be scoring the vendors and the vendors will be reviewing the scorecard. Make your scorecard easy for your personnel to fill out and composed of meaningful content to drive the vendor in the right direction. You can always make the scorecard more complex in the future.
Our recommendation of five categories is provided below. Choose three to five categories to help you accomplish your scorecard goals and objectives:
Some criteria may be applicable in more than one category. The categories above should cover at least 80% of the items that are important to your organization. The general criteria listed for each category is not an exhaustive list, but most things break down into time, money, quality, people, and risk issues.
*Source: The Decision Lab, 2020
After you’ve built your scorecard, turn your attention to the second half of the equation – feedback from the vendor. A communication loop cannot be successful without the dialogue flowing both ways. While this can happen with just a scorecard, a mechanism specifically geared toward the vendor providing you with feedback improves communication, alignment, and satisfaction.
You may be tempted to create a formal scorecard for the vendor to use. Our recommendation is to avoid that temptation until later in your maturity or development of the VMI. You’ll be implementing a lot of new processes, deploying new tools and templates, and getting people to work together in new ways. Work on those things first.
For now, implement an informal process for obtaining information from the vendor. Start by identifying information that you will find useful, information that will allow you to improve overall, to reduce waste or time, to improve processes, to identify gaps in skills. Incorporate these items into your business alignment meetings (see Steps 2.4 and 3.5). Create three to five good questions to ask the vendor and include these in the business alignment meeting agenda. The goal is to get meaningful feedback, and that starts with asking good questions.
Keep it simple at first. When the time is right, you can build a more formal feedback form or scorecard. Don’t be in a rush though. So long as the informal method works, keep using it.
Download the Info-Tech Jump – Phase 2 Tools and Templates Compendium
Download the Info-Tech Jump – Phase 2 Tools and Templates Compendium
A business alignment meeting (BAM) is a great, multi-faceted tool to ensure the customer and the vendor stay focused on what is important to the customer at a high level. BAMs are not traditional “operational” meetings where the parties get into the details of the contracts, deal with installation problems, address project management issues, or discuss specific cost overruns. The main focus of the BAM is the scorecard (see Step 2.3), but other topics are discussed and other purposes are served. For example, you can use the BAM to develop the relationship with the vendor’s leadership team so that if escalation is ever needed, your organization is more than just a name on a spreadsheet or customer list; you can learn about innovations the vendor is working on (without the meeting turning into a sales call); you can address high-level performance trends and request corrective action as needed; you can clarify your expectations; you can educate the vendor about your industry, culture, and organization; and you can learn more about the vendor.
As you build your BAM agenda, someone in your organization may say, “Oh, that’s just a quarterly business review (QBR) or top-to-top meeting.” However, in most instances, an existing QBR or top-to-top meeting is not the same as a BAM. Using the term QBR or top-to-top meeting instead of BAM can lead to confusion internally. The VMI may say to the business unit, Procurement, or another department, “We’re going to start running some QBRs for our strategic vendors.” The typical response is, “There’s no need to do that. We already run QBRs/top-to-top meetings with our important vendors.” This may be accompanied by an invitation to join their meeting, where you may be an afterthought, have no influence, and get five minutes at the end to talk about your agenda items. Keep your BAM separate so that it meets your needs.
As previously noted, using the term BAM more accurately depicts the nature of the VMI meeting and prevents confusion internally with other meetings already occurring. In addition, hosting the BAM yourself rather than piggybacking onto another meeting ensures that the VMI’s needs are met. The VMI will set and control the BAM agenda and determine the invite list for internal personnel and vendor personnel. As you may have figured out by now, having the right customer and vendor personnel attend will be essential.
BAMs are conducted at the vendor level … not the contract level. As a result, the frequency of the BAMs will depend on the vendor’s classification category (see Steps 2.1 and 3.1). General frequency guidelines are provided below, but they can be modified to meet your goals:
BAMs can help you achieve some additional benefits not previously mentioned:
As with any meeting, building the proper agenda will be one of the keys to an effective and efficient meeting. A high-level BAM agenda with sample topics is set out below:
Download the Info-Tech Jump – Phase 2 Tools and Templates Compendium
Throughout this blueprint, alignment is mentioned directly (e.g. business alignment meetings [Steps 2.4 and 3.5]) or indirectly implied. Ensuring you and your vendors are on the same page, have clear and transparent communication, and understand each other’s expectations is critical to fostering strong relationships. One component of gaining and maintaining alignment with your vendors is the relationship alignment document (RAD). Depending upon the scope of your VMI and what your organization already has in place, your RAD will fill in the gaps on various topics.
Early in the VMI’s maturation, the easiest approach is to develop a short document (i.e. 1 page) or a pamphlet (i.e. the classic trifold) describing the rules of engagement when doing business with your organization. The RAD can convey expectations, policies, guidelines, and other items. The scope of the document will depend on 1) what you believe is important for the vendors to understand, and 2) any other similar information already provided to the vendors.
The first step to drafting a RAD is to identify what information vendors need to know to stay on your good side. For example, you may want vendors to know about your gift policy (e.g. employees may not accept gifts from vendors above a nominal value such as a pen or mousepad). Next, compare your list of what vendors need to know and determine if the content is covered in other vendor-facing documents such as a vendor code of conduct or your website’s vendor portal. Lastly, create your RAD to bridge the gap between what you want and what is already in place. In some instances, you may want to include items from other documents to reemphasize them with the vendor community.
The RAD can be used with all vendors regardless of classification category. It can be sent directly to the vendors or given to them during vendor orientation (see Step 3.3)
Download the Info-Tech Jump – Phase 2 Tools and Templates Compendium
Your organization is unique. It may have many similarities with other organizations, but your culture, risk tolerance, mission, vision, and goals, finances, employees, and “customers” (those that depend on you) make it different. The same is true of your VMI. It may have similar principles, objectives, and processes to other organizations’ VMIs, but yours is still unique. As a result, your vendors may not fully understand your organization and what vendor management means to you.
Vendor orientation is another means to helping you gain and maintain alignment with your important vendors, educate them on what is important to you, and provide closure when/if the relationship with the vendor ends. Vendor orientation is comprised of three components, each with a different function:
Vendor orientation focuses on the vendor management pieces of the puzzle (e.g. the scorecard process) rather than the operational pieces (e.g. setting up a new vendor in the system to ensure invoices are processed smoothly).
Orientation is conceptually similar to new hire orientation for employees at your organization. Generally conducted as a meeting, orientation provides your vendors with the information they need to be successful when working with your organization. Sadly, this is often overlooked by customers; it can take months or years for vendors to figure it out by themselves. By controlling the narrative and condensing the timeline, vendor relationships and performance improve more rapidly.
A partial list of topics for orientation is set out below:
In short, this is the first step toward building (or continuing to build) a robust, collaborative, mutually beneficial relationship with your important vendors.
Reorientation is either identical or similar to orientation, depending upon the circumstances. Reorientation occurs for a number of reasons, and each reason will impact the nature and detail of the reorientation content. Reorientation occurs whenever:
As the name implies, the goal is to refamiliarize the vendor with your current VMI situation, governances, protocols, and expectations. The drivers for reorientation will help you determine its scope, scale, and frequency.
To continue the analogy from orientation, debrief is similar to an exit interview for an employee when their employment is terminated. In this case, debrief occurs when the vendor is no longer an active vendor with your organization – all contracts have terminated or expired, and no new business with the vendor is anticipated within the next three months.
Similar to orientation and reorientation, debrief activities will be based on the vendor’s classification category within the COST model. Strategic vendors don’t go away very often; usually, they transition to operational or tactical vendors first. However, if a strategic vendor is no longer providing products or services to you, dig a little deeper into their experiences and allocate extra time for the debrief meeting.
The debrief should provide you with feedback on the vendor’s experience with your organization and their participation in your VMI. In addition, it can provide closure for both parties since the relationship is ending. Be careful that the debrief does not turn into a finger-pointing meeting or therapy session for the vendor. It should be professional and productive; if it is going off the rails, terminate the meeting before more damage can occur.
End the debrief on a high note if possible. Thank the vendor, highlight its key contributions, and single out any personnel who went above and beyond. You never know when you will be doing business with this vendor again – don’t burn bridges!
Download the Info-Tech Jump – Phase 2 Tools and Templates Compendium
Based on your work product from Steps 1.1-1.9, it’s time to start drafting new or modifying existing job descriptions applicable to the VMI team members. Some of the VMI personnel may be dedicated full-time to the VMI, while others may be supporting the VMI on a part-time basis. At a minimum, create or modify your job descriptions based on the categories set out below. Remember to get the internal experts involved so that you stay true to your environment and culture.
This should align overall with what the person will be doing and what the person will be responsible for. Your hands may be tied with respect to titles, but try to make them intuitively descriptive if possible.
This is the main portion of the job description. List the duties, responsibilities, tasks, activities, and results expected. Again, there may be some limitations imposed by your organization, but be as thorough as possible.
This tends to be a gray area for many organizations, with the qualifications, certifications, and experience desired expressed in “ranges” so that good candidates are not eliminated from consideration unnecessarily.
Download the Info-Tech Jump – Phase 2 Tools and Templates Compendium
Policies and procedures are often thought of as boring documents that are 1) tedious to create, 2) seldom read after creation, and 3) only used to punish people when they do something “wrong.” However, when done well, these documents:
Policies and procedures are essential, but they are often confused with each other. A policy is a rule, guideline, or framework for making decisions. For example, in the vendor management space, you may want a policy indicating your organization’s view on gifts from vendors. A procedure is a set of instructions for completing a task or activity. For example, staying in the vendor management space, you may want a procedure to outline the process for classifying vendors.
Start With Your Policy/Procedure Template or Create One for Consistency
When creating policies and procedures, follow your template. If you don’t have one (or want to see if anything is missing from your template) the following list of potential components for your governance documents is provided.* Not every concept is required. Use your judgment and err on the side of caution when drafting; balance readability and helpfulness against over documenting and over complicating.
Although they are not ever going to be compared to page-turning novels, policies and procedures can be improved by following a few basic principles. By following the guidelines set out below, your VMI policies and procedures will contribute to the effectiveness of your initiative.*
*Adapted in part from smartsheet.com
Drafting policies and procedures is an iterative process that requires feedback from the organization’s leadership team.
Download the Info-Tech Jump – Phase 2 Tools and Templates Compendium
The VMI exists in many planes concurrently: 1) it operates both tactically and strategically, and 2) it focuses on different timelines or horizons (e.g. the past, the present, and the future). Creating a 3-year roadmap facilitates the VMI’s ability to function effectively across these multiple landscapes.
The VMI roadmap will be influenced by many factors. The work product from Phase 1: Plan, input from executives, stakeholders, and internal clients, and the direction of the organization as a whole are great sources of information as you begin to build your roadmap.
To start, identify what you would like to accomplish in Year 1. This is arguably the easiest year to complete: budgets are set (or you have a good idea what the budget will look like), personnel decisions have been made, resources have been allocated, and other issues impacting the VMI are known with a higher degree of certainty than any other year. This does not mean things won’t change during the first year of the VMI, but expectations are usually lower and the short event horizon makes things more predictable during the Year-1 ramp-up period.
Years 2 and 3 are more tenuous, but the process is the same: identify what you would like to accomplish or roll out in each year. Typically, the VMI maintains the Year 1 plan into subsequent years and adds to the scope or maturity. For example, you may start Year 1 with BAMs and scorecards for three of your strategic vendors; during Year 2, you may increase that to five vendors; and during Year 3, you may increase that to nine vendors. Or, you may not conduct any market research during Year 1, waiting to add it to your roadmap in Year 2 or 3 as you mature.
Breaking things down by year helps you identify what is important and the timing associated with your priorities. A conservative approach is recommended. It is easy to overcommit, but the results can be disastrous and painful.
Download the Info-Tech Jump – Phase 2 Tools and Templates Compendium
Now that you have prepared a 3-year roadmap, it’s time to take the most significant elements from the first year and create action plans for each three-month period. Your first 90-day plan may be longer or shorter if you want to sync to your fiscal or calendar quarters. Aligning with your fiscal year can make it easier for tracking and reporting purposes; however, the more critical item is to make sure you have a rolling series of four 90-day plans to keep you focused on the important activities and tasks throughout the year. The 90-day plan is a simple project plan that will help you measure, monitor, and report your progress. Use the Info-Tech tool to help you track:
The first 90-day plan will have the greatest level of detail and should be as thorough as possible; the remaining three 90-day plans will each have less detail for now. As you approach the middle of the first 90-day plan, start adding details to the next 90-day plan; toward the end of the first quarter add a high-level 90-day plan to the end of the chain. Continue repeating this cycle each quarter and consult the 3-year roadmap and the leadership team as necessary. |
![]() |
Download the Info-Tech Jump – Phase 2 Tools and Templates Compendium
As the final step in the timeline trilogy, you are ready to identify some quick wins for the VMI. Using the first 90-day plan and a brainstorming activity, create a list of things you can do in 15 to 30 days that add value to your initiative and build momentum.
As you evaluate your list of potential candidates, look for things that:
As you look for quick wins, you may find that everything you identify does not meet the criteria. That’s ok … don’t force the issue. Return your focus to the 90-day plan and 3-year roadmap, and update those documents if the brainstorming activity associated with this Step 2.11 identified anything new.
Download the Info-Tech Jump – Phase 2 Tools and Templates Compendium
Issuing reports is a critical piece of the VMI since the VMI is a conduit of information for the organization. It may be aggregating risk data from internal areas, conducting vendor research, compiling performance data, reviewing market intelligence, or obtaining relevant statistics, feedback, comments, facts, and figures from other sources. Holding onto this information minimizes the impact a VMI can have on the organization; however, the VMI’s internal clients, stakeholders, and executives can drown in raw data and ignore it completely if it is not transformed into meaningful, easily-digested information.
Before building a report, think about your intended audience:
Use the following guidelines to create reports that will resonate with your audience:
The report’s formatting and content display can make or break your reports.*
*Sources: Adapted and compiled in part from: designeclectic.com, ahrq.gov, and 60secondmarketer.com.
Download the Info-Tech Jump – Phase 2 Tools and Templates Compendium
Phase 1 | Phase 2 | Phase 3 | Phase 4 |
---|---|---|---|
1.1 Mission Statement and Goals 1.2 Scope 1.3 Strengths and Obstacles 1.4 Roles and Responsibilities 1.5 Process Mapping 1.6 Charter 1.7 Vendor Inventory 1.8 Maturity Assessment 1.9 Structure |
2.1 Classification Model |
3.1 Classify Vendors |
4.1 Assess Compliance |
Begin operating the VMI. The main outcomes from this phase are guidance and the steps required to implement your VMI.
All of the hard work invested in Phase 1: Plan and Phase 2: Build begins to pay off in Phase 3: Run. It’s time to stand up your VMI and ensure that the proper level of resources is devoted to your vendors and the VMI itself. There’s more hard work ahead, but the foundational elements are in place. This doesn’t mean there won’t be adjustments and modifications along the way, but you are ready to use the tools and templates in the real world; you are ready to begin reaping the fruits of your labor.
Phase 3: Run guides you through the process of collecting data, monitoring trends, issuing reports, and conducting effective meetings to:
Step 3.1 sets the table for many of the subsequent steps in Phase 3: Run. The results of your classification process will determine: which vendors go through the scorecarding process (Step 3.4); which vendors participate in BAMs (Step 3.5); the nature and content of the vendor orientation activities (Step 3.3); which vendors will be part of the risk measurement and monitoring process (Step 3.8); which vendors will be included in the reports issued by the VMI (Step 3.9); and which vendors you will devote relationship-building resources to (Step 3.10).
As you begin classifying your vendors, Info-Tech recommends using an iterative approach initially to validate the results from the classification model you configured in Step 2.1.
Additional classification considerations:
As your VMI matures, additional vendors will be part of the VMI. Review the table below and incorporate the applicable strategies into your deployment of vendor management principles over time. Stay true to your mission, goals, and scope, and remember that not all of your vendors are of equal importance.
Operational | Strategic |
---|---|
|
|
Commodity |
Tactical |
|
|
For decades, vendors have used the term “partner” to refer to the relationship they have with their clients and customers. In many regards, this is often an emotional ploy used by the vendors to get the upper hand. To fully understand the terms “partner” and “partnership” let’s evaluate them through two more-objective, less-cynical lenses.
If you were to talk to your in-house or outside legal counsel, you may be told that partners share in profits and losses, and they have a fiduciary obligation to each other. Unless there is a joint venture between the parties, you are unlikely to have a partnership with a vendor from this perspective.
What about a “business” partnership … one that doesn’t involve sharing profits and losses? What would that look like? Here are some indicators of a business partnership (or preferably a strategic alliance):
By now you might be thinking, “What’s all the fuss? Why does it matter?” At Info-Tech, we’ve seen firsthand how referring to the vendor as a partner can have the following impact:
Proceed with caution when using partner or partnership with your vendors. Understand how your organization benefits from using these terms and mitigate the negatives outlined above by raising awareness internally to ensure people understand the psychology behind the terms. Finally, use the term to your advantage when warranted by referring to the vendor as a partner when you want or need something that the vendor is reluctant to provide. Bottom line: Be strategic in how you refer to vendors and know the risks.
To be effective, your VMI needs executive support, a clear vision, appropriate governances and tools, personnel with the right skills, and other items discussed in this blueprint. However, the VMI doesn’t exist in a vacuum … it can’t sit back and be reactive. As part of being proactive, the VMI must be aware of its brand and “market” its services. An effective way to market the VMI is to conduct an internal kickoff meeting. There are at least a couple of ways to do this:
With either approach above or one of your choosing, keep in mind the following objectives for your kickoff meeting:
Host a kickoff meeting annually to kickoff the new year. Remind people of your story, announce successes from the past year, and indicate what the future year holds. Keep it brief, make it personal for the audience, and help them connect the names of VMI personnel to faces.
Based on the results from your vendor classification (Step 3.1) and your VMI deployment timeline, identify the vendors who will participate in the initial orientation meetings. Treat the orientation as a formal, required meeting for the vendors to attend. Determine the attendee list for your organization and the vendors, and send out invites. Ideally, you will want the account manager, a sales director or vice president, the “delivery” director or vice president, and an executive from the vendor in the meeting. From the customer side, you may need more than one or two people from the VMI to entice the vendor’s leadership team to attend; you may need attendance from your own leadership team to add weight or credibility to the meeting (unfortunately).
Before going into the meeting, make sure everyone on your side knows their roles and responsibilities, and review the agenda. Control the agenda or the meeting is likely to get out of hand and turn into a sales call.
Conduct orientation meetings even if the participating vendors have been doing business with you for several years. Don’t assume they know all about your organization and your VMI (even if their other clients have a VMI).
Run two or three orientation meetings and then review the “results.” What needs to be modified? What lessons have you learned? Make any necessary adjustments and continue rolling out the orientation meetings.
Early in the VMI’s deployment, reorientation and debrief may not be in play. As time passes, it is important to remember them! Use them when warranted to help with vendor alignment.
The scorecard process typically is owned and operated by the VMI, but the actual rating of the criteria within the measurement categories is conducted by those with day-to-day interactions with the vendors, those using or impacted by the services and products provided by the vendors, and those with the skills to research other information on the scorecard (e.g. risk). Chances are one person will not be able to complete an entire scorecard by themselves. As a result, the scorecard process is a team sport comprising sub-teams where necessary.
The VMI will compile the scores, calculate the final results, and aggregate all of the comments into one scorecard. There are two common ways to approach this task:
Since multiple people will be involved in the scorecarding process or have information to contribute, the VMI will have to work with the reviewers to ensure that the right mix of data is provided. For example:
Where one person is contributing exclusively to limited criteria, make it easy for the person to identify the criteria they are to evaluate. When multiple people from the same functional area will provide insights, they can contribute individually (and the VMI will average their responses) or they can respond collectively after reaching consensus among themselves.
After the VMI has compiled, calculated, and aggregated, share the results with executives, impacted stakeholders, and others who will be attending the BAM for that vendor. Depending upon the comments provided by internal personnel, you may need to create a sanitized version of the scorecard for the vendor.
Make sure your process timeline has a buffer built in. You’ll be sending the final scorecard to the vendor three to five days before the BAM, and you’ll need some time to assemble the results. The scorecarding process can be perceived as a low-priority activity for people outside of the VMI, and other “priorities” will arise for them. Without a timeline buffer, the VMI may find itself behind schedule and unprepared due to things beyond its control.
At their core, BAMs aren’t that different from any other meeting. The basics of running a meeting still apply, but there are a few nuances that apply to BAMs Set out below are leading practices for conducing your BAMs; adapt them to meet your needs and suit your environment.
Initially, BAMs are conducted with the strategic vendors in your pilot program. Over time, you’ll add vendors until all of your strategic vendors are meeting with you quarterly. After that, roll out the BAMs to those tactical and operational vendors located close to the strategic quadrant in the classification model (Steps 2.1 and 3.1) and as VMI resources allow. It may take several years before you are holding regular BAMs with all of your strategic, tactical, and operational vendors.
Keep the length of your meetings reasonable. The first few with a vendor may need to be 60 to 90 minutes long. After that, you should be able to trim them to 45 to 60 minutes. The BAM does not have to fill the entire time. When you are done, you are done.
Set up a recurring meeting whenever possible. Changes will be inevitable, but keeping the timeline regular works to your advantage. Also, the vendors included in your initial BAMs won’t change for twelve months. For the first BAM with a vendor, provide adequate notice; four weeks is sufficient in most instances, but calendars will fill up quickly for the main attendees from the vendor. Treat the meeting as significant and make sure your invitation reflects this. A simple meeting request will often be rejected, treated as optional, or ignored completely by the vendor’s leadership team (and maybe yours as well!).
Internal invitees should include those with a vested interest in the vendor’s performance and the relationship. In addition, other functional areas may be invited based on need or interest. Be careful the attendee list doesn’t get too big. Based on this, internal BAM attendees often include representatives from IT, Sourcing/Procurement, and the applicable business units. At times, Finance and Legal are included.
From the vendor’s side, strive to have decision makers and key leaders attend. The salesperson/account manager is often included for continuity, but a director or vice president of sales will have more insights and influence. The project manager is not needed at this meeting due to the nature of the meeting and its agenda; however, a director or vice president from the “product or service delivery” area is a good choice. Bottom line: get as high into the vendor’s organization as possible whenever possible; look at the types of contracts you have with that vendor to provide guidance on the type of people to invite.
Send the scorecard and agenda to the vendor five days prior to the BAM. The vendor should provide you with any information you require for the meeting five days prior as well.
Decide who will run the meeting. Some customers like to lead and others let the vendor present. How you craft the agenda and your preferences will dictate who runs the show.
Make sure the vendor knows what materials it should bring to the meeting or have access to. This will relate to the agenda and any specific requests listed under the discussion points. You don’t want the vendor to be caught off guard and unable to discuss a matter of importance to you.
Regardless of which party leads, make sure you manage the agenda to stay on topic. This is your meeting – not the vendor’s, not IT’s, not Procurement’s or Sourcing’s. Don’t let anyone hijack it.
Make sure someone is taking notes. If you are running this virtually, consider recording the meeting. Check with your legal department first for any concerns, notices, or prohibitions that may impact your recording the session.
As a reminder, this is not a sales call, and this is not a social activity. Innovation discussions are allowed and encouraged, but that can quickly devolve into a sales presentation. People can be friendly toward one another, but the relationship building should not overwhelm the other purposes.
Having a 90-day plan is a good start, but assuming the tasks on the plan will be accomplished magically or without any oversight can lead to failure. While it won’t take a lot of time to work the plan, following a few basic guidelines will help ensure the 90-day plan gets results and wasn’t created in vain.
The 3-year roadmap is a great planning tool, but it is not 100% reliable. There are inherent flaws and challenges. Essentially, the roadmap is a set of three “crystal balls” attempting to tell you what the future holds. The vision for Year 1 may be fairly clear, but for each subsequent year, the crystal ball becomes foggier. In addition, the timeline is constantly changing; before you know it, tomorrow becomes today and Year 2 becomes Year 1.
To help navigate through the roadmap and maximize its potential, follow these principles:
Using the configured Vendor Risk Assessment Tool (Step 2.2), confirm which risks you will be measuring and monitoring and identify the vendors that will be part of the initial risk management process. Generally, organizations start measuring and monitoring risk in two to five risk categories for two or three strategic vendors. Over time, additional risk categories and/or vendors can be added in waves. Resist the temptation to add risk categories or vendors into the mix too quickly. Expanding requires resources inside and outside of the VMI.
The VMI will rely heavily on other areas to provide input or the risk data, and the VMI needs to establish good working relationships with those areas. For example, if legal risk is something being measured and monitored, the VMI will need data from Legal on the number and nature of any lawsuits filed by or against the applicable vendors; the VMI will need data from Legal, Contract Management, or Procurement/Sourcing on the number and nature of any agreed upon deviations from your organization’s preferred contract terms that increase legal risk.
With respect to risk, the VMI’s main role is threefold: 1) take the data obtained from others (or in some instances the VMI may have the data) and turn it into useful information, 2) monitor the risk categories over time and periodically issue reports, and 3) work with other areas to manage the risk.
Issuing the reports created in Step 2.12 is one of the main ways the VMI 1) will communicate with internal and external personnel and 2) track trends and information over time. Even with input from the potential reviewers of the reports, you’ll still want to seek their feedback and input periodically. It may take a few iterations until the reports are hitting their mark. You may find that a metric is no longer required, that a metric is missing completely or it is missing a component, or a formatting change would improve the report’s readability. Once a report has been “finalized,” try not to change it until you are engaged in Phase 4: Review activities. It can be unsettling for the reviewers when reports change constantly.
Whenever possible, find ways to automate the reports. While issuing reports is critical, the function should not consume more time than necessary. Automation can remove some of the manual and repetitive tasks.
Internal reports may need to be kept confidential. An automated dashboard or reporting tool can help lock down who has access to the information. At a minimum, the internal reports should contain a “Confidential” stamp, header, watermark, or other indicator that the materials are sensitive and should not be disclosed outside of your organization without approval.
Reports for vendors may not need to be sent as often as reports are generated or prepared for internal personnel. Establish a cadence by classification model category and stick to it. Letting each vendor choose the frequency will make it more difficult for you to manage. The vendors can choose to ignore the report if they so choose.
One of the key components of a VMI is relationship management. Good relationships with your vendors provide many benefits for both parties, but they don’t happen by accident. Do not assume the relationship will be good or is good merely because your organization is buying products and services from a vendor.
In many respects, the VMI should mirror a vendor’s sales organization by establishing relationships at multiple levels within the vendor organizations – not just with the salesperson or account manager. Building and maintaining relationships is hard work, but the return on investment makes it worthwhile.
Business relationships are comprised of many components, not all of which have to be present to have a great relationship. However, there are some essential components. Whether you are trying to develop, improve, or maintain a relationship with a vendor, make sure you are conscious of the following:*
The VMI has processes that it owns and processes that it contributes to. Based on the VMI scope (Step 1.2), the OIC chart (Step 1.4), and the process mapping activities (Step 1.5), ensure that the VMI is honoring its contribution commitments. This is often easier said than done though. A number of factors can make it difficult to achieve the balance required to handle VMI processes and contribute to other processes associated with the VMI’s mission and vision. Understanding the issues is half the battle. If you see signs of these common “vampires,” take action quickly to address the situation.
Phase 1 | Phase 2 | Phase 3 | Phase 4 |
---|---|---|---|
1.1 Mission Statement and Goals 1.2 Scope 1.3 Strengths and Obstacles 1.4 Roles and Responsibilities 1.5 Process Mapping 1.6 Charter 1.7 Vendor Inventory 1.8 Maturity Assessment 1.9 Structure | 2.1 Classification Model | 3.1 Classify Vendors | 4.1 Assess Compliance |
Identify what the VMI should stop doing, start doing, and continue doing as it improves and matures. The main outcomes from this phase are ways to advance the VMI and maintain internal alignment.
As the old adage says, “The only thing constant in life is change.” This is particularly true for your VMI. It will continue to mature; people inside and outside of the VMI will change; resources will expand or contract from year to year; your vendor base will change. As a result, your VMI needs the equivalent of a physical every year. In place of bloodwork, x-rays, and the other paces your physician may put you through, you’ll assess compliance with your policies and procedures, incorporate leading practices, leverage lessons learned, maintain internal alignment, and update governances.
Be thorough in your actions during this Phase to get the most out of it. It requires more than the equivalent of gauging a person’s health by taking their temperature, measuring their blood pressure, and determining their body mass index. Keeping your VMI up to date and running smoothly takes hard work.
Some of the items presented in this Phase require an annual review; others may require quarterly review or timely review (i.e. when things are top of mind and current). For example, collecting lessons learned should happen on a timely basis rather than annually, and classifying your vendors should occur annually rather than every time a new vendor enters the fold.
Ultimately, the goal is to improve over time and stay aligned with other areas internally. This won’t happen by accident. Being proactive in the review of your VMI further reinforces the nature of the VMI itself – proactive vendor management, NOT reactive!
Whether you have a robust set of vendor management-related policies and procedures or they are the bare minimum, gathering data each quarter and conducting an assessment each year will provide valuable feedback. The scope of your assessment should focus on two concepts: 1) are the policies and procedures being followed and 2) are the policies and procedures accurate and relevant. This approach requires parallel thinking, but it will help you understand the complete picture and minimize the amount of time required.
Use the steps listed below (or modify them for your culture) to conduct your assessment:
The VMI’s world is constantly shifting and evolving. Some changes will take place slowly, while others will occur quickly. Think about how quickly the cloud environment has changed over the past five years versus the 15 years before that; or think about issues that have popped up and instantly altered the landscape (we’re looking at you COVID-19 and ransomware). As a result, the VMI needs to keep pace, and one of the best ways to do that is to incorporate leading practices.
At a high level, a leading practice is a way of doing something that is better at producing a particular outcome or result or performing a task or activity than other ways of proceeding. The leading practice can be based on methodologies, tools, processes, procedures, and other items. Leading practices change periodically due to innovation, new ways of thinking, research, and other factors. Consequently, a leading practice is to identify and evaluate leading practices each year.
Remember: Leading practices or best practices may not be what is best for you. In some instances, you will have to modify them to fit your culture and environment; in other instances, you will elect not to implement them at all (in any form).
There are many ways to keep your VMI running smoothly, and creating a lessons learned library is a great complement to the other ways covered in this Phase 4: Review. By tapping into the collective wisdom of the team and creating a safe feedback loop, the VMI gains the following benefits:
Many of the processes raised in this Phase can be performed annually, but a lessons learned library works best when the information is “deposited” in a timely manner. How you choose to set up your lessons learned process will depend on the tools you select and your culture. You may want to have regular “input” meetings to share the lessons as they are being deposited, or you may require team members to deposit lessons learned on a regular basis (within a week after they happen, monthly, or quarterly). Waiting too long can lead to vague or lost memories and specifics – timeliness of the deposits is a crucial element.
Lessons learned are not confined to identifying mistakes or dissecting bad outcomes. You want to reinforce good outcomes as well. When an opportunity for a lessons-learned deposit arises, identify the following basic elements:
The lessons learned library needs to be maintained. Irrelevant material needs to be culled periodically, and older or duplicate material may need to be archived.
The lessons learned process should be blameless. The goal is to share insightful information … not to reward or punish people based on outcomes or results.
Maintaining internal alignment is essential for the ongoing success of the VMI. Over time, it is easy to lose sight of the fact that the VMI does not operate in a vacuum; it is an integral component of a larger organization whose parts must work well together to function optimally. Focusing annually on the VMI’s alignment within the enterprise helps reduce any breakdowns that could derail the organization.
To ensure internal alignment:
You’re at the final Step and ready to update governances. This is comprised of two sequential paths.
Other activities and tasks (e.g. scorecards and BAMs) may be impacted by the modifications made above, but the nature of their performance follows a shorter cadence. As a result, they are not specifically called out here in this Step 4.5 since they are performed on an ongoing basis. However, don’t overlook them as part of your update.
Vendor management is a broad, often overwhelming, comprehensive spectrum that encompasses many disciplines. By now, you should have a great idea of what vendor management can or will look like in your organization. Focus on the basics first: Why does the VMI exist and what does it hope to achieve? What is its scope? What are the strengths you can leverage, and what obstacles must you manage? How will the VMI work with others? From there, the spectrum of vendor management will begin to clarify and narrow.
Leverage the tools and templates from this blueprint and adapt them to your needs. They will help you concentrate your energies in the right areas and on the right vendors to maximize the return on your organization’s investment in the VMI of time, money, personnel, and other resources. You may have to lead by example internally and with your vendors at first, but they will eventually join you on your path if you stay true to your course.
At the heart of a good VMI is the relationship component. Don’t overlook its value in helping you achieve your vendor management goals. The VMI does not operate in a vacuum, and relationships (internal and external) will be critical.
Lastly, seek continual improvement from the VMI and from your vendors. Both parties should be held accountable, and both parties should work together to get better. Be proactive in your efforts, and you, the VMI, and the organization will be rewarded.
Contact your account representative for more information
workshops@infotech.com
1-888-670-8889
Prepare for Negotiations More Effectively
Don't leave negotiation preparations and outcomes to chance. Learn how to prepare for negotiations more effectively and improve your results.
Understand Common IT Contract Provisions to Negotiate More Effectively
Info-Tech’s guidance and insights will help you navigate the complex process of contract review and identify the key details necessary to maximize the protections for your organization.
Capture and Market the ROI of Your VMO
Calculating the impact or value of a vendor management office (VMO) can be difficult without the right framework and tools. Let Info-Tech’s tools and templates help you account for the contributions made by your VMO.
“Best Practices for Writing Corporate Policies and Procedures.” PowerDMS, 29 Dec. 2020. Accessed 11 January 2022.
Duncan. “Top 10 Tips for Creating Compelling Reports.” Design Eclectic, 11 October 2019. Accessed 29 March 2022.
Eby, Kate. “Master Writing Policies, Procedures, Processes, and Work Instructions.” 1 June 2018, updated 19 July 2021. Accessed 11 January 2022.
“Enterprise Risk Management.” Protiviti, n.d. Accessed 16 Feb. 2017.
Geller & Company. “World-Class Procurement — Increasing Profitability and Quality.” Spend Matters, 2003. Accessed 4 March 2019.
Guth, Stephen. “Vendor Relationship Management Getting What You Paid for (And More).” Citizens, 26 Feb. 2015. Web.
Guth, Stephen. The Vendor Management Office: Unleashing the Power of Strategic Sourcing. Lulu.com, 2007. Print.
“ISG Index 4Q 2021.” Information Services Group, Inc., 2022. Web.
“Six Tips for Making a Quality Report Appealing and Easy To Skim.” AHRQ, Oct. 2019. Accessed 29 March 2022.
Tucker, Davis. “Marketing Reporting: Tips to Create Compelling Reports.” 60 Second Marketer, 28 March 2020. Accessed 29 March 2022.
“Why Do We Perform Better When Someone Has High Expectations of Us?” The Decision Lab, 9 Sept. 2020. Accessed 31 January 2022.
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Implement agile goal setting with your team right away and drive performance.
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
![]() Valence Howden Principal Research Director, CIO Practice |
![]() Petar Hristov Research Director, Security, Privacy, Risk & Compliance |
![]() Ian Mulholland Research Director, Security, Risk & Compliance |
![]() Brittany Lutes Senior Research Analyst, CIO Practice |
![]() Ibrahim Abdel-Kader Research Analyst, CIO Practice |
Every organization has a threshold for risk that should not be exceeded, whether that threshold is defined or not.
In the age of digital, information and technology will undoubtedly continue to expand beyond the confines of the IT department. As such, different areas of the organization cannot address these risks in silos. A siloed approach will produce different ways of identifying, assessing, responding to, and reporting on risk events. Integrated risk management is about embedding IT uncertainty to inform good decision making across the organization.
When risk is integrated into the organization's enterprise risk management program, it enables a single view of all risks and the potential impact of each risk event. More importantly, it provides a consistent view of the risk event in relation to uncertainty that might have once been seemingly unrelated to IT.
And all this can be achieved while remaining within the enterprise’s clearly defined risk appetite.
Most organizations fail to integrate IT risks into enterprise risks:
IT leaders have to overcome these obstacles when it comes to integrating risk:
By leveraging the Info-Tech Integrated Risk approach, your business can better address and embed risk by:
Stop avoiding risk – integrate it. This provides a holistic view of uncertainty for the organization to drive innovative new approaches to optimize its ability to respond to risk.
Enterprise risk management is the practice of identifying and addressing risks to your organization and using risk information to drive better decisions and better opportunities.
![]() |
IT risks have a direct and often aggregated impact on enterprise risks and opportunities in the same way other business risks can. This relationship must be understood and addressed through integrated risk management to ensure a consistent approach to risk. |
Risk-mature organizations have a unique benefit in that they often have established an overarching governance framework and embedded risk awareness into the culture.
35% — Only 35% of organizations had embraced ERM in 2020. (Source: AICPA and NC State Poole College of Management)
12% — Only 12% of organizations are leveraging risk as a tool to their strategic advantage. (Source: AICPA and NC State Poole College of Management)
62% — Accessing and disseminating information is the main challenge for 62% of organizations maturing their organizational risk management. (Source: OECD)
20-28% — Organizations with access to machine learning and analytics to address future risk events have 20 to 28% more satisfaction. (Source: Accenture)
Accelerate and optimize your organization by leveraging meaningful risk data to make intelligent enterprise risk decisions.
Risk Drivers
|
![]() |
Only 7% of organizations are in a “leading” or “aspirational” level of risk maturity. (OECD, 2021) | 63% of organizations struggle when it comes to defining their appetite toward strategy related risks. (“Global Risk Management Survey,” Deloitte, 2021) | Late adopters of risk management were 70% more likely to use instinct over data or facts to inform an efficient process. (Clear Risk, 2020) | 55% of organizations have little to no training on ERM to properly implement such practices. (AICPA, NC State Poole College of Management, 2021) |
1. Assess Enterprise Risk Maturity | 3. Build a Risk Management Program Plan | 4. Establish Risk Management Processes | 5. Implement a Risk Management Program | ||
2. Determine Authority with Governance
Unfortunately, less than 50% of those in risk focused roles are also in a governance role where they have the authority to provide risk oversight. (Governance Institute of Australia, 2020) |
|||||
IT can improve the maturity of the organization’s risk governance and help identify risk owners who have authority and accountability.
Governance and related decision making is optimized with integrated and aligned risk data. |
![]() |
![]() ERM incorporates the different types of risk, including IT, security, digital, vendor, and other risk types. The program plan is meant to consider all the major risk types in a unified approach. |
![]() |
Implementation of an integrated risk management program requires ongoing access to risk data by those with decision making authority who can take action. |
Stop fearing risk – integrate it. Integration leads to opportunities for organizations to embrace innovation and new digital technologies as well as reducing operational costs and simplifying reporting.
Governance of risk management for information- and technology-related events is often misplaced. Just because it's classified as an IT risk does not mean it shouldn’t be owned by the board or business executive.
Integrating risk requires a baseline of risk maturity at the enterprise level. IT can push integrating risks, but only if the enterprise is willing to adopt the attitudes and behaviors that will drive the integrated risk approach.
It is not a strategic decision to have different areas of the organization manage the risks perceived to be in their department. It’s the easy choice, but not the strategic one.
Different areas of an enterprise apply risk management processes differently. Determining a single method for identification, assessment, response, and monitoring can ensure successful implementation of enterprise risk management.
Good risk management will consider both the positives and negatives associated with a risk management program by recognizing both the upside and downside of risk event impact and likelihood.
IT Benefits
|
Business Benefits
|
“31% of CIO’s expected their role to expand and include risk management responsibilities.” (IDG “2021 State of the CIO,” 2021)
58%Focus not just on the preventive risk management but also the value-creating opportunities. With 58% of organizations concerned about disruptive technology, it’s an opportunity to take the concern and transform it into innovation. (Accenture) |
70%Invest in tools that have data and analytics features. Currently, “gut feelings” or “experience” inform the risk management decisions for 70% of late adopters. (Clear Risk) |
54%Align to the strategic vision of the board and CEO, given that these two roles account for 54% of the accountability associated with extended enterprise risk management. (Extended Enterprise Risk Management Survey, 2020,” Deloitte) |
63%Include IT leaders in the risk committee to help informed decision making. Currently 63% of chief technology officers are included in the C‑suite risk committee. (AICPA & NC State Poole College of Management) |
Successful adoption of integrated risk management is often associated with these key elements. |
Mature or not, integrated risk management should be a consideration for all organizationsThe first step to integrating risk management within the enterprise is to understand the organization’s readiness to adopt practices that will enable it to successfully integrate information. In 2021, we saw enterprise risk management assessments become one of the most common trends, particularly as a method by which the organization can consolidate the potential impacts of uncertainties or threats (Lawton, 2021). A major driver for this initiative was the recognition that information and technology not only have enterprise-wide impacts on the organization’s risk management but that IT has a critical role in supporting processes that enable effective access to data/information. A maturity assessment has several benefits for an organization: It ensures there is alignment throughout the organization on why integrated risk is the right approach to take, it recognizes the organization’s current risk maturity, and it supports the organization in defining where it would like to go. |
![]() |
Integrated Risk Maturity Categories |
![]() |
1 |
Context & Strategic Direction | Understand the organization’s main objectives and how risk can support or enhance those objectives. |
2 |
Risk Culture and Authority | Examine if risk-based decisions are being made by those with the right level of authority and if the organization’s risk appetite is embedded in the culture. | ||
3 |
Risk Management Process | Determine if the current process to identify, assess, respond to, monitor, and report on risks is benefitting the organization. | ||
4 |
Risk Program Optimization | Consider opportunities where risk-related data is being gathered, reported, and used to make informed decisions across the enterprise. |
For organizations with a low maturity, remaining superficial with risk will offer more benefits and align to the enterprise’s risk tolerance and appetite. This might mean no integrated risk is taking place.
However, organizations that have higher risk maturity should begin to integrate risk information. These organizations can identify the nuances that would affect the severity and impact of risk events.
The purpose of the Integrated Risk Maturity Assessment is to assess the organization's current maturity and readiness for integrated risk management (IRM).
Frequently and continually assessing your organization’s maturity toward integrated risk ensures the right risk management program can be adopted by your organization.
Integrated Risk Maturity Assessment
A simple tool to understand if your organization is ready to embrace integrated risk management by measuring maturity across four key categories: Context & Strategic Direction, Risk Culture & Authority, Risk Management Process, and Risk Program Optimization |
![]() |
Use the results from this integrated risk maturity assessment to determine the type of risk management program that can and should be adopted by your organization.
Some organizations will need to remain siloed and focused on IT risk management only, while others will be able to integrate risk-related information to start enabling automatic controls that respond to this data.
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Sponsor a mandate for innovation and assemble a small team to start sourcing ideas with IT staff.
Identify critical opportunities for innovation and brainstorm effective solutions.
Prototype ideas rapidly to gain user feedback, refine solutions, and make a compelling case for project investment.
Formalize the innovation process and implement a program to create a strong culture of innovation in IT.
Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.
Introduce innovation.
Assess overall IT maturity to understand what you want to achieve with innovation.
Define the innovation mandate.
Introduce ideation.
A set of shared objectives for innovation will be defined.
A mandate will be created to help focus innovation efforts on what is most critical to the advancement of IT's maturity.
The group will be introduced to ideation and prepared to begin addressing critical IT or business pains.
1.1 Define workshop goals and objectives.
1.2 Introduce innovation.
1.3 Assess IT maturity.
1.4 Define the innovation mandate.
1.5 Introduce ideation.
Workshop goals and objectives.
An understanding of innovation.
IT maturity assessment.
Sponsored innovation mandate.
An understanding of ideation.
Identify and prioritize opportunities for IT-led innovation.
Map critical processes to identify the pains that should be ideated around.
Brainstorm potential solutions.
Assess, pitch, and prioritize ideas that should be investigated further.
The team will learn best practices for ideation.
Critical pain points that might be addressed through innovation will be identified and well understood.
A number of ideas will be generated that can solve identified pains and potentially feed the project pipeline.
The team will prioritize the ideas that should be investigated further and prototyped after the workshop.
2.1 Identify processes that present opportunities for IT-led innovation.
2.2 Map selected processes.
2.3 Finalize problem statements.
2.4 Generate ideas.
2.5 Assess ideas.
2.6 Pitch and prioritize ideas.
A list of processes with high opportunity for IT-enablement.
Detailed process maps that highlight pain points and stakeholder needs.
Problem statements to ideate around.
A long list of ideas to address pain points.
Detailed idea documents.
A shortlist of prioritized ideas to investigate further.
Ideate around a more complex problem that presents opportunity for IT-led innovation.
Map the associated process to define pain points and stakeholder needs in detail.
Brainstorm potential solutions.
Assess, pitch, and prioritize ideas that should be investigated further.
Introduce prototyping.
Map the user journey for prioritized ideas.
The team will be ready to facilitate ideation independently with other staff after the workshop.
A critical problem that might be addressed through innovation will be defined and well understood.
A number of innovative ideas will be generated that can solve this problem and help IT position itself as a source of innovative projects.
Ideas will be assessed and prioritized for further investigation and prototyping after the workshop.
The team will learn best practices for prototyping.
The team will identify the assumptions that need to be tested when top ideas are prototyped.
3.1 Select an urgent opportunity for IT-led innovation.
3.2 Map the associated process.
3.3 Finalize the problem statement.
3.4 Generate ideas.
3.5 Assess ideas.
3.6 Pitch and prioritize ideas.
3.7 Introduce prototyping.
3.8 Map the user journey for top ideas.
Selection of a process which presents a critical opportunity for IT-enablement.
Detailed process map that highlights pain points and stakeholder needs.
Problem statement to ideate around.
A long list of ideas to solve the problem.
Detailed idea documents.
A shortlist of prioritized ideas to investigate further.
An understanding of effective prototyping techniques.
A user journey for at least one of the top ideas.
Establish a process for generating, managing, prototyping, prioritizing, and approving new ideas.
Create an action plan to operationalize your new process.
Develop a program to help support the innovation process and nurture your innovators.
Create an action plan to implement your innovation program.
Decide how innovation success will be measured.
The team will learn best practices for managing innovation.
The team will be ready to operationalize an effective process for IT-led innovation. You can start scheduling ideation sessions as soon as the workshop is complete.
The team will understand the current innovation ecosystem: drivers, barriers, and enablers.
The team will be ready to roll out an innovation program that will help generate wider engagement with IT-led innovation.
You will be ready to measure and report on the success of your program.
4.1 Design an IT-led innovation process.
4.2 Assign roles and responsibilities.
4.3 Generate an action plan to roll out the process.
4.4 Determine critical process metrics to track.
4.5 Identify innovation drivers, enablers, and barriers.
4.6 Develop a program to nurture a culture of innovation.
4.7 Create an action plan to jumpstart each of your program components.
4.8 Determine critical metrics to track.
4.9 Summarize findings and gather feedback.
A process for IT-led innovation.
Defined process roles and responsibilities.
An action plan for operationalizing the process.
Critical process metrics to measure success.
A list of innovation drivers, enablers, and barriers.
A program for innovation that will leverage enablers and minimize barriers.
An action plan to roll out your innovation program.
Critical program metrics to track.
Overview of workshop results and feedback.
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Obtain organizational buy-ins and build a standardized and formal cloud testing strategy.
Assess your people, process, and technology for cloud testing readiness and realize areas for improvement.
Organize and monitor cloud project planning tasks throughout the project's duration.
Organizations wishing to mature their IT financial management (ITFM) maturity often face the following obstacles:
No matter where you currently stand in your ITFM practice, there is always room for improvement. Hence, a maturity assessment should be viewed as a self-improvement tool that is only valuable if you are willing to act on it.
A mature ITFM practice leads to many benefits.
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
This research seeks to support IT leaders and ITFM practitioners in evaluating and improving their current maturity. It will help document both current and target states as well as prioritize focus areas for improvement.
This Excel workbook guides IT finance practitioners to effectively assess their IT financial management practice. Incorporate the visual outputs into your final executive presentation document. Key activities include context setting, completing the assessment, and prioritizing focus areas based on results.
Use this template to document your final ITFM maturity outputs, including the current and target states and your identified priorities.
Technology has been evolving throughout the years, increasing complexity and investments, while putting more stress on operations and people involved. As an IT leader, you are now entrusted to run your outfit as a business, sit at the executive table as a true partner, and be involved in making decisions that best suit your organization. Therefore, you have an obligation to fulfill the needs of your end customers and live up to their expectations, which is not an easy task.
IT financial management (ITFM) helps you generate value to your organization’s clientele by bringing necessary trade-offs to light, while driving effective dialogues with your business partners and leadership team.
This research will focus on Info-Tech’s approach to ITFM maturity, aiming for a state of continuous improvement, where an organization can learn and grow as it adapts to change. As the ITFM practice matures, IT and business leaders will be able to better understand one another and together make better business decisions, driven by data.
This client advisory presentation and accompanying tool seek to support IT leaders and ITFM practitioners in evaluating and improving their current maturity. It will help document both current and target states as well as prioritize focus areas for improvement.
![]() |
Bilal Alberto Saab
Research Director, IT Financial Management Info-Tech Research Group |
ITFM is often discarded and not given enough importance and relevance due to the operational nature of IT, and the specialized skillset of its people, leading to several problems and challenges, such as:
Business-driven conversations around financials (spending, cost, revenue) are a rarity in IT due to several factors, including:
Mature your ITFM practice by activating the means to make informed business decisions.
Info-Tech’s methodology helps you move the dial by focusing on three maturity focus areas:
Influence your organization’s strategic direction by maturing your ITFM practice.
“ITFM embeds technology in financial management practices. Through cost, demand, and value, ITFM brings technology and business together, forging the necessary relationships and starting the right conversations to enable the best decisions for the organization.”
– Monica Braun, Research Director, Info-Tech Research Group
“Value is not the numbers you visualize on a chart, it’s the dialogue this data generates with your business partners and leadership team.”
– Dave Kish, Practice Lead, Info-Tech Research Group
In a technology-driven world, advances come at a price. With greater spending required, more complex and difficult conversations arise.
79% of respondents believe that decisions taking too long to make is either a significant or somewhat of a challenge (Flexera 2022 Tech Spend Pulse; N=501).
81% of respondents believe that ensuring spend efficiency (avoiding waste) is either a challenge or somewhat of a challenge (Flexera 2022 Tech Spend Pulse; N=501).
In today’s world, where organizations are driving customer experience through technology investments, having a seat at the table means IT leaders must be well versed in business language and practice, including solid financial management skills.
However, IT staff across all industries aren’t very confident in how well IT is doing in managing its finances. This becomes evident after looking at three core processes:
Recent data from 4,137 respondents to Info-Tech’s IT Management & Governance Diagnostic shows that while most IT staff feel that these three financial management processes are important, notably fewer feel that IT management is effective at executing on them.
IT leadership’s capabilities around fundamental cost data capture appear to be lagging, not to mention the essential value-added capabilities around optimizing costs and demonstrating IT’s contribution to business value.
Source: Info-Tech Research Group, IT Management & Governance Diagnostic, 2023.
Note: See Appendix A for maturity level definitions and descriptions.
Info-Tech identified three maturity focus areas, each containing three levers.
Identify where you stand across the nine maturity levers, detect the gaps, and determine your priorities as a first step to develop an improvement plan.
Note: See Appendix B for maturity level definitions and descriptions per lever.
Each step of this activity is accompanied by supporting deliverables to help you accomplish your goals.
Build your improvement plan and implement your initiatives to move the dial and climb the maturity ladder.
DIY Toolkit |
Guided Implementation |
Workshop |
Consulting |
"Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful." | "Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track." | "We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place." | "Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project." |
Diagnostics and consistent frameworks used throughout all four options |
3 hours
Input: Understanding your context, objectives, and methodology
Output: ITFM maturity assessment stakeholders and their objectives, ITFM maturity assessment methodology, ITFM maturity assessment takers
Materials: 1a. Prepare for Assessment tab in the ITFM Maturity Assessment Tool
Participants: CIO/IT director, CFO/finance director, IT finance lead, IT audit lead, Other IT management
Download the IT Financial Management Maturity Assessment Tool
Refer to the example and guidelines below on how to document stakeholders, objectives, and methodology (table range: columns B to G and rows 8 to 15).
Column ID | Input Type | Guidelines |
B | Formula | Automatic calculation, no entry required. |
C | Text | Enter the full name of each stakeholder on a separate row. |
D | Text | Enter the job title related to each stakeholder. |
E | Text | Enter the objective(s) related to each stakeholder. |
F | Text | Enter the agreed upon methodology. |
G | Text | Enter any notes or comments per stakeholder (optional). |
Download the IT Financial Management Maturity Assessment Tool
Refer to the example and guidelines below on how to document assessment takers (table range: columns B to E and rows 18 to 25).
Column ID | Input Type | Guidelines |
B | Formula | Automatic calculation, no entry required. |
C | Text | Enter the full name of each assessment taker on a separate row. |
D | Text | Enter the job title related to each stakeholder to identify which party is being represented per assessment taker. |
E | Text | Enter any notes or comments per stakeholder (optional). |
Download the IT Financial Management Maturity Assessment Tool
3 hours
Input: Understanding of your ITFM current state and 12-month target state, ITFM maturity assessment results
Output: ITFM current- and target-state maturity levels, average scores, and variance, ITFM current- and target-state average scores, variance, and priority by maturity focus area and maturity lever
Materials: 1b. Glossary, 2a. Assess ITFM Foundation, 2b. Assess Mngt. & Monitoring, 2c. Assess Language, and 3. Assessment Summary tabs in the ITFM Maturity Assessment Tool
Participants: CIO/IT director, CFO/finance director, IT finance lead, IT audit lead, Other IT management
Download the IT Financial Management Maturity Assessment Tool
Refer to the example and guidelines below on how to complete the survey.
Column ID | Input Type | Guidelines |
B | Formula | Automatic calculation, no entry required. |
C | Formula | Automatic calculation, no entry required: ITFM maturity statement to assess. |
D, E | Dropdown | Select the maturity levels of your current and target states. One of five maturity levels for each statement, from “1. Nonexistent” (lowest maturity) to “5. Advanced” (highest maturity). |
F, G, H | Formula | Automatic calculation, no entry required: scores associated with your current and target state selection, along with related variance (column G – column F). |
I | Text | Enter any notes or comments per ITFM maturity statement (optional). |
Download the IT Financial Management Maturity Assessment Tool
Refer to the example and guidelines below on how to review your results.
Column ID | Input Type | Guidelines |
K | Formula | Automatic calculation, no entry required. |
L | Formula | Automatic calculation, no entry required: Current State, Target State, and Variance entries. Please ignore the current state benchmark, it’s a placeholder for future reference. |
M | Formula | Automatic calculation, no entry required: average overall maturity score for your Current State and Target State entries, along with related Variance. |
N, O | Formula | Automatic calculation, no entry required: maturity level and related name based on the overall average score (column M), where level 1 corresponds to an average score less than or equal to 1.49, level 2 corresponds to an average score between 1.5 and 2.49 (inclusive), level 3 corresponds to an average score between 2.5 and 3.49 (inclusive), level 4 corresponds to an average score between 3.5 and 4.49 (inclusive), and level 5 corresponds to an average score between 4.5 and 5 (inclusive). |
P, Q | Formula | Automatic calculation, no entry required: maturity definition and related description based on the maturity level (column N). |
Download the IT Financial Management Maturity Assessment Tool
Refer to the example and guidelines below on how to review your results per maturity focus area and maturity lever, then prioritize accordingly.
Column ID | Input Type | Guidelines |
B | Formula | Automatic calculation, no entry required. |
C | Formula | Automatic calculation, no entry required: ITFM maturity focus area or lever, depending on the table. |
D | Placeholder | Ignore this column because it’s a placeholder for future reference. |
E, F, G | Formula | Automatic calculation, no entry required: average score related to the current state and target state, along with the corresponding variance per maturity focus area or lever (depending on the table). |
H | Formula | Automatic calculation, no entry required: preliminary priority based on the average variance (column G), where Low corresponds to an average variance between 0 and 0.5 (inclusive), Medium corresponds to an average variance between 0.51 and 0.99 (inclusive), and High corresponds to an average variance greater than or equal to 1. |
J | Dropdown | Select your final priority (Low, Medium, or High) per ITFM maturity focus area or lever, depending on the table. |
K | Whole Number | Enter the appropriate rank based on your priorities; do not use the same number more than once. A whole number between 1 and 3 to rank ITFM maturity focus areas, and between 1 and 9 to rank ITFM maturity levers, depending on the table. |
Download the IT Financial Management Maturity Assessment Tool
3 hours
Input: ITFM maturity assessment results
Output: Customized ITFM maturity assessment report
Materials: 3. Assessment Summary tab in the ITFM Maturity Assessment Tool, ITFM Maturity Assessment Report Template
Participants: CIO/IT director, CFO/finance director, IT finance lead, IT audit lead, Other IT management
Download the IT Financial Management Maturity Assessment Tool
Refer to the example below on charts depicting different views of the maturity assessment results across the three focus areas and nine levers.
Download the IT Financial Management Maturity Assessment Tool
Refer to the example below on slides depicting different views of the maturity assessment results across the three maturity focus areas and nine maturity levers.
Slide 6: Edit levels based on your assessment results. Copy and paste the appropriate maturity level definition and description from slide 4.
Slide 7: Copy related charts from the assessment summary tab in the Excel workbook and remove the chart title. You can use the “Outer Offset: Bottom” shadow under shape effects on the chart.
Slide 8: Copy related charts from the assessment summary tab in the Excel workbook and remove the chart title and legend. You can use the “Outer Offset: Center” shadow under shape effects on the chart.
Download the IT Financial Management Maturity Assessment Report Template
Communicate your maturity results with stakeholders and develop an actionable ITFM improvement plan.
And remember, having informed discussions with your business partners and stakeholders, where technology helps propel your organization forward, is priceless!
![]() |
Dave Kish
Practice Lead, ITFM Practice Info-Tech Research Group |
![]() |
Jennifer Perrier
Principal Research Director, ITFM Practice Info-Tech Research Group |
![]() |
Angie Reynolds
Principal Research Director, ITFM Practice Info-Tech Research Group |
![]() |
Monica Braun
Research Director, ITFM Practice Info-Tech Research Group |
![]() |
Rex Ding
Research Specialist, ITFM Practice Info-Tech Research Group |
![]() |
Aman Kumari
Research Specialist, ITFM Practice Info-Tech Research Group |
![]() |
Amy Byalick
Vice President, IT Finance Info-Tech Research Group |
Amy Byalick is an IT Finance practitioner with 15 years of experience supporting CIOs and IT leaders elevating the IT financial storytelling and unlocking insights. Amy is currently working at Johnson Controls as the VP, IT Finance, previously working at PepsiCo, AmerisourceBergen, and Jacobs. |
![]() |
Carol Carr
Technical Counselor, Executive Services Info-Tech Research Group |
|
![]() |
Scott Fairholm
Executive Counselor, Executive Services Info-Tech Research Group |
|
![]() |
Gokul Rajan
Executive Counselor, Executive Services Info-Tech Research Group |
|
![]() |
Allison Kinnaird
Practice Lead, Infrastructure & Operations Info-Tech Research Group |
|
![]() |
Isabelle Hertanto
Practice Lead, Security & Privacy Info-Tech Research Group |
![]() |
Achieve IT Spending Transparency
Mature your ITFM practice by activating the means to make informed business decisions. |
![]() |
Build Your IT Cost Optimization Roadmap
Develop an IT cost optimization strategy based on your specific circumstances and timeline. |
Eby, Kate. “The Complete Guide to Organizational Maturity: Models, Levels, and Assessments.” Smartsheet, 8 June 2022. Web.
“Financial Management Maturity Model.” National Audit Office, n.d. Accessed 28 Apr. 2023.
“ITFM/TBM Program Maturity Guide.” Nicus Software, n.d. Accessed 28 Apr. 2023.
Jouravlev, Roman. "Service Financial Management: ITIL 4 Practice Guide." Axelos, 2020.
McCarthy, Seamus. “Financial Management Maturity Model: A Good Practice Guide.” Office of the Comptroller & Auditor General, 26 June 2018. Web.
“Principles for Effective Risk Data Aggregation and Risk Reporting.“ Bank for International Settlements, Jan. 2013. Web.
“Role & Influence of the Technology Decision-Maker 2022.” Foundry, 2022. Web.
Stackpole, Beth. “State of the CIO, 2022: Focus turns to IT fundamentals.” CIO, 21 March 2022. Web.
“Tech Spend Pulse.” Flexera, 2022. Web.
Maturity Level |
Definition |
Description |
Nascent Level 1 |
Inability to consistently deliver financial planning services | ITFM practices are almost inexistent. Only the most basic financial tasks and activities are being performed on an ad hoc basis to fulfill the Finance department’s requests. |
Cost Operator Level 2 |
Rudimentary financial planning capabilities. | ITFM activities revolve around minimizing the IT budget as much as possible. ITFM practices are not well defined, and IT’s financial view is limited to day-to-day technical operations.
IT is only involved in low complexity decision making, where financial conversations center on general ledger items and IT spending. |
Trusted Coordinator Level 3 |
Enablement of business through cost-effective supply of technology. | ITFM activities revolve around becoming a proficient and cost-effective technology supplier to business partners.
ITFM practices are in place, with moderate coordination and adherence to execution. Various IT business units coordinate to produce a consolidated financial view focused on business services. IT is involved in moderate complexity decision making, as a technology subject matter expert, where financial conversations center on IT spending in relation to technology services or solutions provided to business partners. |
Value Optimizer Level 4 |
Effective impact on business performance. | ITFM activities revolve around optimizing existing technology investments to improve both IT and business performance.
ITFM practices are well managed, established, documented, repeatable, and integrated as necessary across the organization. IT’s financial view tie technology investments to lines of business, business products, and business capabilities. Business partners are well informed on the technology mix and drive related discussion. IT is trusted to contribute to complex decision making around existing investments to cost-effectively plan initiatives, as well as enhance business performance. |
Strategic Partner Level 5 |
Influence on the organization’s strategic direction. | ITFM activities revolve around predicting the outcome of new or potential technology investments to continuously optimize business performance.
ITFM practices are fully optimized, reviewed, and improved in a continuous and sustainable manner, and related execution is tracked by gathering qualitative and quantitative feedback. IT’s financial view is holistic and fully integrated with the business, with an outlook on innovation, growth, and strategic transformation. Business and IT leaders know the financial ramifications of every business and technology investment decision. IT is trusted to contribute to strategic decision making around potential and future investments to grow and transform the business. |
Maturity Level | Definition | Description |
Nascent Level 1 | Inability to provide any type of financial insight. | ITFM tasks, activities, and functions are not being met in any way, shape, or form. |
Cost Operator Level 2 | Ability to provide basic financial insights. | There is no dedicated ITFM team.
|
Trusted Coordinator Level 3 | Ability to provide basic business insights. | A dedicated team is fulfilling essential ITFM tasks, activities, and functions.
|
Value Optimizer Level 4 | Ability to provide valuable business driven insights. | A dedicated ITFM team with well-defined roles and responsibilities can provide effective advice to IT leaders, in a timely fashion, and positively influence IT decisions. |
Strategic Partner Level 5 | Ability to influence both technology and business decisions. | A dedicated and highly specialized ITFM team is trusted and valued by both IT and Business leaders.
|
Maturity Level | Definition | Description |
Nascent Level 1 | Inability to ensure any adherence to rules and regulations. | ITFM frameworks, guidelines, policies, and procedures are not developed nor documented. |
Cost Operator Level 2 | Ability to ensure basic adherence to rules and regulations. | Basic ITFM frameworks, guidelines, policies, and procedures are in place, developed on an ad hoc basis, with no apparent coherence or complete documentation. |
Trusted Coordinator Level 3 | Ability to ensure compliance to rules and regulations, as well as accountability across ITFM processes. | Essential ITFM frameworks, guidelines, policies, and procedures are in place, coherent, and documented, aiming to (a) comply with rules and regulations, and (b) provide clear accountability. |
Value Optimizer Level 4 | Ability to ensure compliance to rules and regulations, as well as structure, transparency, and business alignment across ITFM processes. | ITFM frameworks, guidelines, policies, and procedures are well defined, coherent, documented, and regularly reviewed, aiming to (a) comply with rules and regulations, (b) provide clear accountability, and (c) maintain business alignment. |
Strategic Partner Level 5 | Ability to:
| ITFM frameworks, guidelines, policies, and procedures are complete, well defined, coherent, documented, continuously reviewed, and improved, aiming to (a) comply with rules and regulations, (b) provide clear accountability, (c) maintain business alignment, and (d) facilitate the decision-making process.
|
Maturity Level | Definition | Description |
Nascent Level 1 | Inability to deliver IT financial planning and performance output. | ITFM processes and tools are not developed nor documented. |
Cost Operator Level 2 | Ability to deliver basic IT financial planning output. | Basic ITFM processes and tools are in place, developed on an ad hoc basis, with no apparent coherence or complete documentation. |
Trusted Coordinator Level 3 | Ability to deliver accurate IT financial output and basic IT performance output in a consistent cadence. | Essential ITFM processes and tools are in place, coherent, and documented, aiming to (a) maintain integrity across activities, tasks, methodologies, data, and reports; (b) deliver IT financial planning and performance output needed by stakeholders; and (c) provide clear accountability. ITFM tools and processes are adopted by the ITFM team and some IT business units but are not fully integrated. |
Value Optimizer Level 4 | Ability to deliver accurate IT financial planning and performance output at the needed level of detail to stakeholders in a consistent cadence. | ITFM processes and tools are complete, well defined, coherent, documented, continuously reviewed, and improved, aiming to (a) maintain integrity across activities, tasks, methodologies, data, and reports; (b) deliver IT financial planning and performance output needed by stakeholders; (c) provide clear accountability; and (d) facilitate decision-making. ITFM tools and processes are adopted by IT and business partners but are not fully integrated. |
Strategic Partner Level 5 | Ability to:
| ITFM processes and tools are complete, well defined, coherent, documented, continuously reviewed, and improved, aiming to (a) maintain integrity across activities, tasks, methodologies, data, and reports; (b) deliver IT financial planning and performance output needed by stakeholders; (c) provide clear accountability; and (d) facilitate decision making.
|
Maturity Level | Definition | Description |
Nascent Level 1 | Inability to provide transparency across technology spending. | ITFM taxonomy and data model are not developed nor documented. |
Cost Operator Level 2 | Ability to provide transparency and support IT financial planning data, analysis, and reporting needs of finance stakeholders. | ITFM taxonomy and data model are in place, developed on an ad hoc basis, with no apparent coherence or complete documentation, to comply with, and meet the needs of finance stakeholders. |
Trusted Coordinator Level 3 | Ability to provide transparency and support IT financial planning and performance data, analysis, and reporting needs of IT and finance stakeholders. | ITFM taxonomy and data model are in place, coherent, and documented to meet the needs of IT and finance stakeholders. |
Value Optimizer Level 4 | Ability to provide transparency and support IT financial planning and performance data, analysis, and reporting needs of IT, finance, business, and executive stakeholders. | ITFM taxonomy and data model are complete, well defined, coherent, documented, continuously reviewed, and improved, aiming to provide (a) a holistic view of IT spending and IT performance, (b) visibility and transparency, (c) flexibility, and (d) valuable insights to facilitate data driven decision making.
|
Strategic Partner Level 5 | Ability to:
| ITFM taxonomy and data model are complete, well defined, coherent, documented, continuously reviewed, and improved, aiming to provide (a) a holistic view of IT spending and IT performance, (b) visibility and transparency, (c) flexibility, and (d) valuable insights to facilitate data driven decision making.
|
Maturity Level | Definition | Description |
Nascent Level 1 | Inability to provide accurate and complete across technology spending. | ITFM data needs and requirements are not understood. |
Cost Operator Level 2 | Ability to provide accurate, but incomplete IT financial planning data to meet the needs of finance stakeholders. | Technology spending data is extracted, transformed, and loaded on an ad hoc basis to meet the needs of finance stakeholders. |
Trusted Coordinator Level 3 | Ability to provide accurate and complete IT financial planning data to meet the needs of IT and finance stakeholders, but IT performance data remain incomplete. | IT financial planning data is extracted, transformed, and loaded in a regular cadence to meet the needs of IT and finance stakeholders.
|
Value Optimizer Level 4 | Ability to provide accurate and complete IT financial planning and performance data to meet the needs of IT, finance, business, and executive stakeholders. | ITFM data needs and requirements are understood.
|
Strategic Partner Level 5 | Ability to provide accurate and complete IT financial planning and performance data real time and when needed by IT, finance, business, and executive stakeholders. | ITFM data needs and requirements are understood.
|
Maturity Level | Definition | Description |
Nascent Level 1 | Inability to provide any type of financial insight. | ITFM analysis and reports are not developed nor documented. |
Cost Operator Level 2 | Ability to provide basic financial insights. | IT financial planning analysis is conducted on an ad hoc basis to meet the needs of finance stakeholders. |
Trusted Coordinator Level 3 | Ability to provide basic financial planning and performance insights to meet the needs of IT and finance stakeholders. | IT financial planning and performance analysis are methodical and rigorous, as defined in related control documents (guideline, policies, procedures, etc.).
|
Value Optimizer Level 4 | Ability to provide practical insights and useful recommendations as needed by IT, finance, business, and executive stakeholders to facilitate business decision making around technology investments. | ITFM analysis and reports support business decision making around technology investments.
|
Strategic Partner Level 5 | Ability to provide practical insights and useful recommendations as needed by IT, finance, business, and executive stakeholders to facilitate strategic decision making. | ITFM analysis and reports support strategic decision making.
|
Maturity Level | Definition | Description |
Nascent Level 1 | Inability of organization stakeholders to communicate and understand each other. | The organization stakeholders including IT, finance, business, and executives do not understand one another, and cannot speak the same language. |
Cost Operator Level 2 | Ability to understand business and finance requirements. | IT understands and meets business and financial planning requirements but does not communicate in a similar language.
|
Trusted Coordinator Level 3 | Ability to understand the needs of different stakeholders including IT, finance, business, and executives and take part in decision making around technology spending. | The organization stakeholders including IT, finance, business, and executives understand each other’s needs, but do not communicate in a common language.
|
Value Optimizer Level 4 | Ability to communicate in a common vocabulary across the organization and take part in business decision making around technology investments. | The organization stakeholders including IT, finance, business, and executives communicate in a common vocabulary and understand one another.
|
Strategic Partner Level 5 | Ability to communicate in a common vocabulary across the organization and take part in strategic decision making. | The organization stakeholders including IT, finance, business, and executives communicate in a common vocabulary and understand one another.
|
Maturity Level | Definition | Description |
Nascent Level 1 | Inability of organization stakeholders to acquire knowledge. | Educational resources are inexistent. |
Cost Operator Level 2 | Ability to acquire financial knowledge and understand financial concepts. | IT leaders have access to educational resources to gain the financial knowledge necessary to perform their duties. |
Trusted Coordinator Level 3 | Ability to acquire financial and business knowledge and understand related concepts. | IT leaders and their respective teams have access to educational resources to gain the financial and business knowledge necessary to perform their duties.
|
Value Optimizer Level 4 | Ability to acquire knowledge, across technology, business, and finance as needed by different organization stakeholders, and the leadership understand concepts across these various domains. | Stakeholders including IT, finance, business, and executives have access to various educational resources to gain knowledge in different domains as needed.
|
Strategic Partner Level 5 | Ability to acquire knowledge, and understand concepts across technology, business, and finance as needed by different organization stakeholders. | The organization promotes continuous learning through well designed programs including training, mentorship, and academic courses. Thus, stakeholders including IT, finance, business, and executives have access to various educational resources to gain knowledge in different domains as needed.
|
Maturity Level | Definition | Description |
Nascent Level 1 | Inability to provide and foster an environment of collaboration and continuous improvement. | Stakeholders including IT, finance, business, and executives operate in silos, and collaboration between different teams is inexistent. |
Cost Operator Level 2 | Ability to provide an environment of cooperation to meet the needs of IT, finance, and business leaders. | IT, finance, and business leaders cooperate to meet financial planning requirements as necessary to perform their duties. |
Trusted Coordinator Level 3 | Ability to provide and foster an environment of collaboration across the organization. | IT, finance, and business collaborate on various initiatives. ITFM employees are trusted and supported by their stakeholders (IT, finance, and business). |
Value Optimizer Level 4 | Ability to provide and foster an environment of collaboration and continuous improvement, where employees across the organization feel trusted, supported, empowered, and valued. | Stakeholders including IT, finance, business, and executives support and promote continuous improvement, transparency practices, and collaboration across the organization.
|
Strategic Partner Level 5 | Ability to provide and foster an environment of collaboration and continuous improvement, where leaders are willing to change, and employees across the organization feel trusted, supported, empowered, and valued. | Stakeholders including IT, finance, business, and executives support and promote continuous improvement, transparency practices, and collaboration across the organization.
|
The TY advisory service is tailored to your needs. It combines the best of traditional IT consulting expertise with the analysis and remedial solutions of an expert bureau.
When you observe specific symptoms, TY analyses the exact areas that contribute to these symptoms.
TY specializes in IT Operations and goes really deep in that area. We define IT Operations as the core service you deliver to your clients:
When you see your operation running smoothly, it looks obvious and simple, but it is not. IT Operations is a concerto, under the leadership of a competent IT Ops Conductor-Manager. IT Ops keeps the lights on and ensures your reputation with your clients and the market as a whole as a predictable and dependable business partner. And we help you achieve this, based on more than 30 years of IT Ops experience.
As most companies' business services are linked at the hip with IT, your IT Operations, in other words, are your key to a successful business.
That is why we work via a simple value-based proposition. We discuss your wants and together discover your needs. Once we all agree, only then do we make our proposal. Anything you learned on the way, is yours to keep and use.
Gert has advised clients on what to do before issues happen. We have also worked to bring companies back from the brink after serious events. TY has brought services back after big incidents.
You need to get it done, not in theory, but via actionable advice and if required, via our actions and implementation prowess. It's really elementary. Anyone can create a spreadsheet with to-do lists and talk about how resilience laws like DORA and NIS2 need to be implemented.
It's not the talk that counts, it's the walk. Service delivery is in our DNA. Resilience is our life.
Good governance directly ensures happy clients because staff knows what to do when and allows them leeway in improving the service. And this governance will satisfy auditors.
Incidents erode client confidence in your service and company. You must get them fixed in accordance with their importance,
You don't want repeat incidents! Tackle the root causes and fix issues permanently. Save money by doing this right.
You must update your services to stay the best in your field. Do it in a controlled yet efficient way. Lose overhead where you can, add the right controls where you must.
The base for most of your processes. You gotta know what you have and how it works together to provide the services to your clients.
IT monitoring delivers business value by catching issues before they become problems. With real-time insights into system performance and security, you can minimize downtime, improve efficiency, and make better decisions that keep your operations strong and your customers happy.
Bring all the IT Operations services together and measure how they perform versus set business relevant KPI's
Disaster recovery is your company's safety net for getting critical systems and data back up and running after a major disruption, focusing on fast IT recovery and minimizing financial and operational losses, whereas business continuity ensures the entire business keeps functioning during and after the crisis.
Business continuity is keeping your company running smoothly during disruptions by having the right plans, processes, and backups in place to minimize downtime and protect your operations, customers, and reputation. We go beyond disaster recovery and make sure your critical processes can continue to function.
Hope for the best, but plan for the worst. When you embark on a new venture, know how to get out of it. Planning to exit is best done in the very beginning, but better late than when it is too late.
We base our analysis on over 30 years experience in corporate and large volume dynamic services. Unique to our service is that we take your company culture into account, while we adjust the mindset of the experts working in these areas.
Your people are what will make these processes work efficiently. We take their ideas, hard capabilities and leadership capabilities into account and improve upon where needed. That helps your company and the people themselves.
We look at the existing governance and analyse where they are best in class or how we can make them more efficient. We identify the gaps and propose remedial updates. Our updates are verified through earlier work, vetted by first and second line and sometimes even regulators
Next we decide with you on how to implement the updates to the areas that need them.
Fill out the small intake below and get started towards your solution.
There is no financial commitment required from you. During this meeting we discus further in detail the issue at hand and the direction of the ideal solution and the way of working.
We take in the information of our talks and prepare the the roadmap to the individualized solution for you.
By now, TY has a good idea of how we can help you, and we have prepared a roadmap to solving the issue. In this meeting we present the way forward our way of working and what it will require from you.
If you decide this is not what you expected, you are free to take the information provided so far and work with it yourself.
After the previous meeting and agreement in principle, you will have by now received our offer.
When you decide to work together, we start our partnership and solve the issue. We work to ensure you are fully satisfied with the result.
To remain competitive enterprises must renew and refresh their business model strategies and design/develop digital platforms – this requires enterprises to:
Organizations that implement this project will gain benefits in five ways:
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Understand the platform business model and strategies and then set your platform business model goals.
Define design goals for your digital platform. Align your DX strategy with digital platform capabilities and understand key components of the digital platform.
Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.
Understand existing business model, value proposition, and key assets.
Understand platform business model and strategies.
Understanding the current assets helps with knowing what can be leveraged in the new business model/transformation.
Understanding the platform strategies can help the enterprise renew/refresh their business model.
1.1 Document the current business model along with value proposition and key assets (that provide competitive advantage).
1.2 Transformation narrative.
1.3 Platform model canvas.
1.4 Document the platform strategies in the context of the enterprise.
Documentation of current business model along with value proposition and key assets (that provide competitive advantage).
Documentation of the selected platform strategies.
Understand transformation approaches.
Understand various layers of platforms.
Ask fundamental and evolutionary questions about the platform.
Understanding of the transformational model so that the enterprise can realize the differences.
Understanding of the organization’s strengths and weaknesses for a DX.
Extraction of strategic themes to plan and develop a digital platform roadmap.
2.1 Discuss and document decision about DX approach and next steps.
2.2 Discuss and document high-level strategic themes for platform business model and associated roadmap.
Documented decision about DX approach and next steps.
Documented high-level strategic themes for platform business model and associated roadmap.
Understand the design goals for the digital platform.
Understand gaps between the platform’s capabilities and the DX strategy.
Design goals set for the digital platform that are visible to all stakeholders.
Gap analysis performed between enterprise’s digital strategy and platform capabilities; this helps understand the current situation and thus informs strategies and roadmaps.
3.1 Discuss and document design goals for digital platform.
3.2 Discuss DX themes and platform capabilities – document the gaps.
3.3 Discuss gaps and strategies along with timelines.
Documented design goals for digital platform.
Documented DX themes and platform capabilities.
DX themes and platform capabilities map.
Understanding of key components of a digital platform, including technology and teams.
Understanding of the key components of a digital platform and designing the platform.
Understanding of the team structure, culture, and practices needed for successful platform engineering teams.
4.1 Confirmation and discussion on existing UX/UI and API strategies.
4.2 Understanding of microservices architecture and filling of microservices canvas.
4.3 Real-time stream processing data pipeline and tool map.
4.4 High-level architectural view.
4.5 Discussion on platform engineering teams, including culture, structure, principles, and practices.
Filled microservices canvas.
Documented real-time stream processing data pipeline and tool map.
Documented high-level architectural view.
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Build a strong foundation for the project to increase the chances of success.
Identify which technologies are specific to certain services.
Determine which technologies underpin the existence of user-facing services.
Document the roles and responsibilities required to deliver each user-facing service.
Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.
Build a foundation to kick off the project.
A carefully selected team of project participants.
Identified stakeholders and metrics.
1.1 Create a communication plan
1.2 Complete the training deck
Project charter
Understanding of the process used to complete the definitions
Determine the technologies that support the user-facing services.
Understanding of what is required to run a service.
2.1 Determine service-specific technology categories
2.2 Identify service-specific technologies
2.3 Determine underpinning technologies
Logical buckets of service-specific technologies makes it easier to identify them
Identified technologies
Identified underpinning services and technologies
Discover the roles and responsibilities required to deliver each user-facing service.
Understanding of what is required to deliver each user-facing service.
3.1 Determine roles required to deliver services based on organizational structure
3.2 Document the services
Mapped responsibilities to each user-facing service
Completed service definition visuals
Create a central hub (database) of all the technical components required to deliver a service.
Single source of information where IT can see what is required to deliver each service.
Ability to leverage the extended catalog to benefit the organization.
4.1 Document all the previous steps in the service definition chart and visual diagrams
4.2 Review service definition with team and subject matter experts
Completed service definition visual diagrams and completed catalog
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Understand the benefits of data valuation.
Learn about the data value chain framework and preview the step-by-step guide to start collecting data sources.
Mature your data valuation by putting in the valuation dimensions and metrics. Establish documented results that can be leveraged to demonstrate value in your data assets.
Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.
Explain data valuation approach and value proposition.
A clear understanding and case for data valuation.
1.1 Review common business data sources and how the organization will benefit from data valuation assessment.
1.2 Understand Info-Tech’s data valuation framework.
Organization data valuation priorities
Capture data sources and data collection methods.
A clear understanding of the data value chain.
2.1 Assess data sources and data collection methods.
2.2 Understand key insights and value proposition.
2.3 Capture data value chain.
Data Valuation Tool
Leverage the data valuation framework.
Capture key data valuation dimensions and align with data value chain.
3.1 Introduce data valuation framework.
3.2 Discuss key data valuation dimensions.
3.3 Align data value dimension to data value chain.
Data Valuation Tool
Improve organization’s data value.
Continue to improve data value.
4.1 Capture data valuation metrics.
4.2 Define data valuation for continuous monitoring.
4.3 Create a communication plan.
4.4 Define a plan for continuous improvements.
Data valuation metrics
Data Valuation Communication Plan
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Discover a proven process for your RFPs. Review Info-Tech’s process and understand how you can prevent your organization from leaking negotiation leverage while preventing vendors from taking control of your RFP. Our 7-phase process prevents a bad RFP from taking your time, money, and resources.
Use this tool to assist you and your team in documenting the requirements for your RFP. Use the results of this tool to populate the requirements section of your RFP.
Configure this time-saving suite of tools to your organizational culture, needs, and most importantly the desired outcome of your RFP initiative. This suite contains four unique RFP templates. Evaluate which template is appropriate for your RFP. Also included in this suite are a response evaluation guidebook and several evaluation scoring tools along with a template to report the RFP results to stakeholders.
Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.
Problem Identification
Current process mapped and requirements template configured
1.1 Overview and level-setting
1.2 Identify needs and drivers
1.3 Define and prioritize requirements
1.4 Gain business authorization and ensure internal alignment
Map Your Process With Gap Identification
Requirements Template
Map Your Process With Gap Identification
Requirements Template
Map Your Process With Gap Identification
Requirements Template
Map Your Process With Gap Identification
Requirements Template
Define Success Target
Baseline RFP and evaluation templates
2.1 Create and issue RFP
2.2 Evaluate responses/proposals and negotiate the agreement
2.3 Purchase goods and services
RFP Calendar Tool
RFP Evaluation Guidebook
RFP Respondent Evaluation Tool
Configure Templates
Configured Templates
3.1 Assess and measure
3.2 Review templates
Long-Form RFP Template
Short-Form RFP Template
Excel-Based RFP Template
Lack of RFP Process Causes...
|
Solution: RFP Process![]() |
|
||
Requirements
|
Templates, Tools, Governance
|
Vendor Management
|
“A bad request for proposal (RFP) is the gift that keeps on taking – your time, your resources, your energy, and your ability to accomplish your goal. A bad RFP is ineffective and incomplete, it creates more questions than it answers, and, perhaps most importantly, it does not meet your organization’s expectations.”
Steven Jeffery
Principal Research Director, Vendor Management
Co-Author: The Art of Creating a Quality RFP
Info-Tech Research Group
A well planned and executed sourcing strategy that focuses on solid requirements, evaluation criteria, and vendor management will improve vendor performance.
Your challenge is to determine the best sourcing tool to obtain vendor information on capabilities, solution(s), pricing and contracting: RFI, RFP, eRFX.
Depending on your organization’s knowledge of the market, your available funding, and where you are in the sourcing process, there are several approaches to getting the information you need.
An additional challenge is to answer the question “What is the purpose of our RFX?”
If you do not have in-depth knowledge of the market, available solutions, and viable vendors, you may want to perform an RFI to provide available market information to guide your RFP strategy.
If you have defined requirements, approved funding, and enough time, you can issue a detailed, concise RFP.
If you have “the basics” about the solution to be acquired and are on a tight timeframe, an “enhanced RFI” may fit your needs.
This blueprint will provide you with the tools and processes and insights to affect the best possible outcome.
70 Days is the average duration of an IT RFP. The average number of evaluators is 5-6 4 Is the average number of vendor submissions, each requiring an average of two to three hours to review. (Source: Bonfire, 2019. Note: The 2019 Bonfire report on the “State of the RFP” is the most recent published.) |
“IT RFPs take the longest from posting to award and have the most evaluators. This may be because IT is regarded as a complex subject requiring complex evaluation. Certainly, of all categories, IT offers the most alternative solutions. The technology is also changing rapidly, as are the requirements of IT users – the half-life of an IT requirement is less than six months (half the requirements specified now will be invalid six months from now). And when the RFP process takes up two of those months, vendors may be unable to meet changed requirements when the time to implement arrives. This is why IT RFPs should specify the problem to be resolved rather than the solution to be provided. If the problem resolution is the goal, vendors are free to implement the latest technologies to meet that need.” (Bonfire, “2019 State of the RFP”) |
Vendors’ win rate
44%Vendors only win an average of 44% of the RFPs they respond to (Loopio, 2022). |
High cost to respond
3-5%Vendors budget 3-5% of the anticipated contract value to respond (LinkedIn, 2017, Note: LinkedIn source is the latest information available). |
Time spent writing response
23.8 hoursVendors spend on average 23.8 hours to write or respond to your RFP (Marketingprofs, 2021). |
![]() |
Stress, because roles and responsibilities aren’t clearly defined and communication is haphazard, resulting in strained relationships. Confusion, because you don’t know what the expected or desired results are. Directionless, because you don’t know where the team is going. Uncertainty, with many questions of your own and many more from other team members. Frustration, because of all the questions the vendors ask as a result of unclear or incomplete requirements. Exhaustion, because reviewing RFP responses of insufficient quality is tedious. Disappointment in the results your company realizes. (Source: The Art of Creating a Quality RFP) |
Without a well defined, consistent RFP process, with input from all key stakeholders, the organization will not achieve the best possible results from its sourcing efforts.
Vendors are choosing to not respond to RFPs due to their length and lack of complete requirements.
Be clear and concise in stating your requirements and include, in addition to IT requirements, procurement, security, legal, and risk requirements.
Consider adding vendor management requirements to manage the ongoing relationship post contract.
Consider the RFP Evaluation Process as you draft the RFP, including weighting the RFP components. Don’t underestimate the level of effort required to effectively evaluate responses – write the RFP with this in mind.
Provide strict, prescriptive instructions detailing how the vendor should submit their responses. Controlling vendor responses will increase your team’s efficiency in evaluations while providing ease of reference responses across multiple vendors.
Key deliverables:
Info-Tech provides you with the tools you need to go to market in the most efficient manner possible, with guidance on how to achieve your goals.
|
Long-Form RFP Template
For when you have complete requirements and time to develop a thorough RFP. |
![]() |
Short-Form RFP Template
When the requirements are not as extensive, time is short, and you are familiar with the market. |
![]() |
Lean RFP Template
When you have limited time and some knowledge of the market and wish to include only a few vendors. |
![]() |
Excel-Form RFP Template
When there are many requirements, many options, multiple vendors, and a broad evaluation team. |
![]() |
IT Benefits
|
Mutual IT and Business Benefits
|
Business Benefits
|
DIY Toolkit |
Guided Implementation |
Workshop |
Consulting |
"Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful." | "Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track." | "We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place." | "Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project." |
A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization.
A typical GI is seven to twelve calls over the course of four to six months.
What does a typical GI on this topic look like?
Phase 1 |
Phase 2 |
Phase 3 |
Phase 4 |
Phase 5 |
Phase 6 |
Phase 7 |
Call #1: Identify the need | Call #3: Gain business authorization | Call #5: Negotiate agreement strategy | Call #7: Assess and measure performance | |||
Call #2: Define business requirements | Call #4: Review and perform the RFX or RFP | Call #6: Purchase goods and services |
Contact your account representative for more information.
workshops@infotech.com1-888-670-8889
Day 1 | Day 2 | Day 3 | |
Activities |
Answer “What problem do we need to solve?”1.1 Overview and level-setting 1.2 Identify needs and drivers 1.3 Define and prioritize requirements 1.4 Gain business authorization and ensure internal alignment |
Define what success looks like?2.1 Create and issue RFP 2.2 Evaluate responses/ proposals and negotiate the agreement. 2.3 Purchase goods and services |
Configure Templates3.1 Assess and measure 3.2 Review tools |
Deliverables |
|
|
|
Steps
1.1 Establish the need to either purchase goods/services (RFP) or acquire additional information from the market (RFI). |
![]() |
Identify the need based on business requirements, changing technology, increasing vendor costs, expiring contracts, and changing regulatory requirements.
Agreement on the need to go to market to make a purchase (RFP) or to acquire additional information (RFI) along with a high-level agreement on requirements, rough schedule (is there time to do a full blown RFP or are you time constrained, which may result in an eRFP) and the RFP team is identified.
Identify NeedPhase 1 | Phase 2 | Phase 3 | Phase 4 | Phase 5 | Phase 6 | Phase 7 |
|
![]() |
Steps
2.1 Define and classify the technical, business, financial, legal, and support and security requirements for your business. |
![]() |
A detailed list of required business, technical, legal and procurement requirements classified as to absolute need(s), bargaining and concession need(s), and “nice to haves.”
Define Business Requirements
Phase 1 | Phase 2 | Phase 3 | Phase 4 | Phase 5 | Phase 6 | Phase 7 |
“Concentrate on the needs of the organization and not the wants of the individuals when creating requirements to avoid scope creep.” (Donna Glidden, ITRG Research Director)
Leverage the “ABCD” approach found in our Prepare for Negotiations More Effectively blueprint:
https://tymansgrpup.com/research/ss/prepare-for-negotiations-more-effectively
Input: List of all requirements from IT and IT Security, Business, Sourcing/Procurement, Risk Management, and Legal
Output: Prioritized list of RFP requirements approved by the stakeholder team
Materials: The RFP Requirements Worksheet
Participants: All stakeholders impacted by the RFP: IT, IT Security, the Business, Sourcing/ Procurement, Risk Management, Legal
Download the RFP Requirements Worksheet
Steps
3.1 Obtain business authorization from the business, technology, finance and Sourcing/Procurement |
![]() |
Approval by all key stakeholders to proceed with the issuing of the RFP and to make a purchase as a result.
Gain Business Authorization
Phase 1 | Phase 2 | Phase 3 | Phase 4 | Phase 5 | Phase 6 | Phase 7 |
Gain authorization for your RFP from all relevant stakeholders
Obtaining cross-function alignment will clear the way for contract, SOW, and budget approvals and not waste any of your and your vendor’s resources in performing an RFP that your organization is not ready to implement or invest financial and human resources in. |
![]() |
Steps
4.1 Build your RFP 4.2 Decide RFI or not 4.3 Create your RFP 4.4 Receive & answer questions 4.5 Perform Pre-Proposal Conference 4.6 Evaluate responses |
![]() |
RFP package is issued to vendors and includes the date of the Pre-Proposal Conference, which should be held shortly after RFP release and includes all parties.
SME’s/stakeholders participate in providing answers to RFP contact for response to vendors.
Create and Issue Your RFP/RFI
Phase 1 | Phase 2 | Phase 3 | Phase 4 | Phase 5 | Phase 6 | Phase 7 |
Step 1
|
Step 2
|
Step 3
|
Step 4
|
Step 5
|
Step 6
|
At the beginning of your RFP creation process consider how your requirements will impact the vendor’s response. Concentrate on the instructions you provide the vendors and how you wish to receive their responses. View the RFP through the lens of the vendors and envision how they are going to respond to the proposal.
Limiting the number of requirements included in the RFP will increase the evaluation team’s speed when reviewing vendors’ responses. This is accomplished by not asking questions for common features and functionality that all vendors provide. Don’t ask multiple questions within a question. Avoid “lifting” vendor-specific language to copy into the RFP as this will signal to vendors who their competition might be and may deter their participation. Concentrate your requirement questions to those areas that are unique to your solution to reduce the amount of time required to evaluate the vendors’ response.
Inconsistent formatting of vendor responses prevents an apples-to-apples evaluation between vendor responses. Evaluation teams are frequently challenged and are unable to evaluate vendors’ responses equally against each other for the following reasons:
Challenges
|
Prevention
|
Step 1
| Step 2
| Step 3
| Step 4
| Step 5
| Step 6
|
As the name implies, a request for information (RFI) is a tool for collecting information from vendors about the companies, their products, and their services. We find RFIs useful when faced with a lot of vendors that we don’t know much about, when we want to benchmark the marketplace for products and services, including budgetary information, and when we have identified more potential vendors than we care to commit a full RFP to.
RFIs are simpler and less time-consuming than RFPs to prepare and evaluate, so it can make a lot of sense to start with an RFI. Eliminating unqualified vendors from further consideration will save your team from weeding through RFP responses that do not meet your objectives. For their part, your vendors will appreciate your efforts to determine up-front which of them are the best bets before asking them to spend resources and money producing a costly proposal.
While many organizations rarely use RFIs, they can be an effective tool in the vendor manager’s toolbox when used at the right time in the right way. RFIs can be deployed in competitive targeted negotiations.
A Lean RFP is a two-stage strategy that speeds up the typical RFP process. The first stage is like an RFI on steroids, and the second stage is targeted competitive negotiation.
Don’t rely solely on the internet to qualify vendors; use an RFI to acquire additional information before finalizing an RFP.
Download the Lean RFP Template
Download the RFP Evaluation Tool
Input
|
Output
|
Materials
|
Participants
|
Case StudyA Lean RFP saves time |
INDUSTRY: Pharmaceutical
|
|
Challenge
|
Solution
|
Results
|
Step 1
| Step 2
| Step 3
| Step 4
| Step 5
| Step 6
|
Input: List duration in days of key activities, RFP Calendar and Key Date Tool, For all vendor-inclusive meetings, include the dates on your RFP calendar and reference them in the RFP
Output: A timeline to complete the RFP that has the support of each stakeholder involved in the process and that allows for a complete and thorough vendor response.
Materials: RFP Calendar and Key Date Tool
Participants: IT management, Business stakeholder(s), Legal (as required), Risk management (as required), Sourcing/Procurement, Vendor management
Download the RFP Calendar and Key Date Tool
Create and issue your RFP, which should contain at least the following:
|
|
Dictating to the vendors the format of their response will increase your evaluation efficiency
Narrative Response:Create either a Word or Excel document that provides the vendor with an easy vehicle for their response. This template should include the question identifier that ties the response back to the requirement in the RFP. Instruct vendors to include the question number on any ancillary materials they wish to include. Pricing Response:Create a separate Excel template that the vendors must use to provide their financial offer. This template should include pricing for hardware, software, training, implementation, and professional services, as well as placeholders for any additional fees. Always be flexible in accepting alternative proposals after the vendor has responded with the information you requested in the format you require. |
![]() |
Input: Identify pricing components for hardware, software, training, consulting/services, support, and additional licenses (if needed)
Output: Vendor Pricing Tool
Materials: RFP Requirements Worksheet, Pricing template
Participants: IT, Finance, Business stakeholders, Sourcing/Procurement, Vendor management
Download the Vendor Pricing Tool
Use the Short-Form RFP Template for simple, non-complex solutions that are medium to low dollar amounts that do not require numerous requirements.
We recommend the Long-Form RFP Template for highly technical and complex solutions that are high dollar and have long implementation duration.
Leverage the Excel-Form RFP Tool for requirements that are more specific in nature to evaluate a vendor’s capability for their solution. This template is designed to be complete and inclusive of the RFP process, e.g., requirements, vendor response, and vendor response evaluation scoring.
Like tools in a carpenters’ tool box or truck, there is no right or wrong template for any job. Take into account your organization culture, resources available, time frame, policies, and procedures to pick the right tool for the job. (Steve Jeffery, Principal Research Director, Vendor Management, Co-Author: The Art of Creating a Quality RFP, Info-Tech Research Group)
1-2 hours
Input: List of technical, legal, business, and data security requirements
Output: Full set of requirements, prioritized, that all participants agree to
Materials: Short-Form RFP Template, Vendor Pricing Tool, Supporting exhibits
Participants: IT management, Business stakeholder(s), Legal (as required), Risk management (as required), Sourcing/Procurement, Vendor management
Download the Short-Form RFP Template
1-3 hours
Input: List of technical, legal, business, and data security requirements
Output: Full set of requirements, prioritized, that all stakeholders agree to
Materials: Long-Form RFP Template, Vendor Pricing Tool, Supporting exhibits
Participants: IT management, Business stakeholder(s), Legal (as required), Risk management (as required), Sourcing/Procurement, Vendor management
Download the Long-Form RFP Template
Several weeks
Input: List of technical, legal, business, and data security requirements
Output: Full set of requirements, prioritized, that all stakeholders agree to
Materials: Excel-Form RFP Template, Vendor Pricing Tool, Supporting exhibits
Participants: IT management, Business stakeholder(s), Legal (as required), Risk management (as required), Sourcing/Procurement, Vendor management
Download the Excel-Form RFP Template
Step 1
| Step 2
| Step 3
| Step 4
| Step 5
| Step 6
|
|
![]() |
|
Step 1
| Step 2
| Step 3
| Step 4
| Step 5
| Step 6
|
“Using a Pre-Proposal Conference allows you to reinforce that there is a level playing field for all of the vendors…that each vendor has an equal chance to earn your business. This encourages and maximizes competition, and when that happens, the customer wins.” (Phil Bode, Principal Research Director, Co-Author: The Art of Creating a Quality RFP, Info-Tech Research Group)
Modify this agenda for your specific organization’s culture | |
(Source: The Art of Creating a Quality RFP, Jeffery et al., 2019) |
|
Allow your executive or leadership sponsor to leave the Pre-Proposal Conference after they provide their comments to allow them to continue their day while demonstrating to the vendors the importance of the project.
Step 1
| Step 2
| Step 3
| Step 4
| Step 5
| Step 6
|
|
![]() |
The first, by response, is when the evaluator reviews each vendor’s response in its entirety.
The second, reviewing by objective, is when the evaluator reviews each vendor’s response to a single objective before moving on to the next.
By Response
|
By Objective
|
||
|
|
|
|
You cannot eliminate bias completely – the best you can do is manage it by identifying these biases with the team and mitigating their influence in the evaluation process.
VendorThe evaluator only trusts a certain vendor and is uncomfortable with any other vendor.
|
![]() |
Account RepresentativesRelationships extend beyond business, and an evaluator doesn't want to jeopardize them.
|
TechnicalA vendor is the only technical solution the evaluator is looking for, and they will not consider anything else.
|
PriceAs humans, we can justify anything at a good price.
|
When your evaluation team includes a member of the C-suite or senior leadership, ensure you give them extra time to sufficiently review the vendor's responses. | ![]() |
When your questions require a definitive “Yes”/“True” or “No”/“False” responses, we recommend giving the maximum score for “Yes”/“True” and the minimum score for “No”/“False”. |
Increase your efficiency and speed of evaluation by evaluating the mandatory requirements first. If a vendor's response doesn't meet the minimum requirements, save time by not reviewing the remainder of the response. | Group your RFP questions with a high-level qualifying question, then the supporting detailed requirements. The evaluation team can save time by not evaluating a response that does not meet a high-level qualifying requirement. |
Define your ranking scale to ensure consistency in ratingsWithin each section of your RFP are objectives, each of which should be given its own score. Our recommended approach is to award on a scale of 0 to 5. With such a scale, you need to define every level. Below are the recommended definitions for a 0 to 5 scoring scale.
|
![]() |
Obtain Alignment on Weighting the Scores of Each Section
|
Example RFP Section Weights
![]() (Source: The Art of Creating a Quality RFP, Jeffery et al., 2019) |
Protect your organization's reputation within the vendor community with a fair and balanced process.
|
![]() |
Do not alter the evaluation weights after responses are submitted.
|
![]() |
1 hour
Input: RFP responses, Weighted Scoring Matrix, Vendor Response Scorecard
Output: One or two finalists for which negotiations will proceed
Materials: RFP Evaluation Guidebook
Participants: IT, Finance, Business stakeholders, Sourcing/Procurement, Vendor management
Download the RFP Evaluation Guidebook
1-4 hours
Input: Each vendor’s RFP response, A copy of the RFP (less pricing), A list of the weighted criteria incorporated into a vendor response scorecard
Output: A consolidated ranked and weighted comparison of the vendor responses with pricing
Materials: Vendor responses, RFP Evaluation Tool
Participants: Sourcing/Procurement, Vendor management
Download the RFP Evaluation Tool
Input: Consolidated vendor pricing responses, Consolidated vendor RFP responses, Current spend within your organization for the product/service, if available, Budget
Output: A completed TCO model summarizing the financial results of the RFP showing the anticipated costs over the term of the agreement, taking into consideration the impact of renewals.
Materials: Vendor TCO Tool, Vendor pricing responses
Participants: IT, Finance, Business stakeholders, Sourcing/Procurement
Download the Vendor TCO Tool
1-2 hours
Input: Vendor Response Scorecard from each stakeholder, Consolidated RFP responses and pricing, Any follow up questions or items requiring further vendor clarification.
Output: An RFP Response Evaluation Summary that identifies the finalists based on pre-determined criteria.
Materials: RFP Evaluation Tool from each stakeholder, Consolidated RFP responses and pricing.
Participants: IT, Finance, Business stakeholders, Sourcing/Procurement, Vendor management
Download the Consolidated Vender RFP Response Evaluation Summary
Download the Vendor Recommendation Presentation
Input
| Output
| Materials
| Participants
|
|
Templates/ToolsRFP templates and tools are found in a variety of places, such as previous projects, your favorite search engine, or by asking a colleague. |
SourcingRegardless of the source of these documents, you must take great care and consideration to sanitize any reference to another vendor, company, or name of the deal. |
ReviewThen you must carefully examine the components of the deal before creating your final documents.Popular RFP templates include:
|
Steps
5.1 Perform negotiation process |
![]() |
A negotiated agreement or agreements that are a result of competitive negotiations.
Negotiate Agreement(s)
Phase 1 | Phase 2 | Phase 3 | Phase 4 | Phase 5 | Phase 6 | Phase 7 |
You should evaluate your RFP responses first to see if they are complete and the vendor followed your instructions.
Info-Tech InsightBe certain to include any commitments made in the RFP, presentations, and proposals in the agreement – dovetails to underperforming vendor. | ![]() Leverage Info-Tech's negotiation process research for additional information | Negotiate before you select your vendor:
Info-Tech InsightProviding contract terms in an RFP can dramatically reduce time for this step by understanding the vendor’s initial contractual position for negotiation. |
Steps
6.1 Purchase Goods & Services |
![]() |
A purchase order that completes the RFP process.
The beginning of the vendor management process.
Purchase Goods and Services
Phase 1 | Phase 2 | Phase 3 | Phase 4 | Phase 5 | Phase 6 | Phase 7 |
Prepare to purchase goods and services by completing all items on your organization’s onboarding checklist.
|
![]() |
As a customer, honoring your contractual obligations and commitments will ensure that your organization is not only well respected but considered a customer of choice.
Steps
7.1 Assess and measure performance against the agreement |
![]() |
A list of what went well during the period – it’s important to recognize successes
A list of areas needing improvement that includes:
Purchase Goods and Services
Phase 1 | Phase 2 | Phase 3 | Phase 4 | Phase 5 | Phase 6 | Phase 7 |
To be an objective vendor manager, you should also assess and measure your company’s performance along with the vendor’s performance.
Upon completion of this blueprint, guided implementation, or workshop, your team should have a comprehensive, well-defined end-to-end approach to performing a quality sourcing event. Leverage Info-Tech’s industry-proven tools and templates to provide your organization with an effective approach to maintain your negotiation leverage, improve the ease with which you evaluate vendor proposals, and reduce your risk while obtaining the best market value for your goods and services.
Additionally, your team will have a foundation to execute your vendor management principles. These principles will assist your organization in ensuring you receive the perceived value from the vendor as a result of your competitive negotiations.
Contact your account representative for more information.
DO
|
DON'T
|
“2022 RFP Response Trends & Benchmarks.” Loopio, 2022. Web.
Corrigan, Tony. “How Much Does it Cost to Respond to an RFP?” LinkedIn, March 2017. Accessed 10 Dec. 2019
“Death by RFP:7 Reasons Not to Respond.” Inc. Magazine, 2013. Web.
Jeffery, Steven, George Bordon, and Phil Bode. The Art of Creating a Quality RFP, 3rd ed. Info-Tech Research Group, 2019.
“RFP Benchmarks: How Much Time and Staff Firms Devote to Proposals.” MarketingProfs, 2020. Web.
“State of the RFP 2019.” Bonfire, 2019. Web.
“What Vendors Want (in RFPs).” Vendorful, 2020. Web.
![]() |
Prepare for Negotiations More Effectively
|
![]() |
Understand Common IT Contract Provisions to Negotiate More Effectively
|
![]() |
Jump Start Your Vendor Management Initiative
|
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Develop goals and KPIs to measure your progress.
Learn how to present different types of metrics.
Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.
Create a prioritized list of goals to improve the security program’s current state.
Insight into the current program and the direct it needs to head in.
1.1 Discuss current state and existing approach to metrics.
1.2 Review contract metrics already in place (or available).
1.3 Determine security areas that should be measured.
1.4 Determine what stakeholders are involved.
1.5 Review current initiatives to address those risks (security strategy, if in place).
1.6 Begin developing SMART goals for your initiative roadmap.
Gap analysis results
SMART goals
Develop unique KPIs to measure progress against your security goals.
Learn how to develop KPIs
Prioritized list of security goals
2.1 Continue SMART goal development.
2.2 Sort goals into types.
2.3 Rephrase goals as KPIs and list associated metric(s).
2.4 Continue KPI development.
KPI Evolution Worksheet
Determine which metrics will be included in the initial program launch.
A set of realistic and manageable goals-based metrics.
3.1 Lay out prioritization criteria.
3.2 Determine priority metrics (implementation).
3.3 Determine priority metrics (improvement & organizational trend).
Prioritized metrics
Tool for tracking and presentation
Strategize presentation based around metric type to indicate organization’s risk posture.
Develop versatile reporting techniques
4.1 Review metric types and discuss reporting strategies for each.
4.2 Develop a story about risk.
4.3 Discuss the use of KPXs and how to scale for less mature programs.
Key Performance Index Tool and presentation materials
"Metrics programs tend to fall into two groups: non-existent and unhelpful.
The reason so many security professionals struggle to develop a meaningful metrics program is because they are unsure of what to measure or why.
The truth is, for metrics to be useful, they need to be tied to something you care about – a state you are trying to achieve. In other words, some kind of goal. Used this way, metrics act as the scoreboard, letting you know if you’re making progress towards your goals, and thus, boosting your overall maturity."
– Logan Rohde, Research Analyst, Security Practice Info-Tech Research Group
Info-Tech Insight
Governance
Management
While business leaders are now taking a greater interest in cybersecurity, alignment between the two groups still has room for improvement.
5% of public companies feel very confident that they are properly secured against a cyberattack.
41% of boards take on cybersecurity directly rather than allocating it to another body (e.g. audit committee).
19% of private companies do not discuss cybersecurity with the board.
(ISACA, 2018)
Info-Tech Insight
Metrics help to level the playing field
Poor alignment between security and the business often stems from difficulties with explaining how security objectives support business goals, which is ultimately a communication problem.
However, metrics help to facilitate these conversations, as long as the metrics are expressed in practical, relatable terms.
Security professionals have the perception that metrics programs are difficult to create. However, this attitude usually stems from one of the following myths. In reality, security metrics are much simpler than they seem at first, and they usually help resolve existing challenges rather than create new ones.
Myth | Truth | |
---|---|---|
1 | There are certain metrics that are important to all organizations, based on maturity, industry, etc. | Metrics are indications of change; for a metric to be useful it needs to be tied to a goal, which helps you understand the change you're seeing as either a positive or a negative. Industry and maturity have little bearing here. |
2 | Metrics are only worthwhile once a certain maturity level is reached | Metrics are a tool to help an organization along the maturity scale. Metrics help organizations measure progress of their goals by helping them see which tactics are and are not working. |
3 | Security metrics should focus on specific, technical details (e.g. of systems) | Metrics are usually a means of demonstrating, objectively, the state of a security program. That is, they are a means of communicating something. For this reason, it is better that metrics be phrased in easily digestible, non-technical terms (even if they are informed by technical security statistics). |
Specific
Measurable
Achievable
Realistic
Timebound
Achievable: What is an achievable metric?
When we say that a metric is “achievable,” we imply that it is tied to a goal of some kind – the thing we want to achieve.
How do we set a goal?
Start:
Review current state and decide on priorities.
Set a SMART goal for improvement.
Develop an appropriate KPI.
Use KPI to monitor program improvement.
Present metrics to the board.
Revise metrics if necessary.
A security strategy is ultimately a large goal-setting exercise. You begin by determining your current maturity and how mature you need to be across all areas of information security, i.e. completing a gap analysis.
As such, linking your metrics program to your security strategy is a great way to get your metrics program up and running – but it’s not the only way.
Short term: Streamline your program. Based on your organization’s specific requirements and risk profile, figure out which metrics are best for now while also planning for future metrics as your organization matures.
Long term: Once the program is in place, improvements will come with increased visibility into operations. Investments in security will be encouraged when more evidence is available to executives, contributing to overall improved security posture. Potential opportunities for eventual cost savings also exist as there is more informed security spending and fewer incidents.
“Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful.”
“Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track.”
“We need to hit the ground running and get this project kicked-off immediately. Our team has the ability to take this over once we get a framework and strategy in place.”
“Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project.”
1. Link Security Metrics to Goals to Boost Maturity | 2. Adapt Your Reporting Strategy for Various Metric Types | |
---|---|---|
Best-Practice Toolkit |
1.1 Review current state and set your goals 1.2 Develop KPIs and prioritize your goals 1.3 Implement and monitor the KPI to track goal progress |
2.1 Review best practices for presenting metrics 2.2 Strategize your presentation based on metric type 2.3 Tailor presentation to your audience 2.4 Use your metrics to create a story about risk 2.5 Revise your metrics |
Guided Implementations |
|
|
Onsite Workshop | Module 1: Current State, Initiatives, Goals, and KPIs | Module 2: Metrics Reporting |
Phase 1 Outcome:
|
Phase 2 Outcome:
|
Contact your account representative or email Workshops@InfoTech.com for more information.
Workshop Day 1 | Workshop Day 2 | Workshop Day 3 | Workshop Day 4 | Workshop Day 5 | |
---|---|---|---|---|---|
Activities |
Current State, Initiatives, and Goals
|
KPI Development
|
Metrics Prioritization
|
Metrics Reporting
|
Offsite Finalization
|
Deliverables |
|
|
|
|
|
1.1 Review current state and set your goals
1.2 Develop KPIs and prioritize your goals
1.3 Implement and monitor KPIs
Complete these steps on your own or call us to complete a guided implementation. A guided implementation is a series of two to three advisory calls that help you execute each phase of a project. They are included in most advisory memberships.
Proposed Time to Completion: 2-4 weeks
Start with an analyst kick-off call:
Then complete these activities…
Review findings with analyst:
Then complete these activities…
With these tools & templates:
120 minutes
Before program improvement can take place, it is necessary to look at where things are at presently (in terms of maturity) and where we need to get them to.
In other words, we need to perform a security program gap analysis.
Info-Tech Best Practice
The most thorough way of performing this gap analysis is by completing Info-Tech’s Build an Information Security Strategy blueprint, as it will provide you with a prioritized list of initiatives to boost your security program maturity.
Use the Capability Maturity Model Integration (CMMI) scale below to help you understand your current level of maturity across the various areas of your security program.
(Adapted from the “CMMI Institute Maturity Model”)
The most effective metrics programs are personalized to reflect the goals of the security team and the business they work for. Using goals-based metrics allows you to make incremental improvements that can be measured and reported on, which makes program maturation a natural process.
Info-Tech Best Practice
Before setting a SMART goal, take a moment to consider your maturity for each security area, and which metric type you need to collect first, before moving to more ambitious goals.
Security Areas
Metric Type | Description |
---|---|
Initial Probe | Determines what can be known (i.e. what sources for metrics exist?). |
Baseline Testing | Establishes organization’s normal state based on current metrics. |
Implementation | Focuses on setting up a series of related processes to increase organizational security (i.e. roll out MFA). |
Improvement | Sets a target to be met and then maintained based on organizational risk tolerance. |
Organizational Trends | Culls together several metrics to track (sometimes predict) how various trends affect the organization’s overall security. Usually focuses on large-scale issues (e.g. likelihood of a data breach). |
Specific
Measurable
Achievable
Realistic
Timebound
Examples of possible goals for various maturity levels:
1.1 Security Metrics Determination and Tracking Tool
To increase visibility into the cost, effort, and value of any given goal, assess them using the following criteria:
Use the calculated Cost/Effort Rating, Benefit Rating, and Difference Score later in this project to help with goal prioritization.
Info-Tech Best Practice
If you have already completed a security strategy with Info-Tech resources, this work may likely have already been done. Consult your Information Security Program Gap Analysis Tool from the Build an Information Security Strategy research.
At this time, it is necessary to evaluate the priorities of your security program.
Option 1: Progress to KPI Development
Option 2: Progress to Prioritization of Goals
Terms like “key performance indicator” may make this development practice seem more complicated than it really is. A KPI is just a single metric used to measure success towards a goal. In relational terms (i.e. as a percentage, ratio, etc.) to give it context (e.g. % of improvement over last quarter).
KPI development is about answering the question: what would indicate that I have achieved my goal?
KPIs differ from goal to goal, but their forms follow certain trends
Metric Type | KPI Form |
---|---|
Initial Probe | Progress of probe (e.g. % of systems checked to see if they can supply metrics). |
Baseline Testing | What current data shows (e.g. % of systems needing attention). |
Implementation | Progress of the implementation (e.g. % of complete vulnerability management program implementation). |
Improvement | The threshold or target to be achieved and maintained (e.g. % of incidents responded to within target window). |
Organizational Trends | The interplay of several KPIs and how they affect the organization’s risk posture (e.g. assessing the likelihood for a data breach). |
1. Initial Probe
Focused on determining how many sources for metrics exist.
2. Baseline Testing
Focused on gaining initial insights about the state of your security program (what are the measurements?).
Info-Tech Insight
Don't lose hope if you lack resources to move beyond these initial steps. Even if you are struggling to pull data, you can still draw meaningful metrics. The percent or ratio of processes or systems you lack insight into can be very valuable, as it provides a basis to initiate a risk-based discussion with management about the organization's security blind spots.
3. Program Implementation
Focused on developing a basic program to establish basic maturity (e.g. implement an awareness and training program).
4. Improvement
Focused on attaining operational targets to lower organizational risk.
Info-Tech Insight
Don't overthink your KPI. In many cases it will simply be your goal rephrased to express a percentage or ratio. In others, like the example above, it makes sense for them to be identical.
5. Organizational Impact
Focused on studying several related KPIs (Key Performance Index, or KPX) in an attempt to predict risks.
Let’s take a look at KPI development in action.
Meet Maria, the new CISO at a large hospital that desperately needs security program improvements. Maria’s first move was to learn the true state of the organization’s security. She quickly learned that there was no metrics program in place and that her staff were unaware what, if any, sources were available to pull security metrics from.
After completing her initial probe into available metrics and then investigating the baseline readings, she determined that her areas of greatest concern were around vulnerability and access management. But she also decided it was time to get a security training and awareness program up and running to help mitigate risks in other areas she can’t deal with right away.
See examples of Maria’s KPI development on the next four slides...
Info-Tech Insight
There is very little variation in the kinds of goals people have around initial probes and baseline testing. Metrics in these areas are virtually always about determining what data sources are available to you and what that data actually shows. The real decisions start in determining what you want to do based on the measures you’re seeing.
Metric development example: Vulnerability Management
See examples of Maria’s KPI development on the next four slides...
Goal: Implement vulnerability management program
KPI: % increase of insight into existing vulnerabilities
Associated Metric: # of vulnerability detection methods
Goal: Improve deployment time for patches
KPI: % of critical patches fully deployed within target window
Goal: Implement MFA for privileged accounts
KPI: % of privileged accounts with MFA applied
Associated Metric: # of privileged accounts
Goal: Remove all unnecessary privileged accounts
KPI: % of accounts with unnecessary privileges
Goal: Implement training and awareness program
KPI: % of organization trained
Associated Metric: # of departments trained
Goal: Improve time to report phishing
KPI: % of phishing cases reported within target window
Goal: Predict Data Breach Likelihood
1.2 120 minutes
Follow the example of the CISO in the previous slides and try developing KPIs for the SMART goals set in step 1.1.
1.2 Security Metrics Determination and Tracking Tool
Tab “3. Identify Goal KPIs” allows you to record each KPI and its accompanying metadata:
Optionally, each KPI can be mapped to goals defined on tab “2. Identify Security Goals.”
Info-Tech Best Practice
Ensure your metadata is comprehensive, complete, and realistic. A different employee should be able to use only the information outlined in the metadata to continue collecting measurements for the program.
1.2 KPI Development Worksheet
Follow the examples contained in this slide deck and practice creating KPIs for:
As well as drafting associated metrics to inform the KPIs you create.
Info-Tech Best Practice
Keep your metrics program manageable. This exercise may produce more goals, metrics, and KPIs than you deal with all at once. But that doesn’t mean you can’t save some for future use.
1.2 120 minutes
An effort map visualizes a cost and benefit analysis. It is a quadrant output that visually shows how your SMART goals were assessed. Use the calculated Cost/Effort Rating and Benefit Rating values from tab “2. Identify Security Goals” of the Security Metrics Determination and Tracking Tool to aid this exercise.
Now that you’ve developed KPIs to monitor progress on your goals, it’s time to use them to drive security program maturation by following these steps:
The term key risk indicator (KRI) gets used in a few different ways. However, in most cases, KRIs are closely associated with KPIs.
1.3 Security Metrics Determination and Tracking Tool
Tracking metric data in Info-Tech's tool provides the following data visualizations:
Info-Tech Best Practice
Be diligent about measuring and tracking your metrics. Record any potential measurement biases or comments on measurement values to ensure you have a comprehensive record for future use. In the tool, this can be done by adding a comment to a cell with a metric measurement.
Workshops offer an easy way to accelerate your project. While onsite, our analysts will work with you and your team to facilitate the activities outlined in the blueprint.
Getting key stakeholders together to formalize the program, while getting started on data discovery and classification, allows you to kickstart the overall program.
In addition, leverage over-the-phone support through Guided Implementations included in advisory memberships to ensure the continuous improvement of the classification program even after the workshop.
Logan Rohde
Research Analyst – Security, Risk & Compliance Info-Tech Research Group
Ian Mulholland
Senior Research Analyst – Security, Risk & Compliance Info-Tech Research Group
Call 1-888-670-8889 for more information.
2.1 Review best practices for presenting metrics
2.2 Strategize your presentation based on metric type
2.3 Tailor your presentation to your audience
2.4 Use your metrics to create a story about risk
2.5 Revise Metrics
This phase will walk you through the following activities:
This phase involves the following participants:
Outcomes of this phase
Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.
Complete these steps on your own or call us to complete a guided implementation. A guided implementation is a series of two to three advisory calls that help you execute each phase of a project. They are included in most advisory memberships.
Proposed Time to Completion: 2-4 weeks
Start with an analyst kick-off call:
Then complete these activities…
Review findings with analyst:
Then complete these activities…
With these tools & templates:
Phase 2 Results & Insights:
Avoid technical details (i.e. raw data) by focusing on the KPI.
Put things in terms of risk; it's the language you both understand.
Explain why you’re monitoring metrics in terms of the goals you’re hoping to achieve.
Choose between KPI or KRI as the presentation format.
Match presentation with the audience.
Read between the lines.
Read the news if you’re stuck for content.
Present your metrics as a story.
Metric Type: Initial Probe
Scenario: Implementing your first metrics program.
Decisions: Do you have sufficient insight into the program? (i.e. do you need to acquire additional tools to collect metrics?)
Strategy: If there are no barriers to this (e.g. budget), then focus your presentation on the fact that you are addressing the risk of not knowing what your organization's baseline state is and what potential issues exist but are unknown. This is likely the first phase of an improvement plan, so sketching the overall plan is a good idea too.
Possible KPIs:
Metric Type: Baseline Testing
Scenario: You've taken the metrics to determine what your organization’s normal state is and you're now looking towards addressing your gaps or problem areas.
Decisions: What needs to be prioritized first and why? Are additional resources required to make this happen?
Strategy: Explain your impression of the organization's normal state and what you plan to do about it. In other words, what goals are you prioritizing and why? Be sure to note any challenges that may occur along the way (e.g. staffing).
Possible KPIs:
Metric Type: Implementation
Scenario: You are now implementing solutions to address your security priorities.
Decisions: What, to you, would establish the basis of a program?
Strategy: Focus on what you're doing to implement a certain security need, why, and what still needs to be done when you’re finished.
Possible KPIs:
Metric Type: Improvement
Scenario: Now that a basic program has been established, you are looking to develop its maturity to boost overall performance (i.e. setting a new development goal).
Decisions: What is a reasonable target, given the organization's risk tolerance and current state?
Strategy: Explain that you're now working to tighten up the security program. Note that although things are improving, risk will always remain, so we need to keep it within a threshold that’s proportionate with our risk tolerance.
Possible KPIs:
Metric Type: Organizational Trends
Scenario: You've reached a mature state and now how several KPIs being tracked. You begin to look at several KPIs together (i.e. a KPX) to assess the organization's exposure for certain broad risk trends.
Decisions: Which KPIs can be used together to look at broader risks?
Strategy: Focus on the overall likelihood of a certain risk and why you've chosen to assess it with your chosen KPIs. Spend some time discussing what factors affect the movement of these KPIs, demonstrating how smaller behaviors create a ripple effect that affects the organization’s exposure to large-scale risks.
Possible KPX: Insider Threat Risk
Even challenges can elicit useful metrics.
Not every security program is capable of progressing smoothly through the various metric types. In some cases, it is impossible to move towards goals and metrics for implementation, improvement, or organizational trends because the security program lacks resources.
Info-Tech Insight
When your business is suffering from a lack of resources, acquiring these resources automatically becomes the goal that your metrics should be addressing. To do this, focus on what risks are being created because something is missing.
When your security program is lacking a critical resource, such as staff or technology, your metrics should focus on what security processes are suffering due to this lack. In other words, what critical activities are not getting done?
KPI Examples:
1. Raw Data
2. Management-Level
3. Board-Level
As a general rule, security metrics should become decreasingly technical and increasingly behavior-based as they are presented up the organizational hierarchy.
"The higher you travel up the corporate chain, the more challenging it becomes to create meaningful security metrics. Security metrics are intimately tied to their underlying technologies, but the last thing the CEO cares about is technical details." – Ben Rothke, Senior Information Security Specialist, Tapad.
Reporting metrics is not just another presentation. Rather, it is an opportunity to demonstrate and explain the value of security.
It is also a chance to correct any misconceptions about what security does or how it works.
Use the tips on the right to help make your presentation as relatable as possible.
Info-Tech Insight
There is a difference between data manipulation and strategic presentation: the goal is not to bend the truth, but to present it in a way that allows you to show the board what they need to see and to explain it in terms familiar to them.
Avoid jargon; speak in practical terms
Address compliance
Have solid answers
Security is about managing risk. This is also its primary value to the organization. As such, risk should be the theme of the story you tell.
"Build a cohesive story that people can understand . . . Raw metrics are valuable from an operations standpoint, but at the executive level, it's about a cohesive story that helps executives understand the value of the security program and keeps the company moving forward. "– Adam Ely, CSO and Co-Founder, Bluebox Security, qtd. by Tenable, 2016
The following model encapsulates the basic trajectory of all story development.
Use this model to help you put together your story about risk.
Introduction: Overall assessment of security program.
Initial Incident: Determination of the problems and associated risks.
Rising Action: Creation of goals and metrics to measure progress.
Climax: Major development indicated by metrics.
Falling Action: New insights gained about organization’s risks.
Resolution: Recommendations based on observations.
Info-Tech Best Practice
Follow this model to ensure that your metrics presentation follows a coherent storyline that explains how you assessed the problem, why you chose to address it the way you did, what you learned in doing so, and finally what should be done next to boost the security program’s maturity.
Board-Level KPI
Mgmt.-Level KPI
Raw Data
Think of your lower-level metrics as evidence to back up the story you are telling.
When you’re asked how you arrived at a given conclusion, you know it’s time to go down a level and to explain those results.
Think of this like showing your work.
Info-Tech Insight
This approach is built into the KPX reporting format, but can be used for all metric types by drawing from your associated metrics and goals already achieved.
2.4 Security Metrics Determination and Tracking Tool
Info-Tech provides two options for metric dashboards to meet the varying needs of our members.
If you’re just starting out, you’ll likely be inclined towards the dashboard within the Security Metrics Determination and Tracking Tool (seen here).
But if you’ve already got several KPIs to report on, you may prefer the Security Metrics KPX Dashboard Tool, featured on the following slides.
Info-Tech Best Practice
Not all graphs will be needed in all cases. When presenting, consider taking screenshots of the most relevant data and displaying them in Info-Tech’s Board-Level Security Metrics Presentation Template.
2.4 Security Metrics KPX Dashboard
Use Info-Tech’s Security Metrics KPX Dashboard to track and show your work.
2.4 Security Metrics KPX Dashboard
Use Info-Tech’s Security Metrics KPX Dashboard to track and show your work.
2.4 Security Metrics KPX Dashboard
Use Info-Tech’s Security Metrics KPX Dashboard to track and show your work.
2.4 Security Metrics KPX Dashboard
Use Info-Tech’s Security Metrics KPX Dashboard to track and show your work.
2.4 Security Metrics KPX Dashboard
Use Info-Tech’s Security Metrics KPX Dashboard to track and show your work.
"An important key to remember is to be consistent and stick to one framework once you've chosen it. As you meet with the same audiences repeatedly, having the same framework for reference will ensure that your communications become smoother over time." – Caroline Wong, Chief Strategy Officer, Cobalt.io
2.4 Security Metrics KPX Dashboard
Use Info-Tech’s Security Metrics KPX Dashboard to track and show your work.
2.4 Security Metrics KPX Dashboard
Use Info-Tech’s Security Metrics KPX Dashboard to track and show your work.
This tool helps you convert your KPIs into the language of risk by assessing frequency and severity, which helps to make the risk relatable for senior leadership. However, it is still useful to track fluctuations in terms of percentage. To do this, track changes in the frequency, severity, and trend scores from quarter to quarter.
2.4 Board-Level Security Metrics Presentation Template
Use the Board-Level Security Metrics Presentation Template deck to help structure and deliver your metrics presentation to the board.
To make the dashboard slide, simply copy and paste the charts from the dashboard tool and arrange the images as needed.
Adapt the status report and business alignment slides to reflect the story about risk that you are telling.
Now that you’ve made it through your metrics presentation, it’s important to reassess your goals with feedback from your audience in mind. Use the following workflow.
Workshops offer an easy way to accelerate your project. While onsite, our analysts will work with you and your team to facilitate the activities outlined in the blueprint.
Getting key stakeholders together to formalize the program, while getting started on data discovery and classification, allows you to kickstart the overall program.
In addition, leverage over-the-phone support through Guided Implementations included in advisory memberships to ensure the continuous improvement of the classification program even after the workshop.
Logan Rohde
Research Analyst – Security, Risk & Compliance Info-Tech Research Group
Ian Mulholland
Senior Research Analyst – Security, Risk & Compliance Info-Tech Research Group
Call 1-888-670-8889 for more information.
Mike Creaney, Senior Security Engineer at Federal Home Loan Bank of Chicago
Peter Chestna, Director, Enterprise Head of Application Security at BMO Financial Group
Zane Lackey, Co-Founder / Chief Security Officer at Signal Sciences
Ben Rothke, Senior Information Security Specialist at Tapad
Caroline Wong, Chief Strategy Officer at Cobalt.io
2 anonymous contributors
Build an Information Security Strategy
Tailor best practices to effectively manage information security.
Implement a Security Governance and Management Program
Align security and business objectives to get the greatest benefit from both.
Capability Maturity Model Integration (CMMI). ISACA. Carnegie Mellon University.
Ely, Adam. “Choose Security Metrics That Tell a Story.” Using Security Metrics to Drive Action: 33 Experts Share How to Communicate Security Program Effectiveness to Business Executives and the Board Eds. 2016. Web.
https://www.ciosummits.com/Online_Assets_Tenable_eBook-_Using_Security_Metrics_to_Drive_Action.pdf
ISACA. “Board Director Concerns about Cyber and Technology Risk.” CSX. 11 Sep. 2018. Web.
Rothke, Ben. “CEOs Require Security Metrics with a High-Level Focus.” Using Security Metrics to Drive Action: 33 Experts Share How to Communicate Security Program Effectiveness to Business Executives and the Board Eds. 2016. Web.
https://www.ciosummits.com/Online_Assets_Tenable_eBook-_Using_Security_Metrics_to_Drive_Action.pdf
Wong, Caroline. Security Metrics: A Beginner’s Guide. McGraw Hill: New York, 2012.
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Create a prioritized action plan for documentation based on business need.
Adapt policy templates to meet your business requirements.
Improve policy adherence and service effectiveness through procedure standardization and documentation.
"Most IT organizations struggle to create and maintain effective policies and procedures, despite known improvements to consistency, compliance, knowledge transfer, and transparency.
The numbers are staggering. Fully three-quarters of IT professionals believe their policies need improvement, and the same proportion of organizations don’t update procedures as required.
At the same time, organizations that over-document and under-document perform equally poorly on key measures such as policy quality and policy adherence. Take a practical, step-by-step approach that prioritizes the documentation you need now. Leave the rest for later."
(Andrew Sharp, Research Manager, Infrastructure & Operations Practice, Info-Tech Research Group)This blueprint supports templates for key policies and procedures that help Infrastructure & Operations teams to govern and manage internal operations. For security policies, see the NIST SP 800-171 aligned Info-Tech blueprint, Develop and Deploy Security Policies.
A policy is a governing document that states the long-term goals of the organization and in broad strokes outlines how they will be achieved (e.g. a Data Protection Policy).
In the context of policies, a procedure is composed of the steps required to complete a task (e.g. a Backup and Restore Procedure). Procedures are informed by required standards and recommended guidelines. Processes, guidelines, and standards are three pillars that support the achievement of policy goals.
A process is higher level than a procedure – a set of tasks that deliver on an organizational goal.
Better policies and procedures reduce organizational risk and, by strengthening the ability to execute processes, enhance the organization’s ability to execute on its goals.
Build, deliver, and support Infrastructure assets in a consistent way, which ultimately reduces costs associated with downtime, errors, and rework. A good manual process is the foundation for a good automated process.
Use documentation for knowledge transfer. Routine tasks can be delegated to less-experienced staff.
Comply with laws and regulations. Policies are often required for compliance, and formally documented and enforced policies help the organization maintain compliance by mandating required due diligence, risk reduction, and reporting activities.
Build an open kitchen. Other areas of the organization may not understand how Infra & Ops works. Your documentation can provide the answer to the perennial question: “Why does that take so long?”
Governance goals must be supported with effective, well-aligned procedures and processes. Use Info-Tech’s research to support the key Infrastructure & Operations processes that enable your business to create value.
Half of all organizations believe their policy suite is insufficient. (Info-Tech myPolicies Survey Data (N=59))
Too much documentation and a lack of documentation are both ineffective. (Info-Tech myPolicies Survey Data (N=59))
77% of IT professionals believe their policies require improvement. (Kaspersky Lab)
We’ve developed a suite of effective policy templates for every Infra & Ops manager based on Info-Tech’s IT Management & Governance Framework.
Look for these symbols as you work through the deck. Prioritize and focus on the policies you work on first based on the value of the policy to the enterprise and the existing gaps in your governance structure.
Phases |
1. Identify policy and procedure gaps | 2. Develop policies | 3. Document effective procedures |
Steps |
|
|
|
Outcomes |
Action list of policy and procedure gaps | New or updated Infrastructure & Operations policies | Procedure documentation |
Use these icons to help guide you through each step of the blueprint and direct you to content related to the recommended activities.
This icon denotes a slide where a supporting Info-Tech tool or template will help you perform the activity or step associated with the slide. Refer to the supporting tool or template to get the best results and proceed to the next step of the project.
This icon denotes a slide with an associated activity. The activity can be performed either as part of your project or with the support of Info-Tech team members, who will come onsite to facilitate a workshop for your organization.
DIY Toolkit |
Guided Implementation |
Workshop |
Consulting |
"Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful." | "Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track." | "We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place." | "Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project." |
Contact Info-Tech to set up a Guided Implementation with a dedicated advisor who will walk you through every stage of your policy development project.
Asset Management: Manage hardware and software assets across their lifecycle to protect assets and manage costs.
Availability and Capacity Management: Balance current and future availability, capacity, and performance needs with cost-to-serve.
Business Continuity Management: Continue operation of critical business processes and IT services.
Change Management: Deliver technical changes in a controlled manner.
Configuration Management: Define and maintain relationships between technical components.
Problem Management: Identify incident root cause.
Operations Management: Coordinate operations.
Release and Patch Management: Deliver updates and manage vulnerabilities in a controlled manner.
Service Desk: Respond to user requests and all incidents.
Policy: Directives, rules, and mandates that support the overarching, long-term goals of the organization.
Take advantage of your Info-Tech advisory membership by scheduling review sessions with an analyst. We provide high-level feedback to ensure your documentation is clear, concise, and consistent and aligns with the governance objectives you’ve identified.
1(c) 30 minutes
Reinvent the wheel? I don’t think so!
Always check to see if a gap can be addressed with existing tools before drafting a new policy
Some problems can’t be solved by better documentation (or by documentation alone). Consider additional strategies that address people, process, and technology.
1(d) 30 minutes
Score | Business risk of missing documentation | Business benefit of value of documentation |
1 |
Low: Affects ad hoc activities or non-critical data. | Low: Minimal impact. |
2 |
Moderate: Impacts productivity or internal goodwill. | Moderate: Required periodically; some cross-training opportunities. |
3 |
High: Impacts revenue, safety, or external goodwill. | High: Save time for common or ongoing processes; extensive improvement to training/knowledge transfer. |
Documentation pulls resources away from other important programs and projects, so ultimately it must be a demonstrably higher priority than other work. This exercise is designed to align documentation efforts with business goals.
To download the full suite of templates all at once, click the “Download Research” button on the research landing page on the website.
Understanding makes compliance possible. Create policy with the goal of making compliance as easy as possible. Use positive, simple language to convey your intentions and rationale to your audience. Staff will make an effort adhere to your policy when they understand the need and are able to comply with the terms.
Highly effective policies are easy to navigate. Your policies should be “skimmable.” Very few people will fully read a policy before accepting it. Make it easy to navigate so the reader can easily find the policy statements that apply to them.
Ensure that policies are aligned with other organizational policies and procedures. It detracts from compliance if different policies prescribe different behavior in the same situation. Moreover, your policies should reflect the corporate culture and other company standards. Use your policies to communicate rules and get employees aligned with how your company works.
"One of the issues is the perception that policies are rules and regulations. Instead, your policies should be used to say ‘this is the way we do things around here.’" (Mike Hughes CISA CGEIT CRISC, Principal Director, Haines-Watts GRC)
Reading and understanding policies shouldn’t be challenging, and it shouldn’t significantly detract from productive time. Long policies are more difficult to read and understand, increasing the work required for employees to comply with them. Put it this way: How often do you read the Terms and Conditions of software you’ve installed before accepting them?
"If the policy’s too large, people aren’t going to read it. Why read something that doesn’t apply to me?" (Carole Fennelly, Owner and Principal, cFennelly Consulting)
"I always try to strike a good balance between length and prescriptiveness when writing policy. Your policies … should be short and describe the problem and your approach to solving it. Below policies, you write standards, guidelines, and SOPs." (Michael Deskin, Policy and Technical Writer, Canadian Nuclear Safety Commission)
INPUT: List of prioritized policies
OUTPUT: Written policy drafts ready for review
Materials: Policy templates
Participants: Policy writer, Signing authority
No policy template will be a perfect fit for your organization. Use Info-Tech’s research to develop your organization’s program requirements. Customize the policy templates to support those requirements.
Use the following template to create a policy that outlines the goals and mandate for your service and support organization:
Support the program and associated policy statements using Info-Tech’s research:
Use the following templates to create policies that define effective patch, release, and change management:
Ensure the policy is supported by using the following Info-Tech research:
Start by outlining the requirements for effective asset management:
Support ITAM policies with the following Info-Tech research:
"Many of the large data breaches you hear about… nobody told the sysadmin the client data was on that server. So they weren’t protecting and monitoring it." (Carole Fennelly, Owner and Principal, cFennelly Consulting)
Set the direction and requirements for effective BCM:
Support the BCM policy with the following Info-Tech research:
Governance goals must be supported with effective, well-aligned procedures and processes. Use Info-Tech’s research to support the key Infrastructure & Operations processes that enable your business to create value.
Set the direction and requirements for effective availability and capacity management:
Support the policy with the following Info-Tech research:
Security policies support the organization’s larger security program. We’ve created a dedicated research blueprint and a set of templates that will help you build security policies around a robust framework.
Review and download Info-Tech's blueprint Develop and Deploy Security Policies.
Customize Info-Tech’s policy framework to align your policy suite to NIST SP 800-171. Given NIST’s requirements for the control of confidential information, organizations that align their policies to NIST standards will be in a strong governance position.
2(b) Review period: 1-2 weeks
INPUT: Draft policies
OUTPUT: Reviewed policy drafts ready for approval
Materials: Policy drafts
Participants: Policy stakeholders
Allow staff the opportunity to provide input on policy development. Giving employees a say in policy development helps avoid obstacles down the road. This is especially true if you’re trying to change behavior rather than lock it in.
INPUT: Draft policies
OUTPUT: Reviewed policy drafts ready for approval
Materials: Policy drafts
Participants: Policy stakeholders
Preventive controls are designed to discourage or pre-empt policy breaches before they occur. Training, approvals processes, and segregation of duties are examples of preventive controls. (Ohio University)
Detective controls help enforce the policy by identifying breaches after they occur. Forensic analysis and event log auditing are examples of detective controls. (Ohio University)
Not all policies require the same level of enforcement. Policies that are required by law or regulation generally require stricter enforcement than policies that outline best practices or organizational values.
Identify controls and enforcement mechanisms that are in line with policy requirements. Build control and enforcement into procedure documentation as needed.
Standards are requirements that support policy adherence. Server builds and images, purchase approval criteria, and vulnerability severity definitions can all be examples of standards that improve policy adherence.
Where reasonable, use automated controls to enforce standards. If you automate the control, consider how you’ll handle exceptions.
If no standards exist – or best practices can’t be monitored and enforced, as standards require – write guidelines to help users remain in compliance with the policy.
Create Procedures: We’ll cover procedure development and documentation in Phase 3.
In general, failing to follow or strictly enforce a policy creates a risk for the business. If you’re not confident a policy will be followed or enforced, consider using policy statements as guidelines or standards as an interim measure as you update procedures and communicate and roll out changes that support adherence and enforcement.
"A lot of board members and executive management teams… don’t understand the technology and the risks posed by it." (Carole Fennelly, Owner and Principal, cFennelly Consulting)
Role |
Responsibilities |
Executive sponsor |
|
Program lead |
|
Policy writer |
|
IT infrastructure SMEs |
|
Legal expert |
|
"Whether at the level of a government, a department, or a sub-organization: technology and policy expertise complement one another and must be part of the conversation." (Peter Sheingold, Portfolio Manager, Cybersecurity, MITRE Corporation)
Support these processes... |
...with these blueprints... |
...to create SOPs using these templates. |
![]() |
Create a Right-Sized Disaster Recovery Plan | DRP Summary |
![]() |
Implement IT Asset Management | HAM SOP and SAM SOP |
![]() ![]() |
Optimize Change Management | Change Management SOP |
![]() ![]() |
Standardize the Service Desk | Service Desk SOP |
3(b) 30 minutes
OUTPUT: Steps in the current process for one SOP
Materials: Tabletop, pen, and cue cards
Participants: Process owners, SMEs
Don’t get weighed down by tools. Relying on software or other technological tools can detract from the exercise. Use simple tools such as cue cards to record steps so that you can easily rearrange steps or insert steps based on input from the group.
Review the tabletop exercise. What gaps exist in current processes?
How can the processes be made better? What are the outputs and checkpoints?
OUTPUT: Identify steps to optimize the SOP
Materials: Tabletop, pen, and cue cards
Participants: Process owners, SMEs
A note on colors: Use white cards to record steps. Record gaps on yellow cards (e.g. a process step not documented) and risks on red cards (e.g. only one person knows how to execute a step) to highlight your gaps/to-dos and risks to be mitigated or accepted.
If it’s necessary to clarify complex process flows during the exercise, you can also use green cards for decision diamonds, purple for document/report outputs, and blue for subprocesses.
Download the following workflow examples:
![]() |
Start, End, and Connector: Traditional flowcharting standards reserve this shape for connectors to other flowcharts or other points in the existing flowchart. Unified Modeling Language (UML) also uses the circle for start and end points. |
![]() |
Start and End: Traditional flowcharting standards use this for start and end. However, Info-Tech recommends using the circle shape to reduce the number of shapes and avoid confusion with other similar shapes. |
![]() |
Process Step: Individual process steps or activities (e.g. create ticket or escalate ticket). If it’s a series of steps, then use the subprocess symbol and flowchart the subprocess separately. |
![]() |
Subprocess: A series of steps. For example, a critical incident SOP might reference a recovery process as one of the possible actions. Marking it as a subprocess, rather than listing each step within the critical incident SOP, streamlines the flowchart and avoids overlap with other flowcharts (e.g. the recovery process). |
![]() |
Decision: Represents decision points, typically with Yes/No branches, but you could have other branches depending on the question (e.g. a “Priority?” question could branch into separate streams for Priority 1, 2, 3, 4, and 5 issues). |
![]() |
Document/Report Output: For example, the output from a backup process might include an error log. |
"It isn’t unusual for us to see infrastructure or operations documentation that is wildly out of date. We’re talking months, even years. Often it was produced as one big effort and then not reliably maintained." (Gary Patterson, Consultant, Quorum Resources)
Use Info-Tech’s research Create Visual SOP Documents to further evaluate document management practices and toolsets.
Carole Fennelly provides pragmatic cyber security expertise to help organizations bridge the gap between technical and business requirements. She authored the Center for Internet Security (CIS) Solaris and Red Hat benchmarks, which are used globally as configuration standards to secure IT systems. As a consultant, Carole has defined security strategies, and developed policies and procedures to implement them, at numerous Fortune 500 clients. Carole is a Certified Information Security Manager (CISM), Certified Security Compliance Specialist (CSCS), and Certified HIPAA Professional (CHP).
Marko is an IT Audit Manager at audit2advise, where he delivers audit, risk advisory, and project management services. He has worked as a Security Officer, Quality Manager, and Consultant at some of Germany’s largest companies. He is a CISA and is ITIL v3 Intermediate and ITGCP certified.
Martin is a digital transformation enabler who has been involved in various fields of IT for more than 30 years. At Glenfis, he leads large Governance and Service Management projects for various customers. Since 2002, he has been the course manager for ITIL® Foundation, ITIL® Service Management, and COBIT training. He has published two books on ISO 20000 and ITIL.
Myles Suer, according to LeadTails, is the number 9 influencer of CIOs. He is also the facilitator for the CIOChat, which has executive-level participants from around the world in such industries as banking, insurance, education, and government. Myles is also the Industry Solutions Marketing Manager at Dell Boomi.
Peter leads tasks that involve collaboration with the Department of Homeland Security (DHS) sponsors and MITRE colleagues and connect strategy, policy, organization, and technology. He brings a deep background in homeland security and strategic analysis to his work with DHS in the immigration, border security, and cyber mission spaces. Peter came to MITRE in 2005 but has worked with DHS from its inception.
Dr. Austin is a professor of Information Systems at Ivey Business School and an affiliated faculty member at Harvard Medical School. Before his appointment at Ivey, he was a professor of Innovation and Digital Transformation at Copenhagen Business School, and, before that, a professor of Technology and Operations Management at the Harvard Business School.
Ron is a senior IT leader with over 20 years of management experiences from engineering to IT Service Management and operations support. He is known for joining organizations and leading enhanced process efficiency and has improved software, hardware, infrastructure, and operations solution delivery and support. Ron has worked for global and Canadian firms including BlackBerry, DoubleClick, Cogeco, Infusion, Info-Tech Research Group, and Data Communications Management.
Scott is an accomplished IT executive with 26 years of experience in technical and leadership roles. In his current role, Scott provides strategic leadership, vision, and oversight for an IT portfolio supporting 31,000 users consisting of services utilized by campuses located in North America, Asia, and Europe; oversees the University’s Command Center; and chairs the UC Cyberinfrastructure Alliance (UCCA), a group of research IT providers that collectively deliver services to the campus and partners.
Steve has 20 years of experience in information security design, implementation, and assessment. He has provided information security services to a wide variety of organizations, including government agencies, hospitals, universities, small businesses, and large enterprises. With his background as a systems administrator, security consultant, security architect, and information security director, Steve has a strong understanding of both the strategic and tactical aspects of information security. Steve has significant hands-on experience with security controls, operating systems, and applications. Steve has a master's degree in Information Science from the University of Washington.
Tony has over 25 years of international IT leadership experience, within high tech, computing, telecommunications, finance, banking, government, and retail industries. Throughout his career, Tony has led and successfully implemented key corporate initiatives, contributing millions of dollars to the top and bottom line. He established Read & Associates in 2002, an international IT management and program/project delivery consultancy practice whose aim is to provide IT value-based solutions, realizing stakeholder economic value and network advantage. These key concepts are presented in his new book: The IT Value Network: From IT Investment to Stakeholder Value, published by J. Wiley, NJ.
“About Controls.” Ohio University, ND. Web. 2 Feb 2018.
England, Rob. “How to implement ITIL for a client?” The IT Skeptic. Two Hills Ltd, 4 Feb. 2010. Web. 2018.
“Global Corporate IT Security Risks: 2013.” Kaspersky Lab, May 2013. Web. 2018.
“Information Security and Technology Policies.” City of Chicago, Department of Innovation and Technology, Oct. 2014. Web. 2018.
ISACA. COBIT 5: Enabling Processes. International Systems Audit and Control Association. Rolling Meadows, IL.: 2012.
“IT Policy & Governance.” NYC Information Technology & Telecommunications, ND. Web. 2018.
King, Paula and Kent Wada. “IT Policy: An Essential Element of IT Infrastructure”. EDUCAUSE Review. May-June 2001. Web. 2018.
Luebbe, Max. “Simplicity.” Site Reliability Engineering. O’Reilly Media. 2017. Web. 2018.
Swartout, Shawn. “Risk assessment, acceptance, and exception with a process view.” ISACA Charlotte Chapter September Event, 2013. Web. 2018.
“User Guide to Writing Policies.” Office of Policy and Efficiency, University of Colorado, ND. Web. 2018.
“The Value of Policies and Procedures.” New Mexico Municipal League, ND. Web. 2018.
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Make the case for a web experience management suite and structure the WEM strategy project.
Identify the target state WEM strategy, assess current state, and identify gaps.
Build the WEM technology stack and create a web strategy initiatives roadmap.
Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.
Discuss the general project overview for the WEM selection.
Launch of your WEM selection project.
Development of your organization’s WEM requirements.
1.1 Facilitation of activities from the Launch the WEM Project and Collect Requirements phase, including project scoping and resource planning.
1.2 Conduct overview of the WEM market landscape, trends, and vendors.
1.3 Conduct process mapping for selected marketing processes.
1.4 Interview business stakeholders.
1.5 Prioritize WEM functional requirements.
WEM Procurement Project Charter
WEM Use-Case Fit Assessment
Plan the procurement and the implementation of the WEM solution.
Selection of a WEM solution.
A plan for implementing the selected WEM solution.
2.1 Complete marketing process mapping with business stakeholders.
2.2 Interview IT staff and project team, identify technical requirements for the WEM suite, and document high-level solution requirements.
2.3 Perform a use-case scenario assessment, review use-case scenario results, identify use-case alignment, and review the WEM Vendor Landscape vendor profiles and performance.
2.4 Create a custom vendor shortlist and investigate additional vendors for exploration in the marketplace.
2.5 Meet with project manager to discuss results and action items.
Vendor Shortlist
WEM RFP
Vendor Evaluations
Selection of a WEM Solution
WEM projected work break-down
Implementation plan
Framework for WEM deployment and CRM/Marketing Management Suite Integration
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
This blueprint helps you develop an approach to understand your low- and no-code challenges and priorities and to shortlist, govern, and manage the right low- and no-code tools.
This template narrates a story to describe the need and expectations of your low- and no-code initiative to get buy-in from stakeholders and interested parties.
Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.
Understand the personas of your low- and no-code users and their needs.
List the challenges low- and no-code is designed to solve or the opportunities you hope to exploit.
Identify the low- and no-code tools to address your needs.
Level set expectations on what low- and no-code can deliver.
Identify areas where low- and no-code can be the most beneficial.
Select the tools to best address your problem and opportunities.
1.1 Profile your digital end users
1.2 Set reasonable expectations
1.3 List your use cases
1.4 Shortlist your tools
Digital end-user skills assessment
Low- and no-code objectives and metrics
Low- and no-code use case opportunities
Low- and no-code tooling shortlist
Optimize your product delivery process to accommodate low- and no-code.
Review and improve your product delivery and management governance model.
Discuss how to improve your low- and no-code capacities.
Encourage business-IT collaborative practices and improve IT’s reputation.
Shift the right accountability and ownership to the business.
Equip digital end users with the right skills and competencies.
2.1 Adapt your delivery process
2.2 Transform your governance
2.3 Identify your low- and no-code capacities
Low- and no-code delivery process and guiding principles
Low- and no-code governance, including roles and responsibilities, product ownership and guardrails
List of low- and no-code capacity improvements
Design a CoE and/or CoP to support low- and no-code capabilities.
Build a roadmap to illustrate key low- and no-code initiatives.
Ensure coordinated, architected, and planned implementation and adoption of low- and no-code consistently across the organization.
Reaffirm support for digital end users new to low- and no-code.
Clearly communicate your approach to low- and no-code.
3.1 Support digital end users and facilitate cross-functional sharing
3.2 Yield results with a roadmap
Low- and no-code supportive body design (e.g. center of excellence, community of practice)
Low- and no-code roadmap
January 17th, 2025 is when your ability to serve clients without interruption is legislated. At least when you are in the financial services sector, or when you supply such firms. If you are not active in the financial arena, don’t click away. Many of these requirements can just give you an edge over your competition.
Many firms underestimated the impact of the legislation, but let’s be honest, so did the European Union. The last pieces of the puzzle are still not delivered only two days before the law comes into effect.
What is DORA all about again? It is the Digital Operational Resilience Act. In essence, it is about your ability to withstand adverse events that may impact your clients or the financial system.
Aside from some nasty details, this really is just common sense. You need to be organized so that the right people know what is expected of them, from the accountable top to the staff executing the day to day operations. You need to know what to do when things go wrong. You need to know your suppliers, especially those who supply services to your critical business services. You need to test your defenses and your IT. You may want to share intelligence around cyber-attacks.
There, all of the 45 business-relevant DORA articles and technical standards in a single paragraph. The remaining articles deal with the competent authorities and make for good reading as they provide some insights into the workings of the regulatory body. The same goes for the preamble of the law. No less than 104 “musings” that elaborate on the operating environment and intent of the law.
If you’re firm is still in the thick of things trying to become compliant, you are not alone. I have seen at least one regulator indicating that they will be understanding of that situation, but you must have a clear roadmap to compliance in the near future. Your regulator may or may not be in line with that position. In the eastern-most countries of the EU, signals are that the regulator will take a much tougher stance.
(This kind of negates one of the musings of the law; the need for a single view on what financial services firms must adhere to to be considered compliant and resilient. But I think this is an unavoidable byproduct of having culturally diverse member states.)
I dare to say that firms typically have the governance in place as well as the IM processes and testing requirements. The biggest open items seem to be in the actual IT hard operational resilience, monitoring and BCM.
Take a look at your own firm and make an honest assessment in those areas. They key resilience (DORA-related or not) is knowing how your service works and is performing from a client perspective.
You need to know how a client achieves all their interaction goals with your company. Typically this is mapped in the client journey. Unfortunately, this usually only maps the business flow, not the technical flow. And usually you look at it from the client UX perspective. This is obviously very important, but it does not help you to understand the elements that ensure you that your clients can always complete that journey.
The other day, I had a customer journey with an online ski-shop. I had bought two ski helmets in size M, the same size my adult son and I had. When the helmets arrived it turned out they were too small. So, ok, no worries, I start the return process online. Once we complete the initial steps, after a few days I notice that the price for only one helmet is shown on the site. This, despite the indicators that both helmets are approved to be returned. Later both helmets are shown as effectively returned. Refund still shows one helmet’s price. What gives? I give it some more time, but after ten days, I decide to enquire. The site still shows refund for one helmet.
Then I receive an email that both helmets will be refunded as they accepted the state of the helmets (unused) and amount of the refund is now correct. Site still shows the wrong amount.
This is obviously a small inconvenience, but it does show that the IT team does not have a full view of the entire customer journey and systems interactions. You need to fix this.
Suppose this is not about two ski helmets, but about ski or home insurance. Or about the sale of a car or a B2B transaction involving tens or hundreds of thousands of dollars or euro, or any other currency? Does your system show the real-time correct status of the transaction? If not, I would, as a consumer, decide to change provider. Why? Because the trust is gone.
Resilience is about withstanding events that threaten your service to your clients. Events are nit just earthquakes or floods. Events are also wrong or missing information. To protect against that, you need to know what the (value) chain is that leads to you providing that service. Additionally, you need to know if that service chain has any impediments at any moment in time. Aka, you need to know that any service request can be fulfilled at any given time. And to have the right processes and resources in place to fix whatever is not working at that time.
And that is in my opinion the biggest task still outstanding with many companies to ensure true resilience and customer service.
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Identify the KPIs that matter to your organization’s goals.
Use the IT Management Dashboard on the Info-Tech website to display your chosen KPIs.
Use the review of your KPIs to build an action plan to drive performance.
Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.
Determine the KPIs that matter to your organization.
Identify organizational goals
Identify IT goals and their organizational goal alignment
Identify business pain points
1.1 Identify organizational goals.
1.2 Identify IT goals and organizational alignment.
1.3 Identify business pain points.
List of goals and pain points to create KPIs for
Learn how to configure and use the IT Management Dashboard.
Configured IT dashboard
Initial IT scorecard report
2.1 Review metrics and KPI best practices.
2.2 Use the IT Metrics Library.
2.3 Select the KPIs for your organization.
2.4 Use the IT Management Dashboard.
Definition of KPIs to be used, data sources, and ownership
Configured IT dashboard
Learn how to review and plan actions based on the KPIs.
Lead KPI review to actions to improve performance
3.1 Create the scorecard report.
3.2 Interpret the results of the dashboard.
3.3 Use the IT Metrics Library to review suggested actions.
Initial IT scorecard report
Action plan with initial actions
Use your KPIs to drive performance.
Improve your metrics program to drive effectiveness
4.1 Develop your action plan.
4.2 Execute the plan and tracking progress.
4.3 Develop new KPIs as your practice matures.
Understanding of how to develop new KPIs using the IT Metrics Library
Ensure all documentation and plans are complete.
Documented next steps
5.1 Complete IT Metrics Library documentation.
5.2 Document decisions and next steps.
IT Metrics Library
Action plan
It’s difficult for CIOs and other top-level leaders of IT to know if everything within their mandate is being managed effectively. Gaining visibility into what’s happening on the front lines without micromanaging is a challenge most top leaders face.
Understanding Info-Tech’s Management and Governance Framework of processes that need to be managed and being able to measure what’s important to their organization's success can give leaders the ability to focus on their key responsibilities of ensuring service effectiveness, enabling increased productivity, and creating the ability for their teams to innovate.
Even if you know what to measure, the measurement alone will lead to minimal improvements. Having the right methods in place to systematically collect, review, and act on those measurements is the differentiator to driving up the maturity of your IT organization.
The tools in this blueprint can help you identify what to measure, how to review it, and how to create effective plans to improve performance.
Tony Denford
Research Director, Info-Tech Research Group
Info-Tech Insight
Mature your IT department by aligning your measures with your organizational goals. Acting early when your KPIs deviate from the goals leads to improved performance.
Build your dashboard quickly using the toolset in this research and move to improvement actions as soon as possible.
Productivity increased by 30%
Fire/smoke incidents decreased by 25% (high priority)
Average work request response time reduced by 64%
Savings of $1.6 million in the first year
(CFI, 2013)
Don’t get overwhelmed by the number of things you can measure. It can take some trial and error to find the measures that best indicate the health of the process.
35% - Only 35% of governing bodies review data at each meeting. (Committee of University Chairs, 2008)
Poor data can lead to incorrect conclusions, limit analysis, and undermine confidence in the value of your dashboard.
Achieving perfect data is extremely time consuming and may not add much value. It can also be an excuse to avoid getting started with metrics and analytics.
Data quality is a struggle for many organizations. Consider how much uncertainty you can tolerate in your analysis and what would be required to improve your data quality to an acceptable level. Consider cost, technological resources, people resources, and time required.
Info-Tech Insight
Analytics are only as good as the data that informs it. Aim for just enough data quality to make informed decisions without getting into analysis paralysis.
Tying KPIs and metrics to performance often leads to undesired behavior. An example of this is the now infamous Wells Fargo cross-selling scandal, in which 3.5 million credit card and savings accounts were opened without customers’ consent when the company incented sales staff to meet cross-selling targets.
Although this is an extreme example, it’s an all-too-common phenomenon.
A focus on the speed of closure of tickets often leads to shortcuts and lower-quality solutions.
Tying customer value to the measures can align the team on understanding the objective rather than focusing on the measure itself, and the team will no longer be able to ignore the impact of their actions.
Surrogation is a phenomenon in which a measure of a behavior replaces the intent of the measure itself. People focus on achieving the measure instead of the behavior the measure was intended to drive.
The Threefold Role of the IT Executive | Core CIO Objectives |
---|---|
IT Organization - Manager | A - Optimize the Effectiveness of the IT Organization |
Enterprise - Partner | B - Boost the Productivity of the Enterprise |
Market - Innovator | C - Enable Business Growth Through Technology |
Low-Maturity Metrics Program
Trailing indicators measure the outcomes of the activities of your organization. Hopefully, the initiatives and activities are aligned with the organizational goals.
High-Maturity Metrics Program
The core CIO objectives align with the organizational goals, and teams define leading indicators that show progress toward those goals. KPIs are reviewed often and adjustments are made to improve performance based on the leading indicators. The results are improved outcomes, greater transparency, and increased predictability.
Periodically: As appropriate, review the effectiveness of the KPIs and adjust as needed.
Frequently: At least once per month, but the more frequent, the more agility your organization will have.
1. Choose the KPIs | 2. Build the Dashboard | 3. Create the Action Plan | |
---|---|---|---|
Phase Steps |
|
|
|
Phase Outcomes | A defined and documented list of the KPIs that will be used to monitor each of the practice areas in your IT mandate | A configured dashboard covering all the practice areas and the ability to report performance in a consistent and visible way | An action plan for addressing low-performing indicators |
Don’t just measure things because you can. Change what you measure as your organization becomes more mature.
Measure things that will resolve pain points or drive you toward your goals.
Look for indicators that show the health of the practice, not just the results.
Ease of use will determine the success of your metrics program, so keep it simple to create and review the indicators.
If indicators are showing suboptimal performance, develop an action plan to drive the indicator in the right direction.
Act early and often.
Ensure you understand what’s valued and measure whether the value is being produced. Let front-line managers focus on tactical measures and understand how they are linked to value.
Determine what action will lead to the desired result and measure if the action is being performed. It’s better to predict outcomes than react to them.
Customize the KPIs for your organization using the IT Metrics Library
Keep track of the actions that are generated from your KPI review
The IT Overall Scorecard gives a holistic view of the performance of each IT function
Keeping track of the number of actions identified and completed is a low overhead measure. Tracking time or money saved is higher overhead but also higher value.
Industry: Government Services
Source: Info-Tech analyst experience
A newly formed application support team with service desk responsibilities was becoming burned out due to the sheer volume of work landing on their desks. The team was very reactive and was providing poor service due to multiple conflicting priorities.
To make matters worse, there was a plan to add a major new application to the team’s portfolio.
The team began to measure the types of work they were busy doing and then assessed the value of each type of work.
The team then problem solved how they could reduce or eliminate their low-value workload.
This led to tracking how many problems were being resolved and improved capabilities to problem solve effectively.
Upon initial data collection, the team was performing 100% reactive workload. Eighteen months later slightly more than 80% of workload was proactive high-value activities.
The team not only was able to absorb the additional workload of the new application but also identified efficiencies in their interactions with other teams that led to a 100% success rate in the change process and a 92% decrease in resource needs for major incidents.
"Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful."
"Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track."
"We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place."
"Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project."
Call #1: Scope dashboard and reporting needs.
Call #2: Learn how to use the IT Metrics Library to select your metrics.
Call #3: Set up the dashboard.
Call #4: Capture data and produce the report.
Phase 3 – Create the Action Plan
Call #5: Review the data and use the metrics library to determine actions.
Call #6: Improve the KPIs you measure.
A Guided Implementation (GI) is series of calls with an Info-Tech analyst to help implement our best practices in your organization.
A typical GI is between 5 and 8 calls over the course of 2 to 3 months.
Contact your account representative for more information.
workshops@infotech.com 1-888-670-8889
Day 1 | Day 2 | Day 3 | Day 4 | Day 5 | |
---|---|---|---|---|---|
Identify What to Measure | Configure the Dashboard Tool | Review and Develop the Action Plan | Improve Your KPIs | Compile Workshop Output | |
Activities | 1.1 Identify organizational goals. 1.2 Identify IT goals and organizational alignment. 1.3 Identify business pain points. |
2.1 Determine metrics and KPI best practices. 2.2 Learn how to use the IT Metrics Library. 2.3 Select the KPIs for your organization. 2.4 Configure the IT Management Dashboard. |
3.1 Create the scorecard report. 3.2 Interpret the results of the dashboard. 3.3 Use the IT Metrics Library to review suggested actions. |
4.1 Develop your action plan. 4.2 Execute the plan and track progress. 4.3 Develop new KPIs as your practice matures. |
5.1 Complete the IT Metrics Library documentation. 5.2 Document decisions and next steps. |
Outcomes | 1. List of goals and pain points that KPIs will measure | 1. Definition of KPIs to be used, data sources, and ownership 2. Configured IT dashboard |
1. Initial IT scorecard report 2. Action plan with initial actions |
1. Understanding of how to develop new KPIs using the IT Metrics Library | 1. IT Metrics Library documentation 2. Action plan |
Phase 1
1.1 Review Available KPIs
1.2 Select KPIs for Your Org.
1.3 Identify Data Sources and Owners
Phase 2
2.1 Understand the IT Management Dashboard
2.2 Build and Review the KPIs
Phase 3
3.1 Prioritize Low-Performing Indicators
3.2 Review Suggested Actions
3.3 Develop the Action Plan
This phase will walk you through the following activities:
Reviewing and selecting the KPIs suggested in the IT Metrics Library.
Identifying the data source for the selected KPI and the owner responsible for data collection.
This phase involves the following participants:
1.1.1 Download the IT Metrics Library and review the KPIs for each practice area.
Step 1.1 – Review Available KPIs
Step 1.2 – Select KPIs for Your Org.
Step 1.3 – Identify Data Sources and owners
This step will walk you through the following activities:
Downloading the IT Metrics Library
Understanding the content of the tool
Reviewing the intended goals for each practice area
This step involves the following participants:
Downloaded tool ready to select the KPIs for your organization
The “Practice” and “Process” columns relate to each of the boxes on the Info-Tech Management and Governance Framework. This ensures you are measuring each area that needs to be managed by a typical IT department.
KPI - The key performance indicator to review
CSF - What needs to happen to achieve success for each goal
Goal - The goal your organization is trying to achieve
Owner - Who will be accountable to collect and report the data
Data Source (typical) - Where you plan to get the data that will be used to calculate the KPI
Baseline/Target - The baseline and target for the KPI
Rank - Criticality of this goal to the organization's success
Action - Suggested action if KPI is underperforming
Blueprint - Available research to address typical underperformance of the KPI
Practice/Process - Which practice and process the KPI represents
1.2.1 Select the KPIs that will drive your organization forward
1.2.2 Remove unwanted KPIs from the IT Metrics Library
Step 1.1 – Review Available KPIs
Step 1.2 – Select KPIs for Your Org.
Step 1.3 – Identify Data Sources and Owners
This step will walk you through the following activities:
This step involves the following participants:
A shortlist of selected KPIs
1.3.1 Document the data source
1.3.2 Document the owner
1.3.3 Document baseline and target
Step 1.1 – Review Available KPIs
Step 1.2 – Select KPIs for Your Org.
Step 1.3 – Identify Data Sources and Owners
This step will walk you through the following activities:
Documenting for each KPI where you plan to get the data, who is accountable to collect and report the data, what the current baseline is (if available), and what the target is
This step involves the following participants:
A list of KPIs for your organization with appropriate attributes documented
Phase 1
1.1 Review Available KPIs
1.2 Select KPIs for Your Org.
1.3 Identify Data Sources and Owners
Phase 2
2.1 Understand the IT Management Dashboard
2.2 Build and Review the KPIs
Phase 3
3.1 Prioritize Low-Performing Indicators
3.2 Review Suggested Actions
3.3 Develop the Action Plan
This phase will walk you through the following activities:
Understanding the IT Management Dashboard
Configuring the IT Management Dashboard and entering initial measures
Produce thing IT Scorecard from the IT Management Dashboard
Interpreting the results
This phase involves the following participants:
2.1.1 Logging into the IT Management Dashboard
2.1.2 Understanding the “Overall Scorecard” tab
2.1.3 Understanding the “My Metrics” tab
Step 2.1 – Understand the IT Management Dashboard
Step 2.2 – Build and review the KPIs
This step will walk you through the following activities:
Accessing the IT Management Dashboard
Basic functionality of the tool
This step involves the following participants:
Understanding of how to administer the IT Management Dashboard
2.2.1 Entering the KPI descriptions
2.2.2 Entering the KPI actuals
2.2.3 Producing the IT Overall Scorecard
Step 2.1 – Understand the IT Management Dashboard
Step 2.2 – Build and review the KPIs
This step will walk you through the following activities:
Entering the KPI descriptions
Entering the actuals for each KPI
Producing the IT Overall Scorecard
This step involves the following participants:
An overall scorecard indicating the selected KPI performance
Example of a custom metric
Example of a standard metric
Phase 1
1.1 Review Available KPIs
1.2 Select KPIs for Your Org.
1.3 Identify Data Sources and Owners
Phase 2
2.1 Understand the IT Management Dashboard
2.2 Build and Review the KPIs
Phase 3
3.1 Prioritize Low-Performing Indicators
3.2 Review Suggested Actions
3.3 Develop the Action Plan
This phase will walk you through the following activities:
Prioritizing low-performing indicators
Using the IT Metrics Library to review suggested actions
Developing your team’s action plan to improve performance
This phase involves the following participants:
3.1.1 Determine criteria for prioritization
3.1.2 Identify low-performing indicators
3.1.3 Prioritize low-performing indicators
Step 3.1 – Prioritize low-performing indicators
Step 3.2 – Review suggested actions
Step 3.3 – Develop the action plan
This step will walk you through the following activities:
Determining the criteria for prioritization of low-performing indicators
Identifying low-performing indicators
Prioritizing the low-performing indicators
This step involves the following participants:
A prioritized list of low-performing indicators that need remediation
Often when metrics programs are established, there are multiple KPIs that are not performing at the desired level. It’s easy to expect the team to fix all the low-performing indicators, but often teams are stretched and have conflicting priorities.
Therefore it’s important to spend some time to prioritize which of your indicators are most critical to the success of your business.
Also consider, if one area is performing well and others have multiple poor indicators, how do you give the right support to optimize the results?
Lastly, is it better to score slightly lower on multiple measures or perfect on most but failing badly on one or two?
3.2.1 Review suggested actions in the IT Metrics Library
Step 3.1 – Prioritize low-performing indicators
Step 3.2 – Review suggested actions
Step 3.3 – Develop the action plan
This step will walk you through the following activities:
Reviewing the suggested actions in the IT Metrics Library
This step involves the following participants:
An idea of possible suggested actions
3.3.1 Document planned actions
3.3.2 Assign ownership of actions
3.3.3 Determine timeline of actions
3.3.4 Review past action status
Step 3.1 – Prioritize low- performing indicators
Step 3.2 – Review suggested actions
Step 3.3 – Develop the action plan
This step will walk you through the following activities:
Using the action plan tool to document the expected actions for low-performing indicators
Assigning an owner and expected due date for the action
Reviewing past action status for accountability
This step involves the following participants:
An action plan to invoke improved performance
Info-Tech Insight
For larger initiatives try to break the task down to what is likely manageable before the next review. Seeing progress can motivate continued action.
Info-Tech Insight
Assigning clear ownership can promote accountability for progress.
Info-Tech Insight
If the target completion date is too far in the future, break the task into manageable chunks.
Info-Tech Insight
Seek to understand the reasons that tasks are not being completed and problem solve for creative solutions to improve performance.
Keeping track of the number of actions identified and completed is a low overhead measure.
Tracking time or money saved is higher overhead but also higher value.
Metric | Current | Goal |
---|---|---|
Number of actions identified per month as a result of KPI review | 0 | TBD |
$ saved through actions taken due to KPI review | 0 | TBD |
Time saved through actions taken due to KPI review | 0 | TBD |
Through this project we have identified typical key performance indicators that are important to your organization’s effective management of IT.
You’ve populated the IT Management Dashboard as a simple method to display the results of your selected KPIs.
You’ve also established a regular review process for your KPIs and have a method to track the actions that are needed to improve performance as a result of the KPI review. This should allow you to hold individuals accountable for improvement efforts.
You can also measure the effectiveness of your KPI program by tracking how many actions are identified as a result of the review. Ideally you can also track the money and time savings.
If you would like additional support, have our analysts guide you through other phases as part of an Info-Tech workshop.
Contact your account representative for more information.
workshops@infotech.com
1-888-670-8889
Contact your account representative for more information.
workshops@infotech.com 1-888-670-8889
To accelerate this project, engage your IT team in an Info-Tech Workshop with an Info-Tech analyst team.
Info-Tech analysts will join you and your team at your location or welcome you to Info-Tech’s historic Toronto office to participate in an innovative onsite workshop.
The following are sample activities that will be conducted by Info-Tech analysts with your team:
Select the KPIs for your organization
Examine the benefits of the KPIs suggested in the IT Metrics Library and help selecting those that will drive performance for your maturity level.
Build an action plan
Discuss options for identifying and executing actions that result from your KPI review. Determine how to set up the discipline needed to make the most of your KPI review program.
Principal Research Director, CIO – Service Management Info-Tech Research Group
Practice Lead, CIO – People & Leadership Info-Tech Research Group
Practice Lead, Infrastructure & Operations Info-Tech Research Group
Practice Lead, Security, Risk & Compliance Info-Tech Research Group
Practice Lead, Applications and Agile Development Info-Tech Research Group
Practice Lead, Applications – Project and Portfolio Mgmt. Info-Tech Research Group
Vice President, Applications Info-Tech Research Group
Research Director, CIO Info-Tech Research Group
Practice Lead, Enterprise Applications Info-Tech Research Group
Practice Lead, Enterprise Architecture, Data & BI Info-Tech Research Group
Executive Counselor Info-Tech Research Group
Develop Meaningful Service Metrics to Ensure Business and User Satisfaction
Use Applications Metrics That Matter
Take Control of Infrastructure Metrics
Bach, Nancy. “How Often Should You Measure Your Organization's KPIs?” EON, 26 June 2018. Accessed Jan. 2020.
“The Benefits of Tracking KPIs – Both Individually and for a Team.” Hoopla, 30 Jan. 2017. Accessed Jan. 2020.
Chepul, Tiffany. “Top 22 KPI Examples for Technology Companies.” Rhythm Systems, Jan. 2020. Accessed Jan. 2020.
Cooper, Larry. “CSF's, KPI's, Metrics, Outcomes and Benefits” itSM Solutions. 5 Feb. 2010. Accessed Jan 2020.
“CUC Report on the implementation of Key Performance Indicators: case study experience.” Committee of University Chairs, June 2008. Accessed Jan 2020.
Harris, Michael, and Bill Tayler. “Don’t Let Metrics Undermine Your Business.” HBR, Sep.–Oct 2019. Accessed Jan. 2020.
Hatari, Tim. “The Importance of a Strong KPI Dashboard.” TMD Coaching. 27 Dec. 2018. Accessed Jan. 2020.
Roy, Mayu, and Marian Carter. “The Right KPIs, Metrics for High-performing, Cost-saving Space Management.” CFI, 2013. Accessed Jan 2020.
Schrage, Michael, and David Kiron. “Leading With Next-Generation Key Performance Indicators.” MIT Sloan Management Review, 26 June 2018. Accessed Jan. 2020.
Setijono, Djoko, and Jens J. Dahlgaard. “Customer value as a key performance indicator (KPI) and a key improvement indicator (KII)” Emerald Insight, 5 June 2007. Accessed Jan 2020.
Skinner, Ted. “Balanced Scorecard KPI Examples: Comprehensive List of 183 KPI Examples for a Balanced Scorecard KPI Dashboard (Updated for 2020).” Rhythm Systems, Jan. 2020. Accessed Jan 2020.
Wishart, Jessica. “5 Reasons Why You Need The Right KPIs in 2020” Rhythm Systems, 1 Feb. 2020. Accessed Jan. 2020.
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Align your improvements with business goals and the shift-left strategy.
Record potential improvements in your CSI Register, as you review best practices for each channel.
Streamline your ticket intake process and prioritize opportunities for improvement.
Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.
Brainstorm improvements to your systems and processes that will help you optimize.
Develop a single point of contact.
Reduce the time before a technician can start productively working on a ticket.
Enable Tier 1 and end users to complete more tickets.
1.1 Prioritize channels for improvement.
1.2 Optimize the voice channel.
1.3 Identify improvements for self service.
1.4 Improve Tier 1 agents’ access to information.
1.5 Optimize supplementary ticket channels.
Action items to improve the voice channel.
Populated CSI Register for self-service channels.
Identified action items for the knowledgebase.
Populated CSI Register for additional ticket channels.
Create long-term growth by taking a sustainable approach to improvements.
Streamline your overall ticket intake process for incidents and service requests.
2.1 Map out the incident intake processes.
2.2 Identify opportunities to streamline the incident workflow.
2.3 Map out the request processes.
2.4 Identify opportunities to streamline the request workflow.
Streamlined incident intake process.
Streamlined request intake process.
Populated CSI Register for request intake.
There are three critical components to the grant application process:
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Identify grant funding opportunities that align with your organization's priorities. Ensure the programs, services, projects, and initiatives that align with these priorities can be financially supported by grant funding.
Prioritize applying for the grant opportunities that your organization identified. Be sure to consider the feasibility of implementing the project or initiative if your organization is awarded the grant.
Write a competitive grant application that has been strategically developed and actively critiqued by various internal and external reviewers.
Submit an exemplary grant application that meets the guidelines and expectations of the granting agency prior to the due date.
Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.
Determine the key priorities of your organization and identify grant funding opportunities that align with those priorities.
Prevents duplicate grant applications from being submitted
Ensures the grant and the organization's priorities are aligned
Increases the success rate of grant applications
1.1 Discuss grant funding opportunities and their importance to the organization.
1.2 Identify organizational priorities.
An understanding of why grants are important to your organization
A list of priorities being pursued by your organization
Identify potential grant funding opportunities that align with the projects/initiatives the organization would like to pursue. Prioritize these funding opportunities and identify which should take precedent based on resourcing, importance, likelihood of success, and feasibility.
Generate a list of potential funding opportunities that can be revisited when resources allow
Obtain consensus from your working group on which grants should be pursued based on how they have been prioritized
2.1 Develop a list of potential grant funding opportunities.
2.2 Define the resource capacity your organization has to support the granting writing process.
2.3 Discuss and prioritize grant opportunities
A list of potential grant funding opportunities
Realistic expectations of your organization's capacity to undertake the grant writing lifecycle
Notes and priorities from your discussion on grant opportunities
Take the grant that was given top priority in the last section and sketch out a draft of what that application will look like. Think critically about the sketch and determine if there are opportunities to further clarify and demonstrate the goals of the grant application.
A sketch ready to be developed into a grant application
A critique of the sketch to ensure that the application will be well understood by the reviewers of your submission
3.1 Sketch the grant application.
3.2 Perform a SWOT analysis of the grant sketch.
A sketched version of the grant application ready to be drafted
A SWOT analysis that critically examines the sketch and offers opportunities to enhance the application
Have the grant application actively critiqued by various internal and external individuals. This will increase the grant application's quality and generate understanding of the application submission and post-submission process.
A list of individuals (internal and external) that can potentially review the application prior to submission
Preparation for the submission process
An understanding of why the opportunity to learn how to improve future grant applications is so important
4.1 Identify potential individuals who will review the draft of your grant application.
4.2 Discuss next steps around the grant submission.
4.3 Review grant writing best practices.
A list of potential individuals who can be asked to review and critique the grant application
An understanding of what the next steps in the process will be
Knowledge of grant writing best practices
Businesses are expected to balance achieving innovation through initiatives that transform the organization with effective risk management. While this is nothing new, added challenges arise due to:
Address digital risk to build digital resilience. In the process, you will drive transformation and maintain digital trust among your employees, end users, and consumers by:
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Discover an overview of what digital risk is, learn how to assess risk factors for the five primary categories of digital risk, see several industry-specific scenarios, and explore how to plan for and mitigate identified risks.
Begin building the digital risk profile for your organization, identify where your key areas of risk exposure exist, and assign ownership and accountability among the organization’s business units.
Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.
Develop an understanding and standard definition of what digital risk is, who it impacts, and its relevance to the organization.
Understand what digital risk means and how it differs from traditional enterprise or cybersecurity risk.
Develop a definition of digital risk that recognizes the unique external and internal considerations of your organization.
1.1 Review the business context
1.2 Review the current roles of enterprise, IT, and cyber risk management within the organization
1.3 Define digital transformation and list transformation initiatives
1.4 Define digital risk in the context of the organization
1.5 Define digital resilience in the context of the organization
Digital risk drivers
Applicable definition of digital risk
Applicable definition of digital resilience
Understand the roles digital risk management and your digital risk profile have in helping your organization achieve safe, transformative growth.
An overview and understanding of digital risk categories and subsequent individual digital risk factors for the organization
Industry considerations that highlight the importance of managing digital risk
A structured approach to managing the categories of digital risk
2.1 Review and discuss industry case studies and industry examples of digital transformation and digital risk
2.2 Revise the organization's list of digital transformation initiatives (past, current, and future)
2.3 Begin to build your organization's Digital Risk Management Charter (with inputs from Module 1)
2.4 Revise, customize, and complete a Digital Risk Management Charter for the organization
Digital Risk Management Charter
Industry-specific digital risks, factors, considerations, and scenarios
The organization's digital risks mapped to its digital transformation initiatives
Develop an initial digital risk profile that identifies the organization’s core areas of focus in managing digital risk.
A unique digital risk profile for the organization
Digital risk management initiatives that are mapped against the organization's current strategic initiatives and aligned to meet your digital resilience objectives and benchmarks
3.1 Review category control questions within the Digital Risk Profile Tool
3.2 Complete all sections (tabs) within the Digital Risk Profile Tool
3.3 Assess the results of your Digital Risk Profile Tool
3.4 Discuss and assign initial weightings for ownership of digital risk among the organization's stakeholders
Completion of all category tabs within the Digital Risk Profile Tool
Initial stakeholder ownership assignments of digital risk categories
Refine the digital risk management plan for the organization.
A targeted, organization-specific approach to managing digital risk as a part of the organization's projects and initiatives on an ongoing basis
An executive presentation that outlines digital risk management for your senior leadership team
4.1 Conduct brief information sessions with the relevant digital risk stakeholders identified in Module 3.
4.2 Review and revise the organization's Digital Risk Profile as necessary, including adjusting weightings for the digital risk categories
4.3 Begin to build an actionable digital risk management plan
4.4 Present your findings to the organization's relevant risk leaders and executive team
A finalized and assessed Digital Risk Profile Tool
Stakeholder ownership for digital risk management
A draft Digital Risk Management plan and Digital Risk Management Executive Report
As AI technologies are constantly evolving, organizations are looking for AI trends and research developments to understand the future applications of AI in their industries.
Understanding AI trends and developments enables an organization’s competitive advantage.
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
The eight trends:
Challenges that slowed the adoption of AI |
To overcome the challenges, enterprises adopted different strategies |
---|---|
Data Readiness
|
|
ML Operations Capabilities
|
|
Understanding of AI Role and Its Business Value
|
|
Sustainable AI system design needs to consider several aspects: the business application of the system, data, software and hardware, governance, privacy, and security.
It is important to define from the beginning how AI will be used by and for the application to clearly articulate business value, manage expectations, and set goals for the implementation.
Design for AI will change how we store and manage data and how we approach the use of data for development and operation of AI systems.
An AI system design approach should cover all stages of AI lifecycle, from design to maintenance. It should also support and enable iterative development of an AI system.
To take advantage of different tools and technologies for AI system development, deployment, and monitoring, the design of an AI system should consider software and hardware needs and design for seamless and efficient integrations of all components of the system and with other existing systems within the enterprise.
AI helps sequence genomes to identify variants in a person’s DNA that indicate genetic disorders. It allows researchers to model and calculate complicated physics processes, to forecast the genesis of the universe’s structure, and to understand planet ecosystem to help advance the climate research. AI drives advances in drug discovery and can assist with molecule synthesis and molecular property identification.
AI finds application in all areas of science and engineering. The role of AI in science will grow and allow scientists to innovate faster.
AI will further contribute to scientific understanding by assisting scientists in deriving new insights, generating new ideas and connections, generalizing scientific concepts, and transferring them between areas of scientific research.
Using synthetic data and combining physical and machine learning models and other advances of AI/ML – such as graphs, use of unstructured data (language models), and computer vision – will accelerate the use of AI in science and engineering.
AI-driven signal-gathering systems analyze a continuous stream of data to generate insights and predictions that enable strategic decision modeling and scenario planning by providing understanding of how and what areas of business might be impacted by certain events.
AI enables the scenario-based approach to drive insights through pattern identification in addition to familiar pattern recognition, helping to understand how events are related.
A system with anticipatory capabilities requires an event-driven architecture that enables gathering and analyzing different types of data (text, video, images) across multiple channels (social media, transactional systems, news feeds, etc.) for event-driven and event-sequencing modeling.
ML simulation-based training of the model using advanced techniques under the umbrella of Reinforcement Learning in conjunction with statistically robust Bayesian probabilistic framework will aid in setting up future trends in AI.
Most of the applications of machine learning and AI today is about predicting future behaviors based on historical data and past behaviors. We can predict what product the customer would most likely buy or the price of a house when it goes on sale.
Most of the current algorithms use the correlation between different parameters to make a prediction, for example, the correlation between the event and the outcome can look like “When X occurs, we can predict that Y will occur.” This, however, does not translate into “Y occurred because of X.”
The development of a causal AI that uses causal inference to reason and identify the root cause and the causal relationships between variables without mistaking correlation and causation is still in its early stages but rapidly evolving.
Some of the algorithms that the researchers are working with are casual graph models and algorithms that are at the intersection of causal inference with decision making and reinforcement learning (Causal Artificial Intelligence Lab, 2022).
Synthetic data is artificially generated data that mimics the structure of real-life data. It should also have the same mathematical and statistical properties as the real-world data that it is created to replicate.
Synthetic data is used to train machine learning models when there is not enough real data or the existing data does not meet specific needs. It allows users to remove contextual bias from data sets containing personal data, prevent privacy concerns, and ensure compliance with privacy laws and regulations.
Another application of synthetic data is solving data-sharing challenges.
Researchers learned that quite often synthetic data sets outperform real-world data. Recently, a team of researchers at MIT built a synthetic data set of 150,000 video clips capturing human actions and used that data set to train the model. The researchers found that “the synthetically trained models performed even better than models trained on real data for videos that have fewer background objects” (MIT News Office, 2022).
Today, synthetic data is used in language systems, in training self-driving cars, in improving fraud detection, and in clinical research, just to name a few examples.
Synthetic data opens the doors for innovation across all industries and applications of AI by enabling access to data for any scenario and technology and business needs.
Digital twins (DT) are virtual replicas of physical objects, devices, people, places, processes, and systems. In Manufacturing, almost every product and manufacturing process can have a complete digital replica of itself thanks to IoT, streaming data, and cheap cloud storage.
All this data has allowed for complex simulations of, for example, how a piece of equipment will perform over time to predict future failures before they happen, reducing costly maintenance and extending equipment lifetime.
In addition to predictive maintenance, DT and AI technologies have enabled organizations to design and digitally test complex equipment such as aircraft engines, trains, offshore oil platforms, and wind turbines before physically manufacturing them. This helps to improve product and process quality, manufacturing efficiency, and costs. DT technology also finds applications in architecture, construction, energy, infrastructure industries, and even retail.
Digital twins combined with the metaverse provide a collaborative and interactive environment with immersive experience and real-time physics capabilities (as an example, Siemens presented an Immersive Digital Twin of a Plant at the Collision 2022 conference).
Future trends include enabling autonomous behavior of a DT. An advanced DT can replicate itself as it moves into several devices, hence requiring the autonomous property. Such autonomous behavior of the DT will in turn influence the growth and further advancement of AI.
A simple definition for edge AI: A combination of edge computing and artificial intelligence, it enables the deployment of AI applications in devices of the physical world, in the field, where the data is located, such as IoT devices, devices on the manufacturing floor, healthcare devices, or a self-driving car.
Edge AI integrates AI into edge computing devices for quicker and improved data processing and smart automation.
The main benefits of edge AI include:
Edge AI is already used in a variety of applications and use cases including computer vision, geospatial intelligence, object detection, drones, and health monitoring devices.
“Combinatorial optimization is a subfield of mathematical optimization that consists of finding an optimal object from a finite set of objects” (Wikipedia, retrieved December 2022).
Applications of combinatorial optimization include:
Classical combinatorial optimization (CO) techniques were widely used in operations research and played a major role in earlier developments of AI.
The introduction of deep learning algorithms in recent years allowed researchers to combine neural network and conventional optimization algorithms; for example, incorporating neural combinatorial optimization algorithms in the conventional optimization framework. Researchers confirmed that certain combinations of these frameworks and algorithms can provide significant performance improvements.
The research in this space continues and we look forward to learning how machine learning and AI (backtracking algorithms, reinforcement learning, deep learning, graph attention networks, and others) will be used for solving challenging combinatorial and decision-making problems.
“AI Can Power Scenario Planning for Real-Time Strategic Insights.” The Wall Street Journal, CFO Journal, content by Deloitte, 7 June 2021. Accessed 11 Dec. 2022.
Ali Fdal, Omar. “Synthetic Data: 4 Use Cases in Modern Enterprises.” DATAVERSITY, 5 May 2022. Accessed
11 Dec. 2022.
Andrews, Gerard. “What Is Synthetic Data?” NVIDIA, 8 June 2021. Accessed 11 Dec. 2022.
Bareinboim, Elias. “Causal Reinforcement Learning.” Causal AI, 2020. Accessed 11 Dec. 2022.
Bengio, Yoshua, Andrea Lodi, and Antoine Prouvost. “Machine learning for combinatorial optimization: A methodological tour d’horizon.” European Journal of Operational Research, vol. 290, no. 2, 2021, pp. 405-421, https://doi.org/10.1016/j.ejor.2020.07.063. Accessed 11 Dec. 2022.
Benjamins, Richard. “Four design principles for developing sustainable AI applications.” Telefónica S.A., 10 Sept. 2018. Accessed on 11 Dec. 2022.
Blades, Robin. “AI Generates Hypotheses Human Scientists Have Not Thought Of.” Scientific American, 28 October 2021. Accessed 11 Dec. 2022.
“Combinatorial Optimization.” Wikipedia article, Accessed 11 Dec. 2022.
Cronholm, Stefan, and Hannes Göbel. “Design Principles for Human-Centred Artificial Intelligence.” University of Borås, Sweden, 11 Aug. 2022. Accessed on 11 Dec. 2022
Devaux, Elise. “Types of synthetic data and 4 real-life examples.” Statice, 29 May 2022. Accessed 11 Dec. 2022.
Emmental, Russell. “A Guide to Causal AI.” ITBriefcase, 30 March 2022. Accessed 11 Dec. 2022.
“Empowering AI Leadership: AI C-Suite Toolkit.” World Economic Forum, 12 Jan. 2022. Accessed 11 Dec 2022.
Falk, Dan. “How Artificial Intelligence Is Changing Science.” Quanta Magazine, 11 March 2019. Accessed 11 Dec. 2022.
Fritschle, Matthew J. “The Principles of Designing AI for Humans.” Aumcore, 17 Aug. 2018. Accessed 8 Dec. 2022.
Garmendia, Andoni I., et al. Neural Combinatorial Optimization: a New Player in the Field.” IEEE, arXiv:2205.01356v1, 3 May 2022. Accessed 11 Dec. 2022.
Gülen, Kerem. “AI Is Revolutionizing Every Field and Science is no Exception.” Dataconomy Media GmbH, 9 Nov. 9, 2022. Accessed 11 Dec. 2022
Krenn, Mario, et al. “On scientific understanding with artificial intelligence.” Nature Reviews Physics, vol. 4, 11 Oct. 2022, pp. 761–769. https://doi.org/10.1038/s42254-022-00518-3. Accessed 11 Dec. 2022.
Laboratory for Information and Decision Systems. “The real promise of synthetic data.” MIT News, 16 Oct. 2020. Accessed 11 Dec. 2022.
Lecca, Paola. “Machine Learning for Causal Inference in Biological Networks: Perspectives of This Challenge.” Frontiers, 22 Sept. 2021. Accessed 11 Dec. 2022.
Mirabella, Lucia. “Digital Twin x Metaverse: real and virtual made easy.” Siemens presentation at Collision 2022 conference, Toronto, Ontario. Accessed 11 Dec. 2022.
Mitchum, Rob, and Louise Lerner. “How AI could change science.” University of Chicago News, 1 Oct. 2019. Accessed 11 Dec. 2022.
Okeke, Franklin. “The benefits of edge AI.” TechRepublic, 22 Sept. 2022, Accessed 11 Dec. 2022.
Perlmutter, Nathan. “Machine Learning and Combinatorial Optimization Problems.” Crater Labs, 31 July 31, 2019. Accessed 11 Dec. 2022.
Sampson, Ovetta. “Design Principles for a New AI World.” UX Magazine, 6 Jan. 2022. Accessed 11 Dec. 2022.
Sgaier, Sema K., Vincent Huang, and Grace Charles. “The Case for Causal AI.” Stanford Social Innovation Review, Summer 2020. Accessed 11 Dec. 2022.
“Synthetic Data.” Wikipedia article, Accessed 11 Dec. 2022.
Take, Marius, et al. “Software Design Patterns for AI-Systems.” EMISA Workshop 2021, CEUR-WS.org, Proceedings 30. Accessed 11 Dec. 2022.
Toews, Rob. “Synthetic Data Is About To Transform Artificial Intelligence.” Forbes, 12 June 2022. Accessed
11 Dec. 2022.
Zewe, Adam. “In machine learning, synthetic data can offer real performance improvements.” MIT News Office, 3 Nov. 2022. Accessed 11 Dec. 2022.
Zhang, Junzhe, and Elias Bareinboim. “Can Humans Be out of the Loop?” Technical Report, Department of Computer Science, Columbia University, NY, June 2022. Accessed 11 Dec. 2022.
![]() |
![]() |
![]() |
![]() |
![]() |
|
Irina Sedenko Advisory Director Info-Tech |
Anu Ganesh Technical Counselor Info-Tech |
Amir Feizpour Co-Founder & CEO Aggregate Intellect Inc. |
David Glazer VP of Analytics Kroll |
Delina Ivanova Associate Director, Data & Analytics HelloFresh |
Usman Lakhani DevOps WeCloudData |
There is no one-size-fits-all approach to product delivery. For many organizations product delivery requires detailed project management practices, while for others it requires much less. Taking an outcome-first approach when planning your product transformation is critical to make the right decision on the balance between project and product management.
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
The activities in this research will guide you through clarifying how you want to talk about projects and products, aligning project management and agility, specifying the different activities for project management, and identifying key differences with funding of products instead of projects.
7 Step 1.1: Clarify How You Want to Talk About Projects and Products
13 Step 1.2: Align Project Management and Agility
16 Step 1.3: Specify the Different Activities for Project Management
20 Step 1.4: Identify Key Differences in Funding of Products Instead of Projects
26 Bibliography
When moving to more product-centric delivery practices, many assume that projects are no longer necessary. That isn’t necessarily the case!
Product delivery can mean different things to different organizations, and in many cases it can involve the need to maintain both projects and project delivery.
Projects are a necessary vehicle in many organizations to drive value delivery, and the activities performed by project managers still need to be done by someone. It is the form and who is involved that will change the most.
![]() |
Ari Glaizel
|
Your Challenge
|
Common Obstacles
|
Info-Tech’s Approach
|
There is no one-size-fits-all approach to product delivery. For many organizations product delivery requires detailed project management practices, while for others it requires much less. Taking an outcome-first approach when planning your product transformation is critical to make the right decision on the balance between project and product management.
Project“A temporary endeavor undertaken to create a unique product, service, or result. The temporary nature of projects indicates a beginning and an end to the project work or a phase of the project work. Projects can stand alone or be part of a program or portfolio.” (PMBOK, PMI) |
![]() |
Product“A tangible solution, tool, or service (physical or digital) that enables the long-term and evolving delivery of value to customers and stakeholders based on business and user requirements.” (Deliver on Your Digital Product Vision, Info-Tech Research Group) |
Output: Your enterprise/organizational definition of products and projects
Participants: Executives, Product/project managers, Applications teams
Regardless of whether you recognize yourself as a “product-based” or “project-based” shop, the same basic principles should apply.
You go through a period or periods of project-like development to build or implement a version of an application or product.
You also have parallel services along with your project development that encompass the more product-based view. These may range from basic support and maintenance to full-fledged strategy teams or services like sales and marketing.
As your product transformation continues, projects can become optional and needed only as part of your organization’s overall delivery processes
Project | Product | |
Fund projects | — Funding –› | Fund teams |
Line-of-business sponsor | — Prioritization –› | Product owner |
Project owner | — Accountability –› | Product owner |
Makes specific changes to a product | —Product management –› | Improves product maturity and support of the product |
Assignment of people to work | — Work allocation –› | Assignment of work to product teams |
Project manager manages | — Capacity management –› | Team manages |
Product delivery requires significant shifts in the way you complete development and implementation work and deliver value to your users. Make the changes that support improving end-user value and enterprise alignment.
5-10 minutes
Output: Increased appreciation of the relationship between project and product delivery
Participants: Executives, Product/project managers, Applications teams
In product-centric, Agile teams, many roles that a project manager previously performed are now taken care of to different degrees by the product owner, delivery team, and process manager.
The overall change alters the role of project management from one that orchestrates all activities to one that supports, monitors, and escalates.
5-10 minutes
Output: An assessment of what is in the way to effectively deliver on Agile and product-focused projects
Participants: Executives, Product/project managers, Applications teams
![]() |
|
|
![]() |
5-10 minutes
Output: Current understanding of the role of project management in Agile/product delivery
Participants: Executives, Product/project managers, Applications teams
Project managers still have a role to play in Agile projects and products. Agreeing to what they should be doing is critical to successfully moving to a product-centric approach to delivery.
Autonomy
Fund what delivers value Fund long-lived delivery of value through products (not projects). Give autonomy to the team to decide exactly what to build. | Flexibility
Allocate iteratively Allocate to a pool based on higher-level business case. Provide funds in smaller amounts to different product teams and initiatives based on need. |
| Accountability
Measure and adjust Product teams define metrics that contribute to given outcomes. Track progress and allocate more (or less) funds as appropriate. | ![]() Info-Tech InsightChanges to funding require changes to product and Agile practices to ensure product ownership and accountability. |
(Adapted from Bain & Company)
TRADITIONAL PROJECTS WITH WATERFALL DELIVERY | TRADITIONAL PROJECTS WITH AGILE DELIVERY | PRODUCTS WITH AGILE PROJECT DELIVERY | PRODUCTS WITH AGILE DELIVERY | |
WHEN IS THE BUDGET TRACKED? |
Budget tracked by major phases | Budget tracked by sprint and project | Budget tracked by sprint and project | Budget tracked by sprint and release |
HOW ARE CHANGES HANDLED? |
All change is by exception | Scope change is routine; budget change is by exception | Scope change is routine; budget change is by exception | Budget change is expected on roadmap cadence |
WHEN ARE BENEFITS REALIZED? |
Benefits realization post project completion | Benefits realization ongoing throughout the life of the project | Benefits realization ongoing throughout the life of the product | Benefits realization ongoing throughout life of the product |
WHO DRIVES? |
Project Manager
|
Product Owner
|
Product Manager
|
Product Manager
|
ˆ ˆ
Hybrid Operating Environments |
As you evolve your approach to product delivery, you will be decoupling the expected benefits, forecast, and budget. Managing them independently will improve your ability adapt to change and drive the right outcomes!
Output: Understanding of funding principles and challenges
Participants: Executives, Product owners, Product managers, Project managers, Delivery managers
Global Digital Financial Services Company
This financial services company looked to drive better results by adopting more product-centric practices.
Results
|
![]() ![]() |
Deliver on Your Digital Product Vision
Implement Agile Practices That Work
Implement DevOps Practices That Work
Prepare an Actionable Roadmap for Your PMO
|
Deliver Digital Products at Scale
Extend Agile Practices Beyond IT
Spread Best Practices With an Agile Center of Excellence
Tailor IT Project Management Processes to Fit Your Projects
|
Cobb, Chuck. “Are there Project Managers in Agile?” High Impact Project Management, n.d. Web.
Cohn, Mike. “What Is a Product?” Mountain Goat Software, 6 Sept. 2016. Web.
Cobb, Chuck. “Agile Project Manager Job Description.” High Impact Project Management, n.d. Web.
“How do you define a product?” Scrum.org, 4 April 2017. Web.
Johnson, Darren, et al. “How to Plan and Budget for Agile at Scale.” Bain & Company, 8 Oct. 2019. Web.
“Product Definition.” SlideShare, uploaded by Mark Curphey, 25 Feb. 2007. Web.
Project Management Institute. A Guide to the Project Management Body of Knowledge (PMBOK Guide). 7th ed., Project Management Institute, 2021.
Schuurman, Robbin. “Scrum Master vs Project Manager – An Overview of the Differences.” Scrum.org, 11 Feb 2020. Web.
Schuurman, Robbin. “Product Owner vs Project Manager.” Scrum.org, 12 March 2020. Web.
Vlaanderen, Kevin. “Towards Agile Product and Portfolio Management.” Academia.edu, 2010. Web.
“What is a Developer in Scrum?” Scrum.org, n.d. Web.
“What is a Scrum Master?” Scrum.org, n.d. Web.
“What is a Product Owner?” Scrum.org, n.d. Web.
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Bring the business into the room, align your objectives for choosing certain cloud capabilities, and characterize your ideal PaaS environment as a result of your understanding of what the business is trying to achieve. Understand how to right-size your application in the cloud to maintain or improve its performance.
Assess the application against Info-Tech’s design scorecard to evaluate the right design approach to migrating the application to PaaS. Pick the appropriate cloud path and begin the first step to migrating your app – gathering your requirements.
[infographic]
The time has come to hire a new major incident manager. How do you go about that? How do you choose the right candidate? Major incident managers must have several typically conflicting traits, so how do you pick the right person? Let's dive into that.
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Begin strategy development by assigning roles and responsibilities for the team and establishing the initial direction for the strategy.
Create business process maps that incorporate how applications and data are coordinated to support business activities.
Review your integration map to identify improvement opportunities, explore integration solutions, and consolidate activity outputs into a strategy presentation.
Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.
Discuss the general approach for creating a holistic enterprise integration strategy.
Define the initial direction and drivers.
Strategy development team with responsibilities identified.
Clear initial direction for the strategy based on senior stakeholder input.
1.1 Define the driving statements for your EI strategy.
1.2 Develop a RACI chart.
1.3 Discuss the current state of enterprise integration.
1.4 Establish the initial direction of your strategy by surveying senior stakeholders.
Vision, mission, and values for enterprise integration
RACI chart for strategy development
Documentation of past integration projects
Chief Enterprise Integration Officer job description template
Build a comprehensive map of what integration looks like for your target business processes.
Clear documentation of the integration environment, encompassing process, data, and applications.
2.1 Develop level-0 and level-1 business capability diagrams.
2.2 Identify the business processes of focus, based on relevance to overall corporate drivers.
2.3 Complete process flow diagrams.
2.4 Begin identifying the applications that are involved in each step of your process.
2.5 Detail the connections/interactions between the applications in your business processes.
2.6 Draw a current state diagram for application integration.
2.7 Identify the data elements created, used, and stored throughout the processes, as well as systems of record.
Business capability maps
Business process flow diagrams
Current state integration diagram
Completed integration map
Review the outputs of the integration mapping activities.
Educate strategy team on the potential integration solutions.
Consolidate the findings of the activities into a compelling strategy presentation.
Integration improvement opportunities are identified.
Direction and drivers for enterprise integration are finalized.
Understanding of the benefits and limitations of some integration solutions.
3.1 Discuss the observations/challenges and opportunities for improvement.
3.2 Refine the focus of the strategy by conducting a more detailed stakeholder survey.
3.3 Review the most common integration solutions for process, applications, and data.
3.4 Create a future state integration architecture diagram.
3.5 Define the IT and business critical success factors for EI.
3.6 Articulate the risks with pursuing (and not pursuing) an EI strategy.
3.7 Quantify the monetary benefits of the EI strategy.
3.8 Discuss best practices for presenting the strategy and organize the presentation content.
Critical success factors and risks for enterprise integration
Monetary benefits of enterprise integration
Completed enterprise integration strategy presentation
IT needs to answer these questions:
Your answers need to balance choice, risk, and cost.
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
This storyboard will help you identify your goals, build standard offerings for users, define governance and policies around offerings, and develop a roadmap for your EUC program.
Use these templates to document your end-user computing strategy. Follow the guidelines in the blueprint and record activity results in the template. The findings will be presented to the management team.
The Ideas Catalog introduces provisioning models, form factors, and supported operating systems. Use the Standard Offering Template to document provisioning models and define computing devices along with apps and peripherals according to the outcome of the user group analysis.
Use these policy templates to communicate the purposes behind each end-user computing decision and establish company standards, guidelines, and procedures for the purchase of technologies. The policies will ensure purchasing, reimbursement, security, and remote wiping enforcements are consistent and in alignment with the company strategy.
Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.
Dig into the current state and build user persona.
Determine your challenges and strengths.
Delineate user IT requirements.
1.1 Assess the current state of end-user computing.
1.2 Perform SWOT analysis.
1.3 Map benefits to stakeholder drivers and priorities.
1.4 Identify user groups.
1.5 Identify supporting technology.
1.6 Identify opportunities to provide value.
SWOT analysis of current state
Goals cascade
Persona analysis
Define your EUC vision and standard offerings.
Brainstorm EUC vision and mission.
Find out the standard offerings.
Set the direction for end-user computing to support shift-left enablement.
2.1 Prioritize benefits.
2.2 Craft a vision and mission statement.
2.3 Identify goals.
2.4 Define guiding principles for your strategy.
2.5 Select a provisioning model for each persona.
2.6 Define the standard device offerings.
2.7 Document each persona's entitlements.
Vision statement, mission statement, and guiding principles
Goals and indicators
End-user device entitlements standard
Outline supporting practices and define policies for each use case.
Document supporting practices.
Document EUC policies.
3.1 Define device management tools and approach.
3.2 Identify groups involved in supporting practices.
3.3 Identify opportunities to improve customer service.
3.4 Define acceptable use.
3.5 Define BYOD policies.
3.6 Define procurement and entitlement policies.
3.7 Define security policies.
List of management tools for end-user computing
Roles and responsibilities for maintaining the end-user computing environment
Opportunities to improve customer service
End-user computing policy templates
Build a user migration roadmap.
Make the project a reality by documenting initiatives and building a roadmap.
4.1 Identify the gaps in devices, user support, use cases, policy & governance, and fitness for use.
4.2 Plan the deployment and user migration journey.
4.3 Document initiatives in the roadmap.
Initiatives mapped to practice areas
User migration journey map
It’s easy to think that if we give end users nice devices, then they will be more engaged and they will be happy with IT. If only it were that easy.
Info-Tech Research Group has surveyed over 119,000 people through its CIO Business Vision diagnostic. The results show that a good device is necessary but not enough for high satisfaction with IT. Once a user has a decent device, the other aspects of the user’s experience has a higher impact on their satisfaction with IT.
After all, if a person is trying to run apps designed in the 1990s, if they are struggling to access resources through an underperforming VPN connection, or if they can’t get help when their devices and apps aren’t working, then it doesn’t matter that you gave them a state-of-the-art MacBook or Microsoft Surface.
As you build out your end-user computing strategy to reflect the new reality of today’s workforce, ensure you focus on shifting user support left, modernizing apps to support how users need to work, and ensuring that your network and collaboration tools can support the increased demands. End-user computing teams need to focus beyond the device.
Ken Weston, ITIL MP, PMP, Cert.APM, SMC
Research Director, Infrastructure and Operations Info-Tech Research Group
Mahmoud Ramin, PhD
Senior Research Analyst, Infrastructure and Operations Info-Tech Research Group
IT needs to answer these questions:
Your answers need to balance choice, risk, and cost.
Management paradigms have shifted:
Take end-user computing beyond the OS.
This blueprint will help you:
A good device is necessary for satisfaction with IT but it’s not enough.
If a user has a prestigious tablet but the apps aren’t built well, they can’t get support on it, or they can’t connect to the internet, then that device is useless. Focus on supportability, use cases, connection, policy – and device.
Definition: End-User Computing (EUC)
End-user computing (EUC) is the domain of information and technology that deals with the devices used by workers to do their jobs. EUC has five focus areas: devices, user support, use cases, policy & governance, and fitness for use.
A good end-user computing strategy will effectively balance:
User Choice
Cost
Risk
The right balance will be unique for every organization.
Cost | Risk | Choice | Result | |
---|---|---|---|---|
Higher Education | High importance | Low importance | High importance | Full BYOD for professors. Standardized offerings for administration. |
Software Development Firms | Low importance | Medium/High importance | High importance | Standardized offerings for developers. Virtual desktops for users on BYOD. |
Legal Firm | Medium importance | High importance | Low importance | Partners offered prestigious devices. Everyone else uses Windows PCs. Virtual desktops and apps for remote access. |
Healthcare |
High importance | High importance | Low importance | Nurses, janitors, and other frontline staff use shared tablets. Doctors are provisioned their own tablet. Admin staff and doctors are provisioned virtual desktops to maintain security and compliance. |
Government | High importance | High importance | Low importance | Standardized PC offerings for all employees. MacBooks are provided with justification. Devices managed with Intune and ConfigMgr. |
Info-Tech’s CIO Business Vision has shown that when someone is dissatisfied with their device, their satisfaction with IT overall is only 40.92% on average.
When a person is satisfied with their device, their average satisfaction increases by approximately 30 percentage points to 70.22%. (Info-Tech Research Group, CIO Business Vision, 2021; N=119,383)
Improvements in the service desk, business apps, networks and communication infrastructure, and IT policy all have a higher impact on increasing satisfaction.
For every one-point increase in satisfaction in those areas, respondents’ overall satisfaction with IT increased by the respective percentage of a point. (Info-Tech Research Group, CIO Business Vision, 2021; N=119,409)
Only Windows
Group Policy & Client Management
Limited to email on phones
Hands-on with images
Virtual Desktop Infrastructure in the Data Center
Performed by IT
Rare
Phone calls and transactional interactions
Only Windows
Microsoft is still the dominant player in end-user computing, but Windows has only a fraction of the share it once had.
IT needs to revisit their device management practices. Modern management tools such as unified endpoint management (UEM) tools are better suited than traditional client management tools (CMT) for a cross-platform world.
IT must also revisit their application portfolios. Are business apps supported on Android and iOS or are they only supported on Windows? Is there an opportunity to offer more options to end users? Are end users already running apps and handling sensitive data on Android and iOS through software-as-a-service and bring-your-own-device (BYOD) capabilities in Office 365 and Google apps?
IT can’t expect everyone to be fluent on Windows and Mac, have a computer at home, or even have home broadband.
Of US adults aged 18-29:
Further, only 59% of US adults making less than $30,000/year have a laptop or desktop. (“Mobile Technology” and “Digital Divide,” Pew Research, 2021.)
Globally, people are likelier to have a cell subscription than they are to have access to broadband.
Group Policy & Client Management
CMTs such as Microsoft Endpoint Configuration Manager (ConfigMgr, aka SCCM) can be used to distribute apps, apply patches, and enforce group policy.
EMM tools allow you to manage multiple device platforms through mobile device management (MDM) protocols. These tools enforce security settings, allow you to push apps to managed devices, and monitor patch compliance through reporting.
EMM tools often support mobile application management (MAM) and mobile content management (MCM). Most EMM tools can manage devices running Windows, Mac OS, iOS, and Android, although there are exceptions.
UEM solutions combine CMT and EMM for better control of remote computers running Windows or Macs. Examples include:
Most UEM tools can manage devices running Windows, Mac OS, iOS, and Android, allowing IT to manage all end-user devices from a unified tool set (although there are exceptions).
MAM provides the ability to package an app with security settings, distribute app updates, and enforce app updates. Some capabilities do not require apps to be enrolled in an EMM or UEM solution.
MCM tools distribute files to remote devices. Many MCM solutions allow for security settings to be applied, such as encrypting the files or prohibiting data from leaving the secure container. Examples include OneDrive, Box, and Citrix ShareFile.
Windows Management Features | Traditional CMT | Hybrid UEM | Cloud-Based EMM |
---|---|---|---|
Group Policy | ✔ Primary management approach | ✔ Available alongside configuration service providers | X Replaced by configuration service providers |
Manage remote devices without VPN | X | X | ✔ |
No longer manage and maintain images | X | ✔ Images are still available | ✔ Images replaced by provisioning packages |
Secure and support BYOD | X (Certain tools may offer limited MDM capabilities) | ✔ | ✔ |
Support remote zero-touch provisioning | X (Only available via PXE boot) | ✔ | ✔ |
App, patch, update deployments | Via defined distribution points | Via defined distribution points or MAM | Via MAM |
Hands-on with images
Supply chain issues are making computers longer to procure, meaning users are waiting longer for computers (Cision, 2021). The resulting silicon chip shortage is expected to last until at least 2023 (Light Reading, 2021).
IT departments are delaying purchases, delaying refreshes, and/or purchasing more to reserve devices before they need them.
Remote work has increased by 159% over the past 12 years (NorthOne, 2021). New hires and existing users can’t always go into the office to get a new computer.
IT departments are paying vendors to hold onto computers and then drop-ship them directly to the end user. The devices are provisioned using zero touch (e.g. Autopilot, Apple Device Manager, or another tool). Since zero-touch provisioning tools do not support images, teams have had to switch to provisioning packages.
Virtual Desktop Infrastructure in the Data Center
Citrix saw subscription revenue increase 71% year over year in 2020 (Citrix 2020 Annual Report, p. 4). VMware saw subscription and SaaS revenue increase 38% from January 2020 to 2021 – while on-premises licensing revenue decreased by 5% (VMware Annual Report 2021, p. 40).
Microsoft and AWS are offering desktops as a service (i.e. cloud-based virtual desktops). IT needs to manage only the device, not the underlying virtual desktop infrastructure. This is in addition to Citrix’s and VMware’s cloud offerings, where IT doesn’t need to manage the underlying infrastructure that supports VDI.
Visit the blueprint Implement Desktop Virtualization and Transition to Everything as a Service to get started.
Rare
“More technical troubleshooting due to users working from home a lot more. It can be more difficult to talk users through fixes when they are off site if you cannot remotely assist so more emphasis on the communication skill which was already important.” (Service Desk Institute, 2021)
Visit the Hybrid Workplace Research Center to better support a hybrid workforce.
Limited to email on phones
Action Item: Identify how IT can provide more support to personally owned computers, tablets, and smartphones.
58% of working Americans say their work devices are “awful to work on." (PCMag, 2021)
But only 22% of organizations provide full support to BYOD. (Cybersecurity Insiders, 2021)
IT must either provide better devices or start fully supporting users on personal PCs.
Performed by IT
Action Item: Build a governance framework that describes the roles and responsibilities involved in business-owned apps. Identify the user’s role and end-user computing’s role in supporting low-code apps.
Visit the blueprint Embrace Business-Managed Apps to learn how to build a governance framework for low-code development platforms.
Visit the Low-Code Business Process Management SoftwareReviews category to compare different platforms.
Phone calls and transactional interactions
Microsoft’s 2019 “Global State of Customer Service” report shows that people have high expectations:
End users have the same expectations of IT, the service desk, and end-user computing teams:
Most Important Aspects of Customer Service
Resolving issue in one interaction - 35%
Knowledgeable agent - 31%
Finding information myself - 11%
Not repeating information - 20%
(Microsoft, 2019)
Action Item: Apply shift-left enablement to train tier 1 agents on troubleshooting more incidents and fulfilling more service requests. Build top-notch self-service capabilities for end users.
Work with your service desk on the blueprint Optimize the Service Desk with a Shift-Left Strategy.
Take end-user computing beyond the device
Only Windows
Group Policy & Client Management
Limited to email on phones
Hands-on with images
Virtual Desktop Infrastructure in the Data Center
Performed by IT
Rare
Phone calls and transactional interactions
Improvements in the service desk, business apps, networks and communication infrastructure, and IT policy have a higher impact on increasing satisfaction.
Impact of End-User Satisfaction of IT by Area Compared to Devices
Devices (x1.0)
IT Policy (x1.09)
Network & Communications Infrastructure (x1.41)
Business Apps (x1.51)
Service Desk (x1.54)
(Info-Tech Research Group, CIO Business Vision, 2021; n=119,409)
End-User Group Analysis
Supported Devices & Apps
Device Support
Fitness for Use
Vision
The right balance will be unique for every organization. Get the balance right by aligning your strategy's goals to senior leadership’s most important priorities.
Have a more prestigious option ready for users, such as VIPs, who want more than the usual offerings. This approach will help you to proactively anticipate your users' needs.
These five personas will exist in one form or another throughout your user groups.
1. Set the Direction | 2. Define the Offering | 3. Build the Roadmap | |
---|---|---|---|
Phase Steps |
1.1 Identify Desired Benefits 1.2 Perform a User Group Analysis 1.3 Define the Vision |
2.1 Define the Standard Offerings 2.2 Outline Supporting Services 2.3 Define Governance and Policies |
3.1 Develop Initiatives |
Phase Outcomes |
Current-State Assessment Goals Cascade User Group Assessment Vision Statement Mission Statement Guiding Principles |
Standard Offerings by User Group Device Management Model Technical Support Model Device Entitlement Policy Acceptable Use Policy Remote Wipe Policy & Waiver Personal Device Reimbursement Policy |
End-User Migration Journey Map Strategy and Roadmap |
Once users are satisfied with devices, focus on the bigger picture
If end users are dissatisfied with devices, they will also be dissatisfied with IT. But if you don’t also focus on apps and supportability, then giving users better devices will only marginally increase satisfaction with IT.
Bring it back to stakeholder priorities
Before you build your vision statement, make sure it resonates with the business by identifying senior leadership’s priorities and aligning your own goals to them.
Balance choice, risk, and cost
The balance of user choice, risk mitigation, and cost optimization is unique for each company. Get the balance right by aligning your strategy’s goals to senior leadership’s most important priorities.
Communicate early and often with users
Expect users to become anxious when you start targeting their devices. Address this anxiety by bringing them into the conversation early in the planning – they will see that their concerns are being addressed and may even feel a sense of ownership over the strategy.
Standardize the nonstandard
When users such as VIP users want more than the standard offering, have a more prestigious option available. This approach will help you to proactively anticipate your users’ needs.
Consider multiple personas when building your standards, training, and migrations
Early Adopters, Late Adopters, VIP Users, Road Warriors, and Hoarders – these five personas will exist in one form or another throughout your user groups.
Use these worksheets to guide your analysis.
Compare options for your end-user computing environment.
Define your supported offerings and publish this document in your service catalog.
Use these templates as a starting point for addressing policy gaps.
Document your strategy using this boardroom-ready template.
"Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful."
"Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track."
"We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place."
"Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project."
A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization.
A typical GI is 8 to 10 calls over the course of 4 to 6 months.
Contact your account representative for more information.
workshops@infotech.com 1-888-670-8889
Day 1 | Day 2 | Day 3 | Day 4 | Day 5 | |
---|---|---|---|---|---|
Set the Direction | Define the Offering | Support the Offering | Bridge the Gap and Create the Roadmap | Next Steps and Wrap-Up (offsite) | |
Activities |
1.1 Identify desired benefits. 1.1.1 Assess the current state of end-user computing. 1.1.2 Perform a SWOT analysis. 1.1.3 Map benefits to stakeholder drivers and priorities. 1.2 Analyze user groups. 1.2.1 Identify user groups. 1.2.2 Identify supporting technology. 1.2.3 Record use cases. 1.2.4 Identify opportunities to provide value. |
1.3 Define the vision. 1.3.1 Prioritize benefits. 1.3.2 Craft a vision and mission statement. 1.3.3 Identify goals. 1.3.4 Define guiding principles for your strategy. 2.1 Define the standard offerings. 2.1.1 Select a provisioning model for each persona. 2.1.2 Define the standard device offerings. 2.1.3 Document each personas’ entitlements. |
2.2 Outline supporting practices. 2.2.1 Define device management tools and approach. 2.2.2 Identify groups involved in supporting practices. 2.2.4 Identify opportunities to improve customer service. 2.3 Define policies. 2.3.1 Define acceptable use. 2.3.2 Define BYOD policies. 2.3.3 Define procurement and entitlement policies. 2.3.4 Define security policies. |
3.1 Develop initiatives. 3.1.1 Identify the gaps in devices, user support, use cases, policy & governance, and fitness for use. 3.1.2 Plan the deployment and user migration journey. 3.1.3 Document initiatives in the roadmap . |
5.1 Complete in-progress deliverables from previous four days. 5.2 Set up time to review workshop deliverables and discuss next steps |
Deliverables |
|
|
|
|
|
1.1 Identify Desired Benefits
1.2 Perform a User Group Analysis
1.3 Define the Vision
2.1 Define the Standard Offerings
2.2 Outline Supporting Services
2.3 Define Governance and Policies
3.1 Develop Initiatives
This phase will walk you through the following activities:
This phase involves the following participants:
Download the End-User Computing Strategy Template.
1.1.1 Assess the current state of end-user computing
1.1.2 Perform a SWOT analysis
1.1.3 Map benefits to stakeholder drivers and priorities
Optional: Identify current total cost of ownership
This step requires the following inputs:
This step involves the following participants:
Download the End-User Computing Strategy Template.
Devices: As shown in the executive brief, devices are necessary for satisfaction in IT. In your current-state assessment, outline the principal means by which users are provided with a desktop and computing.
User support: Examine how the end-user computing team enables a high-quality customer service experience. Especially consider self-service and tier 1 support.
Use cases: Reflect on how IT and end-user computing supports users’ most important use cases. Consider these aspects:
Policy and governance: Document the current state of policies governing the use of end-user computing devices, both corporate-issued and personally owned. Review Step 2.3 for a list of policy questions to address and for links to policy templates.
IT policies: List your current policy documents. Include policies that relate to end-user computing, such as security policy documents; acceptable use policy documents; purchasing policies; documents governing entitlements to computers, tablets, smartphones, and prestigious devices; and employee monitoring policy documents.
Fitness for use: Reflect on your ability to secure users, enterprise data, and computers. Document your current capabilities to ensure devices are adequately secured and risks adequately mitigated.
Record your SWOT analysis in the “Current-State Assessment” section of your End-User Computing Strategy Template.
Download the End-User Computing Strategy Template.
Stakeholder | Drivers and Strategic Priorities | End-User Computing Benefits |
---|---|---|
CEO | Ensure service continuity with remote work |
|
Respond to COVID-19 changes with agility |
|
|
Reduce unnecessary costs |
|
|
COO | Business continuity: being able to work from home |
|
Record this table on the “Goals Cascade” slide in the “Vision and Desired Benefits” section of your End-User Computing Strategy Template.
Use the CEO-CIO Alignment Program to identify which business benefits are most important.
Business Goals | End-User Computing Benefits | |||
---|---|---|---|---|
Manage risk | Controls are effectively enforced on remote devices | Sensitive data is secured | Devices and data are accounted for | |
Ensure service continuity | Business processes can still function with remote personnel | Customers can still be served by remote workers | Personnel can be productive from anywhere | IT practices can still operate remotely |
Comply with external regulation | Improved ability to demonstrate compliance | |||
Respond to change with agility | Personnel can be productive from anywhere | More business processes can be performed remotely | ||
Improve operational efficiency | More efficient sales practices | More efficient customer service practices | Increased number of digitized business processes | Increased use of IT and HR self-service tools |
Offer competitive products and services | Increased customer satisfaction with online services | Number of piloted new products | ||
Manage people | Increased employee productivity | Increased employee engagement | Increased talent attraction | Increased workforce retention |
Make data-driven decisions | Increased workforce retention | Improved understanding of customers | Access to accurate data on services and spending | Improved IT cost forecasting |
Improve customer experience | Increased customer satisfaction with online services | Ability to scale up capacity to meet increased demand | Customers can still be served by remote workers | Improved customer self-service options |
Maximize stakeholder value | Transition to OpEx spend and reduce CapEx investments | Access to accurate data on services and spending | Improved IT cost forecasting |
Insert the results into your End-User Computing Strategy Template.
Download the HAM Budgeting Tool.
Download the Mobile Strategy TCO Calculator.
1.2.1 Organize roles based on how they work
1.2.2 Organize users into groups
1.2.3 Document the current offerings
1.2.4 Brainstorm pain points and desired gains for each user group
This step requires the following inputs:
This step involves the following participants:
Use the Application Portfolio Assessment to run a relationship survey.
Dive deeper with the blueprint Improve Requirements Gathering.
Organization chart: Consult with HR or department leaders to provide a list of the different roles that exist in each department.
Identity access management tools: You can consult tools like Active Directory, but only if the data is clean.
Apps and devices used: Run a report from your endpoint management tool to see what devices and apps are used by one another. Supplement this report with a report from a network management tool to identify software as a service that are in use and/or consult with department leaders.
Relationship surveys: Tools like the End-User Application Satisfaction Diagnostic allow you to assess overall satisfaction with IT.
Focus groups and interviews: Gather unstructured feedback from users about their apps and devices.
User shadowing: Observe people as they use technology to identify improvement opportunities (e.g. shadow meetings, review video call recordings).
Ticket data: Identify apps or systems that users submit the most incidents about as well as high-volume requests that could be automated.
Always Works in the Same Location | Sometimes Works in Different Locations | Always Works in Different Locations | |
---|---|---|---|
Predominantly Reads Information |
|
||
Reads and Writes Information |
|
|
|
Predominantly Creates Information |
|
Download the User Group Analysis Workbook.
Standardize the nonstandard
When users such as VIP users want more than the standard offering, have a more prestigious option available. This approach will help you to proactively anticipate your users’ needs.
Record each user group’s pain points and desired gains on their respective worksheet.
For additional questions you can ask, visit this Strategyzer blog post by Alexander Osterwalder.
Info-Tech Insight
Identify out-of-scope benefits?
If that desired gain is required for the vision to be achieved for a specific role, you have two options:
Forcing a user group to use an unsatisfactory tool will severely undermine your chance of success, especially in the project’s early stages.
1.3.1 Prioritize which benefits you want to achieve
1.3.2 Identify how you will track performance
1.3.3 Craft a vision statement that demonstrates what you’re trying to create
1.3.4 Craft a mission statement for your end-user computing team
1.3.5 Define guiding principles
This step requires the following inputs:
This step involves the following participants:
Record the output in your End-User Computing Strategy Template under “Benefit Prioritization” in the “Vision and Desired Benefits” section.
Sample output:
Must Have | Should Have | Could Have | Won't Have |
---|---|---|---|
|
|
|
|
Record this information in your End-User Computing Strategy Template.
Sample output:
Critical Success Factor | Key Performance Indicator | Metrics |
---|---|---|
Improve remote worker productivity | Increase employee engagement by 10% in two years |
|
Integrate relevant information sources into one spot for sales | Integrate three information sources that will be useful to sales in one year |
|
Reduce real-estate costs | Reduce office space by 50% in two cities over three years |
|
Securely deliver all apps, information, and data to any device, anywhere, at any time | Build the apps and information sources into a digital workspace for three business processes over one year |
|
Strong IT vision statements have the following characteristics:
Sample IT Vision Statements:
Strong IT mission statements have the following characteristics:
Sample IT Mission Statements:
IT Principle Name | IT Principle Statement |
---|---|
1. Enterprise value focus | We aim to provide maximum long-term benefits to the enterprise as a whole while optimizing total costs of ownership and risks. |
2. Fit for purpose | We maintain capability levels and create solutions that are fit for purpose without over-engineering them. |
3. Simplicity | We choose the simplest solutions and aim to reduce operational complexity of the enterprise. |
4. Reuse > buy > build | We maximize reuse of existing assets. If we can’t reuse, we procure externally. As a last resort, we build custom solutions. |
5. Managed data | We handle data creation, modification, and use enterprise-wide in compliance with our data governance policy. |
6. Controlled technical diversity | We control the variety of technology platforms we use. |
7. Managed security | We manage, support, and assist in the implementation of security enterprise-wide in collaboration with our security governance team. |
8. Compliance to laws and regulations | We operate in compliance with all applicable laws and regulations. |
9. Innovation | We seek innovative ways to use technology for business advantage. |
10. Customer centricity | We deliver best experiences to our end users by aligning to customer service best practices. |
1.1 Identify Desired Benefits
1.2 Perform a User Group Analysis
1.3 Define the Vision
Define the Offering
2.1 Define the Standard Offerings
2.2 Outline Supporting Services
2.3 Define Governance and Policies
Build the Roadmap
3.1 Develop Initiatives
This phase will walk you through the following activities:
This phase involves the following participants:
2.1.1 Identify the provisioning models for each user group
2.1.2 Define the standard device offerings
2.1.3 Document each user group’s entitlements
This step requires the following inputs:
This step involves the following participants:
Action Item: Provide a defined set of standard options to the business to proactively address different needs.
A good end-user computing strategy will effectively balance:
Your standard offerings need to strike the right balance for your organization.
The catalog provides information about choices in:
Review the catalog to learn about items that can help your organization to achieve the desired vision from Phase 1.
As you review the catalog, think about these questions:
Download the End-User Computing Ideas Catalog.
Download the End-User Computing Ideas Catalog.
Download the Standard End-User Entitlements and Offerings Template.
Persona | Primary Computing Device | Secondary Laptops or Computers | Smartphone | Tablet |
---|---|---|---|---|
Sales | COPE | BYOD | BYOD | BYOD |
Field Sales | CYOD | BYOD | COBO | COBO |
Customer Service | COBO | None | None | None |
Knowledge Worker | COPE | BYOD | BYOD | BYOD |
App Dev | CYOPED | None | CYOD | CYOD |
VIP | CYOPED | CYOPED | CYOPE | BYOD |
When users such as VIP users want more than the standard offering, have a more prestigious option ready to offer. This approach will help you to proactively anticipate your users’ needs.
Generally, if it is a supported device, then the budget owner determines whether to allow the user to receive a more powerful or more prestigious device.
This decision can be based on factors such as:
If IT gets this answer wrong, then it can result in shadow IT
Document your answer in the Device Entitlement Policy Template.
Windows | Mac OS | iOS | Android | |
---|---|---|---|---|
Laptops | Lenovo T15 Gen 2 | MacBook Pro 14” | N/A | N/A |
Power Laptops | Lenovo ThinkPad X1 Carbon | MacBook Pro 16” | N/A | N/A |
Prestigious Laptops | Lenovo ThinkPad X1 Yoga Gen 6 | MacBook Pro 16” | N/A | N/A |
Tablets | Microsoft Surface | N/A | iPad Pro | Samsung Galaxy Tab |
Smartphones | N/A | N/A | iPhone 13 | Samsung Galaxy S21 |
Download the Standard End-User Entitlements and Offerings Template.
2.2.1 Review device management tools and capabilities
2.2.2 Identify common incidents and requests for devices
2.2.3 Record how you want to shift resolution
2.2.4 Define which IT groups are involved in supporting practices
Define the Offering
This step requires the following inputs:
This step involves the following participants:
Outcomes of this step
Provision | Protect from loss/theft | Deploy/update apps | Backup & protect | Protect from injections | Complies with policies | Track | Decommission | |
---|---|---|---|---|---|---|---|---|
Windows 10 & 11 (co-managed) | Autopilot | Gap | ConfigMgr | Gap | Windows Security | ConfigMgr | ConfigMgr Intune | Intune and Autopilot |
Windows 10 & 11 (Intune) | Autopilot | Intune (remote wipe) | Intune | OneDrive for Business | Windows Security | Microsoft Advanced Threat Protection | Intune | Intune and Autopilot |
Mac OS | Jamf Pro | Intune (remote wipe) | Jamf Pro | OneDrive for Business | Gap | Jamf Pro | Intune | Jamf Pro |
Document the results on the “IT Management Tools” slide in the “IT Support” section of your End-User Computing Strategy Template.
Analyze your service desk ticket data. Look for the following information:
Record the level at which these tickets can be resolved today. Ensure you include these groups:
Record the desired state. For each incident and request, to where do you want to shift resolution?
Record this chart on the “Current State of IT Support” slide in the “IT Support” section of your End-User Computing Strategy Template.
Most Common Incidents & Requests | Self-Service | Service Desk Tier 1 | Desk-Side or Field Support | End-User Computing |
---|---|---|---|---|
Connect/fix a printer | X | |||
Web conferencing issue | X | |||
Bluetooth issues | X | |||
Outlook issues | X | |||
Install standard app | X | |||
Install app requiring approval | X | |||
Install nonstandard app | X | |||
Enroll personal iOS/Android device | X | |||
Enroll personal Mac/Windows computer | X | |||
Perform a factory reset on a lost or stolen device | X | |||
Unenroll device | X |
Starting with the chart you created in Activity 2.2.2, record the desired state. For each incident and request, to where do you want to shift resolution?
Use the “Opportunities to Provide Self-Service and Articles” and “Desired State” slides in the “IT Support” section of your End-User Computing Strategy Template to document quick wins and high-value, high-effort shifts.
Most Common Incidents & Requests | Self-Service | Service Desk Tier 1 | Desk-Side or Field Support | End-User Computing |
---|---|---|---|---|
Connect/fix a printer | H | QW | X | |
Web conferencing issue | H | X | ||
Bluetooth issues | L | X | ||
Outlook issues | H | H | X | |
Install standard app | X | |||
Install app requiring approval | H | X | ||
Install nonstandard app | OoS | X | ||
Enroll personal iOS/Android device | QW | QW | X | |
Enroll personal Mac/Windows computer | QW | QW | X | |
Perform a factory reset on a lost or stolen device | QW | QW | X | |
Unenroll device | QW | QW | X |
2.3.1 Answer these organizational policy questions
2.3.2 Answer these security policy questions
Define the Offering
This step requires the following inputs:
This step involves the following participants:
Outcomes of this step
Use the “Policies” section in the End-User Computing Strategy Template to document the answers in this section. Activities 2.3.2 and 2.3.3 present links to policy templates. Use these templates to help address any gaps in your current policy suite.
Use the “Policies” section of the End-User Computing Strategy Template to document these answers.
Download the Mobile Device Connectivity & Allowance Policy template.
Download the Purchasing Policy template.
Download the Mobile Device Reimbursement Policy template.
Download the Mobile Device Reimbursement Agreement template.
Download the General Security – User Acceptable Use Policy template.
Download the BYOD Acceptable Use Policy template.
Download the Mobile Device Remote Wipe Waiver template.
Download the General Security – User Acceptable Use Policy template.
Visit the Reduce and Manage Your Organization’s Insider Threat Risk blueprint to address this gap.
Use the “Policies” section of the End-User Computing Strategy Template to document these answers.
Download the General Security – User Acceptable Use Policy template.
Visit the Discover and Classify Your Data blueprint to address this gap.
Download the General Security – User Acceptable Use Policy template.
Download the General Security – User Acceptable Use Policy template.
Visit the Develop and Deploy Security Policies blueprint to address this gap.
For help defining your own security configuration baselines for each operating system, reference best practice documentation such as:
National Institute of Standards and Technology’s National Checklist Program.
Center for Internet Security’s solutions.
Microsoft’s security baseline settings for Windows 10 and 11 Configuration Service Providers.
1.1 Identify Desired Benefits
1.2 Perform a User Group Analysis
1.3 Define the Vision
2.1 Define the Standard Offerings
2.2 Outline Supporting Services
2.3 Define Governance and Policies
3.1 Develop Initiatives
This phase will walk you through the following activities:
This phase involves the following participants:
3.1.1 Identify initiatives for each EUC practice
3.1.2 Build out the user’s migration journey map
3.1.3 Build out a list of initiatives
Build the Roadmap
This step requires the following inputs:
This step involves the following participants:
Outcomes of this step
For each of the five areas, build a profile for the changes you want to implement. Record:
Identify the initiatives involved in each area.
Document these profiles and initiatives in the “Roadmap” section of your End-User Computing Strategy Template.
Users execute the migrate on their own (e.g. Microsoft’s consumer migration to Windows 10).
Users come in person, select a device, and perform the migration with a specialist. If the device needs support, they return to the same place (e.g. buying a computer from a store).
Users select a device. When the device is ready, they can schedule time to pick up the device and perform the migration with a specialist (e.g. purchasing an iPhone in advance from Apple’s website with in-store pick-up).
Migrations to the new tool may fail. IT should check in with the user to confirm that the device successfully made the migration.
Download the End-User Computing Strategy Template.
On tab “1. Setup”:
Use tab “2. Data Entry” to record your list of initiatives.
Use tab “3. Roadmap” to visualize your data. You will have to press “Refresh All” under Data in the ribbon for the PivotChart to update.
Copy the roadmap visual on tab “3. Roadmap” into your End-User Computing Strategy Template. You can also copy the list of initiatives over into the document.
Download the Roadmap Tool.
You built a strategy to improve the balance between user enablement, risk mitigation, and cost optimization. Throughout the blueprint, you identified opportunities to provide additional value to end users and stakeholders during these activities:
Contact your account representative for more information.
workshops@infotech.com
1-888-670-8889
If you would like additional support, have our analysts guide you through other phases as part of an Info-Tech Workshop.
Contact your account representative for more information.
workshops@infotech.com 1-888-670-8889
To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.
Info-Tech analysts will join you and your team at your location or welcome you to Info-Tech’s historic Toronto office to participate in an innovative onsite workshop.
The following are sample activities that will be conducted by Info-Tech analysts with your team:
Identify User Groups
Identify each user group based on the business processes, tasks, and applications they use.
Define Standard Device Offerings
Record your provisioning models for each user group and the primary and secondary devices, apps, and peripherals that each group receives.
This project helps you align your zero-touch approach with stakeholder priorities and larger IT strategies. You will be able to build your zero-touch provisioning and patching plan from both the asset lifecycle and the end-user perspective to create a holistic approach that emphasizes customer service. Tailor deployment plans to more easily scope and resource deployment projects.
This project will help you analyze the current state of your HAM program, define assets that will need to be managed, and build and involve the ITAM team from the beginning to help embed the change. It will also help you define standard policies, processes, and procedures for each stage of the hardware asset lifecycle, from procurement through to disposal.
This project will help you conduct a goals exercise and capability assessment for Office 365. You will be able to refine governance objectives, build out controls, formalize governance, build out one pagers, and finalize a communication plan.
A special thank-you to 6 anonymous contributors
“2020 Annual Report and Proxy.” Citrix, 2020. Accessed Oct. 2021.
“2021 BYOD Security Report.” Cybersecurity Insiders, 2021. Web.
Anderson, Arabella. “12 Remote Work Statistics to Know in 2022.” NorthOne, 2021. Accessed Oct. 2021.
Bayes, Scarlett. “ITSM: 2021 & Beyond.” Service Desk Institute, 14 April 2021, p. 14. Web.
Belton, Padraig. “Intel: Chip shortage will extend to at least 2023.” Light Reading, 22 Oct. 2021. Web.
Beroe Inc. “Demand for PC Components Saw a Surge Due to COVID-19, Says Beroe Inc.” Cision PR Newswire, 2 Sept. 2021. Web.
Devaraj, Vivekananthan. “Reference Architecture: Remote PC Access.” Citrix, 2021. Accessed Aug. 2021.
“Elements of the Project Charter and Project Scope Statement.” A Guide to PMBOK, 7th edition, PMI, 2021. Accessed Sept. 2021.
Elliott, Christopher. “This Is How The Pandemic Improved Customer Service.” Forbes, 2021. Accessed Oct. 2021.
“Enable TMP 2.0 on your PC.” Microsoft, Support, Aug. 2021. Web.
“End User Computing Trends to Look Out for in 2021.” Stratodesk, 30 Oct. 2020. Accessed September 2021.
“Global State of Customer Service: The Transformation of Customer Service from 2015 to Present Day.” Microsoft, 2019. Web.
Goodman, Elizabeth et al. “Observing the User Experience” A Practitioner's Guide to User Research, 2nd edition. Elsevier, 2012. Accessed Sept. 2021.
Govindarajulu, Chittibabu. “An Instrument to Classify End-Users Based On the User Cube” Informing Science, June 2002. Accessed September 2021.
Griffith, Eric. “Remote Employees to Bosses: Our PCs Suck!” PCMag, 11 Oct. 2021. Web.
Hutchings, Jeffrey D., and Craig A. de Ridder. “Impact of Remote Working on End User Computing Solutions and Services.” Pillsbury, 2021. Accessed Sept. 2021
“ITIL4 Create, Deliver, and Support.” Axelos, 2020. Accessed Sept. 2021.
“ITIL4 Drive Stakeholder Value” Axelos, 2020. Accessed Sept. 2021.
Mcbride, Neil, and Trevor Wood-Harper. “Towards User-Oriented Control of End-User Computing in Large Organizations” Journal of Organizational and End User Computing, vol. 14, no. 1, pp. 33-41, 2002. Accessed September 2021.
““Microsoft Endpoint Configuration Manager Documentation.” Microsoft Docs, Microsoft, 2021. Accessed Sept. 2021.
“Microsoft Intune documentation.” Microsoft Docs, Microsoft. Accessed Sept. 2021.
“Mobile Cellular Subscriptions (per 100 People).” The World Bank, International Telecommunication Union (ITU) World Telecommunication/ICT Indicators Database, 2020. Web.
Morgan, Jacob. “The Employee Experience Advantage: How to Win the War for Talent by Giving Employees the Workspaces they Want, the Tools they Need, and a Culture They Can Celebrate.” Wiley, 2017. Accessed Sept. 2021.
Murphy, Anna. “How the pandemic has changed customer support forever.” Intercom, 2021. Accessed Sept. 2021.
“Operating System Market Share Worldwide, Jan 2021-Jan 2022.” StatCounter GlobalStats, 2022. Web.
“Operating System Market Share Worldwide, Jan-Dec 2011.” StatCounter GlobalStats, 2012. Web.
Pereira, Karla Susiane, et al. “A Taxonomy to Classify Risk End-User Profile in Interaction with the Computing Environment.” In: Tryfonas T. (eds.) Human Aspects of Information Security, Privacy, and Trust. HAS 2016. Lecture Notes in Computer Science, vol. 9750. Accessed Sept. 2021.
Perrin, Andrew. “Mobile Technology and Home Broadband 2020.” Pew Research Center, 3 June 2021. Web.
Quan-Haase, Anabel. “Technology and Society: Social Networks, Power, and Inequality” Oxford University Press, 2012. Accessed Aug. 2021.
Reed, Karin, and Joseph Allen. “Suddenly Virtual: Making Remote Meetings Work.” Wiley, 2021. Accessed Aug. 2021.
Rockart, John F., and Lauren S. Flannery. “The management of end user computing.” Communications of the ACM, vol. 26, no. 10, Oct. 1983. Accessed September 2021.
Turek, Melanie. “Employees Say Smartphones Boost Productivity by 34 Percent: Frost & Sullivan Research.” Samsung Insights, 3 Aug. 2016. Web.
Vladimirskiy, Vadim. “Windows 365 vs. Azure Virtual Desktop (AVD) – Comparing Two DaaS Products.” Nerdio, 2021. Accessed Aug. 2021.
“VMware 2021 Annual Report.” VMware, Financial Document Library, 2021. Web.
VMworld 2021, Oct. 2021.
Vogels, Emily A. “Digital divide persists even as americans with lower incomes make gains in tech adoption.” Pew Research Center, 22 June 2021. Web.
“What is End-User computing?” VMware, 2021. Accessed Aug. 2021.
“Windows 10 Home and Pro.” Microsoft, Docs, 2021. Web.
Zibreg, Christian. “Microsoft 365 Now Boasts Over 50 Million Subscribers.” MUD, 29 April 2021. Web.
If you have not yet read "What is resilience?" I can recommend it. This pack contains the elements to start your resilience journey.
With this pack, we give you the right direction to become resilient. Please contact us to discuss the options.
Tymans Group also offers consulting, as well as an extension to EU DORA compliance.
Security presentations are not a one-way street. The key to a successful executive security presentation is having a goal for the presentation and ensuring that you have met your goal.
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Use this as a guideline to assist you in presenting security to executive stakeholders.
The security presentation templates are a set of customizable templates for various types of security presentation including:
![]() |
As a security leader, you’re tasked with various responsibilities to ensure your organization can achieve its goals while its most important assets are being protected. However, when communicating security to executive stakeholders, challenges can arise in determining what topics are pertinent to present. Changes in the security threat landscape coupled with different business goals make identifying how to present security more challenging. Having a communication framework for presenting security to executive stakeholders will enable you to effectively identify, develop, and deliver your communication goals while obtaining the support you need to achieve your objectives. Ahmad Jowhar Info-Tech Research Group |
Your Challenge |
Common Obstacles |
Info-Tech’s Approach |
---|---|---|
|
|
|
Info-Tech Insight
Security presentations are not a one-way street. The key to a successful executive security presentation is having a goal for the presentation and verifying that you have met your goal.
76% of security leaders struggle in conveying the effectiveness of a cybersecurity program.
62% find it difficult to balance the risk of too much detail and need-to-know information.
41% find it challenging to communicate effectively with a mixed technical and non-technical audience.
9% of boards are extremely confident in their organization’s cybersecurity risk mitigation measures.
77% of organizations have seen an increase in the number of attacks in 2021.
56% of security leaders claimed their team is not involved when leadership makes urgent security decisions.
1. Identify communication goals |
2. Collect information to support goals |
3. Develop communication |
4. Deliver communication |
|
---|---|---|---|---|
Phase steps |
|
|
|
|
Phase outcomes |
A defined list of drivers and goals to help you develop your security presentations |
A list of data sources to include in your communication |
A completed communication template |
A solidified understanding of how to effectively communicate security to your stakeholders |
Security presentations are not a one-way street
The key to a successful executive security presentation is having a goal for the presentation and verifying that you have met your goal.
Identifying your goals is the foundation of an effective presentation
Defining your drivers and goals for communicating security will enable you to better prepare and deliver your presentation, which will help you obtain your desired outcome.
Harness the power of data
Leveraging data and analytics will help you provide quantitative-based communication, which will result in a more meaningful and effective presentation.
Take your audience on a journey
Developing a storytelling approach will help engage with your audience.
Win your audience by building a rapport
Establishing credibility and trust with executive stakeholders will enable you to obtain their support for security objectives.
Tactical insight
Conduct background research on audience members (i.e. professional background) to help understand how best to communicate with them and overcome potential objections.
Tactical insight
Verifying your objectives at the end of the communication is important, as it ensures you have successfully communicated to executive stakeholders.
Report on Security Initiatives |
![]() |
Security Metrics |
![]() |
Security Incident Response & Recovery |
![]() |
Security Funding Request |
![]() |
Template showing how to inform executive stakeholders of proactive security and risk initiatives.
IT/InfoSec benefits |
Business benefits |
---|---|
|
|
Phase |
Measured Value (Yearly) |
---|---|
Phase 1: Identify communication goals |
Cost to define drivers and goals for communicating security to executives: 16 FTE hours @ $233K* =$1,940 |
Phase 2: Collect information to support goals |
Cost to collect and synthesize necessary data to support communication goals: 16 FTE hours @ $233K = $1,940 |
Phase 3: Develop communication |
Cost to develop communication material that will contextualize information being shown: 16 FTE hours @ $233K = $1,940 |
Phase 4: Deliver communication |
|
Potential Savings: |
Total estimated effort = $5,820 Our blueprint will help you save $5,820 and over 40 FTE hours |
* The financial figure depicts the annual salary of a CISO in 2022
“Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful.”
“Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track.”
“We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place.”
“Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project.”
Phase 1 | Phase 2 | Phase 3 | Phase 4 |
---|---|---|---|
1.1 Identify drivers for communicating to executives 1.2 Define your goals for communicating to executives |
2.1 Identify data to collect 2.2 Plan how to retrieve data |
3.1 Plan communication 3.2 Build a compelling communication document |
4.1 Deliver a captivating presentation 4.2 Obtain/verify support for security goals |
This phase will walk you through the following activities:
This phase involves the following participants:
As a security leader, you meet with executives and stakeholders with diverse backgrounds, and you aim to showcase your organization’s security posture along with its alignment with the business’ goals.
However, with the constant changes in the security threat landscape, demands and drivers for security could change. Thus, understanding potential drivers that will influence your communication will assist you in developing and delivering an effective security presentation.
39% of organizations had cybersecurity on the agenda of their board’s quarterly meeting.
Info-Tech Insight
Not all security presentations are the same. Keep your communication strategy and processes agile.
By understanding the influences for your security presentations, you will be able to better plan what to present to executive stakeholders.
Understanding drivers will also help you understand how to present security to executive stakeholders.
Identify your communication drivers, which can stem from various initiatives and programs, including:
When it comes to identifying your communication drivers, you can collaborate with subject matter experts, like your corporate secretary or steering committees, to ensure the material being communicated will align with some of the organizational goals.
Audit
Upcoming internal or external audits might require updates on the organization’s compliance
Organizational restructuring
Restructuring within an organization could require security updates
Merger & Acquisition
An M&A would trigger presentations on organization’s current and future security posture
Cyber incident
A cyberattack would require an immediate presentation on its impact and the incident response plan
Ad hoc
Provide security information requested by stakeholders
After identifying drivers for your communication, it’s important to determine what your goals are for the presentation.
Identifying your communication goals could require the participation of the security team, IT leadership, and other business stakeholders.
Info-Tech Insight
There can be different reasons to communicate security to executive stakeholders. You need to understand what you want to get out of your presentation.
Educate
Educate the board on security trends and/or latest risks in the industry
Update
Provide updates on security initiatives, relevant security metrics, and compliance posture
Inform
Provide an incident response plan due to a security incident or deliver updates on current threats and risks
Investment
Request funding for security investments or financial updates on past security initiatives
Ad hoc
Provide security information requested by stakeholders
Phase 1 | Phase 2 | Phase 3 | Phase 4 |
---|---|---|---|
1.1 Identify drivers for communicating to executives 1.2 Define your goals for communicating to executives | 2.1 Identify data to collect 2.2 Plan how to retrieve data | 3.1 Plan communication 3.2 Build a compelling communication document | 4.1 Deliver a captivating presentation 4.2 Obtain/verify support for security goals |
This phase will walk you through the following activities:
This phase involves the following participants:
After identifying drivers and goals for your communication, it’s important to include the necessary data to justify the information being communicated.
Identifying data to collect doesn’t need to be a rigorous task; you can follow these steps to help you get started:
Info-Tech Insight
Understand how to present your information in a way that will be meaningful to your audience, for instance by quantifying security risks in financial terms.
Educate
Number of organizations in industry impacted by data breaches during past year; top threats and risks affecting the industries
Update
Degree of compliance with standards (e.g. ISO-27001); metrics on improvement of security posture due to security initiatives
Inform
Percentage of impacted clients and disrupted business functions; downtime; security risk likelihood and financial impact
Investment
Capital and operating expenditure for investment; ROI on past and future security initiatives
Ad hoc
Number of security initiatives that went over budget; phishing test campaign results
Once the data that is going to be used for the presentation has been identified, it is important to plan how the data can be retrieved, processed, and shared.
Once the data source and owner has been identified, you need to plan how the data would be processed and leveraged for your presentation
Info-Tech Insight
Using a data-driven approach to help support your objectives is key to engaging with your audience.
Identifying the relevant data sources to retrieve your data and the appropriate data owner enables efficient collaboration between departments collecting, processing, and communicating the data and graphics to the audience.
Examples of where to retrieve your data
Data Source |
Data |
Data Owner |
Communication Goal |
---|---|---|---|
Audit & Compliance Reports |
Percentage of controls completed to be certified with ISO 27001; Number of security threats & risks identified. |
Audit Manager; Compliance Manager; Security Leader |
Ad hoc, Educate, Inform |
Identity & Access Management (IAM) Applications |
Number of privileged accounts/department; Percentage of user accounts with MFA applied |
Network/Security Analyst |
Ad hoc, Inform, Update |
Security Information & Event Management (SIEM) |
Number of attacks detected and blocked before & after implementing endpoint security; Percentage of firewall rules that triggered a false positive |
Network/Security Analyst |
Ad hoc, Inform, Update |
Vulnerability Management Applications |
Percentage of critical vulnerabilities patched; Number of endpoints encrypted |
Network/Security Analyst |
Ad hoc, Inform, Update |
Financial & Accounting Software |
Capital & operating expenditure for future security investments; Return on investment (ROI) on past and current security investments |
Financial and/or Accounting Manager |
Ad hoc, Educate, Investments |
Phase 1 | Phase 2 | Phase 3 | Phase 4 |
---|---|---|---|
1.1 Identify drivers for communicating to executives 1.2 Define your goals for communicating to executives | 2.1 Identify data to collect 2.2 Plan how to retrieve data | 3.1 Plan communication 3.2 Build a compelling communication document | 4.1 Deliver a captivating presentation 4.2 Obtain/verify support for security goals |
This phase will walk you through the following activities:
This phase involves the following participants:
Examples of two profiles in a boardroom
Formal board of directors |
The executive team |
---|---|
|
|
A board’s purpose can include the following:
Examples of potential values and risks
Info-Tech Insight
Conduct background research on audience members (e.g. professional background on LinkedIn) to help understand how best to communicate to them and overcome potential objections.
Examples of potential concerns for each profile of executive stakeholders
Formal board of directors | The executive team |
---|---|
|
|
Your presentation should be well-rounded and compelling when it addresses the board’s main concerns about security.
Checklist:
Info-Tech Insight
The executive stakeholder’s main concerns will always boil down to one important outcome: providing a level of confidence to do business through IT products, services, and systems – including security.
Info-Tech Insight
Developing a storytelling approach will help keep your audience engaged and allow the information to resonate with them, which will add further value to the communication.
You should be clear about your bottom line and the intent behind your presentation. However, regardless of your bottom line, your presentation must focus on what business problems you are solving and why security can assist in solving the problem.
Examples of communication goals
To inform or educate |
To reach a decision |
---|---|
|
|
Info-Tech Insight
Nobody likes surprises. Communicate early and often. The board should be pre-briefed, especially if it is a difficult subject. This also ensures you have support when you deliver a difficult message.
Once you understand your target audience, it’s important to tailor your presentation material to what they will care about.
Typical IT boardroom presentations include:
Info-Tech Insight
You must always have a clear goal or objective for delivering a presentation in front of your board of directors. What is the purpose of your board presentation? Identify your objective and outcome up front and tailor your presentation’s story and contents to fit this purpose.
Info-Tech Insight
Telling a good story is not about the message you want to deliver but the one the executive stakeholders want to hear. Articulate what you want them to think and what you want them to take away, and be explicit about it in your presentation. Make your story logically flow by identifying the business problem, complication, the solution, and how to close the gap. Most importantly, communicate the business impacts the board will care about.
To build a strong story for your presentation, ensure you answer these three questions:
WHY |
Why is this a business issue, or why should the executive stakeholders care? |
---|---|
WHAT |
What is the impact of solving the problem and driving value for the company? |
HOW |
How will we leverage our resources (technology, finances) to solve the problem? |
Scenario 1: The company has experienced a security incident.
Intent: To inform/educate the board about the security incident.
WHY | The data breach has resulted in a loss of customer confidence, negative brand impact, and a reduction in revenue of 30%. |
---|---|
WHAT | Financial, legal, and reputational risks identified, and mitigation strategies implemented. IT is working with the PR team on communications. Incident management playbook executed. |
HOW | An analysis of vulnerabilities was conducted and steps to address are in effect. Recovery steps are 90% completed. Incident management program reviewed for future incidents. |
Scenario 2: Security is recommending investments based on strategic priorities.
Intent: To reach a decision with the board – approve investment proposal.
WHY | The new security strategy outlines two key initiatives to improve an organization’s security culture and overall risk posture. |
---|---|
WHAT | Security proposed an investment to implement a security training & phishing test campaign, which will assist in reducing data breach risks. |
HOW | Use 5% of security’s budget to implement security training and phishing test campaigns. |
What you include in your story will often depend on how much time you have available to deliver the message.
Consider the following:
Use the Q&A portion to build credibility with the board.
Info-Tech Insight
The average board presentation is 15 minutes long. Build no more than three or four slides of content to identify the business problem, the business impacts, and the solution. Leave five minutes for questions at the end, and be prepared with back-up slides to support your answers.
Checklist:
Once you’ve identified your communication goals, data, and plan to present to your stakeholders, it’s important to build the compelling communication document that will attract all audiences.
A good slide design increases the likelihood that the audience will read the content carefully.
Leverage these slide design best practices to assist you in developing eye-catching presentations.
Horizontal logic |
Vertical logic |
---|---|
|
|
![]() |
![]() |
The audience is unsure where to look and in what order. |
The audience knows to read the heading first. Then look within the pie chart. Then look within the white boxes to the right. |
Horizontal logic | Vertical logic |
---|---|
|
|
![]() |
![]() |
|
Increase skim-ability:
Make it easier on the eyes:
|
Passive voice |
Active voice |
---|---|
“There are three things to look out for” (8 words) “Network security was compromised by hackers” (6 words) |
“Look for these three things” (5 words) “Hackers compromised network security” (4 words) |
![]() |
![]() |
Easy to read, but hard to remember the stats. |
The visuals make it easier to see the size of the problem and make it much more memorable. Remember to:
|
![]() |
![]() |
This draft slide is just content from the outline document on a slide with no design applied yet. |
|
Cognitively
Emotionally
Visual clues
Persuasion
Often stakeholders prefer to receive content in a specific format. Make sure you know what you require so that you are not scrambling at the last minute.
Leverage this checklist to ensure you are creating the perfect visuals and graphs for your presentation.
Checklist:
Once you have identified your communication goals and plans for building your communication document, you can start building your presentation deck. These presentation templates highlight different security topics depending on your communication drivers, goals, and available data. Info-Tech has created five security templates to assist you in building a compelling presentation. These templates provide support for presentations on the following five topics:
Each template provides instructions on how to use it and tips on ensuring the right information is being presented. All the templates are customizable, which enables you to leverage the sections you need while also editing any sections to your liking. |
![]() |
Download the Security Presentation Templates
It’s important to know that not all security presentations for an organization are alike. However, these templates would provide a guideline on what the best practices are when communicating security to executive stakeholders.
Below is an example of instructions to complete the “Security Risk & Update” template. Please note that the security template will have instructions to complete each of its sections.
![]() |
![]() |
The first slide following the title slide includes a brief executive summary on what would be discussed in the presentation. This includes the main security threats that would be addressed and the associated risk mitigation strategies. |
This slide depicts a holistic overview of the organization’s security posture in different areas along with the main business goals that security is aligning with. Ensure visualizations you include align with the goals highlighted. |
![]() |
![]() |
This slide displays any top threats and risks an organization is facing. Each threat consists of 2-3 risks and is prioritized based on the negative impact it could have on the organization (i.e. red bar = high priority; green bar = low priority). Include risks that have been addressed in the past quarter, and showcase any prioritization changes to those risks. |
This slide follows the “Top Threats & Risks” slide and focuses on the risks that had medium or high priority. You will need to work with subject matter experts to identify risk figures (likelihood, financial impact) that will enable you to quantify the risks (Likelihood x Financial Impact). Develop a threshold for each of the three columns to identify which risks require further prioritization, and apply color coding to group the risks. |
![]() |
![]() |
This slide showcases further details on the top risks along with their business impact. Be sure to include recommendations for the risks and indicate whether further action is required from the executive stakeholders. |
The last slide of the “Security Risk & Update” template presents a timeline of when the different initiatives to mitigate security risks would begin. It depicts what initiatives will be completed within each fiscal year and the total number of months required. As there could be many factors to a project’s timeline, ensure you communicate to your executive stakeholders any changes to the project. |
Phase 1 | Phase 2 | Phase 3 | Phase 4 |
---|---|---|---|
1.1 Identify drivers for communicating to executives 1.2 Define your goals for communicating to executives | 2.1 Identify data to collect 2.2 Plan how to retrieve data | 3.1 Plan communication 3.2 Build a compelling communication document | 4.1 Deliver a captivating presentation 4.2 Obtain/verify support for security goals |
This phase will walk you through the following activities:
This phase involves the following participants:
You’ve gathered all your data, you understand what your audience is expecting, and you are clear on the outcomes you require. Now, it’s time to deliver a presentation that both engages and builds confidence.
Follow these tips to assist you in developing an engaging presentation:
Info-Tech Insight
Establishing credibility and trust with executive stakeholders is important to obtaining their support for security objectives.
Know your environment |
Be professional but not boring |
Connect with your audience |
---|---|---|
|
|
|
Optimize the timing of your presentation:
Script your presentation:
Other considerations:
Leverage this checklist to ensure you are prepared to develop and deliver an engaging presentation.
Checklist:
Once you’ve delivered your captivating presentation, it’s imperative to communicate with your executive stakeholders.
Info-Tech Insight
Verifying your objectives at the end of the presentation is important, as it ensures you have successfully communicated to executive stakeholders.
Follow this checklist to assist you in obtaining and verifying your communication goals.
Checklist:
Problem Solved
A better understanding of security communication drivers and goals
A developed a plan for how and where to retrieve data for communication
A solidified communication plan with security templates to assist in better presenting to your audience
A defined guideline on how to deliver a captivating presentation to achieve your desired objectives
If you would like additional support, have our analysts guide you through other phases as part of an Info-Tech workshop.
Contact your account representative for more information.
1-888-670-8889
Build an Information Security Strategy
This blueprint will walk you through the steps of tailoring best practices to effectively manage information security.
Build a Security Metrics Program to Drive Maturity
This blueprint will assist you in identifying security metrics that can tie to your organizational goals and build those metrics to achieve your desired maturity level.
Bhadauriya, Amit S. “Communicating Cybersecurity Effectively to the Board.” Metricstream. Web.
Booth, Steven, et al. “The Biggest Mistakes Made When Presenting Cyber Security to Senior Leadership or the Board, and How to Fix Them.” Mandiant, May 2019. Web.
Bradford, Nate. “6 Slides Every CISO Should Use in Their Board Presentation.” Security Boulevard, 9 July 2020. Web.
Buckalew, Lauren, et al. “Get the Board on Board: Leading Cybersecurity from the Top Down.” Newsroom, 2 Dec. 2019. Web.
Burg, Dave, et al. “Cybersecurity: How Do You Rise above the Waves of a Perfect Storm?” EY US - Home, EY, 22 July 2021. Web.
Carnegie Endowment for International Peace. Web.
“Chief Information Security Officer Salary.” Salary.com, 2022. Web.
“CISO's Guide to Reporting to the Board - Apex Assembly.” CISO's Guide To Reporting to the Board. Web.
“Cyber Security Oversight in the Boardroom” KPMG, Jan. 2016. Web.
“Cybersecurity CEO: My 3 Tips for Presenting in the Boardroom.” Cybercrime Magazine, 31 Mar. 2020. Web.
Dacri , Bryana. Do's & Don'ts for Security Professionals Presenting to Executives. Feb. 2018. Web.
Froehlich, Andrew. “7 Cybersecurity Metrics for the Board and How to Present Them: TechTarget.” Security, TechTarget, 19 Aug. 2022. Web.
“Global Board Risk Survey.” EY. Web.
“Guidance for CISOs Presenting to the C-Suite.” IANS, June 2021. Web.
“How to Communicate Cybersecurity to the Board of Directors.” Cybersecurity Conferences & News, Seguro Group, 12 Mar. 2020. Web.
Ide, R. William, and Amanda Leech. “A Cybersecurity Guide for Directors” Dentons. Web.
Lindberg, Randy. “3 Tips for Communicating Cybersecurity to the Board.” Cybersecurity Software, Rivial Data Security, 8 Mar. 2022. Web.
McLeod, Scott, et al. “How to Present Cybersecurity to Your Board of Directors.” Cybersecurity & Compliance Simplified, Apptega Inc, 9 Aug. 2021. Web.
Mickle, Jirah. “A Recipe for Success: CISOs Share Top Tips for Successful Board Presentations.” Tenable®, 28 Nov. 2022. Web.
Middlesworth, Jeff. “Top-down: Mitigating Cybersecurity Risks Starts with the Board.” Spiceworks, 13 Sept. 2022. Web.
Mishra, Ruchika. “4 Things Every CISO Must Include in Their Board Presentation.” Security Boulevard, 17 Nov. 2020. Web.
O’Donnell-Welch, Lindsey. “CISOs, Board Members and the Search for Cybersecurity Common Ground.” Decipher, 20 Oct. 2022. Web.
“Overseeing Cyber Risk: The Board's Role.” PwC, Jan. 2022. Web.
Pearlson, Keri, and Nelson Novaes Neto. “7 Pressing Cybersecurity Questions Boards Need to Ask.” Harvard Business Review, 7 Mar. 2022. Web.
“Reporting Cybersecurity Risk to the Board of Directors.” Web.
“Reporting Cybersecurity to Your Board - Steps to Prepare.” Pondurance ,12 July 2022. Web.
Staynings, Richard. “Presenting Cybersecurity to the Board.” Resource Library. Web.
“The Future of Cyber Survey.” Deloitte, 29 Aug. 2022. Web.
“Top Cybersecurity Metrics to Share with Your Board.” Packetlabs, 10 May 2022. Web.
Unni, Ajay. “Reporting Cyber Security to the Board? How to Get It Right.” Cybersecurity Services Company in Australia & NZ, 10 Nov. 2022. Web.
Vogel, Douglas, et al. “Persuasion and the Role of Visual Presentation Support.” Management Information Systems Research Center, 1986.
“Welcome to the Cyber Security Toolkit for Boards.” NCSC. Web.
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
The ways you measure success as a business are based on the typical business environment, but during a crisis like a pandemic, the business environment is rapidly changing or significantly different.
Measure what you have the data for and focus on managing the impacts to your employees, customers, and suppliers. Be willing to make decisions based on imperfect data. Don’t forget to keep an eye on the long-term objectives and remember that how you act now can reflect on your business for years to come.
Use Info-Tech’s approach to:
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Identify the short-term goals for your organization and reconsider your long-term objectives.
Determine your tool for data collection and your data requirements and collect initial data.
Determine the appropriate cadence for reviewing the dashboard and action planning.
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
This phase will walk you through the following activities:
This phase will help you customize Level 1 Project Gates with appropriate roles and responsibilities.
This phase will help you customize Level 2 Project Gates with appropriate roles and responsibilities.
This phase will help you customize Level 3 Project Gates with appropriate roles and responsibilities. It will also help you determine next steps and milestones for the adoption of the new process.
Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.
Understand the role of gating and why we need it.
Determine what projects will follow the gating process and how to classify them.
Establish the role of the project sponsor throughout the entire project lifecycle.
Get stakeholder buy-in for the process.
Ensure there is a standard leveling process to determine size, risk, and complexity of requests.
Engage the project sponsor throughout the portfolio and project processes.
1.1 Project Gating Review
1.2 Establish appropriate project levels
1.3 Define the role of the project sponsor
Project Intake Classification Matrix
Project Sponsor Role Description Template
This phase will help you customize Level 1 Project Gates with appropriate roles and responsibilities.
Create a lightweight project gating process for small projects.
2.1 Review level 1 project gating process
2.2 Determine what gates should be part of your custom level 1 gating process
2.3 Establish required artifacts for each gate
2.4 Define the stakeholder’s roles and responsibilities at each gate
Documented outputs in the Project Gating Strategic Template
This phase will help you customize Level 2 Project Gates with appropriate roles and responsibilities.
Create a heavier project gating process for medium projects.
3.1 Review level 2 project gating process
3.2 Determine what gates should be part of your custom level 2 gating process
3.3 Establish required artifacts for each gate
3.4 Define the stakeholder’s roles and responsibilities at each gate
This phase will help you customize Level 3 Project Gates with appropriate roles and responsibilities.
Come up with a roadmap for the adoption of the new project gating process.
Create a comprehensive project gating process for large projects.
4.1 Review level 3 project gating process
4.2 Determine what gates should be part of your custom level 3 gating process
4.3 Establish required artifacts for each gate
4.4 Define the stakeholder’s roles and responsibilities at each gate
4.5 Determine next steps and milestones for process adoption
Documented outputs in the Project Gating Strategic Template
Documented Project Gating Reference Document for all stakeholders
Improvement can be incremental. You do not have to adopt every recommended improvement right away. Ensure every process change you make will create value and slowly add improvements to ease buy-in.
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Use this storyboard as a guide to align projects with your IT change management lifecycle.
Use this SOP as a template to document and maintain your change management practice.
Focus on frequent and transparent communications between the project team and change management. |
Misalignment between IT change management and project management leads to headaches for both practices. Project managers should aim to be represented in the change advisory board (CAB) to ensure their projects are prioritized and scheduled appropriately. Advanced notice on project progress allows for fewer last-minute accommodations at implementation. Widespread access of the change calendar can also lead project management to effectively schedule projects to give change management advanced notice. Moreover, alignment between the two practices at intake allows for requests to be properly sorted, whether they enter change management directly or are governed as a project. Lastly, standardizing implementation and post-implementation across everyone involved ensures more successful changes and socialized/documented lessons learned for when implementations do not go well. Benedict Chang |
Your Challenge |
Common Obstacles |
Info-Tech’s Approach |
---|---|---|
To align projects with the change lifecycle, IT leaders must:
|
Loose definitions may work for clear-cut examples of changes and projects at intake, but grey-area requests end up falling through the cracks. Changes to project scope, when not communicated, often leads to scheduling conflicts at go-live. Too few checkpoints between change and project management can lead to conflicts. Too many checkpoints can lead to delays. |
Set up touchpoints between IT change management and project management at strategic points in the change and project lifecycles. Include appropriate project representation at the change advisory board (CAB). Leverage standard change resources such as the change calendar and request for change form (RFC). |
Improvement can be incremental. You do not have to adopt every recommended improvement right away. Ensure every process change you make will create value, and slowly add improvements to ease buy-in.
This deck is intended to align established processes. If you are just starting to build IT change processes, see the related research below.
Align Projects With the IT Change Lifecycle |
01 Optimize IT Change Management | |
---|---|---|
Increase the success of your changes by integrating project touchpoints in your change lifecycle. (You are here) |
Decide which IT projects to approve and when to start them. |
Right-size IT change management to protect the live environment. |
IT Benefits |
Business Benefits |
---|---|
|
|
IT satisfaction with change management will drive business satisfaction with IT. Once the process is working efficiently, staff will be more motivated to adhere to the process, reducing the number of unauthorized changes. As fewer changes bypass proper evaluation and testing, service disruptions will decrease and business satisfaction will increase.
Control |
Collaboration |
Consistency |
Confidence |
---|---|---|---|
Change management brings daily control over the IT environment, allowing you to review every relatively new change, eliminate changes that would have likely failed, and review all changes to improve the IT environment. |
Change management planning brings increased communication and collaboration across groups by coordinating changes with business activities. The CAB brings a more formalized and centralized communication method for IT. |
Request-for-change templates and a structured process result in implementation, test, and backout plans being more consistent. Implementing processes for pre-approved changes also ensures these frequent changes are executed consistently and efficiently. |
Change management processes will give your organization more confidence through more accurate planning, improved execution of changes, less failure, and more control over the IT environment. This also leads to greater protection against audits. |
Both changes and projects will end up in change control in the end. Here, we define the intake.
Changes and projects will both go to change control when ready to go live. However, defining the governance needed at intake is critical.
A change should be governed by change control from beginning to end. It would typically be less than a week’s worth of work for a SME to build and come in at a nominal cost (e.g. <$20k over operating costs).
Projects on the other hand, will be governed by project management in terms of scope, scheduling, resourcing, etc. Projects typically take over a week and/or cost more. However, the project, when ready to go live, should still be scheduled through change control to avoid any conflicts at implementation. At triage and intake, a project can be further scoped based on projected scale.
This initial touchpoint between change control and project management is crucial to ensure tasks and request are executed with the proper governance. To distinguish between changes and projects at intake, list examples of each and determine what resourcing separates changes from projects.
Need help scoping projects? Download the Project Intake Classification Matrix
Change |
Project |
---|---|
|
|
While effort and cost are good indicators of changes and projects, consider evaluating risk and complexity too.
Change | Project | Service Request (Optional) | Operational Task (Optional) | Release (Optional) |
---|---|---|---|---|
Changing Configuration | New ERP | Add new user | Delete temp files | Software release |
Download the Change Management Standard Operating Procedure (SOP).
Input | Output |
---|---|
|
|
Materials | Participants |
|
|
CAB touchpoints
Consistently communicate the plan and timeline for hitting these milestones so CAB can prioritize and plan changes around it. This will give change control advanced notice of altered timelines.
RFCs
Projects may have multiple associated RFCs. Keeping CAB appraised of the project RFC or RFCs gives them the ability to further plan changes.
Change Calendar
Query and fill the change calendar with project timelines and milestones to compliment the CAB touchpoints.
The request for change (RFC) form does not have to be a burden to fill out. If designed with value in mind, it can be leveraged to set standards on all changes (from projects and otherwise).
When looking at the RFC during the Build and Test phase of a project, prioritize the following fields to ensure the implementation will be successful from a technical and user-adoption point of view.
Filling these fields of the RFC and communicating them to the CAB at go-live approval gives the approvers confidence that the project will be implemented successfully and measures are known for when that implementation is not successful.
Download the Request for Change Form Template
Communication Plan The project may be successful from a technical point of view, but if users do not know about go-live or how to interact with the project, it will ultimately fail. |
Training Plan If necessary, think of how to train different stakeholders on the project go-live. This includes training for end users interacting with the project and technicians supporting the project. |
Implementation Plan Write the implementation plan at a high enough level that gives the CAB confidence that the implementation team knows the steps well. |
Rollback Plan Having a well-formulated rollback plan gives the CAB the confidence that the impact of the project is well known and the impact to the business is limited even if the implementation does not go well. |
Inputs
Guidelines
Roles
Info-Tech Insight
Make the calendar visible to as many parties as necessary. However, limit the number of personnel who can make active changes to the calendar to limit calendar conflicts.
As optional CAB members
Project SMEs may attend when projects are ready to go live and when invited by the change manager. Optional members provide details on change cross-dependencies, high-level testing, rollback, communication plans, etc. to inform prioritization and scheduling decisions.
As project management representatives
Project management should also attend CAB meetings to report in on changes to ongoing projects, implementation timelines, and project milestones. Projects are typically high-priority changes when going live due to their impact. Advanced notice of timeline and milestone changes allow the rest of the CAB to properly manage other changes going into production.
As core CAB members
The core responsibilities of CAB must still be fulfilled:
1. Protect the live environment from poorly assessed, tested, and implemented changes.
2. Prioritize changes in a way that fairly reflects change impact, urgency, and likelihood.
3. Schedule deployments in a way the minimizes conflict and disruption.
If you need to define the authority and responsibilities of the CAB, see Activity 2.1.3 of the Optimize IT Change Management blueprint.
Verification |
Once the change has been implemented, verify that all requirements are fulfilled. |
---|---|
Review |
Ensure all affected systems and applications are operating as predicted. |
Update change ticket and change log |
Update RFC status and CMDB as well (if necessary). |
Transition |
Once the change implementation is complete, it’s imperative that the team involved inform and train the operational and support groups. |
If you need to define transitioning changes to production, download Transition Projects to the Service Desk
Conduct PIRs for failed changes. Successful changes can simply be noted and transitioned to operations.
It’s best to perform a PIR once a change-related incident is resolved.
Include a root-cause analysis, mitigation actions/timeline, and lessons learned in the documentation.
Socialize the findings of the PIR at the subsequent CAB meeting.
If a similar change is conducted, append the related PIR to avoid the same mistakes.
Info-Tech Insight
Include your PIR documentation right in the RFC for easy reference.
Download the RFC template for more details on post-implementation reviews
Download the Change Management Standard Operating Procedure (SOP).
Input | Output |
---|---|
|
|
Materials | Participants |
|
|
Right-size IT change management to protect the live environment. |
Optimize IT Project Intake, Approval, and Prioritization Decide which IT projects to approve and when to start them. |
Maintain an Organized Portfolio Align portfolio management practices with COBIT (APO05: Manage Portfolio). |
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Use Info-Tech's 2020 Applications Priorities Report to learn about the five initiatives that IT should prioritize for the coming year.
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Define, identify, and organize your technical debt in preparation for the technical debt impact analysis.
Conduct a technical debt business impact analysis.
Identify options to resolve technical debt and summarize the challenge and potential solutions for business decision makers.
Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.
Create a working definition of technical debt and identify the technical debt in your environment.
List your technical debt.
1.1 Develop a working definition for technical debt.
1.2 Discuss your organization’s technical debt risk.
1.3 Identify 5-10 high-impact technical debts to structure the impact analysis.
Goals, opportunities, and constraints related to tech debt management
A list of technical debt
Conduct a more-objective assessment of the business impact of technical debt.
Identify the most-critical technical debt in your environment, in terms of business risk.
2.1 Review and modify business impact scoring scales.
2.2 Identify reasonable scenarios to structure the impact analysis.
2.3 Apply the scoring scale to identify the business impact of each technical debt.
Business impact scoring scales
Scenarios to support the impact analysis
Technical debt impact analysis
Leverage the technical debt impact analysis to identify, compare, and quantify projects that fix technical debt and projects that prevent it.
Create your plan to manage technical debt.
3.1 Brainstorm projects and action items to manage and pay back critical technical debt. Prioritize projects and action items to build a roadmap.
3.2 Identify three possible courses of action to pay back each critical technical debt.
3.3 Identify immediate next steps to manage remaining tech debt and limit the introduction of new tech debt.
Technical debt management roadmap
Technical debt executive summary
Immediate next steps to manage technical debt
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
In today’s world, users want to consume concise content and information quickly. Websites have a limited time to prove their usefulness to a new user. Content needs to be as few clicks away from the user as possible. Analyzing user behavior using advanced analytics techniques can help website designers better understand their audience.
Organizations need to implement sophisticated analytics tools to track user data from their website. However, simply extracting data is not enough to understand the user motivation. A successful implementation of a web analytics tool will comprise both understanding what a customer does on the website and why the customer does what they do.
This research will introduce some fundamental and advanced analytics tools and provide insight into some of the vendors in the market space.
![]() |
Sai Krishna Rajaramagopalan
Research Specialist, Applications − Enterprise Applications Info-Tech Research Group |
Your Challenge
|
Common Obstacles
|
Info-Tech’s Approach
|
It is easy to get lost in a sea of expensive web analytics tools. Choose tools that align with your business objectives to keep the costs of customer acquisition and retention to a minimum.
1. ORGANIZATIONAL GOALSThe first key step in implementing and succeeding with web analytics tools is to set clearly defined organizational goals, e.g. improving product sales. 3. KPI METRICSDefine key performance indicators (KPIs) that help track the organization’s performance, e.g. number of page visits, conversion rates, bounce rates. 5. REVIEWContinuous improvement is essential to succeed in understanding customers. The world is a dynamic place, and you must constantly revise your organizational goals, business objectives, and KPIs to remain competitive. |
![]() |
2. BUSINESS OBJECTIVESThe next step is to lay out business objectives that help to achieve the organization’s goals, e.g. to increase customer leads, increase customer transactions, increase web traffic. 4. APPLICATION SELECTIONUnderstand the web analytics tool space and which combination of tools and vendors best fits the organization’s goals. |
|
![]() |
The global web analytics market size is projected to reach US$5,156.3 million by 2026, from US$2,564 million in 2019, at a CAGR of 10.4% during 2021-2026. (Source: 360 Research Reports, 2021) | Of the top 1 million websites with the highest traffic, there are over 3 million analytics technologies used. Google Analytics has the highest market share, with 50.3%. (Source: “Top 1 Million Sites,” BuiltWith, 2022) |
Of the 200 million active websites, 57.3% employ some form of web analytics tool. This trend is expected to grow as more sophisticated tools are readily available at a cheaper cost. (Source: “On the Entire Internet,” BuiltWith, 2022; Siteefy, 2022) | A three-month study by Contentsquare showed a 6.9% increase in traffic, 11.8% increase in page views, 12.4% increase in transactions, and 3.6% increase in conversion rates through leveraging web analytics. (Source: Mordor Intelligence, 2022) |
Case Study |
![]() |
INDUSTRY
|
SOURCE
|
Ryanair is a low-fare airline in Europe that receives nearly all of its bookings via its website. Unhappy with its current web analytics platform, which was difficult to understand and use, Ryanair was looking for a solution that could adapt to its requirements and provide continuous support and long-term collaboration. Ryanair chose AT Internet for its intuitive user interface that could effectively and easily manage all the online activity. AT was the ideal partner to work closely with the airline to strengthen strategic decision making over the long term, increase conversions in an increasingly competitive market, and increase transactions on the website. ResultsBy using AT Internet Web Analytics to improve email campaigns and understand the behavior of website visitors, Ryanair was able to triple click-through rates, increase visitor traffic by 16%, and decrease bounce rate by 18%. |
![]() |
|
![]() |
|
![]() |
|
![]() (Source: An example of a heatmap layered with a scrollmap from Crazy Egg, 2020) |
Funneling
|
![]() |
Session recordings
|
![]() |
Feedback and microsurveys
|
![]() |
Feature Name |
Description |
Visitor Count Tracking | Counts the number of visits received by a website or webpage. |
Geographic Analytics | Uses location information to enable the organization to provide location-based services for various demographics. |
Conversion Tracking | Measures the proportion of users that complete a certain task compared to total number of users. |
Device and Browser Analytics | Captures and summarizes device and browser information. |
Bounce and Exit Tracking | Calculates exit rate and bounce rate on a webpage. |
CTA Tracking | Measures the number of times users click on a call to action (CTA) button. |
Audience Demographics | Captures, analyzes, and displays customer demographic/firmographic data from different channels. |
Aggregate Traffic Reporting | Works backward from a conversion or other key event to analyze the differences, trends, or patterns in the paths users took to get there. |
Social Media Analytics | Captures information on social signals from popular services (Twitter, Facebook, LinkedIn, etc.). |
Feature Name | Description |
Heatmapping | Shows where users have clicked on a page and how far they have scrolled down a page or displays the results of eye-tracking tests through the graphical representation of heatmaps. |
Funnel Exploration | Visualizes the steps users take to complete tasks on your site or app. |
A/B Testing | Enables you to test the success of various website features. |
Customer Journey Modelling | Effectively models and displays customer behaviors or journeys through multiple channels and touchpoints. |
Audience Segmentation | Creates and analyzes discrete customer audience segments based on user-defined criteria or variables. |
Feedback and Surveys | Enables users to give feedback and share their satisfaction and experience with website designers. |
Paid Search Integration | Integrates with popular search advertising services (i.e. AdWords) and can make predictive recommendations around areas like keywords. |
Search Engine Optimization | Provides targeted recommendations for improving and optimizing a page for organic search rankings (i.e. via A/B testing or multivariate testing). |
Session Recording | Records playbacks of users scrolling, moving, u-turning, and rage clicking on your site. |
Evaluate software category leaders using SoftwareReviews’ vendor rankings and awards |
![]() |
![]() |
The Data Quadrant is a thorough evaluation and ranking of all software in an individual category to compare platforms across multiple dimensions.
Vendors are ranked by their Composite Score, based on individual feature evaluations, user satisfaction rankings, vendor capability comparisons, and likeliness to recommend the platform. |
![]() |
The Emotional Footprint is a powerful indicator of overall user sentiment toward the relationship with the vendor, capturing data across five dimensions.
Vendors are ranked by their Customer Experience (CX) Score, which combines the overall Emotional Footprint rating with a measure of the value delivered by the solution. |
Speak with category experts to dive deeper into the vendor landscape |
![]() |
Fact-based reviews of business software from IT professionals. | Top-tier data quality backed by a rigorous quality assurance process. | CLICK HERE to ACCESS
Comprehensive software reviews
|
Product and category reports with state-of-the-art data visualization. | User-experience insight that reveals the intangibles of working with a vendor. |
Technology coverage is a priority for Info-Tech and SoftwareReviews provides the most comprehensive unbiased data on today’s technology. Combined with the insight of our expert analysts, our members receive unparalleled support in their buying journey.
![]() |
Google Analytics provides comprehensive traditional analytics tools, free of charge, to understand the customer journey and improve marketing ROI. Twenty-four percent of all web analytical tools used on the internet are provided by Google analytics. |
![]() |
Hotjar is a behavior analytics and product experience insights service that helps you empathize with and understand your users through their feedback via tools like heatmaps, session recordings, and surveys. Hotjar complements the data and insights you get from traditional web analytics tools like Google Analytics. |
![]() |
Crazy Egg is a website analytics tool that helps you optimize your site to make it more user-friendly, more engaging, and more conversion-oriented. It does this through heatmaps and A/B testing, which allow you to see how people are interacting with your site. |
![]() |
Amplitude Analytics provides intelligent insight into customer behavior. It offers basic functionalities like measuring conversion rate and engagement metrics and also provides more advanced tools like customer journey maps and predictive analytics capabilities through AI. |
Case Study | ![]() | INDUSTRY | SOURCE |
Heatmaps and playback recordings
ChallengeMiller & Smith had just redesigned their website, but the organization wanted to make sure it was user-friendly as well as visually appealing. They needed an analytics platform that could provide information about where visitors were coming from and measure the effectiveness of the marketing campaigns. |
SolutionMiller & Smith turned to Crazy Egg to obtain visual insights and track user behavior. They used heatmaps and playback recordings to see user activity within webpages and pinpoint any issues with user interface. In just a few weeks, Miller & Smith gained valuable data to work with: the session recordings helped them understand how users were navigating the site, and the heatmaps allowed them to see where users were clicking – and what they were skipping. |
ResultsDetailed reports generated by the solution allowed Miller & Smith team to convince key stakeholders and implement the changes easily. They were able to pinpoint what changes needed to be made and why these changes would improve their experience. Within few weeks, the bounce rate improved by 7.5% and goal conversion increased by 8.5% over a similar period the previous year. |
1. ORGANIZATIONAL GOALSThe first key step in implementing and succeeding with web analytics tools is to set clearly defined organizational goals, e.g. improving product sales. 3. KPI METRICSDefine key performance indicators (KPIs) that help track the organization’s performance, e.g. number of page visits, conversion rates, bounce rates. 5. REVIEWContinuous improvement is essential to succeed in understanding customers. The world is a dynamic place, and you must constantly revise your organizational goals, business objectives, and KPIs to remain competitive. |
![]() |
2. BUSINESS OBJECTIVESThe next step is to lay out business objectives that help to achieve the organization’s goals, e.g. to increase customer leads, increase customer transactions, increase web traffic. 4. APPLICATION SELECTIONUnderstand the web analytics tool space and which combination of tools and vendors best fits the organization’s goals. |
Output: Organization’s goal list
Materials: Whiteboard, Markers
Participants: Core project team
30 minutes
Output: Business objectives
Materials: Whiteboard, Markers
Participants: Core project team
Establish baseline metricsBaseline metrics will be improved through:
|
1.3 Establish baseline metrics that you intend to improve via your web analytics tools30 minutes
|
Software Selection InsightBalance the effort-to-information ratio required for a business impact assessment to keep stakeholders engaged. Use documentation that captures the key data points and critical requirements without taking days to complete. Stakeholders are more receptive to formal selection processes that are friction free. |
The Software Selection WorkbookWork through the straightforward templates that tie to each phase of the Rapid Application Selection Framework, from assessing the business impact to requirements gathering. |
The Vendor Evaluation WorkbookConsolidate the vendor evaluation process into a single document. Easily compare vendors as you narrow the field to finalists. |
The Guide to Software Selection: A Business Stakeholder ManualQuickly explain the Rapid Application Selection Framework to your team while also highlighting its benefits to stakeholders. |
![]() |
Modernize Your Corporate Website to Drive Business Value
Drive higher user satisfaction and value through UX-driven websites. |
![]() |
Select and Implement a Web Experience Management Solution
Your website is your company’s face to the world: select a best-of-breed platform to ensure you make a rock-star impression with your prospects and customers! |
![]() |
Create an Effective Web Redesign Strategy
Ninety percent of web redesign projects, executed without an effective strategy, fail to accomplish their goals. |
"11 Essential Website Data Factors and What They Mean." CivicPlus, n.d. Accessed 26 July 2022.
“Analytics Usage Distribution in the Top 1 Million Sites.” BuiltWith, 1 Nov. 2022. Accessed 26 July 2022.
"Analytics Usage Distribution on the Entire Internet." BuiltWith, 1 Nov. 2022. Accessed 26 July 2022.
Bell, Erica. “How Miller and Smith Used Crazy Egg to Create an Actionable Plan to Improve Website Usability.” Crazy Egg, n.d. Accessed 26 July 2022.
Brannon, Jordan. "User Behavior Analytics | Enhance The Customer Journey." Coalition Technologies, 8 Nov 2021. Accessed 26 July 2022.
Cardona, Mercedes. "7 Consumer Trends That Will Define The Digital Economy In 2021." Adobe Blog, 7 Dec 2020. Accessed 26 July 2022.
“The Finer Points.“ Analytics Features. Google Marketing Platform, 2022. Accessed 26 July 2022.
Fitzgerald, Anna. "A Beginner’s Guide to Web Analytics." HubSpot, 21 Sept 2022. Accessed 26 July 2022.
"Form Abandonment: How to Avoid It and Increase Your Conversion Rates." Fullstory Blog, 7 April 2022. Accessed 26 July 2022.
Fries, Dan. "Plug Sales Funnel Gaps by Identifying and Tracking Micro-Conversions." Clicky Blog, 9 Dec 2019. Accessed 7 July 2022.
"Funnel Metrics in Saas: What to Track and How to Improve Them?" Userpilot Blog, 23 May 2022. Accessed 26 July 2022.
Garg, Neha. "Digital Experimentation: 3 Key Steps to Building a Culture of Testing." Contentsquare, 21 June 2021. Accessed 26 July 2022.
“Global Web Analytics Market Size, Status and Forecast 2021-2027.” 360 Research Reports, 25 Jan. 2021. Web.
Hamilton, Stephanie. "5 Components of Successful Web Analytics." The Daily Egg, 2011. Accessed 26 July 2022.
"Hammond, Patrick. "Step-by-Step Guide to Cohort Analysis & Reducing Churn Rate." Amplitude, 15 July 2022. Accessed 26 July 2022.
Hawes, Carry. "What Is Session Replay? Discover User Pain Points With Session Recordings." Dynatrace, 20 Dec 2021. Accessed 26 July 2022.
Huss, Nick. “How Many Websites Are There in the World?” Siteefy, 8 Oct. 2022. Web.
Nelson, Hunter. "Establish Web Analytics and Conversion Tracking Foundations Using the Google Marketing Platform.” Tortoise & Hare Software, 29 Oct 2022. Accessed 26 July 2022.
"Product Analytics Vs Product Experience Insights: What’s the Difference?" Hotjar, 14 Sept 2021. Accessed 26 July 2022.
“Record and watch everything your visitors do." Inspectlet, n.d. Accessed 26 July 2022.
“Ryanair: Using Web Analytics to Manage the Site’s Performance More Effectively and Improve Profitability." AT Internet, 1 April 2020. Accessed 26 July 2022.
Sibor, Vojtech. "Introducing Cross-Platform Analytics.” Smartlook Blog, 5 Nov 2022. Accessed 26 July 2022.
"Visualize Visitor Journeys Through Funnels.” VWO, n.d. Accessed 26 July 2022.
"Web Analytics Market Share – Growth, Trends, COVID-19 Impact, and Forecasts (2022-2027)." Mordor Intelligence, 2022. Accessed 26 July 2022.
“What is the Best Heatmap Tool for Real Results?” Crazy Egg, 27 April 2020. Web.
"What Is Visitor Behavior Analysis?" VWO, 2022. Accessed 26 July 2022.
Zheng, Jack G., and Svetlana Peltsverger. “Web Analytics Overview.” IGI Global, 2015. Accessed 26 July 2022.
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Begin the process by identifying your VMO’s ROI maturity level and which calculation components are most appropriate for your situation.
Set measurement baselines and goals for the next measurement cycle.
Measure the VMO's ROI and value created by the VMO’s efforts and the overall internal satisfaction with the VMO.
Report the results to key stakeholders and executives in a way that demonstrates the value added by the VMO to the entire organization.
Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.
Determine how you will measure the VMO’s ROI.
Focus your measurement on the appropriate activities.
1.1 Determine your VMO’s maturity level and identify applicable ROI measurement categories.
1.2 Review and select the appropriate ROI formula components for each applicable measurement category.
1.3 Compile a list of potential data sources, evaluate the viability of each data source selected, and assign data collection and analysis responsibilities.
1.4 Communicate progress and proposed ROI formula components to executives and key stakeholders for feedback and/or approval/alignment.
VMO ROI maturity level and first step of customizing the ROI formula components.
Second and final step of customizing the ROI formula components…what will actually be measured.
Viable data sources and assignments for team members.
A progress report for key stakeholders and executives.
Set baselines to measure created value against.
ROI contributions cannot be objectively measured without baselines.
2.1 Gather baseline data.
2.2 Calculate/set baselines.
2.3 Set SMART goals.
2.4 Communicate progress and proposed ROI formula components to executives and key stakeholders for feedback and/or approval/alignment.
Data to use for calculating baselines.
Baselines for measuring ROI contributions.
Value creation goals for the next measurement cycle.
An updated progress report for key stakeholders and executives.
Calculate the VMO’s ROI.
An understanding of whether the VMO is paying for itself.
3.1 Assemble the data and calculate the VMO’s ROI.
3.2 Organize the data for the reporting step.
The VMO’s ROI expressed in terms of how many times it pays for itself (e.g. 1X, 3X, 5X).
Determine which supporting data will be reported.
Report results to stakeholders.
Stakeholders understand the value of the VMO.
4.1 Create a reporting template.
4.2 Determine reporting frequency.
4.3 Decide how the reports will be distributed or presented.
4.4 Send out a draft report and update based on feedback.
A template for reporting ROI and supporting data.
A decision about quarterly or annual reports.
A decision regarding email, video, and in-person presentation of the ROI reports.
Final ROI reports.
New technologies such as generative AI, quantum computing, 5G cellular networks, and next-generation robotics are ushering in an exciting new era of business transformation. By adopting an exponential IT mindset, IT leaders will be able to lead the autonomization of business capabilities.
To capitalize on this upcoming opportunity, exponential IT leaders will have to become business advisors who unlock exponential value for the business and help mitigate exponential risk.
An exponential IT mindset means that IT leaders will need to take a lead role in transforming business capabilities.
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
The role of IT has evolved throughout the past couple generations to enable fundamental business transformations. In the autonomization era, it will have to evolve again to lead the business through a world of exponential opportunity.
For more than 40 years, information technology has significantly transformed businesses, from the computerization of operations to the digital transformation of business models. As technological disruption accelerates exponentially, a world of exponential business opportunity is within reach.
Newly emerging technologies such as generative AI, quantum computing, 5G cellular networks, and next-generation robotics are enabling autonomous business capabilities.
The role of IT has evolved throughout the past couple generations to enable business transformations. In the autonomization era, it will have to evolve again. IT will have a new mission, an adapted governance structure, innovative capabilities, and an advanced partnership model.
CIOs embracing exponential IT require a new mindset. Their IT practices will need to progress to the top of the maturity ladder as they make business outcomes their own.
The use of computer devices, networks, and applications became widespread in the enterprise. The focus was on improving the efficiency of back-office tasks.
As the world became connected through the internet, new digitally enabled business models emerged in the enterprise. Orders were now being received online, and many products and services were partially or fully digitized for online fulfillment.
The global average share of customer interactions that are digital went from 36% to 58% in less than a year.*
The global average share of partially or fully digitized products went from 35% to 55% in the same period.*
The adoption of digitalized business models has accelerated during the pandemic. Post-pandemic, it is unlikely for adoption to recede.
With more business applications ported to the cloud and more data available online, “digital-first” organizations started to envisage a next wave of automation.
*Source: “How COVID-19 has pushed companies over the technology tipping point—and transformed business forever,” McKinsey & Company, 2020
We found that 63% of IT leaders plan to use AI within their organizations to automate repetitive, low-level tasks by the end of 2023.
With the release of the ChatGPT prototype in November 2022, setting a record for the fastest user growth (reaching 100 million active users just two months after launch), we foresee that AI adoption will accelerate significantly and its use will extend to more complex tasks.
As digitalization accelerates, a post-pandemic world with a largely online workforce and digitally transformed enterprise business models now enters an era where more business capabilities become autonomous, with humans at the center of a loop* that is gradually becoming larger.
Deep Learning, Quantum Computing, 5G Networks, Robotics
* Download Info-Tech’s CIO Trend Report 2019 – Become a Leader in the Loop
1980sComputerizationIT professionals gathered functional requirements from the business to help automate back-office tasks and improve operational efficiency. | 2000sDigitalizationIT professionals acquired business analysis skills and leveraged the SMAC (social, mobile, analytics, and cloud) stack to accelerate the automation of the front office and enable the digital transformation of business models. | 2020sAutonomizationIT professionals will become business advisors and enable the establishment of autonomous yet differentiated business processes and capabilities. |
While some analysts have been quick to announce the demise of the IT department and the transition of the role of IT to the business, the budgets that CIOs control have continued to rise steadily over time.
In a high-risk, high-reward endeavor to make business processes autonomous, the role of IT will continue to be pivotal, because while everyone in the organization will rush to seize the value opportunity, the technology risk will be left for IT to manage.
Autonomous processes will integrate with human-led processes, creating risks to business continuity, information security, and quality of delivery. Supplier power will exacerbate business risks.
The efficiency gains and new value chains created through artificial intelligence, robotics, and additive manufacturing will be very significant. Most of this value will be realized through the augmentation of human labor.
Autonomous solutions for productivity and back-office applications will eventually become commoditized and provided by a handful of large vendors. There will, however, be a proliferation of in-house algorithms and workflows to autonomize the middle and front office, offered by a busy landscape of industry-centric capability vendors.
Exponential IT involves IT leading the cognitive reengineering of the organization with evolved practices for:
A Connected World
An Exponential World
Research has shown that companies that are more digitally mature have higher growth than the industry average. In these companies, the CIO is part of the executive management team.
And while the role of the CIO is generally tied to their mandate within the organization, we have seen their role progress from doer to leader as IT climbs the maturity ladder.
As companies strive to succeed in the next phase of technology-driven transformation, CIOs have an opportunity to demonstrate their business leadership. To do so, they will have to provide exceptionally mature services while owning business targets.
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Understand the concepts of ESM, determine the scope of the ESM program, and get buy-in.
Determine the current state for ESM and identify the gaps.
Create customer journey maps, identify an ESM pilot, and finalize the action plan for the pilot.
Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.
Understand what ESM is and how it can improve customer service.
Determine the scope of your ESM initiative and identify who the stakeholders are for this program.
Understanding of ESM concepts.
Understanding of the scope and stakeholders for your ESM initiative.
Plan for getting buy-in for the ESM program.
1.1 Understand the concepts and benefits of ESM.
1.2 Determine the scope of your ESM program.
1.3 Identify your stakeholders.
1.4 Develop an executive buy-in presentation.
1.5 Develop a general communications presentation.
Executive buy-in presentation
General communications presentation
Assess your current state with respect to culture, governance, skills, and tools.
Identify your strengths and weaknesses from the ESM assessment scores.
Understanding of your organization’s current enablers and constraints for ESM.
Determination and analysis of data needed to identify strengths or weaknesses in culture, governance, skills, and tools.
2.1 Understand your organization’s mission and vision.
2.2 Assess your organization’s culture, governance, skills, and tools.
2.3 Identify the gaps and determine the necessary foundational action items.
ESM assessment score
Foundational action items
Define and choose the top services at the organization.
Create customer journey maps for the chosen services.
List of prioritized services.
Customer journey maps for the prioritized services.
3.1 Make a list of your services.
3.2 Prioritize your services.
3.3 Build customer journey maps.
List of services
Customer journey maps
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Get an overview of emerging AI applications to understand how they will strengthen a shift-left service support strategy.
Review potential use cases for AI applications to prioritize improvement initiatives and align them to organizational goals.
Develop an ITSM AI strategy to prepare your organization for the coming of cognitive service management, and build a roadmap for implementation.
The challenge
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Our concise executive brief shows you why you should develop a sound business continuity practice in your company. We'll show you our methodology and the ways we can help you in completing this.
Choose a medium-sized department and build a team. Identify that department's processes, dependencies, and alternatives.
Define an objective impact scoring scale for your company. Have the business estimate the impact of downtime and set your recovery targets.
The need for clarity is critical. In times when you need the plans, people will be under much higher stress. Build the workflow for the steps necessary to rebuild. Identify gaps and brainstorm on how to close them. Prioritize solutions that mitigate the remaining risks.
Present the results of the pilot and propose the next steps. Assign BCM teams or people within each department. Update and maintain the overall BCMS documentation.
These can help with the creation of your BCP.
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Identify the organization’s standing in terms of the enterprise architecture practice, and know the gaps and what the EA practice needs to fulfill to create a good governance framework.
Understand the EA fundamentals and then refresh them to better align the EA practice with the organization and create business benefit.
Analyze the IT operating model and identify EA’s role at each stage; refine it to promote effective EA engagement upfront in the early stages of the IT operating model.
Set up EA governing bodies to provide guidance and foster a collaborative environment by identifying the correct number of EA governing bodies, defining the game plan to initialize the governing bodies, and creating an architecture review process.
Create an EA policy to provide a set of guidelines designed to direct and constrain the architecture actions of the organization in the pursuit of its goals in order to improve architecture compliance and drive business value.
Define architecture standards to facilitate information exchange, improve collaboration, and provide stability. Develop a process to update the architectural standards to ensure relevancy and promote process transparency.
Craft a plan to engage the relevant stakeholders, ascertain the benefits of the initiative, and identify the various communication methods in order to maximize the chances of success.
Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.
Conduct stakeholder interviews to understand current state of EA practice and prioritize gaps for EA governance based on organizational complexity.
Prioritized list of actions to arrive at the target state based on the complexity of the organization
1.1 Determine organizational complexity.
1.2 Conduct an assessment of the EA governance components.
1.3 Identify and prioritize gaps.
1.4 Conduct senior management interviews.
Organizational complexity score
EA governance current state and prioritized list of EA governance component gaps
Stakeholder perception of the EA practice
Refine EA fundamentals to align the EA practice with the organization and identify EA touchpoints to provide guidance for projects.
Alignment of EA goals and objectives with the goals and objectives of the organization
Early involvement of EA in the IT operating model
2.1 Review the output of the organizational complexity and EA assessment tools.
2.2 Craft the EA vision and mission.
2.3 Develop the EA principles.
2.4 Identify the EA goals.
2.5 Identify EA engagement touchpoints within the IT operating model.
EA vision and mission statement
EA principles
EA goals and measures
Identified EA engagement touchpoints and EA level of involvement
Set up EA governing bodies to provide guidance and foster a collaborative environment by identifying the correct number of EA governing bodies, defining the game plan to initialize the governing bodies and creating an architecture review process.
Business benefits are maximized and solution design is within the options set forth by the architectural reference models while no additional layers of bureaucracy are introduced
3.1 Identify the number of governing bodies.
3.2 Define the game plan to initialize the governing bodies.
3.3 Define the architecture review process.
Architecture board structure and coverage
Identified architecture review template
Create an EA policy to provide a set of guidelines designed to direct and constrain the architecture actions of the organization in the pursuit of its goals in order to improve architecture compliance and drive business value.
Improved architecture compliance, which ties investments to business value and provides guidance to architecture practitioners
4.1 Define the scope.
4.2 Identify the target audience.
4.3 Determine the inclusion and exclusion criteria.
4.4 Craft an assessment checklist.
Defined scope
Inclusion and exclusion criteria for project review
Architecture assessment checklist
Define architecture standards to facilitate information exchange, improve collaboration, and provide stability.
Craft a communication plan to implement the new EA governance framework in order to maximize the chances of success.
Consistent development of architecture, increased information exchange between stakeholders
Improved process transparency
Improved stakeholder engagement
5.1 Identify and standardize EA work products.
5.2 Classifying the architectural standards.
5.3 Identifying the custodian of standards.
5.4 Update the standards.
5.5 List the changes identified in the EA governance initiative
5.6 Create a communication plan.
Identified set of EA work products to standardize
Architecture information taxonomy
Identified set of custodian of standards
Standard update process
List of EA governance initiatives
Communication plan for EA governance initiatives
"Enterprise architecture is not a technology concept, rather it is the foundation on which businesses orient themselves to create and capture value in the marketplace. Designing architecture is not a simple task and creating organizations for the future requires forward thinking and rigorous planning.
Architecture processes that are supposed to help facilitate discussions and drive option analysis are often seen as an unnecessary overhead. The negative perception is due to enterprise architecture groups being overly prescriptive rather than providing a set of options that guide and constrain solutions at the same time.
EA groups should do away with the direct and control mindset and change to a collaborate and mentor mindset. As part of the architecture governance, EA teams should provide an option set that constrains design choices, and also be open to changes to standards or best practices. "
Gopi Bheemavarapu, Sr. Manager, CIO Advisory Info-Tech Research Group
Info-Tech Insight
Enterprise architecture is critical to ensuring that an organization has the solid IT foundation it needs to efficiently enable the achievement of its current and future strategic goals rather than focusing on short-term tactical gains.
An architecture governance process is the set of activities an organization executes to ensure that decisions are made and accountability is enforced during the execution of its architecture strategy. (Hopkins, “The Essential EA Toolkit.”)
EA governance includes the following:
(TOGAF)
IT governance sets direction through prioritization and decision making, and monitors overall IT performance.
EA governance ensures that optimal architectural design choices are being made that focus on long-term value creation.
Effective EA governance ensures alignment between organizational investments and corporate strategic goals and objectives.
Architecture standards provide guidance to identify opportunities for reuse and eliminate redundancies in an organization.
Architecture review processes and assessment checklists ensure that solutions are within the acceptable risk levels of the organization.
EA governance is difficult to structure appropriately, but having an effective structure will allow you to:
Recent Info-Tech research found that organizations that establish EA governance realize greater benefits from their EA initiatives.
(Info-Tech Research Group, N=89)
Define key operational measures for internal use by IT and EA practitioners. Also, define business value measures that communicate and demonstrate the value of EA as an “enabler” of business outcomes to senior executives.
EA performance measures (lead, operational) | EA value measures (lag) | |
---|---|---|
Application of EA management process | EA’s contribution to IT performance | EA’s contribution to business value |
Enterprise Architecture Management
IT Investment Portfolio Management
Solution Development
Operations Management
Business Value
Industry Insurance
Source Info-Tech
The insurance sector has been undergoing major changes, and as a reaction, businesses within the sector have been embracing technology to provide innovative solutions.
The head of EA in a major insurance provider (henceforth to be referred to as “INSPRO01”) was given the mandate to ensure that solutions are architected right the first time to maximize reuse and reduce technology debt. The EA group was at a critical point – to demonstrate business value or become irrelevant.
The project management office had been accountable for solution architecture and had placed emphasis on short-term project cost savings at the expense of long term durability.
There was a lack of awareness of the Enterprise Architecture group within INSPRO01, and people misunderstood the roles and responsibilities of the EA team.
Info-Tech helped define the responsibilities of the EA team and clarify the differences between the role of a Solution Architect vs. Enterprise Architect.
The EA team was able to make the case for change in the project management practices to ensure architectures are reviewed and approved prior to implementation.
As a result, INSPRO01 saw substantial increases in reuse opportunities and thereby derived more value from its technology investments.
The success of any EA governance initiative revolves around adopting best practices, setting up repeatable processes, and establishing appropriate controls.
Our best-practice approach is grounded in TOGAF and enhanced by the insights and guidance from our analysts, industry experts, and our clients.
Value-focused. Focus EA governance on helping the organization achieve business benefits. Promote EA’s contribution in realizing business value.
Right-sized. Insert EA governance into existing process checkpoints rather than creating new ones. Clearly define EA governance inclusion criteria for projects.
Measured. Define metrics to measure EA’s performance, and integrate EA governance with other governance processes such as project governance. Also clearly define the EA governing bodies’ composition, domain, inputs, and outputs.
Balanced. Adopt architecture principles that strikes the right balance between business and technology.
Info-Tech’s architectural governance framework provides a value-focused, right-sized approach with a strong emphasis on process standardization, repeatability, and sustainability.
As you move through the project, capture your progress with a summary in the EA Governance Framework Template.
Download the EA Governance Framework Template document for use throughout this project.
“Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful.”
“Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track.”
“We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place.”
“Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project.”
Current state of EA governance | EA Fundamentals | Engagement Model | EA Governing Bodies | |
---|---|---|---|---|
Best-Practice Toolkit |
1.1 Determine organizational complexity 1.2 Conduct an assessment of the EA governance components 1.3 Identify and prioritize gaps |
2.1 Craft the EA vision and mission 2.2 Develop the EA principles 2.3 Identify the EA goals |
3.1 Build the case for EA engagement 3.2 Identify engagement touchpoints within the IT operating model |
4.1 Identify the number of governing bodies 4.2 Define the game plan to initialize the governing bodies 4.3 Define the architecture review process |
Guided Implementations |
|
|
|
|
Phase 1 Results:
|
Phase 2 Results:
|
Phase 3 Results:
|
Phase 4 Results:
|
EA Policy | Architectural Standards | Communication Plan | |
---|---|---|---|
Best-Practice Toolkit |
5.1 Define the scope of EA policy 5.2 Identify the target audience 5.3 Determine the inclusion and exclusion criteria 5.4 Craft an assessment checklist |
6.1 Identify and standardize EA work products 6.2 Classify the architectural standards 6.3 Identify the custodian of standards 6.4 Update the standards |
7.1 List the changes identified in the EA governance initiative 7.2 Identify stakeholders 7.3 Create a communication plan |
Guided Implementations |
|
|
|
Phase 5 Results:
|
Phase 6 Results:
|
Phase 7 Results:
|
Contact your account representative or email Workshops@InfoTech.com for more information.
Pre-workshop | Workshop Day 1 | Workshop Day 2 | Workshop Day 3 | Workshop Day 4 | |
---|---|---|---|---|---|
Activities | Current state of EA governance | EA fundamentals and engagement model | EA governing bodies | EA policy | Architectural standards and communication plan |
1.1 Determine organizational complexity 1.2 Conduct an assessment of the EA governance components 1.3 Identify and prioritize gaps 1.4 Senior management interviews |
|
|
|
| |
Deliverables |
|
|
|
|
|
This phase will walk you through the following activities:
This step involves the following participants:
Outcomes of this step
Info-Tech Insight
Correlation is not causation – an apparent problem might be a symptom rather than a cause. Assess the organization’s current EA governance to discover the root cause and go beyond the symptoms.
Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.
Guided Implementation 1: Current State of EA Governance
Proposed Time to Completion: 2 weeks
Step 1.1: Determine organizational complexity
Start with an analyst kick-off call:
Then complete these activities…
With these tools & templates:
Step 1.2: Assess current state of EA governance
Start with an analyst kick-off call:
Then complete these activities…
With these tools & templates:
Determining organizational complexity is not rocket science. Use Info-Tech’s tool to quantify the complexity and use it, along with common sense, to determine the appropriate level of architecture governance.
1.1 2 hours
Step 1 - Facilitate
Download the EA Capability – Risk and Complexity Assessment Tool to facilitate a session on determining your organization’s complexity.
Download EA Organizational - Risk and Complexity Assessment Tool
Step 2 - Summarize
Summarize the results in the EA governance framework document.
Update the EA Governance Framework Template
EA governance is multi-faceted and it facilitates effective use of resources to meet organizational strategic objectives through well-defined structural elements.
EA Governance
Components of architecture governance
Next Step: Based on the organization’s complexity, conduct a current state assessment of EA governance using Info-Tech’s EA Governance Assessment Tool.
1.2 2 hrs
Step 1 - Facilitate
Download the “EA Governance Assessment Tool” to facilitate a session on identifying the best practices to be applied in your organization.
Download Info-Tech’s EA Governance Assessment Tool
Step 2 - Summarize
Summarize the identified best practices in the EA governance framework document.
Update the EA Governance Framework Template
Industry Insurance
Source Info-Tech
INSPRO01 was planning a major transformation initiative. The organization determined that EA is a strategic function.
The CIO had pledged support to the EA group and had given them a mandate to deliver long-term strategic architecture.
The business leaders did not trust the EA team and believed that lack of business skills in the group put the business transformation at risk.
The EA group had been traditionally seen as a technology organization that helps with software design.
The EA team lacked understanding of the business and hence there had been no common language between business and technology.
Info-Tech helped the EA team create a set of 10 architectural principles that are business-value driven rather than technical statements.
The team socialized the principles with the business and technology stakeholders and got their approvals.
By applying the business focused architectural principles, the EA team was able to connect with the business leaders and gain their support.
The following are sample activities that will be conducted by Info-Tech analysts with your team:
Key Activities
Outcomes
This phase will walk you through the following activities:
This step involves the following participants:
Outcomes of this step
Info-Tech Insight
A house divided against itself cannot stand – ensure that the EA fundamentals are aligned with the organization’s goals and objectives.
Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.
Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.
Proposed Time to Completion: 3 weeks
Step 2.1: Develop the EA fundamentals
Review findings with analyst:
Then complete these activities…
With these tools & templates:
Review findings with analyst:
Then complete these activities…
With these tools & templates:
Vision, mission, goals and measures, and principles form the foundation of the EA function.
The vision and mission statements provide strategic direction to the EA team. These statements should be created based on the business and technology drivers in the organization.
"The very essence of leadership is [that] you have a vision. It's got to be a vision you articulate clearly and forcefully on every occasion. You can't blow an uncertain trumpet." – Theodore Hesburgh
Articulates the desired future state of EA capability expressed in the present tense.
Example: To be recognized by both the business and IT as a trusted partner that drives [Company Name]’s effectiveness, efficiency, and agility.
Articulates the fundamental purpose of the EA capability.
Example: Define target enterprise architecture for [Company Name], identify solution opportunities, inform IT investment management, and direct solution development, acquisition, and operation compliance.
EA capability goals define specific desired outcomes of an EA management process execution. EA capability measures define how to validate the achievement of the EA capability goals.
Example:
Goal: Improve reuse of IT assets at [Company Name].
Measures:
EA principles are shared, long-lasting beliefs that guide the use of IT in constructing, transforming, and operating the enterprise by informing and restricting target-state enterprise architecture design, solution development, and procurement decisions.
Example:
Policies can be seen as “the letter of the law,” whereas EA principles summarize “the spirit of the law.”
EA capability goals, i.e. specific desired outcomes of an EA management process execution. Use COBIT 5, APO03 process goals, and metrics as a starting point.
Define key operational measures for internal use by IT and EA practitioners. Also, define business value measures that communicate and demonstrate the value of EA as an enabler of business outcomes to senior executives.
EA performance measures (lead, operational) | EA value measures (lag) | |
---|---|---|
Application of EA management process | EA’s contribution to IT performance | EA’s contribution to business value |
Enterprise Architecture Management
IT Investment Portfolio Management
Solution Development
Operations Management
Business Value
2.1 2 hrs
Download the three templates and hold a working session to facilitate a session on creating EA fundamentals.
Download the EA Vision and Mission Template, the EA Principles Template, and the EA Goals and Measures Template
Document the final vision, mission, principles, goals, and measures within the EA Governance Framework.
Update the EA Governance Framework Template
Industry Insurance
Source Info-Tech
The EA group at INSPRO01 was being pulled in multiple directions with requests ranging from architecture review to solution design to code reviews.
Project level architecture was being practiced with no clarity on the end goal. This led to EA being viewed as just another IT function without any added benefits.
Info-Tech recommended that the EA team ensure that the fundamentals (vision, mission, principles, goals, and measures) reflect what the team aspired to achieve before fixing any of the process concerns.
The EA team was mostly comprised of technical people and hence the best practices outlined were not driven by business value.
The team had no documented vision and mission statements in place. In addition, the existing goals and measures were not tied to the business strategic objectives.
The team had architectural principles documented, but there were too many and they were very technical in nature.
With Info-Tech’s guidance, the team developed a vision and mission statement to succinctly communicate the purpose of the EA function.
The team also reduced and simplified the EA principles to make sure they were value driven and communicated in business terms.
Finally, the team proposed goals and measures to track the performance of the EA team.
With the fundamentals in place, the team was able to show the value of EA and gain organization-wide acceptance.
The following are sample activities that will be conducted by Info-Tech analysts with your team:
Info-Tech Insight
Perform due diligence prior to decision making. Use the EA Engagement Model to promote conversations between stage gate meetings as opposed to having the conversation during the stage gate meetings.
Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.
Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.
Proposed Time to Completion: 2 weeks
Start with an analyst kick-off call:
Then complete these activities…
With these tools & templates:
Review findings with analyst:
Then complete these activities…
With these tools & templates:
Effective EA engagement revolves around three basic principles – generating business benefits, creating adaptable models, and being able to replicate the process across the organization.
Business Value Driven
Focus on generating business value from organizational investments.
Repeatable
Process should be standardized, transparent, and repeatable so that it can be consistently applied across the organization.
Flexible
Accommodate the varying needs of projects of different sizes.
Where these pillars meet: Advocates long-term strategic vs. short-term tactical solutions.
EA’s engagement in each stage within the plan, build, and run phases should be clearly defined and communicated.
Plan | Strategy Development | Business Planning | Conceptualization | Portfolio Management |
---|---|---|---|---|
↓ | ||||
Build | Requirements | Solution Design | Application Development/ Procurement | Quality Assurance |
↓ | ||||
Run | Deploy | Operate |
3.1 2-3 hr
Hold a working session with the participants to document the current IT operating model. Facilitate the activity using the following steps:
1. Map out the IT operating model.
2. Determine EA’s current role in the operating model.
Download the EA Engagement Model Template to document the organization’s current IT operating model.
Strategy Development
Also known as strategic planning, strategy development is fundamental to creating and running a business. It involves the creation of a longer-term game plan or vision that sets specific goals and objectives for a business.
R | Those in charge of performing the task. These are the people actively involved in the completion of the required work. | → | Business VPs, EA, IT directors | R |
A | The one ultimately answerable for the correct and thorough completion of the deliverable or task, and the one who delegates the work to those responsible. | → | CEO | A |
C | Those whose opinions are sought before a decision is made, and with whom there is two-way communication. | → | PMO, Line managers, etc. | C |
I | Those who are kept up to date on progress, and with whom there is one-way communication. | → | Development managers, etc. | I |
Next Step: Similarly define the RACI for each stage of the IT operating model; refer to the activity slide for prompts.
Plan |
Strategy Development C |
Business Planning C |
Conceptualization A |
Portfolio Management C |
---|---|---|---|---|
Build |
Requirements C |
Solution Design R |
Application Development/ Procurement R |
Quality Assurance I |
Run |
Deploy I |
Operate I |
Next Step: Define the role of EA in each stage of the IT operating model; refer to the activity slide for prompts.
3.2 2 hrs
Download the EA Engagement Model Template and hold a working session to define EA’s target role in each step of the IT operating model.
Download the EA Engagement Model Template
Document the target state role of EA within the EA Governance Framework document.
Update the EA Governance Framework Template
Industry Insurance
Source Info-Tech
INSPRO01 had a high IT cost structure with looming technology debt due to a preference for short-term tactical gains over long-term solutions.
The business satisfaction with IT was at an all-time low due to expensive solutions that did not meet business needs.
INSPRO01’s technology landscape was in disarray with many overlapping systems and interoperability issues.
No single team within the organization had an end-to-end perspective all the way from strategy to project execution. A lot of information was being lost in handoffs between different teams.
This led to inconsistent design/solution patterns being applied. Investment decisions had not been grounded in reality and this often led to cost overruns.
Info-Tech helped INSPRO01 identify opportunities for EA team engagement at different stages of the IT operating model. EA’s role within each stage was clearly defined and documented.
With Info-Tech’s help, the EA team successfully made the case for engagement upfront during strategy development rather than during project execution.
The increased transparency enabled the EA team to ensure that investments were aligned to organizational strategic goals and objectives.
The following are sample activities that will be conducted by Info-Tech analysts with your team:
Key Activities
Outcomes
This phase will walk you through the following activities:
This step involves the following participants:
Outcomes of this step
Info-Tech Insight
Use architecture governance like a scalpel rather than a hatchet. Implement governing bodies to provide guidance rather than act as a police force.
Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.
Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.
Proposed Time to Completion: 2 weeks
Step 4.1: Identify architecture boards and develop charters
Start with an analyst kick-off call:
Then complete these activities…
With these tools & templates:
Step 4.2: Develop an architecture review process
Follow-up with an analyst call:
Then complete these activities…
With these tools & templates:
The primary purpose of architecture boards is to ensure that business benefits are maximized and solution design is within the options set forth by the architectural reference models without introducing additional layers of bureaucracy.
The optimal number of architecture boards required in an organization is a function of the following factors:
Commonly observed architecture boards:
Info-Tech Insight
Before building out a new governance board, start small by repurposing existing forums by adding architecture as an agenda item. As the items for review increase consider introducing dedicated governing bodies.
EA teams can be organized in three ways – distributed, federated, and centralized. Each model has its own strengths and weaknesses. EA governance must be structured in a way such that the strengths are harvested and the weaknesses are mitigated.
Distributed | Federated | Centralized | |
---|---|---|---|
EA org. structure |
|
|
|
Implications |
|
|
|
Architectural boards |
|
|
|
Level 1 | Architecture Review Board | IT and Business Leaders | ||||
Level 2 | Business Architecture Board | Data Architecture Board | Application Architecture Board | Infrastructure Architecture Board | Security Architecture Board | IT and Business Managers |
Level 3 | Architecture Working Groups | Architects |
Start with this:
Level 1 | Architecture Review Board |
Level 2 | Technical Architecture Committee |
Level 3 | Architecture Working Groups |
Change to this:
Architecture Review Board | IT and Business Leaders | ||||
Business Architecture Board | Data Architecture Board | Application Architecture Board | Infrastructure Architecture Board | Security Architecture Board | IT and Business Managers |
Architecture Working Groups | Architects |
The boards at each level should be set up with the correct agenda – ensure that the boards’ composition and activities reflect their objective. Use the entry criteria to communicate the agenda for their meetings.
Architecture Review Board | Technical Architecture Committee | |
---|---|---|
Objective |
|
|
Composition |
|
|
Activities |
|
|
Entry Criteria |
|
|
4.1 2 hrs
Hold a working session with the participants to identify the number of governing bodies. Facilitate the activity using the following steps:
Download the Architecture Board Charter Template to document this activity.
The charter represents the agreement between the governing body and its stakeholders about the value proposition and obligations to the organization.
4.2 3 hrs
Hold a working session with the stakeholders to define the charter for each of the identified architecture boards.
Download Architecture Board Charter Template
Update the EA Governance Framework document
The best-practice model presented facilitates the creation of sound solution architecture through continuous engagement with the EA team and well-defined governance checkpoints.
4.3 2 hours
Hold a working session with the participants to develop the architecture review process. Facilitate the activity using the following steps:
Download the Architecture Review Process Template for additional guidance regarding developing an architecture review process.
4.3 2 hrs
Download Architecture Review Process Template and facilitate a session to customize the best-practice model presented in the template.
Download the Architecture Review Process Template
Summarize the process changes and document the process flow in the EA Governance Framework document.
Update the EA Governance Framework Template
Industry Insurance
Source Info-Tech
At INSPRO01, architecture governance boards were a bottleneck. The boards fielded all project requests, ranging from simple screen label changes to complex initiatives spanning multiple applications.
These boards were designed as forums for technology discussions without any business stakeholder involvement.
INSPRO01’s management never gave buy-in to the architecture governance boards since their value was uncertain.
Additionally, architectural reviews were perceived as an item to be checked off rather than a forum for getting feedback.
Architectural exceptions were not being followed through due to the lack of a dispensation process.
Info-Tech has helped the team define adaptable inclusion/exclusion criteria (based on project complexity) for each of the architectural governing boards.
The EA team was able to make the case for business participation in the architecture forums to better align business and technology investment.
An architecture dispensation process was created and operationalized. As a result architecture reviews became more transparent with well-defined next steps.
The following are sample activities that will be conducted by Info-Tech analysts with your team:
Key Activities
Info-Tech Insight
Use the EA policy to promote EA’s commitment to deliver value to business stakeholders through process transparency, stakeholder engagement, and compliance.
Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.
Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.
Proposed Time to Completion: 3 weeks
Start with an analyst kick-off call:
Then complete these activities…
With these tools & templates:
Review findings with analyst:
Then complete these activities…
With these tools & templates:
Architecture policy is a set of guidelines, formulated and enforced by the governing bodies of an organization, to guide and constrain architectural choices in pursuit of strategic goals.
Architecture compliance – promotes compliance to organizational standards through well-defined assessment checklists across architectural domains.
Business value – ensures that investments are tied to business value by enforcing traceability to business capabilities.
Architectural guidance – provides guidance to architecture practitioners on the application of the business and technology standards.
An enterprise architecture policy is an actionable document that can be applied to projects of varying complexity across the organization.
5.1 2.5 hrs
Step 1 - Facilitate
Download the EA Policy Template and hold a working session to draft the EA policy.
Download the EA Policy Template
Step 2 - Summarize
Update the EA Governance Framework Template
Architecture assessment checklist is a list of future-looking criteria that a project will be assessed against. It provides a set of standards against which projects can be assessed in order to render a decision on whether or not the project can be greenlighted.
Architecture checklists should be created for each EA domain since each domain provides guidance on specific aspects of the project.
Business Architecture:
Data Architecture:
Application Architecture:
Infrastructure Architecture:
Security Architecture:
5.2 2 hrs
Step 1 - Facilitate
Download the EA Assessment Checklist Template and hold a working session to create the architectural assessment checklists.
Download the EA Assessment Checklist Template
Step 2 - Summarize
Update the EA Governance Framework Template
Approved
Conditional Approval
Not Approved
Waivers are not permanent. Waiver terms must be documented for each waiver specifying:
5.4 3-4 hrs
Step 1 - Facilitate
Download the EA compliance waiver template and hold a working session to customize the best-practice process to your organization’s needs.
Download the EA Compliance Waiver Process Template
Step 2 - Summarize
Update the EA Governance Framework Template
Industry Insurance
Source Info-Tech
EA program adoption across INSPRO01 was at its lowest point due to a lack of transparency into the activities performed by the EA group.
Often, projects ignored EA entirely as it was viewed as a nebulous and non-value-added activity that produced no measurable results.
There was very little documented information about the architecture assessment process and the standards against which project solution architectures were evaluated.
Additionally, there were no well-defined outcomes for the assessment.
Project groups were left speculating about the next steps and with little guidance on what to do after completing an assessment.
Info-Tech helped the EA team create an EA policy containing architecture significance criteria, assessment checklists, and reference to the architecture review process.
Additionally, the team also identified guidelines and detailed next steps for projects based on the outcome of the architecture assessment.
These actions brought clarity to EA processes and fostered better engagement with the EA group.
The following are sample activities that will be conducted by Info-Tech analysts with your team:
Key Activities
Outcomes
Info-Tech Insight
The architecture standard is the currency that facilitates information exchange between stakeholders. The primary purpose is to minimize transaction costs by providing a balance between stability and relevancy.
Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.
Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.
Proposed Time to Completion: 4 weeks
Start with an analyst kick-off call:
Then complete these activities…
Review with analyst:
Then complete these activities…
With these tools & templates:
6.1 3 hrs
Instructions:
Hold a working session with the participants to identify and standardize work products. Facilitate the activity using the steps below.
As the EA function begins to grow and accumulates EA work products, having a well-designed folder structure helps you find the necessary information efficiently.
Describes the organizationally tailored architecture framework.
Defines the parameters, structures, and processes that support the enterprise architecture group.
An architectural presentation of assets in use by the enterprise at particular points in time.
Captures the standards with which new architectures and deployed services must comply.
Provides guidelines, templates, patterns, and other forms of reference material to accelerate the creation of new architectures for the enterprise.
Provides a record of governance activity across the enterprise.
6.2 5-6 hrs
Instructions:
Hold a working session with the participants to create a repository structure. Facilitate the activity using the steps below:
Identify
Assess
Document
Approve
Communicate
6.3 1.5 hrs
Step 1 - Facilitate
Download the standards update process template and hold a working session to customize the best practice process to your organization’s needs.
Download the Architecture Standards Update Process Template
Step 2 - Summarize
Summarize the objectives and the process flow in the EA governance framework document.
Update the EA Governance Framework Template
Industry Insurance
Source Info-Tech
INSPRO01 didn’t maintain any centralized standards and each project had its own solution/design work products based on the preference of the architect on the project. This led to multiple standards across the organization.
Lack of consistency in architectural deliverables made the information hand-offs expensive.
INSPRO01 didn’t maintain the architectural documents in a central repository and the information was scattered across multiple project folders.
This caused key stakeholders to make decisions based on incomplete information and resulted in constant revisions as new information became available.
Info-Tech recommended that the EA team identify and standardize the various EA work products so that information was collected in a consistent manner across the organization.
The team also recommended an information taxonomy to store the architectural deliverables and other collateral.
This resulted in increased consistency and standardization leading to efficiency gains.
The following are sample activities that will be conducted by Info-Tech analysts with your team:
Key Activities
Outcomes
Info-Tech Insight
By failing to prepare, you are preparing to fail – maximize the likelihood of success for EA governance by engaging the relevant stakeholders and communicating the changes.
Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.
Complete these steps on your own, or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.
Proposed Time to Completion: 1 week
Start with an analyst kick-off call:
Then complete these activities…
With these tools & templates:
Start with an analyst kick-off call:
Then complete these activities…
With these tools & templates:
The changes made to the EA governance components need to be reviewed, approved, and communicated to all of the impacted stakeholders.
Step 1: Hold a meeting with stakeholders to review, refine, and agree on the changes.
Step 2: Obtain an official approval from the stakeholders.
Step 3: Communicate the changes to the impacted stakeholders.
7.1 3 hrs
Hold a working session with the participants to create the EA governance framework as well as the communication plan. Facilitate the activity using the steps below:
Download the EA Governance Communication Plan Template and EA Governance Framework Template for additional instructions and to document your activities in this phase.
Industry Insurance
Source Info-Tech
The EA group followed Info-Tech’s methodology to assess the current state and has identified areas for improvement.
Best practices were adopted to fill the gaps identified.
The team planned to communicate the changes to the technology leadership team and get approvals.
As the EA team tried to roll out changes, they encountered resistance from various IT teams.
The team was not sure of how to communicate the changes to the business stakeholders.
Info-Tech has helped the team conduct a thorough stakeholder analysis to identify all the stakeholders who would be impacted by the changes to the architecture governance framework.
A comprehensive communication plan was developed that leveraged traditional email blasts, town hall meetings, and non-traditional methods such as team blogs.
The team executed the communication plan and was able to manage the change effectively.
The following are sample activities that will be conducted by Info-Tech analysts with your team:
Key Activities
Outcomes
Government of British Columbia. “Architecture and Standards Review Board.” Government of British Columbia. 2015. Web. Jan 2016. < http://www.cio.gov.bc.ca/cio/standards/asrb.page >
Hopkins, Brian. “The Essential EA Toolkit Part 3 – An Architecture Governance Process.” Cio.com. Oct 2010. Web. April 2016. < http://www.cio.com/article/2372450/enterprise-architecture/the-essential-ea-toolkit-part-3---an-architecture-governance-process.html >
Kantor, Bill. “How to Design a Successful RACI Project Plan.” CIO.com. May 2012. Web. Jan 2016. < http://www.cio.com/article/2395825/project-management/how-to-design-a-successful-raci-project-plan.html >
Sapient. “MIT Enterprise Architecture Guide.” Sapient. Sep 2004. Web. Jan 2016. < http://web.mit.edu/itag/eag/FullEnterpriseArchitectureGuide0.1.pdf >
TOGAF. “Chapter 41: Architecture Repository.” The Open Group. 2011. Web. Jan 2016. < http://pubs.opengroup.org/architecture/togaf9-doc/arch/chap41.html >
TOGAF. “Chapter 48: Architecture Compliance.” The Open Group. 2011. Web. Jan 2016. < http://pubs.opengroup.org/architecture/togaf9-doc/arch/chap48.html >
TOGAF. “Version 9.1.” The Open Group. 2011. Web. Jan 2016. http://pubs.opengroup.org/architecture/togaf9-doc/arch/
United States Secret Service. “Enterprise Architecture Review Board.” United States Secret Service. Web. Jan 2016. < http://www.archives.gov/records-mgmt/toolkit/pdf/ID191.pdf >
Virginia Information Technologies Agency. “Enterprise Architecture Policy.” Commonwealth of Virginia. Jul 2006. Web. Jan 2016. < https://www.vita.virginia.gov/uploadedfiles/vita_main_public/library/eapolicy200-00.pdf >
Alan Mitchell, Senior Manager, Global Cities Centre of Excellence, KPMG
Alan Mitchell has held numerous consulting positions before his role in Global Cities Centre of Excellence for KPMG. As a Consultant, he has had over 10 years of experience working with enterprise architecture related engagements. Further, he worked extensively with the public sector and prides himself on his knowledge of governance and how governance can generate value for an organization.
Ian Gilmour, Associate Partner, EA advisory services, KPMG
Ian Gilmour is the global lead for KPMG’s enterprise architecture method and Chief Architect for the KPMG Enterprise Reference Architecture for Health and Human Services. He has over 20 years of business design experience using enterprise architecture techniques. The key service areas that Ian focuses on are business architecture, IT-enabled business transformation, application portfolio rationalization, and the development of an enterprise architecture capability within client organizations.
Djamel Djemaoun Hamidson, Senior Enterprise Architect, CBC/Radio-Canada
Djamel Djemaoun is the Senior Enterprise Architect for CBC/Radio-Canada. He has over 15 years of Enterprise Architecture experience. Djamel’s areas of special include service-oriented architecture, enterprise architecture integration, business process management, business analytics, data modeling and analysis, and security and risk management.
Sterling Bjorndahl, Director of Operations, eHealth Saskatchewan
Sterling Bjorndahl is now the Action CIO for the Sun Country Regional Health Authority, and also assisting eHealth Saskatchewan grow its customer relationship management program. Sterling’s areas of expertise include IT strategy, enterprise architecture, ITIL, and business process management. He serves as the Chair on the Board of Directors for Gardiner Park Child Care.
Huw Morgan, IT Research Executive, Enterprise Architect
Huw Morgan has 10+ years experience as a Vice President or Chief Technology Officer in Canadian internet companies. As well, he possesses 20+ years experience in general IT management. Huw’s areas of expertise include enterprise architecture, integration, e-commerce, and business intelligence.
Serge Parisien, Manager, Enterprise Architecture at Canada Mortgage Housing Corporation
Serge Parisien is a seasoned IT leader with over 25 years of experience in the field of information technology governance and systems development in both the private and public sectors. His areas of expertise include enterprise architecture, strategy, and project management.
Alex Coleman, Chief Information Officer at Saskatchewan Workers’ Compensation Board
Alex Coleman is a strategic, innovative, and results-driven business leader with a proven track record of 20+ years’ experience planning, developing, and implementing global business and technology solutions across multiple industries in the private, public, and not-for-profit sectors. Alex’s expertise includes program management, integration, and project management.
L.C. (Skip) Lumley , Student of Enterprise and Business Architecture
Skip Lumley was formerly a Senior Principle at KPMG Canada. He is now post-career and spends his time helping move enterprise business architecture practices forward. His areas of expertise include enterprise architecture program implementation and public sector enterprise architecture business development.
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Set the expectations of your first RPA bot. Define the guiding principles, ethics, and delivery capabilities that will govern RPA delivery and support.
Validate the fit of your candidate business processes for RPA and ensure the support of your operational system. Shortlist the features of your desired RPA vendor. Modernize your delivery process to accommodate RPA.
Build a roadmap of initiatives to implement your first bot and build the foundations of your RPA practice.
Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.
State the success criteria of your RPA adoption through defined objectives and metrics.
Define your RPA guiding principles and ethics.
Build the RPA capabilities that will support the delivery and management of your bots.
Grounded stakeholder expectations
RPA guiding principles
RPA capabilities and the key roles to support RPA delivery and management
1.1 State Your RPA Objectives.
1.2 Define Your RPA Principles
1.3 Develop Your RPA Capabilities
RPA objectives and metrics
RPA guiding principles and ethics
RPA and product ownership, RPA capabilities, RPA role definitions
Evaluate the fit of your candidate business processes for automation.
Define the operational platform to support your RPA solution.
Shortlist the desired RPA vendor features.
Optimize your product delivery process to support RPA.
Verifies the decision to implement RPA for the candidate business process
The system changes and modifications needed to support RPA
Prioritized list of RPA vendor features
Target state RPA delivery process
2.1 Prepare Your RPA Platform
2.2 Select Your RPA Vendor
2.3 Deliver and Manage Your Bots
Assessment of candidate business processes and supporting operational platform
List of desired RPA vendor features
Optimized delivery process
Build your roadmap to implement your first RPA bot and build the foundations of your RPA practice.
Implementation initiatives
RPA adoption roadmap
3.1 Roadmap Your RPA Adoption
RPA adoption roadmap
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Gain an understanding of the potential opportunities that Gen AI can provide your solution delivery practices and answer the question "What should I do next?"
Assess the readiness of your solution delivery team for Gen AI. This tool will ask several questions relating to your people, process, and technology, and recommend whether or not the team is ready to adopt Gen AI practices.
Generative AI (Gen AI) presents unique opportunities to address many solution delivery challenges. Code generation can increase productivity, synthetic data generation can produce usable test data, and scanning tools can identify issues before they occur. To be successful, teams must be prepared to embrace the changes that Gen AI brings. Stakeholders must also give teams the opportunity to optimize their own processes and gauge the fit of Gen AI.
Start small with the intent to learn. The right pilot initiative helps you learn the new technology and how it benefits your team without the headache of complex setups and lengthy training and onboarding. Look at your existing solution delivery tools to see what Gen AI capabilities are available and prioritize the use cases where Gen AI can be used out of the box.
Andrew Kum-Seun
Research Director,
Application Delivery and Management
Info-Tech Research Group
Delivery teams are under continuous pressure to deliver high-value, high-quality solutions with limited capacity in complex business and technical environments. Common challenges experienced by these teams include:
Generative AI (Gen AI) offers a unique opportunity to address many of these challenges.
Position Gen AI as a tooling opportunity to enhance the productivity and depth of your solution delivery practice. Current Gen AI tools are unable to address the various technical and human complexities that commonly occur in solution delivery. Assess the fit of Gen AI by augmenting low-risk, out-of-the-box tools in key areas of your solution delivery process and teams.
Overarching Info-Tech Insight
Position Gen AI is a tooling opportunity to enhance the productivity and depth of your solution delivery practice. However, current Gen AI tools are unable to address the various technical and human complexities that commonly occur in solution delivery. Assess the fit of Gen AI by augmenting low-risk, out-of-the-box tools in key areas of your solution delivery process and teams.
Understand and optimize first, automate with Gen AI later.
Gen AI magnifies solution delivery inefficiencies and constraints. Adopt a user-centric perspective to understand your solution delivery teams' interactions with solution delivery tools and technologies to better replicate how they complete their tasks and overcome challenges.
Enable before buy. Buy before build.
Your solution delivery vendors see AI as a strategic priority in their product and service offering. Look into your existing toolset and see if you already have the capabilities. Otherwise, prioritize using off-the-shelf solutions with pre-trained Gen AI capabilities and templates.
Innovate but don't experiment.
Do not reinvent the wheel and lower your risk of success. Stick to the proven use cases to understand the value and fit of Gen AI tools and how your teams can transform the way they work. Use your lessons learned to discover scaling opportunities.
IT benefits |
Business benefits |
---|---|
|
|
Generative AI (Gen AI)
A form of ML whereby, in response to prompts, a Gen AI platform can generate new output based on the data it has been trained on. Depending on its foundational model, a Gen AI platform will provide different modalities and use case applications.
Machine Learning (ML)
The AI system is instructed to search for patterns in a data set and then make predictions based on that set. In this way, the system learns to provide accurate content over time. This requires a supervised intervention if the data is inaccurate. Deep learning is self-supervised and does not require intervention.
Artificial Intelligence (AI)
A field of computer science that focuses on building systems to imitate human behavior. Not all AI systems have learning behavior; many systems (such as customer service chatbots) operate on preset rules.
Many vendors have jumped on Gen AI as the latest marketing buzzword. When vendors claim to offer Gen AI functionality, pin down what exactly is generative about it. The solution must be able to induce new outputs from inputted data via self-supervision – not trained to produce certain outputs based on certain inputs.
Position Gen AI as a tooling opportunity to enhance the productivity and depth of your solution delivery practice. Current Gen AI tools are unable to address the various technical and human complexities that commonly occur in solution delivery; assess the fit of Gen AI by augmenting low-risk, out-of-the-box tools in key areas of your solution delivery process and teams.
Solution Delivery Team |
|
---|---|
Humans |
Gen AI Bots |
Product owner and decision maker Business analyst and architect Integrator and builder Collaborator |
Administrator Designer and content creator Paired developer and tester System monitor and support |
Gen AI Solution Delivery Readiness Assessment Tool
Assess the readiness of your solution delivery team for Gen AI. This tool will ask several questions relating to your people, process, and technology, and recommend whether the team is ready to adopt Gen AI practices.
1.1.1 Understand the challenges of your solution delivery teams.
1.1.2 Outline the value you expect to gain from Gen AI.
This step involves the following participants:
Outcomes of this step
Creating high-throughput teams is an organizational priority.
CXOs ranked "optimize IT service delivery" as the second highest priority. "Achieve IT business" was ranked first.
(CEO-CIO Alignment Diagnostics, August 2021 to July 2022; n=568)
Strengths Internal characteristics that are favorable as they relate to solution delivery |
Weaknesses Internal characteristics that are unfavorable or need improvement |
Opportunities External characteristics that you may use to your advantage |
Threats External characteristics that may be potential sources of failure or risk |
Record the results in the Gen AI Solution Delivery Readiness Assessment Tool
Participants
Why is software delivery an ideal pilot candidate for Gen AI?
Gen AI jumpstarts the most laborious and mundane parts of software delivery. Delivery teams saved 22 hours (avg) per software use case when using AI in 2022, compared to last year when AI was not used ("Generative AI Speeds Up Software Development," PRNewswire, 2023).
Fungible resources
Teams are transferrable across different frameworks, platforms, and products. Gen AI provides the structure and guidance needed to work across a wider range of projects ("Game changer: The startling power generative AI is bringing to software development," KPMG, 2023).
Improved solution quality
Solution delivery artifacts (e.g. code) are automatically scanned to quickly identify bugs and defects based on recent activities and trends and validate against current system performance and capacity.
Business empowerment
AI enhances the application functionalities workers can build with low- and no-code platforms. In fact, "AI high performers are 1.6 times more likely than other organizations to engage non-technical employees in creating AI applications" ("The state of AI in 2022 — and a half decade in review." McKinsey, 2022, N=1,492).
Black Box
Little transparency is provided on the tool's rationale behind content creation, decision making, and the use and storage of training data, creating risks for legal, security, intellectual property, and other areas.
Role Replacement
Some workers have job security concerns despite Gen AI being bound to their rule-based logic framework, the quality of their training data, and patterns of consistent behavior.
Skills Gaps
Teams need to gain expertise in AI/ML techniques, training data preparation, and continuous tooling improvements to support effective Gen AI adoption across the delivery practice and ensure reliable operations.
Data Inaccuracy
Significant good quality data is needed to build trust in the applicability and reliability of Gen AI recommendations and outputs. Teams must be able to combine Gen AI insights with human judgment to generate the right outcome.
Slow Delivery of AI Solution
Timelines are sensitive to organizational maturity, experience with Gen AI, and investments in good data management practices. 65% of organizations said it took more than three months to deploy an enterprise-ready AIOps solution (OpsRamp, 2022).
Well-optimized Gen AI instills stakeholder confidence in ongoing business value delivery and ensures stakeholder buy-in, provided proper expectations are set and met. However, business value is not interpreted or prioritized the same across the organization. Come to a common business value definition to drive change in the right direction by balancing the needs of the individual, team, and organization.
Business value cannot always be represented by revenue or reduced expenses. Dissecting value by the benefit type and the value source's orientation allows you to see the many ways in which Gen AI brings value to the organization.
Financial benefits vs. intrinsic needs
Inward vs. outward orientation
See our Build a Value Measurement Framework blueprint for more information about business value definition.
Establishing and monitoring metrics are powerful ways to drive behavior and strategic changes in your organization. Determine the right measures that demonstrate the value of your Gen AI implementation by aligning them with your Gen AI objectives, business value drivers, and non-functional requirements.
Select metrics with different views
IT Management & Governance
CIO Business Vision
Output
Record the results in the Gen AI Solution Delivery Readiness Assessment Tool
Problem statements
Business and IT outcomes
List of stakeholders
In-scope solution delivery teams, system, and capabilities
An AI strategy details the direction, activities, and tactics to deliver on the promise of your AI portfolio. It often includes:
1.2.1 Align Gen AI opportunities with teams and capabilities.
This step involves the following participants:
Gen AI opportunity | Common Gen AI tools and vendors | Teams than can benefit | How can teams leverage this? | Case study |
---|---|---|---|---|
Synthetic data generation |
|
|
|
|
Code generation |
|
|
|
|
Defect forecasting and debugging |
|
|
|
|
Requirements documentation and elicitation |
|
|
|
Google collaborates with Replit to reduce time to bring new products to market by 30% |
UI design and prototyping |
|
|
|
Other common AI opportunities solutions include test case generation, code translation, use case creation, document generation, and automated testing.
What are the expected benefits?
What are the notable risks and challenges?
How should teams prepare for synthetic data generation?
It can be used:
"We can simply say that the total addressable market of synthetic data and the total addressable market of data will converge,"
Ofir Zuk, CEO, Datagen (Forbes, 2022)
What are the expected benefits?
What are the notable risks and challenges?
How should teams prepare for code generation?
According to a survey conducted by Microsoft's GitHub, a staggering 92% of programmers were reported as using AI tools in their workflow (GitHub, 2023).
What are the expected benefits?
What are the notable risks and challenges?
How should teams prepare for defect forecasting and debugging?
It can be used to:
Using AI technologies, developers can reduce the time taken to debug and test code by up to 70%, allowing them to finish projects faster and with greater accuracy (Aloa, 2023).
What are the expected benefits?
What are the notable risks and challenges?
How should teams prepare for requirements documentation & elicitation?
It can be used to:
91% of top businesses surveyed report having an ongoing investment in AI (NewVantage Partners, 2021).
Analyze existing patterns and principles to generate design, layouts, and working solutions.
What are the expected benefits?
What are the notable risks and challenges?
How should teams prepare for UI design and prototyping?
A study by McKinsey & Company found that companies that invest in AI-driven design outperform their peers in revenue growth and customer experience metrics. They were found to achieve up to two times higher revenue growth than industry peers and up to 10% higher net promoter score (McKinsey & Company, 2018).
Realizing the complete potential of Gen AI relies on effectively fostering its adoption and resulting changes throughout the entire solution delivery process.
What are the challenges faced by your delivery teams that could be addressed by Gen AI?
What's holding back Gen AI adoption in the organization?
Are your objectives aligned with Gen AI capabilities?
How can Gen AI improve the entire solution delivery process?
1-3 hours
Output
Participants
Record the results in the Gen AI Solution Delivery Readiness Assessment Tool
1.3.1 Assess your readiness for Gen AI.
This step involves the following participants:
Outcomes of this step
As organizations evolve and adopt more tools and technology, their solution delivery processes become more complex. Process improvement is needed to simplify complex and undocumented software delivery activities and artifacts and prepare it for Gen AI. Gen AI scales process throughput and output quantity, but it multiplies the negative impact of problems the process already has.
When is your process ready for Gen AI?
*software development lifecycle
To learn more, visit Info-Tech's Modernize Your SDLC blueprint.
To learn more, visit Info-Tech's Build a Winning Business Process Automation Playbook
By shining a light on considerations that might have otherwise escaped planners and decision makers, an impact analysis is an essential component to Gen AI success. This analysis should answer the following questions on the impact to your solution delivery teams.
See our Master Organizational Change Management Practices blueprint for more information.
Brace for impact
A thorough analysis of change impacts will help your software delivery teams and change leaders:
Portfolio Management
An accurate and rationalized inventory of all Gen AI tools verifies they support the goals and abide to the usage policies of the broader delivery practice. This becomes critical when tooling is updated frequently and licenses and open- source community principles drastically change (e.g. after an acquisition).
Quality Assurance
Gen AI tools are routinely verified and validated to ensure outcomes are accurate, complete, and aligned to solution delivery quality standards. Models are retrained using lessons learned, new use cases, and updated training data.
Security & Access Management
Externally developed and trained Gen AI models may not include the measures, controls, and tactics you need to prevent vulnerabilities and protect against threats that are critical in your security frameworks, policies, and standards.
Data Management & Governance
All solution delivery data and artifacts can be transformed and consumed in various ways as they transit through solution delivery and Gen AI tools. Data integrations, structures, and definitions must be well-defined, governed, and monitored.
OPERATIONAL SUPPORT
Resources are available to support the ongoing operations of the Gen AI tool, including infrastructure, preparing training data, and managing integration with other tools. They are also prepared to recover backups, roll back, and execute recovery plans at a moment's notice.
See Build Your Generative AI Roadmap for more information.
Record the results in the Gen AI Solution Delivery Readiness Assessment Tool
Output
Participants
To learn more, visit Info-Tech's Develop Your Value-First Business Process Automation (BPA) Strategy.
Modernize Your SDLC
Efficient and effective SDLC practices are vital, as products need to readily adjust to evolving and changing business needs and technologies.
Adopt Generative AI in Solution Delivery
Generative AI can drive productivity and solution quality gains to your solution delivery teams. Level set expectations with the right use case to demonstrate its value potential.
Select Your AI Vendor & Implementation Partner
The right vendor and partner are critical for success. Build the selection criteria to shortlist the products and services that best meets the current and future needs of your teams.
Drive Business Value With Off-the-Shelf AI
Build a framework that will guide your teams through the selection of an off-the-shelf AI tool with a clear definition of the business case and preparations for successful adoption.
Build Your Enterprise Application Implementation Playbook
Your Gen AI implementation doesn't start with technology, but with an effective plan that your team supports and is aligned to broader stakeholder and sponsor priorities and goals.
Build a Winning Business Process Automation Playbook
Optimize and automate your business processes with a user-centric approach.
Embrace Business Managed Applications
Empower the business to implement their own applications with a trusted business-IT relationship.
Application Portfolio Management Foundations
Ensure your application portfolio delivers the best possible return on investment.
Maximize the Benefits from Enterprise Applications with a Center of Excellence
Optimize your organization's enterprise application capabilities with a refined and scalable methodology.
Create an Architecture for AI
Build your target state architecture from predefined best-practice building blocks.
Deliver on Your Digital Product Vision
Build a product vision your organization can take from strategy through execution.
Enhance Your Solution Architecture Practices
Ensure your software systems solution is architected to reflect stakeholders' short- and long-term needs.
Apply Design Thinking to Build Empathy With the Business
Use design thinking and journey mapping to make IT the business' go-to problem solver.
Modernize Your SDLC
Deliver quality software faster with new tools and practices.
Drive Business Value With Off-the-Shelf AI
A practical guide to ensure return on your off-the-shelf AI investment.
"Altran Helps Developers Write Better Code Faster with Azure AI." Microsoft, 2020.
"Apply Design Thinking to Complex Teams, Problems, and Organizations." IBM, 2021.
Bianca. "Unleashing the Power of AI in Code Generation: 10 Applications You Need to Know — AITechTrend." AITechTrend, 16 May 2023.
Biggs, John. "Deep Code Cleans Your Code with the Power of AI." TechCrunch, 26 Apr 2018.
"Chat GPT as a Tool for Business Analysis — the Brazilian BA." The Brazilian BA, 24 Jan 2023.
Davenport, Thomas, and Randy Bean. "Big Data and AI Executive Survey 2019." New Vantage Partners, 2019.
Davenport, Thomas, and Randy Bean. "Big Data and AI Executive Survey 2021." New Vantage Partners, 2021.
Das, Tamal. "9 Best AI-Powered Code Completion for Productive Development." Geek flare, 5 Apr 2023.
Gondrezick, Ilya. "Council Post: How AI Can Transform the Software Engineering Process." Forbes, 24 Apr 2020.
"Generative AI Speeds up Software Development: Compass UOL Study." PR Newswire, 29 Mar 2023.
"GitLab 2023 Global Develops Report Series." Gitlab, 2023.
"Game Changer: The Startling Power Generative AI Is Bringing to Software Development." KPMG, 30 Jan 2023.
"How AI Can Help with Requirements Analysis Tools." TechTarget, 28 July 2020.
Indra lingam, Ashanta. "How Spotify Is Upleveling Their Entire Design Team." Framer, 2019.
Ingle, Prathamesh. "Top Artificial Intelligence (AI) Tools That Can Generate Code to Help Programmers." Matchcoat, 1 Jan 2023.
Kaur, Jagreet . "AI in Requirements Management | Benefits and Its Processes." Xenon Stack, 13 June 2023.
Lange, Danny. "Game On: How Unity Is Extending the Power of Synthetic Data beyond the Gaming Industry." CIO, 17 Dec 2020.
Lin, Ying. "10 Artificial Intelligence Statistics You Need to Know in 2020." OBERLO, 17 Mar. 2023.
Mauran, Cecily. "Whoops, Samsung Workers Accidentally Leaked Trade Secrets via ChatGPT." Mashable, 6 Apr 2023.
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Identify and categorize current collaboration toolset usage to recognize unnecessary overlaps and legitimate gaps.
Evaluate overlaps to determine which redundant tools should be phased out and explore best practices for how to do so.
Fill your collaboration toolset gaps with best-fit tools, build business requirements for those tools, and create an adoption plan for onboarding.
Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.
Create a collaboration vision.
Acknowledge the current state of the collaboration toolset.
A clear framework to structure the collaboration strategy
1.1 Set the vision for the Collaboration Strategy.
1.2 Identify your collaboration tools with use cases.
1.3 Learn what collaboration tools are used and why, including shadow IT.
1.4 Begin categorizing the toolset.
Beginnings of the Collaboration Strategy
At least five archetypical use cases, detailing the collaboration capabilities required for these cases
Use cases updated with shadow IT currently used within the organization
Overlaps and Gaps in Current Capabilities Toolset Template
Identify redundant overlapping tools and develop a phase-out plan.
Communication and phase-out plans for redundant tools, streamlining the collaboration toolset.
2.1 Identify legitimate overlaps and gaps.
2.2 Explore business and user strategies for identifying redundant tools.
2.3 Create a Gantt chart and communication plan and outline post-phase-out strategies.
Overlaps and Gaps in Current Capabilities Toolset Template
A shortlist of redundant overlapping tools to be phased out
Phase-out plan
Gather business requirements for finding best-fit tools to fill toolset gaps.
A business requirements document
3.1 Use SoftwareReviews and the Collaboration Platform Evaluation Tool to shortlist best-fit collaboration tool.
3.2 Build SMART objectives and goals cascade.
3.3 Walk through the Collaboration Tools Business Requirements Document Template.
A shortlist of collaboration tools
A list of SMART goals and a goals cascade
Completed Business Requirements Document
Create an adoption plan for successfully onboarding new collaboration tools.
An adoption plan
4.1 Fill out the Adoption Plan Gantt Chart Template.
4.2 Create the communication plan.
4.3 Explore best practices to socialize the new tools.
Completed Gantt chart
Adoption plan marketing materials
Long-term strategy for engaging employees with onboarded tools
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Use this blueprint to standardize your service desk by assessing your current capability and laying the foundations for your service desk, design an effective incident management workflow, design a request fulfillment process, and apply the discussions and activities to make an actionable plan for improving your service desk.
This tool is designed to assess your service desk process maturity, identify gaps, guide improvement efforts, and measure your progress.
Use this template to organize information about the service desk challenges that the organization is facing, make the case to build a right-sized service desk to address those challenges, and outline the recommended process changes.
Use the RACI template to determine roles for your service desk initiatives and to build ownership around them. Use the template and replace it with your organization's information.
The template will help you identify service desk roles and responsibilities, build ticket management processes, put in place sustainable knowledgebase practices, document ticket prioritization scheme and SLO, and document ticket workflows.
Use this tool to help review the quality of tickets handled by agents and discuss each technician's technical capabilities to handle tickets.
The Workflow Library provides examples of typical workflows that make up the bulk of the incident management and request fulfillment processes at the service desk.
The Ticket Categorization Schemes provide examples of ticket categories to organize the data in the service desk tool and produce reports that help managers manage the service desk and meet business requirements.
The Knowledge Manager's role is to collect, synthesize, organize, and manage corporate information in support of business units across the enterprise.
An accurate and comprehensive record of the incident management process, including a description of the incident, any workarounds identified, the root cause (if available), and the profile of the incident's source, will improve incident resolution time.
Use this template to develop a communication plan that outlines what stakeholders can expect as the process improvements recommended in the Standardize the Service Desk blueprint are implemented.
The Service Desk Roadmap helps track outstanding implementation activities from your service desk standardization project. Use the roadmap tool to define service desk project tasks, their owners, priorities, and timeline.
Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.
Discover your challenges and understand what roles, metrics, and ticket handling procedures are needed to tackle the challenges.
Set a clear understanding about the importance of service desk to your organization and service desk best practices.
1.1 Assess current state of the service desk.
1.2 Review service desk and shift-left strategy.
1.3 Identify service desk metrics and reports.
1.4 Identify ticket handling procedures
Current state assessment
Shift-left strategy and implications
Service desk metrics and reports
Ticket handling procedures
Build workflows for incident and critical incident tickets.
Distinguish incidents from service requests.
Ticket categorization facilitates ticket. routing and reporting.
Develop an SLA for your service desk team for a consistent service delivery.
2.1 Build incident and critical incident management workflows.
2.2 Design ticket categorization scheme and proper ticket handling guidelines.
2.3 Design incident escalation and prioritization guidelines.
Incident and critical incident management workflows
Ticket categorization scheme
Ticket escalation and prioritization guidelines
Build service request workflows and prepare self-service portal.
Standardize request fulfilment processes.
Prepare for better knowledge management and leverage self-service portal to facilitate shift-left strategy.
3.1 Build service request workflows.
3.2 Build a targeted knowledgebase.
3.3 Prepare for a self-serve portal project.
Distinguishing criteria for requests and projects
Service request workflows and SLAs
Knowledgebase article template, processes, and workflows
Now that you have laid the foundation of your service desk, put all the initiatives into an action plan.
Discuss priorities, set timeline, and identify effort for your service desk.
Identify the benefits and impacts of communicating service desk initiatives to stakeholders and define channels to communicate service desk changes.
4.1 Build an implementation roadmap.
4.2 Build a communication plan
Project implementation and task list with associated owners
Project communication plan and workshop summary presentation
"Customer service issues are rarely based on personality but are almost always a symptom of poor and inconsistent process. When service desk managers are looking to hire to resolve customer service issues and executives are pushing back, it’s time to look at improving process and the support strategy to make the best use of technicians’ time, tools, and knowledge sharing. Once improvements have been made, it’s easier to make the case to add people or introduce automation.
Replacing service desk solutions will also highlight issues around poor process. Without fixing the baseline services, the new solution will simply wrap your issues in a prettier package.
Ultimately, the service desk needs to be the entry point for users to get help and the rest of IT needs to provide the appropriate support to ensure the first line of interaction has the knowledge and tools they need to resolve quickly and preferably on first contact. If your plans include optimization to self-serve or automation, you’ll have a hard time getting there without standardizing first."
Principal Research Director, Infrastructure & Operations Practice
Info-Tech Research Group
Service desk improvement is an exercise in organizational change. Engage specialists across the IT organization in building the solution. Establish a single service-support team across the IT group and enforce it with a cooperative, customer-focused culture. Don’t be fooled by a tool that’s new. A new service desk tool alone won’t solve the problem. Service desk maturity improvements depend on putting in place the right people and processes to support the technology
Source: Info-Tech, 2019 Responses (N=189 organizations)
Info-Tech Research Group’s IT Management and Governance Diagnostic (MGD) program assesses the importance and effectiveness of core IT processes. Since its inception, the MGD has consistently identified the service desk as an area to leverage.
Since 2013, Info-Tech has surveyed over 40,000 business stakeholders as part of our CIO Business Vision program.
Business stakeholders ranked the following 12 core IT services in terms of importance:
Learn more about the CIO Business Vision Program.On average, organizations that were satisfied with service desk effectiveness rated all other IT processes 46% higher than dissatisfied end users.
Organizations that were satisfied with service desk timeliness rated all other IT processes 37% higher than dissatisfied end users.More than one hundred organizations engaged with Info-Tech, through advisory calls and workshops, for their service desk projects in 2016. Their goal was either to improve an existing service desk or build one from scratch.
Organizations that estimate the business impact of each project phase help us shed light on the average measured value of the engagements.
"The analysts are an amazing resource for this project. Their approach is very methodical, and they have the ability to fill in the big picture with detailed, actionable steps. There is a real opportunity for us to get off the treadmill and make real IT service management improvements"
- Rod Gula, IT Director
American Realty Advisors
“Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful.”
“Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track.”
“We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place.”
“Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project.”
Project Summary
Service Desk Standard Operating Procedures
Service Desk Maturity Assessment Tool
Service Desk Implementation Roadmap
Incident, knowledge, and request management workflows
Improved training and knowledge transfer: Routine tasks can be delegated to junior staff (freeing senior staff to work on higher priority tasks).
IT automation, process optimization, and consistent operations: Defining, documenting, and then optimizing processes enables IT automation to be built on sound processes, so consistent positive results can be achieved.
Compliance: Compliance audits are more manageable because the documentation is already in place.
Transparency: Visually documented processes answer the common business question of “why does that take so long?”
Cost savings: Work solved at first contact or with a minimal number of escalations will result in greater efficiency and more cost-effective support. This will also lead to better customer service.
Tasks will be difficult to delegate, key staff become a bottleneck, knowledge transfer is inconsistent, and there is a longer onboarding process for new staff
IT automation built on poorly defined, unoptimized processes leads to inconsistent results.
Documenting SOPs to prepare for an audit becomes a major time-intensive project.
Other areas of the organization may not understand how IT operates, which can lead to confusion and unrealistic expectations.
Support costs are highest through inefficient processes, and proactive work becomes more difficult to schedule, making the organization vulnerable to costly disruptions.
Contact your account representative or email Workshops@InfoTech.com for more information.
Alignment on the challenges that the service desk faces, an assessment of the current state of service desk processes and technologies, and baseline metrics against which to measure improvements.
Deliverables
Embrace standardization
Increase business satisfaction
Reduce recurring issues
Increase efficiency and lower operating costs
When he joined Westminster College as CIO in 2006, the department faced several infrastructure challenges, including:
As the CIO investigated how to address the infrastructure challenges, he realized people cared deeply about how IT spent its time.
The project load of IT staff increased, with new projects coming in every day.
With a long project list, it became increasingly important to improve the transparency of project request and prioritization.
Some weeks, staff spent 80% of their time working on projects. Other weeks, support requirements might leave only 10% for project work.
He addressed the infrastructure challenges in part by analyzing IT’s routine processes.
Internally, IT had inefficient support processes that reduced the amount of time they could spend on projects.
They undertook an internal process analysis effort to identify processes that would have a return on investment if they were improved. The goal was to reduce operational support time so that project time could be increased.
Five years later, they had a better understanding of the organization's operational support time needs and were able to shift workloads to accommodate projects without compromising support.
Estimated Time: 45 minutes
A. As a group, outline the areas where you think the service desk is experiencing challenges or weaknesses. Use sticky notes or a whiteboard to separate the challenges into People, Process, and Technology so you have a wholistic view of the constraints across the department.
B. Think about the following:
C. Document challenges in the Service Desk Project Summary.
Participants:
A current-state assessment will help you build a foundation for process improvements. Current-state assessments follow a basic formula:
Ideally, the current-state assessment should align the delivery of IT services with organizational needs. The assessment should achieve the following goals:
“How do you know if you aren’t mature enough? Nothing – or everything – is recorded and tracked, customer satisfaction is low, frustration is high, and there are multiple requests and incidents that nobody ever bothers to address.”
Rob England
IT Consultant & Commentator
Owner Two Hills
Also known as The IT Skeptic
The Service Desk Maturity Assessmenttool helps organizations assess their service desk process maturity and focus the project on the activities that matter most.
The tool will help guide improvement efforts and measure your progress.
The tool is intended for periodic use. Review your answers each year and devise initiatives to improve the process performance where you need it most.
Where do I find the data?Consult:
This step will walk you through the following activities:
This step involves the following participants:
Identifying who is accountable for different support practices in the service desk will allow workload to be distributed effectively between functional teams and individuals. Closing the gaps in responsibilities will enable the execution of a shift-left strategy.
Deliverables
If you try to standardize service desk processes without engaging specialists in other parts of the IT organization, you will fail. Everyone in IT has a role to play in providing service support and meeting service-level agreements.
Specialists tend to distance themselves from service support as they progress through their career to focus on projects.
However, their cooperation is critical to the success of the new service desk. Not only do they contribute to the knowledgebase, but they also handle escalations from tiers 1 and 2.
Responsible: This person is the staff member who completes the work. Assign at least one Responsible for each task, but this could be more than one.
Accountable: This team member delegates a task and is the last person to review deliverables and/or task. Sometimes Responsible and Accountable can be the same staff. Make sure that you always assign only one Accountable for each task and not more.
Consulted: People who do not carry out the task but need to be consulted. Typically, these people are subject matter experts or stakeholders.
Informed: People who receive information about process execution and quality and need to stay informed regarding the task.
A RACI analysis is helpful with the following:
Notes:
Participants
What You'll Need
Regardless of the service desk structure chosen to meet your service support requirements, end users should be in no doubt about how to access the service.
Provide end users with:
A single point of contact will ensure:
This prevents ad hoc ticket channels such as shoulder grabs or direct emails, chats, or calls to a technician from interrupting work.
A single point of contact does not mean the service desk is only accessible through one intake channel, but rather all tickets are directed to the service desk (i.e. tier 1) to be resolved or redirected appropriately.
Source: Info-Tech, 2019 Responses (N=189 organizations)
Info-Tech Research Group’s IT Management and Governance Diagnostic (MGD) program assesses the importance and effectiveness of core IT processes. Since its inception, the MGD has consistently identified the service desk as an area to leverage.
Since 2013, Info-Tech has surveyed over 40,000 business stakeholders as part of our CIO Business Vision program.
Business stakeholders ranked the following 12 core IT services in terms of importance:
Learn more about the CIO Business Vision Program.On average, organizations that were satisfied with service desk effectiveness rated all other IT processes 46% higher than dissatisfied end users.
Organizations that were satisfied with service desk timeliness rated all other IT processes 37% higher than dissatisfied end users.More than one hundred organizations engaged with Info-Tech, through advisory calls and workshops, for their service desk projects in 2016. Their goal was either to improve an existing service desk or build one from scratch.
Organizations that estimate the business impact of each project phase help us shed light on the average measured value of the engagements.
"The analysts are an amazing resource for this project. Their approach is very methodical, and they have the ability to fill in the big picture with detailed, actionable steps. There is a real opportunity for us to get off the treadmill and make real IT service management improvements"
- Rod Gula, IT Director
American Realty Advisors
“Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful.”
“Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track.”
“We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place.”
“Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project.”
Project Summary
Service Desk Standard Operating Procedures
Service Desk Maturity Assessment Tool
Service Desk Implementation Roadmap
Incident, knowledge, and request management workflows
Improved training and knowledge transfer: Routine tasks can be delegated to junior staff (freeing senior staff to work on higher priority tasks).
IT automation, process optimization, and consistent operations: Defining, documenting, and then optimizing processes enables IT automation to be built on sound processes, so consistent positive results can be achieved.
Compliance: Compliance audits are more manageable because the documentation is already in place.
Transparency: Visually documented processes answer the common business question of “why does that take so long?”
Cost savings: Work solved at first contact or with a minimal number of escalations will result in greater efficiency and more cost-effective support. This will also lead to better customer service.
Tasks will be difficult to delegate, key staff become a bottleneck, knowledge transfer is inconsistent, and there is a longer onboarding process for new staff
IT automation built on poorly defined, unoptimized processes leads to inconsistent results.
Documenting SOPs to prepare for an audit becomes a major time-intensive project.
Other areas of the organization may not understand how IT operates, which can lead to confusion and unrealistic expectations.
Support costs are highest through inefficient processes, and proactive work becomes more difficult to schedule, making the organization vulnerable to costly disruptions.
Contact your account representative or email Workshops@InfoTech.com for more information.
Alignment on the challenges that the service desk faces, an assessment of the current state of service desk processes and technologies, and baseline metrics against which to measure improvements.
Deliverables
Embrace standardization
Increase business satisfaction
Reduce recurring issues
Increase efficiency and lower operating costs
When he joined Westminster College as CIO in 2006, the department faced several infrastructure challenges, including:
As the CIO investigated how to address the infrastructure challenges, he realized people cared deeply about how IT spent its time.
The project load of IT staff increased, with new projects coming in every day.
With a long project list, it became increasingly important to improve the transparency of project request and prioritization.
Some weeks, staff spent 80% of their time working on projects. Other weeks, support requirements might leave only 10% for project work.
He addressed the infrastructure challenges in part by analyzing IT’s routine processes.
Internally, IT had inefficient support processes that reduced the amount of time they could spend on projects.
They undertook an internal process analysis effort to identify processes that would have a return on investment if they were improved. The goal was to reduce operational support time so that project time could be increased.
Five years later, they had a better understanding of the organization's operational support time needs and were able to shift workloads to accommodate projects without compromising support.
Estimated Time: 45 minutes
A. As a group, outline the areas where you think the service desk is experiencing challenges or weaknesses. Use sticky notes or a whiteboard to separate the challenges into People, Process, and Technology so you have a wholistic view of the constraints across the department.
B. Think about the following:
C. Document challenges in the Service Desk Project Summary.
Participants:
A current-state assessment will help you build a foundation for process improvements. Current-state assessments follow a basic formula:
Ideally, the current-state assessment should align the delivery of IT services with organizational needs. The assessment should achieve the following goals:
“How do you know if you aren’t mature enough? Nothing – or everything – is recorded and tracked, customer satisfaction is low, frustration is high, and there are multiple requests and incidents that nobody ever bothers to address.”
Rob England
IT Consultant & Commentator
Owner Two Hills
Also known as The IT Skeptic
The Service Desk Maturity Assessmenttool helps organizations assess their service desk process maturity and focus the project on the activities that matter most.
The tool will help guide improvement efforts and measure your progress.
The tool is intended for periodic use. Review your answers each year and devise initiatives to improve the process performance where you need it most.
Where do I find the data?Consult:
This step will walk you through the following activities:
This step involves the following participants:
Identifying who is accountable for different support practices in the service desk will allow workload to be distributed effectively between functional teams and individuals. Closing the gaps in responsibilities will enable the execution of a shift-left strategy.
Deliverables
If you try to standardize service desk processes without engaging specialists in other parts of the IT organization, you will fail. Everyone in IT has a role to play in providing service support and meeting service-level agreements.
Specialists tend to distance themselves from service support as they progress through their career to focus on projects.
However, their cooperation is critical to the success of the new service desk. Not only do they contribute to the knowledgebase, but they also handle escalations from tiers 1 and 2.
Responsible: This person is the staff member who completes the work. Assign at least one Responsible for each task, but this could be more than one.
Accountable: This team member delegates a task and is the last person to review deliverables and/or task. Sometimes Responsible and Accountable can be the same staff. Make sure that you always assign only one Accountable for each task and not more.
Consulted: People who do not carry out the task but need to be consulted. Typically, these people are subject matter experts or stakeholders.
Informed: People who receive information about process execution and quality and need to stay informed regarding the task.
A RACI analysis is helpful with the following:
Notes:
Participants
What You'll Need
A tiered generalist service desk with a first-tier resolution rate greater than 60% has the best operating cost and customer satisfaction of all competing service desk structural models.
Estimated Time: 45 minutes
Participants
Shift-left strategy:
Identify process gaps that you need to fill to support the shift-left strategy and discuss how you could adopt or improve the shift-left strategy, using the discussion questions below as a guide.
Which process gaps do you need to fill to identify ticket trends?
Which processes do you most need to improve to support a shift-left strategy?
Document in the Project Summary
Managers and analysts will have service desk metrics and reports that help set expectations and communicate service desk performance.
Deliverables
Start with the following questions:
Work with business unit leaders to develop an action plan.
Remember to communicate what you do to address stakeholder grievances.
The service recovery paradox is a situation in which end users think more highly of IT after the organization has corrected a problem with their service compared to how they would regard the company if the service had not been faulty in the first place.
The point is that addressing issues (and being seen to address issues) will significantly improve end-user satisfaction. Communicate that you’re listening and acting, and you should see satisfaction improve.
Presentation is everything:
If you are presenting outside of IT, or using operational metrics to create strategic information, be prepared to:
For example, “Number of incidents with ERP system has decreased by 5% after our last patch release. We are working on the next set of changes and expect the issues to continue to decrease.”
Tickets MUST:
Emphasize that reports are analyzed regularly and used to manage costs, improve services, and request more resources.
Service Desk Manager: Technical staff can help themselves analyze the backlog and improve service metrics if they’re looking at the right information. Ensure their service desk dashboards are helping them identify high-priority and quick-win tickets and anticipate potential SLA breaches.
Metrics should be tied to business requirements and show how well IT is meeting those requirements and where obstacles exist.
Technicians require mostly real-time information in the form of a dashboard, providing visibility into a prioritized list of tickets for which they are responsible.
Supervisors need tactical information to manage the team and set client expectations as well as track and meet strategic goals.
Managers and executives need summary information that supports strategic goals. Start by looking at executive goals for the support team and then working through some of the more tactical data that will help support those goals.
Example:
First-call resolution (FCR), end-user satisfaction, and number of tickets reopened all work together to give you a complete picture. As FCR goes up, so should end-user satisfaction, as number of tickets re-opened stays steady or declines. If the three metrics are heading in different directions, then you know you have a problem.
Internal metrics provide you with information about your actual performance. With the right continual improvement process, you can improve those metrics year over year, which is a better measure of the performance of your service desk.
Whether a given metric is the right one for your service desk will depend on several different factors, not the least of which include:
Take external metrics with a grain of salt. Most benchmarks represent what service desks do across different industries, not what they should do. There also might be significant differences between different industries in terms of the kinds of tickets they deal with, differences which the overall average obscures.
The right metrics can tell the business how hard IT works and how many resources it needs to perform:
Metrics should be tied to business requirements. They tell the story of how well IT is meeting those requirements and help identify when obstacles get in the way. The latter can be done by pointing to discrepancies between the internal metrics you expected to reach but didn’t and external metrics you trust.
Ultimately, everything boils down to cost containment (measured by cost per ticket) and quality of service (measured by customer satisfaction).
Cost per ticket is a measure of the efficiency of service support:
Cost per ticket is the total monthly operating expense of the service desk divided by the monthly ticket volume. Operating expense includes the following components:
Participants
What You'll Need
Managers and analysts will have best practices for ticket handling and troubleshooting to support ITSM data quality and improve first-tier resolution.
DELIVERABLES
If end users are avoiding your service desk, you may have an intake problem. Create alternative ways for users to seek help to manage the volume; keep in mind not every request is an emergency.
The two most efficient intake channels should be encouraged for the majority of tickets.
The two most traditional and fastest methods to get help must deal with emergencies and escalation effectively.
If many tickets are missing, help service support staff understand the need to collect the data. Reports will be inaccurate and meaningless if quality data isn’t entered into the ticketing system.
Better data leads to better decisions. Use the Ticket and Call Quality Assessment Toolto check-in on the ticket and call quality monthly for each technician and improve service desk data quality.
Participants
What You'll Needs
Workflows for incident management and critical incident management will improve the consistency and quality of service delivery and prepare the service desk to negotiate reliable service levels with the organization.
DELIVERABLES
End users think more highly of IT after the organization has corrected a problem with their service than they would have had the service not been faulty in the first place.
Use the service recovery paradox to your advantage. Address service desk challenges explicitly, develop incident management processes that get services back online quickly, and communicate the changes.
If you show that the service desk recovered well from the challenges end users raised, you will get greater loyalty from them.
The role of an incident coordinator or manager can be assigned to anyone inside the service desk that has a strong knowledge of incident resolution, attention to detail, and knows how to herd cats.
In organizations with high ticket volumes, a separate role may be necessary.
Everyone must recognize that incident management is a cross-IT organization process and it does not have to be a unique service desk process.
An incident coordinator is responsible for:
Ben Rodrigues developed a progressive plan to create a responsive, service-oriented culture for the service support organization.
"When I joined the organization, there wasn’t a service desk. People just phoned, emailed, maybe left [sticky] notes for who they thought in IT would resolve it. There wasn’t a lot of investment in developing clear processes. It was ‘Let’s call somebody in IT.’
I set up the service desk to clarify what we would do for end users and to establish some SLAs.
I didn’t commit to service levels right away. I needed to see how many resources and what skill sets I would need. I started by drafting some SLA targets and plugging them into our tracking application. I then monitored how we did on certain things and established if we needed other skill sets. Then I communicated those SOPs to the business, so that ‘if you have an issue, this is where you go, and this is how you do it,’ and then shared those KPIs with them.
I had monthly meetings with different function heads to say, ‘this is what I see your guys calling me about,’ and we worked on something together to make some of the pain disappear."
-Ben Rodrigues
Director, IT Services
Gamma Dynacare
End Users
Technicians
Managers
Consistent incident management processes will improve end-user satisfaction with all other IT services.
However, be prepared to overcome these common obstacles as you put the process in place, including:
Participants
What You’ll Need
Different ticket types are associated with radically different prioritization, routing, and service levels. For instance, most incidents are resolved within a business day, but requests take longer to implement.
If you fail to distinguish between ticket types, your metrics will obscure service desk performance.
Organizations sometimes mistakenly classify small projects as service requests, which can compromise your data, resulting in a negative impact to the perceived value of the service desk.
Defining the differences between service requests and incidents is not just for reporting purposes. It also has a major impact on how service is delivered.
Incidents are unexpected disruptions to normal business processes and require attempts to restore services as soon as possible (e.g. the printer is not working).
Service requests are tasks that don’t involve something that is broken or has an immediate impact on services. They do not require immediate resolution and can typically be scheduled (e.g. new software).
Estimated Time: 60 minutes
Participants
What You’ll Need
Discuss these elements to see how the organization will handle them.
Critical incidents are high-impact, high-urgency events that put the effectiveness and timeliness of the service desk center stage.
Build a workflow that focuses on quickly bringing together the right people to resolve the incident and reduces the chances of recurrence.
Estimated Time: 60 minutes
Participants
What You’ll Need
When it comes to communicating during major incidents, it’s important to get the information just right. Users don’t want too little, they don’t want too much, they just want what’s relevant to them, and they want that information at the right time.
As an IT professional, you may not have a background in communications, but it becomes an important part of your job. Broad guidelines for good communication during a critical incident are:
Why does communication matter?
Sending the wrong message, at the wrong time, to the wrong stakeholders, can result in:
End users understand that sometimes things break. What’s important to them is that (1) you don’t repeatedly have the same problem, (2) you keep them informed, and (3) you give them enough notice when their systems will be impacted and when service will be returned.
In the middle of resolving a critical incident, the last thing you have time for is worrying about crafting a good message. Create a series of templates to save time by providing automated, tailored messages for each stage of the process that can be quickly altered and sent out to the right stakeholders.
Once templates are in place, when the incident occurs, it’s simply a matter of:
Tell users the information they need to know when they need to know it. If a user is directly impacted, tell them that. If the incident does not directly affect the user, the communication may lead to decreased customer satisfaction or failure to pay attention to future relevant messaging.
You’ll need distinct messages for distinct audiences. For example:
Some questions to assist you:
Customer experience programs with a combination of relationship and transactional surveys tend to be more effective. Merging the two will give a wholistic picture of the customer experience.
Relationship surveys focus on obtaining feedback on the overall customer experience.
Transactional surveys are tied to a specific interaction or transaction your end users have with a specific product or service.
A simple quantitative survey at the closing of a ticket can inform the service desk manager of any issues that were not resolved to the end user’s satisfaction. Take advantage of workflows to escalate poor results immediately for quick follow-up.
If a more complex survey is required, you may wish to include some of these questions:
Please rate your overall satisfaction with the way your issue was handled (1=unsatisfactory, 5=fantastic)
Add an open-ended, qualitative question to put the number in context, and solicit critical feedback:
What could the service desk have done to improve your experience?
Successful customer satisfaction programs respond effectively to both positive and negative outcomes. Late or lack of responses to negative comments may increase customer frustration, while not responding at all to the positive comments may give the perception of indifference. If customers are taking the time to fill out the survey, good or bad, they should be followed up with
Take these steps to handle survey feedback:
When you combine the tracking and analysis of relationship and transactional survey data you will be able to dive into specific issues, identify trends and patterns, assess impact to users, and build a plan to make improvements.
Once the survey data is centralized, categorized, and available you can start to focus on metrics. At a minimum, for transactional surveys, consider tracking:
For relationship surveys, consider tracking:
Image Source: Info-Tech End User Satisfaction Report
Prioritize company-wide improvement initiatives by those that have the biggest impact to the entire customer base first and then communicate the plan to the organization using a variety of communication channels that will draw your customers in, e.g. dashboards, newsletters, email alerts.
Consider automating or using your ITSM notification system as a direct communication method to inform the service desk manager of negative survey results.
This step involves the following participants:
The reviewed ticket categorization scheme will be easier to use and deploy more consistently, which will improve the categorization of data and the reliability of reports.
DELIVERABLES
Too many options cause confusion; too few options provide little value. As you build the classification scheme over the next few slides, let call routing and reporting requirements be your guide.
Effective classification schemes are concise, easy to use correctly, and easy to maintain.
Don’t do it alone! Collaborate with managers in the specialized IT groups responsible for root-cause analysis to develop a categorization scheme that makes sense for them.
Start with asset types if asset management and configuration management processes figure prominently in your practice or on your service management implementation roadmap.
Building the Categories
Ask these questions:
Need to make quick progress? Use Info-Tech Research Group’s Service Desk Ticket Categorization Schemes template.
Think about how you will use the data to determine which components need to be included in reports. If components won’t be used for reporting, routing, or warranty, reporting down to the component level adds little value.
Start with asset services if service management generally figures prominently in your practice, especially service catalog management.
Building the Categories
Ask these questions:
Need to make quick progress? Use Info-Tech Research Group’s Service Desk Ticket Categorization Schemes template.
Remember, ticket categories are not your only source of reports. Enhance the classification scheme with resolution and status codes for more granular reporting.
Participants
What You’ll Need
Resolution codes differ from detailed resolution notes.
Ticket statuses are a helpful field for both IT and end users to identify the current status of the ticket and to initiate workflows.
Common Examples:
Resolution Codes
Status Fields
Discuss:
Draft:
Participants
What You’ll Need
The reviewed ticket escalation and prioritization will streamline queue management, improve the quality of escalations, and ensure agents work on the right tickets at the right time.
DELIVERABLES
Mission-critical systems or problems that affect many people should always come first (i.e. Severity Level 1).
The bulk of reported problems, however, are often individual problems with desktop PCs (i.e. Severity Level 3 or 4).
Some questions to consider when deciding on problem severity include:
Decide how many severity levels the organization needs the service desk to have. Four levels of severity are ideal for most organizations.
Estimated Time: 60 minutes
Document in the SOP
Participants
What You'll Need
Estimated Time: 60 minutes
Instructions:
For each incident priority level, define the associated:
Participants
What You'll Need
Use the table on the previous slide as a guide.
Escalation is not about admitting defeat, but about using your resources properly.
Defining procedures for escalation reduces the amount of time the service desk spends troubleshooting before allocating the incident to a higher service tier. This reduces the mean time to resolve and increases end-user satisfaction.
You can correlate escalation paths to ticket categories devised in step 2.2.
Estimated Time: 60 minutes
Instructions
Estimated Time: 60 minutes
Participants
What You'll Need
Workflows for service requests will improve the consistency and quality of service delivery and prepare the service desk to negotiate reliable service levels with the organization.
DELIVERABLES
Standardize requests to develop a consistent offering and prepare for a future service catalog.
Document service requests to identify time to fulfill and approvals.
Identify which service requests can be auto-approved and which will require a workflow to gain approval.
Document workflows and analyze them to identify ways to improve SLAs. If any approvals are interrupting technical processes, rearrange them so that approvals happen before the technical team is involved.
Determine support levels for each service offering and ensure your team can sustain them.
Where it makes sense, automate delivery of services such as software deployment.
The distinction between service requests and small projects has two use cases, which are two sides of the same resourcing issue.
What’s the difference between a service request and a small project?
Example: A mid-sized organization goes on a hiring blitz and needs to onboard 150 new employees in one quarter. Submitting and scheduling 150 requests for onboarding new employees would require much more time and resources.
Common Characteristics of Projects:
Projects require greater risk, effort, and resources than a service request and should be redirected to the PMO.
Standard Requests
Non-Standard Requests
The service desk can’t and shouldn’t distinguish between requests and projects on its own. Instead, engage stakeholders to determine where to draw the line.
Whatever criteria you choose, define them carefully.
Be pragmatic: there is no single best set of criteria and no single best definition for each criterion. The best criteria and definitions will be the ones that work in your organizational context.
Participants
What You'll Need
New service desk managers sometimes try to standardize request fulfilment processes on their own only to encounter either apathy or significant resistance to change.
Moving to a tiered generalist service desk with a service-oriented culture, a high first-tier generalist resolution rate, and collaborative T2 and T3 specialists can be a big change. It is critical to get the request workflows right.
Don’t go it alone. Engage a core team of process champions from all service support. With executive support, the right process building exercises can help you overcome resistance to change.
Consider running the process building activities in this project phase in a working session or a workshop setting.
If they build it, they will come. Service desk improvement is an exercise in organizational change that crosses IT disciplines. Organizations that fail to engage IT specialists from other silos often encounter resistance to change that jeopardizes the process improvements they are trying to make. Overcome resistance by highlighting how process changes will benefit different groups in IT and solicit the feedback of specialists who can affect or be affected by the changes.
Move approvals out of technical IT processes to make them more efficient. Evaluate all service requests to see where auto-approvals make sense. Where approvals are required, use tools and workflows to manage the process.
Example:
As standard service requests should follow standard, repeatable, and predictable steps to fulfill, they can be documented with workflows.
Ensure there is a standard and predictable methodology for assessing non-standard requests; inevitably those requests may still cause delay in fulfillment.
Create a process to ensure reasonable expectations of delivery can be set with the end user and then identify what technology requests should become part of the existing standard offerings.
Participants
What You'll Need
These should all be scheduled services. Anything that is requested as a rush needs to be marked as a higher urgency or priority to track end users who need training on the process.
Critique workflows for efficiencies and effectiveness:
Participants
What You'll Need
The section will introduce service catalogs and get the organization to envision what self-service tools it might include.
DELIVERABLES
Gathering, analyzing, storing & sharing knowledge to reduce the need to rediscover known solutions.
Organized repository of IT best practices and knowledge gained from practical experiences.
Give end users a chance to resolve simple issues themselves without submitting a ticket.
Shared resource for service desk staff and managers to share and use knowledge.
Service desk teams are often overwhelmed by the idea of building and maintaining a comprehensive integrated knowledgebase that covers an extensive amount of information.
Don’t let this idea stop you from building a knowledgebase! It takes time to build a comprehensive knowledgebase and you must start somewhere.
Start with existing documentation or knowledge that depends on the expertise of only a few people and is easy to document and you will already see the benefits.
Then continue to build and improve from there. Eventually, knowledge management will be a part of the culture.
Inventory and consolidate existing documentation, then evaluate it for audience relevancy, accuracy, and usability. Use the exercise and the next slides to develop a knowledgebase template.
Assign a knowledge manager to monitor creation and edit and maintain database.
The knowledge manager role will likely be a role assigned to an existing resource rather than a dedicated position.
Options include:
Determine which features your organization needs and check to see if your tools have them.
For more information on knowledgebase improvement, refer to Info-Tech’s Optimize the Service Desk With a Shift-Left Strategy.
Workflow should include:
Participants
What You’ll Need
Write and critique knowledgebase articles.
Audience: Technician
Audience: End users
Participants
What You’ll Need
The section prepares you to tackle a self-service portal project once the service desk standardization is complete.
DELIVERABLES
Some companies use vending machines as a form of self serve. Users can enter their purchase code and “buy” a thin client, mouse, keyboard, software, USB keys, tablet, headphones, or loaners.
Building the basics first will provide your users with immediate value. Incrementally add new features to your portal.
Don’t build a portal framed around current offerings and capabilities just for the sake of it. Build the portal based on what your users want and need if you want them to use it.
The portal should be designed for users to self-serve, and thus self-service must be seamless, clear, and attractive to users.
Keep in mind that users may not have high technical literacy or be familiar with terminology that you find commonplace. Use terms that are easy to understand.
Ensure that users can find what they’re looking for both by browsing the site and by using search functionality.
If multiple departments (i.e. HR, Finance) use or will use a portal, set up a shared portal so that users won’t have to guess where to go to ask for help.
You will know how to navigate the portal better than anyone, but that doesn’t mean it’s intuitive for a new user. Test the portal with users to collect and incorporate feedback.
Image source: Cherwell Service Management
Image source: Team Dynamix
For more information on building self-service portal, refer to Info-Tech’s Optimize the Service Desk with a Shift-Left Strategy
Participants
What You’ll Need
A service catalog is a communications device that lists the IT services offered by an organization. The service catalog is designed to enable the creation of a self-service portal for the end user. The portal augments the service desk so analysts can spend time managing incidents and providing technical support.
The big value comes from workflows:
There are three types of catalogs:
Image courtesy of University of Victoria
Sample Service Catalog Efforts
“I would say a client with 2,000 users and an IT department with a couple of hundred, then you're looking at six months before you have the catalog there.”
– Service Catalog Implementation Specialist,
Health Services
Identify stakeholders who can contribute to the project.
Evaluate tool options.
Identify the high-level tasks that need to be done.
Document the plan and tasks in the Service Desk Roadmap.
Examples of publicly posted service catalogs:
University of Victoria is an example of a catalog that started simple and now includes multiple divisions, notifications, systems status, communications, e-commerce, incident registration, and more.
Indiana University is a student, faculty, and staff service catalog and self-service portal that goes beyond IT services.
The communication plan and project summary will help project managers outline recommendations and communicate their benefits.
DELIVERABLES
An effective communication plan will:
Build a communication plan to:
Estimated Time: 45 minutes
Develop a stakeholder analysis.
Craft key messages tailored to each stakeholder group.
Finalize the communication plan.
Participants
The implementation plan will help track and categorize the next steps and finalize the project.
DELIVERABLES
Estimated Time: 45 minutes
Determine the sequence of improvement initiatives that have been identified throughout the project.
The purpose of this exercise is to define a timeline and commit to initiatives to reach your goals.
Instructions:
Participants
Document using the Roadmap tool.
ImplementHardware and Software Asset Management
Optimize Change Management Incident and Problem Management Build a Continual Improvement Plan for the Service DeskThe Standardize blueprint reviews service desk structures and metrics and builds essential processes and workflows for incident management, service request fulfillment, and knowledge management practices.
Once the service desk is operational, there are three paths to basic ITSM maturity:
Solicit targeted department feedback on core IT service capabilities, IT communications, and business enablement. Use the results to assess the satisfaction of end users, with each service broken down by department and seniority level.
“Help Desk Staffing Models: Simple Analysis Can Save You Money.” Giva, Inc., 2 Sept. 2009. Web.
Marrone et al. “IT Service Management: A Cross-national Study of ITIL Adoption.” Communications of the Association for Information Systems: Vol. 34, Article 49. 2014. PDF.
Rumburg, Jeff. “Metric of the Month: First Level Resolution Rate.” MetricNet, 2011. Web.
“Service Recovery Paradox.” Wikipedia, n.d. Web.
Tang, Xiaojun, and Yuki Todo. “A Study of Service Desk Setup in Implementing IT Service Management in Enterprises.” Technology and Investment: Vol. 4, pp. 190-196. 2013. PDF.
“The Survey of Adult Skills (PIAAC).” Organisation for Economic Co-operation and Development (OECD), 2016. Web.
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
This tool will help you identify where your Agile teams are experiencing the most pain so you can create your Agile challenges hit list.
While each organization/team will struggle with its own individual challenges, many members find they face similar organizational/systemic challenges when adopting Agile. Review these typical challenges and learn from what other members have discovered.
Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.
Determine whether an Agile playbook is right for you.
Broadly survey your teams to identify Agile challenges and success factors in your organization.
Better understanding of common Agile challenges and success factors
Identification of common Agile challenges and success factors are prevalent in your organization
1.1 Distribute survey and gather results.
1.2 Consolidate survey results.
Completed survey responses from across teams/organization
Consolidated heat map of your Agile challenges and success factors
Examine consolidated survey results.
Identify your most pressing challenges.
Create a hit list of challenges to be resolved.
Identification of the most serious challenges to your Agile transformation
Attention focused on those challenge areas that are most impacting your Agile teams
2.1 Analyze and discuss your consolidated heat map.
2.2 Prioritize identified challenges.
2.3 Select your hit list of challenges to address.
Your Agile challenges hit list
Address each challenge in your hit list to eliminate or improve it.
Better Agile team performance and effectiveness
3.1 Work with Agile mentor to problem solve each challenge in your hit list.
3.2 Apply these to your project in real time.
Capture the findings and lessons learned while problem solving your hit list.
Strategies and tactics for being successful with Agile in your organization which can be applied to future projects
4.1 For each hit list item, capture the findings and lessons learned in Module 3.
4.2 Document these in your Agile Playbook.
Your Agile Playbook deliverable
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Conducting the appropriate due diligence on your vendor’s account team is as important as the due diligence you put into the vendor. Ongoing management of the account team should follow the lifecycle of the vendor relationship.
Understanding your vendor team’s background, experience, and strategic approach to your account is key to the management of the relationship, the success of the vendor agreement, and, depending on the vendor, the success of your business.
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Learn how to best qualify that you have the right team for your business needs, using the accompanying tools to measure and monitor success throughout the relationship.
The Vendor Rules of Engagement template will help you develop your written expectations for the vendor for how they will interact with your business and stakeholders.
Evaluate your vendor account teams using this template to gather stakeholder feedback on vendor performance.
IT professionals interact with vendor account teams on a regular basis. You may not give it much thought, but do you have a good understanding of your rep’s ability to support/service your account, in the manner you expect, for the best possible outcome? The consequences to your business of an inappropriately assigned and poorly trained account team can have a disastrous impact on your relationship with the vendor, your business, and your budget. Doing the appropriate due diligence with your account team is as important as the due diligence you should put into the vendor. And, of course, ongoing management of the account team relationship is vital. Here we will share how best to qualify that you have the right team for your business needs as well as how to measure and monitor success throughout the relationship.
![]() |
Donna Glidden
|
Your Challenge
|
Common Obstacles
|
Info-Tech’s Approach
|
Understanding your vendor team’s background, their experience, and their strategic approach to your account is key to the management of the relationship, the success of the vendor agreement, and, depending on the vendor, the success of your business.
IT Benefits
|
Mutual IT and
|
Business Benefits
|
Conducting the appropriate due diligence on your vendor’s account team is as important as the due diligence you put into the vendor. Ongoing management of the account team should follow the lifecycle of the vendor relationship.
Introductory/RFP phase
|
Contract phase
|
Vendor management phase
|
Tactical insight
Don’t forget to look at your organization’s role in how well the account team is able to perform to your expectations. |
Tactical insight
Measure to manage – what are the predetermined criteria that you will measure the account team’s success against? |
(Source: Spotio) | Info-Tech InsightRemember to examine the inadequacies of vendor training as part of the root cause of why the account team may lack substance. |
Why it matters1.8 yearsis the average tenure for top ten tech companies2.6 years is the average experience required to hire. 2.4 years is the average account executive tenure. 44% of reps plan to leave their job within two years. The higher the average contract value, the longer the tenure. More-experienced account reps tend to stay longer. (Source: Xactly, 2021) |
![]() |
You are always going to be engaged in training your rep, so be prepared.
|
When you formalize your expectations regarding vendor contact with your organization and create structure around it, vendors will take notice.
Consider a standard intake process for fielding vendor inquiries and responding to requests for meetings to save yourself the headaches that come with trying to keep up with them. Stakeholder teams, IT, and Procurement need to be on the same page in this regard to avoid missteps in the important introductory phase of dealing with vendors and the resulting confusion on the part of vendor account teams when they get mixed messages and feel “passed around.” |
If vendors know you have no process to track their activities, they’ll call who they want when they want, and the likelihood of them having more information about your business than you about theirs is significant.
Vendor contacts are made in several ways:
Things to consider:
|
Not every vendor contact will result in an “engagement” such as invitation to an RFP or a contract for business. As such, we recommend that you set up an intake process to track/manage supplier inquiries so that when you are ready to engage, the vendor teams will be set up to work according to your expectations. |
What are your ongoing expectations for the account team?
|
![]() |
Even if you don’t have a vendor management initiative in place, consider these steps to manage both new and legacy vendor relationships:
|
![]() |
What your account team doesn’t say is equally important as what they do say. For example, an account rep with high influence says, “I can get that for you” vs. “I'll get back to you.” Pay attention to the level of detail in their responses to you – it references how well they are networked within their own organization.
|
|||||||||
![]() |
Effective
|
Ineffective
|
|
A little recognition goes a long way in reinforcing a positive vendor relationship. |
Don’t forget to put the relationship in vendor relationship management – give a simple “Thank you for your support” to the account team from executive management.
An ineffective rep can take your time and attention away from more important activities.
|
“Addressing poor performance is an important aspect of supplier management, but prevention is even more so.” (Logistics Bureau) |
|
|
Qualify the account team as you would the vendor – get to know their background and history. |
Articulate your vendor expectations in writing
Clearly document your expectations via formal rules of engagement for vendor teams in order to outline how they are expected to interact with your business and stakeholders. This can have a positive impact on your vendor and stakeholder relationships and enable you to gain control of:
Include the rules in your RFXs and contracts to formalize your expectations. See the Vendor Rules of Engagement template included with this research. Download the Vendor Rules of Engagement template |
![]() |
Measure stakeholder feedback to ensure your account team is on target to meet your needs.
![]() Download the Evalu-Rate Your Account Team tool |
|
DO
|
DON'T
|
Upon completion of this blueprint, Guided Implementation, or workshop, your team should have a comprehensive, well-defined, end-to-end approach to evaluating and managing your account team. Leveraging Info-Tech’s industry-proven tools and templates provides your organization with an effective approach to establishing, maintaining, and evaluating your vendor account team; improving your vendor and stakeholder communications; and maintaining control of the client/vendor relationship.
Additionally, your team will have a foundation to execute your vendor management principles. These principles will assist your organization in ensuring you receive the perceived value from the vendor as a result of your vendor account team evaluation process.
Contact your account representative for more information.
“14 Essential Qualities of a Good Salesperson.” Forbes, 5 Oct. 2021. Accessed 11 March 2022.
“149 Eye-Opening Sales Stats to Consider.” Spotio, 30 Oct. 2018. Accessed 11 March 2022.
“35 Sales Representative Interview Questions and Answers.” Indeed, 29 Oct. 2021. Accessed 8 March 2022.
“8 Intelligent Questions for Evaluating Your Sales Reps Performance” Inc., 16 Aug. 2016. Accessed 9 March 2022.
Altschuler, Max. “Reality Check: You’re Probably A Bad Salesperson If You Possess Any Of These 11 Qualities.” Sales Hacker, 9 Jan. 2018. Accessed 4 May 2022.
Bertuzzi, Matt. “Account Executive Data Points in the SaaS Marketplace.” Treeline, April 12, 2017. Accessed 9 March 2022. “Appreciation Letter to Vendor – Example, Sample & Writing Tips.” Letters.org, 10 Jan. 2020. Web.
D’Entremont, Lauren. “Are Your Sales Reps Sabotaging Your Customer Success Without Realizing It?” Proposify, 4 Dec. 2018. Accessed 7 March 2022.
Freedman, Max. “14 Important Traits of Successful Salespeople.” Business News Daily, 14 April 2022. Accessed 10 April 2022.
Hansen, Drew. “6 Tips For Hiring Your Next Sales All-Star.” Forbes, 16 Oct. 2012. Web.
Hulland, Ryan. “Getting Along with Your Vendors.” MonMan, 12 March 2014. Accessed 9 March 2022.
Lawrence, Jess. “Talking to Vendors: 10 quick tips for getting it right.” Turbine, 30 Oct. 2018. Accessed 11 March 2022.
Lucero, Karrie. “Sales Turnover Statistics You Need To Know.” Xactly, 24 Aug. 2021. Accessed 9 March 2022.
Noyes, Jesse. “4 Qualities to Look For in Your Supplier Sales Representative.” QSR, Nov. 2017. Accessed 9 March 2022.
O’Byrne, Rob. “How To Address Chronic Poor Supplier Performance.” Logistics Bureau, 26 July 2016. Accessed 4 May 2022.
O'Brien, Jonathan. Supplier Relationship Management: Unlocking the Hidden Value in Your Supply Base. Kogan Page, 2014.
Short, Alex. “Three Things You Should Consider to Become A Customer of Choice.” Vizibl, 29 Oct. 2021. Web.
Wayshak, Marc. “18 New Sales Statistics for 2022 from Our Groundbreaking Study!” Sales Insights Lab, 28 March 2022. Web.
“What Does a Good Customer Experience Look Like In Technology?” Virtual Systems, 23 June 2021. Accessed 10 March 2022.
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Produce a prioritized list of high-demand infrastructure services.
Design workflows and create the first draft of the infrastructure services playbook.
Build a service rate sheet to track costs and develop better service capabilities.
Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.
Define and prioritize infrastructure services.
Identify candidate services for the Playbook.
1.1 Define the services you own.
1.2 Prioritize infrastructure services.
Affinity map of infrastructure services
Service pain points and root causes
A list of high-demand infrastructure services
Build workflows and an infrastructure services playbook.
Produce a draft infrastructure services playbook.
2.1 Design workflow for service delivery.
2.2 Add steps and requirements to the Services Playbook.
Documented service workflows
Infrastructure Services Playbook
Identify costs and mature service delivery capabilities.
Build an infrastructure service rate sheet.
Define next steps for infrastructure service capabilities.
3.1 Optimize infrastructure cost estimates.
3.2 Mature your I&O organization into a service broker.
Service Rate Sheet
Master list of infrastructure services
Action plan for Playbook implementation
"Managing a hybrid infrastructure environment is challenge enough. Add to this the pressure on IT Operations to deliver services faster and more continuously – it’s a recipe for boondoggle deployments, overcommitted staff, end-user frustration, and operational gridlock.
It’s not every service you provide that causes problems, so prioritize a few in-demand, painful services. Build and maintain durable, flexible processes that enable your team to provide consistent, repeatable services at a standard cost. Identify opportunities to improve service delivery.
You’ll save the business time and money and your own team significant grief." (Andrew Sharp, Research Manager, Infrastructure & Operations, Info-Tech Research Group)
In this blueprint, the first step will be to document infrastructure services to:
![]() |
Example:Create a new server resource in a virtual environment vs. public cloudIn a virtualized environment, provisioning processes can still be relatively siloed. In a software-defined environment, many steps require knowledge across the infrastructure stack. Better documentation will help your team deliver services outside their area of specialty. |
![]() |
Server is live |
Server is live |
The purpose behind DevOps is to reduce friction and deliver faster, more continuous, more automated services through the use of cross-functional teams.
DevOps: bridging Applications Development and Infrastructure & Operations by embracing a culture, practices, and tools born out of Lean and Agile methodologies.
"The bar has been raised for delivering technology products and services – what was good enough in previous decades is not good enough now." (Kim, Humble, Debois, Willis (2016))
Crawl
|
Walk
|
Run
|
![]() |
Demand for infrastructure services is usually driven by external requests or operational requirements. Prioritize services based on criticality, durability, frequency, availability, and urgency requirements.
Building and deploying toolsets is taking a long time | ||
Start
|
Stop
|
Continue
|
Cross-silo knowledge is needed: In a software-defined environment, building and launching a new server requires knowledge across the stack.
Server is live
Infrastructure & Operations are bound by two metrics:
Because tracking cost is integral to efficiency, cost and budget management, by proxy, is one of the most important Infrastructure & Operations metrics.
Cost management is not a numbers game. It is an indicator of how well infrastructure is managed.
Use Info-Tech’s methodology to get value faster from your infrastructure services playbook.
Phases |
Phase 1: Define and prioritize infrastructure services | Phase 2: Build the infrastructure services playbook | Phase 3: Identify costs and mature service delivery capabilities |
Steps |
1.1 Define the services you own | 2.1 Design workflows for service delivery | 3.1 Estimate infrastructure service costs |
1.2 Prioritize infrastructure services | 2.2 Add steps and requirements to the services playbook | 3.2 Mature your I&O organization into a service broker | |
Tools & Templates |
Infrastructure Services Playbook | Infrastructure Service Workflows | Service Rate Sheet |
Use these icons to help guide you through each step of the blueprint and direct you to content related to the recommended activities.
This icon denotes a slide where a supporting Info-Tech tool or template will help you perform the activity or step associated with the slide. Refer to the supporting tool or template to get the best results and proceed to the next step of the project.
This icon denotes a slide with an associated activity. The activity can be performed either as part of your project or with the support of Info-Tech team members, who will come onsite to facilitate a workshop for your organization.
DIY Toolkit |
Guided Implementation |
Workshop |
Consulting |
"Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful." | "Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track." | "We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place." | "Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project." |
Scoping (Call 1) Scope requirements, objectives, and stakeholders. Review the playbook toolset and methodology, and establish fit-for-need. |
Identify Services (Call 2) Brainstorm common infrastructure services your group provides. Consolidate the list and identify priority services. |
Create Service Workflows (Calls 3-4) Build Visio workflows for 2-3 priority services. |
Populate the Playbook (Calls 4-5) Add data to the playbook based on infrastructure service workflows |
Create a Rate Sheet for Costs (Call 6) Build a rate sheet that allows you to calculate costs for additional |
Your Guided Implementation will pair you with an advisor from our analyst team for the duration of your infrastructure services project.
Module 1 (Day 1) |
Module 1 (Day 1) |
Module 1 (Day 1) |
Offsite deliverables wrap-up (Day 5) | |
Activities | Define and Prioritize Infrastructure Services1.1 Assess current maturity of services and standardization processes. 1.2 Identify, group, and break out important infrastructure services. 1.3 Define service delivery pain points and perform root-cause analysis. 1.4 Prioritize services based on demand criteria. |
Build the Infrastructure Services Playbook2.1 Determine criteria for standard versus custom services. 2.2 Document standard workflows for better alignment and consistent delivery. 2.3 Build a flowchart for the identified high-demand service(s). 2.4 Outline information as it relates to the service lifecycle in the Playbook template. |
Identify Costs and Mature Service Delivery Capabilities4.1 Gather information for the rate sheet. 4.2 Choose an allocation method for overhead costs. 4.3 Select the right approach in the crawl, walk, run model for your organization. 4.4 Discuss the promotion plan and target revision dates for playbook and rate sheet. |
|
Deliverables |
|
|
|
PHASE 1 Define and prioritize infrastructure services |
1.1 Define the services you own |
1.2 Prioritize infrastructure services |
IT infrastructure & operations teams deliver services that fulfil requests, support projects, resolve problems, and operate systems.
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Even in a highly tool-centric view, it is the appreciation of DevOps core principles that will determine your success in implementing its practices.
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Understand the current state of your software delivery process and categorize existing challenges in it.
Brainstorm solutions using Info-Tech Research Group’s MATURE framework.
Identify metrics that are insightful and valuable. Determine tools that can help with DevOps practices implementation.
Lay out a schedule for enhancements for your software process to make it ready for DevOps.
Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.
Set the context for improvement.
Provide a great foundation for an actionable vision and goals that people can align to.
1.1 Review the outcome of the DevOps Readiness Survey.
1.2 Articulate the current-state delivery process.
1.3 Categorize existing challenges using PEAS.
Baseline assessment of the organization’s readiness for introducing DevOps principles in its delivery process
A categorized list of challenges currently evident in the delivery process
Brainstorm solutions using the MATURE framework.
Collaborative list of solutions to challenges that are restricting/may restrict adoption of DevOps in your organization.
2.1 Brainstorm solutions for identified challenges.
2.2 Understand different DevOps topologies within the context of strong communication and collaboration.
A list of solutions that will enhance the current delivery process into one which is influenced by DevOps principles
(Optional) Identify a team topology that works for your organization.
Select metrics and tools for your DevOps-inspired delivery pipeline.
Enable your team to select the right metrics and tool chain that support the implementation of DevOps practices.
3.1 Identify metrics that are sensible and provide meaningful insights into your organization’s DevOps transition.
3.2 Determine the set of tools that satisfy enterprise standards and can be used to implement DevOps practices.
3.3 (Optional) Assess DevOps pipeline maturity.
A list of metrics that will assist in measuring the progress of your organization’s DevOps transition
A list of tools that meet enterprise standards and enhance delivery processes
Build a plan laying out the work needed to be done for implementing the necessary changes to your organization.
Roadmap of steps to take in the coming future.
4.1 Create a roadmap for future-state delivery process.
Roadmap for future-state delivery process
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Select the top automation candidates to score some quick wins.
Map and optimize process flows for each task you wish to automate.
Build a process around managing IT automation to drive value over the long term.
Build a long-term roadmap to enhance your organization's automation capabilities.
Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.
Identify top candidates for automation.
Plan to achieve quick wins with automation for early value.
1.1 Identify MRW pain points.
1.2 Drill down pain points into tasks.
1.3 Estimate the MRW involved in each task.
1.4 Rank the tasks based on value and ease.
1.5 Select top candidates and define metrics.
1.6 Draft project charters.
MRW pain points
MRW tasks
Estimate of MRW involved in each task
Ranking of tasks for suitability for automation
Top candidates for automation & success metrics
Project charter(s)
Map and optimize the process flow of the top candidate(s).
Requirements for automation of the top task(s).
2.1 Map process flows.
2.2 Review and optimize process flows.
2.3 Clarify logic and finalize future-state process flows.
Current-state process flows
Optimized process flows
Future-state process flows with complete logic
Develop a lightweight process for rolling out automation and for managing the automation program.
Ability to measure and to demonstrate success of each task automation, and of the program as a whole.
3.1 Kick off your test plan for each automation.
3.2 Define process for automation rollout.
3.3 Define process to manage your automation program.
3.4 Define metrics to measure success of your automation program.
Test plan considerations
Automation rollout process
Automation program management process
Automation program metrics
Build a roadmap to enhance automation capabilities.
A clear timeline of initiatives that will drive improvement in the automation program to reduce MRW.
4.1 Build a roadmap for next steps.
IT automation roadmap
Automation can be very, very good, or very, very bad.
Do it right, and you can make your life a whole lot easier.
Do it wrong, and you can suffer some serious pain.
All too often, automation is deployed willy-nilly, without regard to the overall systems or business processes in which it lives.
IT professionals should follow a disciplined and consistent approach to automation to ensure that they maximize its value for their organization.
Derek Shank,
Research Analyst, Infrastructure & Operations
Info-Tech Research Group
Follow our methodology to focus IT automation on reducing toil.
Queues create waste and are extremely damaging. Like a tire fire, once you get started, they’re almost impossible to stamp out!
(Source: Edwards, citing Donald G. Reinersten: The Principles of Product Development Flow: Second Generation Lean Product Development )
Every additional layer of complexity multiplies points of failure. Beyond a certain level of complexity, troubleshooting can become a nightmare.
Today, Operations is responsible for the outcomes of a full stack of a very complex, software-defined, API-enabled system running on infrastructure they may or may not own.
– Edwards
The systems built under each new technology paradigm never fully replace the systems built under the old paradigms. It’s not uncommon for an enterprise to have an accumulation of systems built over 10-15 years and have no budget, risk appetite, or even a viable path to replace them all. With each shift, who bares [SIC] the brunt of the responsibility for making sure the old and the new hang together? Operations, of course. With each new advance, Operations juggles more complexity and more layers of legacy technologies than ever before.
– Edwards
Personnel resources in most IT organizations overlap heavily between “build” and “run.”
Some CIOs see a Sys Admin and want to replace them with a Roomba. I see a Sys Admin and want to build them an Iron Man suit.
– Deepak Giridharagopal, CTO, Puppet
When we automate, we can make sure we do something the same way every time and produce a consistent result.
We can design an automated execution that will ship logs that provide the context of the action for a detailed audit trail.
Because the C-suite relies on upwards communication — often filtered and sanitized by the time it reaches them — executives don’t see the bottlenecks and broken processes that are stalling progress.
– Andi Mann
To get the full ROI on your automation, you need to treat it like an employee. When you hire an employee, you invest in that person. You spend time and resources training and nurturing new employees so they can reach their full potential. The investment in a new employee is no different than your investment in automation.– Edwards
Example of How to Estimate Dollar Value Impact of Automation | |||
---|---|---|---|
Metric | Timeline | Target | Value |
Hours of manual repetitive work | 12 months | 20% reduction | $48,000/yr.(1) |
Hours of project capacity | 18 months | 30% increase | $108,000/yr.(2) |
Downtime caused by errors | 6 months | 50% reduction | $62,500/yr.(3) |
1 15 FTEs x 80k/yr.; 20% of time on MRW, reduced by 20%
2 15 FTEs x 80k/yr.; 30% project capacity, increased by 30%
3 25k/hr. of downtime.; 5 hours per year of downtime caused by errors
Industry Financial Services
Source Interview
An IT infrastructure manager had established DR failover procedures, but these required a lot of manual work to execute. His team lacked the expertise to build automation for the failover.
The manager hired consultants to build scripts that would execute portions of the failover and pause at certain points to report on outcomes and ask the human operator whether to proceed with the next step.
The infrastructure team reduced their achievable RTOs as follows:
Tier 1: 2.5h → 0.5h
Tier 2: 4h → 1.5h
Tier 3: 8h → 2.5h
And now, anyone on the team could execute the entire failover!
“Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful.”
“Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track.”
“We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place.”
“Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project.”
1. Select Candidates | 2. Map Process Flows | 3. Build Process | 4. Build Roadmap | |
---|---|---|---|---|
Best-Practice Toolkit |
1.1 Identify MRW pain points 1.2 Drill down pain points into tasks 1.3 Estimate the MRW involved in each task 1.4 Rank the tasks based on value and ease 1.5 Select top candidates and define metrics 1.6 Draft project charters |
2.1 Map process flows 2.2 Review and optimize process flows 2.3 Clarify logic and finalize future-state process flows |
3.1 Kick off your test plan for each automation 3.2 Define process for automation rollout 3.3 Define process to manage your automation program 3.4 Define metrics to measure success of your automation program |
4.1 Build automation roadmap |
Guided Implementations |
Introduce methodology. Review automation candidates. Review success metrics. |
Review process flows. Review end-to-end process flows. |
Review testing considerations. Review automation SDLC. Review automation program metrics. |
Review automation roadmap. |
Onsite Workshop | Module 1: Identify Automation Candidates |
Module 2: Map and Optimize Processes |
Module 3: Build a Process for Managing Automation |
Module 4: Build Automation Roadmap |
Phase 1 Results: Automation candidates and success metrics |
Phase 2 Results: End-to-end process flows for automation |
Phase 3 Results: Automation SDLC process, and automation program management process |
Phase 4 Results: Automation roadmap |
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Data should be at the foundation of your organization’s evolution. The transformational insights that executives and decision makers are constantly seeking to leverage can be unlocked with a data strategy that makes high-quality, trusted, and relevant data readily available to the users who need it.
This template will help you gather insights around stakeholder business goals and objectives, current data consumption practices, the types or domains of data that are important to them in supporting their business capabilities and initiatives, the challenges they face, and opportunities for data from their perspective.
Data strategy optimization anchored in a value proposition will ensure that the data strategy focuses on driving the most valuable and critical outcomes in support of the organization’s enterprise strategy. The template will help you facilitate deep-dive sessions with key stakeholders for building use cases that are of demonstrable value not only to their relevant lines of business but also to the wider organization.
Bring data to the C-suite by creating the Chief Data Officer role. This position is designed to bridge the gap between the business and IT by serving as a representative for the organization's data management practices and identifying how the organization can leverage data as a competitive advantage or corporate asset.
Use this template to document and formulate your data strategy. Follow along with the sections of the blueprint Build a Robust and Comprehensive Data Strategy and complete the template as you progress.
Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.
Establish the business context for the business strategy.
Substantiates the “why” of the data strategy.
Highlights the organization’s goals, objectives, and strategic direction the data must align with.
1.1 Data Strategy 101
1.2 Intro to Tech’s Data Strategy Framework
1.3 Data Strategy Value Proposition: Understand stakeholder’s strategic priorities and the alignment with data
1.4 Discuss the importance of vision, mission, and guiding principles of the organization’s data strategy
1.5 Understand the organization’s data culture – discuss Data Culture Survey results
1.6 Examine Core Value Streams of Business Architecture
Business context; strategic drivers
Data strategy guiding principles
Sample vision and mission statements
Data Culture Diagnostic Results Analysis
Build use cases of demonstrable value and understand the current environment.
An understanding of the current maturity level of key capabilities.
Use cases that represent areas of concern and/or high value and therefore need to be addressed.
2.1 Conduct key business stakeholder interviews to initiate the build of high-value business-data cases
Initialized high-value business-data cases
Build out a future state plan that is aimed at filling prioritized gaps and that informs a scalable roadmap for moving forward on treating data as an asset.
A target state plan, formulated with input from key stakeholders, for addressing gaps and for maturing capabilities necessary to strategically manage data.
3.1 Understand the current data environment: data capability assessment
3.2 Understand the current data practice: key data roles, skill sets; operating model, organization structure
3.3 Plan target state data environment and data practice
Data capability assessment and roadmapping tool
Consolidate business and data needs with consideration of external factors as well as internal barriers and enablers to the success of the data strategy. Bring all the outputs together for crafting a robust and comprehensive data strategy.
A consolidated view of business and data needs and the environment in which the data strategy will be operationalized.
An analysis of the feasibility and potential risks to the success of the data strategy.
4.1 Analyze gaps between current- and target-state
4.2 Initiate initiative, milestone and RACI planning
4.3 Working session with Data Strategy Owner
Data Strategy Next Steps Action Plan
Relevant data strategy related templates (example: data practice patterns, data role patterns)
Initialized Data Strategy on-a-Page
"In the dynamic environment in which we operate today, where we are constantly juggling disruptive forces, a well-formulated data strategy will prove to be a key asset in supporting business growth and sustainability, innovation, and transformation.
Your data strategy must align with the organization’s business strategy, and it is foundational to building and fostering an enterprise-wide data-driven culture."
Crystal Singh,
Director – Research and Advisory
Info-Tech Research Group
Formulate a data strategy that stitches all of the pieces together to better position you to unlock the value in your data:
Your data strategy is the vehicle for ensuring data is poised to support your organization’s strategic objectives.
The dynamic marketplace of today requires organizations to be responsive in order to gain or maintain their competitive edge and place in their industry.
Organizations need to have that 360-degree view of what’s going on and what’s likely to happen.
Disruptive forces often lead to changes in business models and require organizations to have a level of adaptability to remain relevant.
To respond, organizations need to make decisions and should be able to turn to their data to gain insights for informing their decisions.
A well-formulated and robust data strategy will ensure that your data investments bring you the returns by meeting your organization’s strategic objectives.
Organizations need to be in a position where they know what’s going on with their stakeholders and anticipate what their stakeholders’ needs are going to be.
Most organizations today will likely have some form of data management in place, supported by some of the common roles such as DBAs and data analysts.
Most will likely have a data architecture that supports some form of reporting.
Some may even have a chief data officer (CDO), a senior executive who has a seat at the C-suite table.
These are all great assets as a starting point BUT without a cohesive data strategy that stitches the pieces together and:
you’re missing the mark – you are not fully leveraging the incredible value of your data.
Cross-industry studies show that on average, less than half of an organization’s structured data is actively used in making decisions
Your data strategy needs to align with your organizational strategy.
Main Organizational Strategic Drivers:
“The companies who will survive and thrive in the future are the ones who will outlearn and out-innovate everyone else. It is no longer ‘survival of the fittest’ but ‘survival of the smartest.’ Data is the element that both inspires and enables this new form of rapid innovation.” – Joel Semeniuk, 2016
The transformational insights that executives are constantly seeking to leverage can be unlocked with a data strategy that makes high-quality, well-integrated, trustworthy, relevant data readily available to the business users who need it.
Whether hoping to gain a better understanding of your business, trying to become an innovator in your industry, or having a compliance and regulatory mandate that needs to be met, any organization can get value from its data through a well-formulated, robust, and cohesive data strategy.
According to a leading North American bank, “More than one petabyte of new data, equivalent to about 1 million gigabytes” is entering the bank’s systems every month. – The Wall Street Journal, 2019
“Although businesses are at many different stages in unlocking the power of data, they share a common conviction that it can make or break an enterprise.”– Jim Love, ITWC CIO and Chief Digital Officer, IT World Canada, 2018
The expression “Data is an asset” or any other similar sentiment has long been heard.
With such hype, you would have expected data to have gotten more attention in the boardrooms. You would have expected to see its value reflected on financial statements as a result of its impact in driving things like acquisition, retention, product and service development and innovation, market growth, stakeholder satisfaction, relationships with partners, and overall strategic success of the organization.
The time has surely come for data to be treated as the asset it is.
“Paradoxically, “data” appear everywhere but on the balance sheet and income statement.”– HBR, 2018
“… data has traditionally been perceived as just one aspect of a technology project; it has not been treated as a corporate asset.”– “5 Essential Components of a Data Strategy,” SAS
According to Anil Chakravarthy, who is the CEO of Informatica and has a strong vantage point on how companies across industries leverage data for better business decisions, “what distinguishes the most successful businesses … is that they have developed the ability to manage data as an asset across the whole enterprise.”– McKinsey & Company, 2019
Data is being touted as the oil of the digital era…
But just like oil, if left unrefined, it cannot really be used.
"Data is the new oil." – Clive Humby, Chief Data Scientist
Source: Joel Semeniuk, 2016
Enter your data strategy.
Data is being perceived as that key strategic asset in your organization for fueling innovation and transformation.
Your data strategy is what allows you to effectively mine, refine, and use this resource.
“The world’s most valuable resource is no longer oil, but data.”– The Economist, 2017
“Modern innovation is now dependent upon this data.”– Joel Semeniuk, 2016
“The better the data, the better the resulting innovation and impact.”– Joel Semeniuk, 2016
Leveraging data as a strategic asset for the benefit of citizens.
Source: Privy Council Office, Government of Canada, 2018
Leveraging data to boost traditional profit and loss levers, find new sources of growth, and deliver the digital bank.
A European bank “turned to machine-learning algorithms that predict which currently active customers are likely to reduce their business with the bank.” The resulting understanding “gave rise to a targeted campaign that reduced churn by 15 percent” (McKinsey & Company, 2017).
A leading Canadian bank has built a marketplace around their data – they have launched a data marketplace where they have productized the bank’s data. They are providing data – as a product – to other units within the bank. These other business units essentially represent internal customers who are leveraging the product, which is data.
Through the use of data and advanced analytics, “a top bank in Asia discovered unsuspected similarities that allowed it to define 15,000 microsegments in its customer base. It then built a next-product-to-buy model that increased the likelihood to buy three times over.” Several sets of big data were explored, including “customer demographics and key characteristics, products held, credit-card statements, transaction and point-of-sale data, online and mobile transfers and payments, and credit-bureau data” (McKinsey & Company, 2017).
Leveraging data and analytics to prevent deadly infections
The fifth-largest health system in the US and the largest hospital provider in California uses a big data and advanced analytics platform to predict potential sepsis cases at the earliest stages, when intervention is most helpful.
Using the Sepsis Bio-Surveillance Program, this hospital provider monitors 120,000 lives per month in 34 hospitals and manages 7,500 patients with potential sepsis per month.
Collecting data from the electronic medical records of all patients in its facilities, the solution uses natural language processing (NLP) and a rules engine to continually monitor factors that could indicate a sepsis infection. In high-probability cases, the system sends an alarm to the primary nurse or physician.
Since implementing the big data and predictive analytics system, this hospital provider has seen a significant improvement in the mortality and the length of stay in ICU for sepsis patients.
At 28 of the hospitals which have been on the program, sepsis mortality rates have dropped an average of 5%.
With patients spending less time in the ICU, cost savings were also realized. This is significant, as sepsis is the costliest condition billed to Medicare, the second costliest billed to Medicaid and the uninsured, and the fourth costliest billed to private insurance.
Source: SAS, 2019
Leveraging data to better understand customer preferences, predict purchasing, drive customer experience, and optimize supply and demand planning.
Netflix is an example of a big brand that uses big data analytics for targeted advertising. With over 100 million subscribers, the company collects large amounts of data. If you are a subscriber, you are likely familiar with their suggestions messages of the next series or movie you should catch up on. These suggestions are based on your past search data and watch data. This data provides Netflix with insights into your interests and preferences for viewing (Mentionlytics, 2018).
“For the retail industry, big data means a greater understanding of consumer shopping habits and how to attract new customers.”– Ron Barasch, Envestnet | Yodlee, 2019
“We’re the converted … We see the value in data. The battle is getting executive teams to see it our way.”– Ted Maulucci, President of SmartONE Solutions Inc. IT World Canada, 2018
Info-Tech’s IT Maturity Ladder denotes the different levels of maturity for an IT department and its different functions. What is the current state of your data management capability?
You are best positioned to successfully execute on a data strategy if you are currently at or above the Trusted Operator level. If you find yourself still at the Unstable or Firefighter stage, your efforts are best spent on ensuring you can fulfill your day-to-day data and data management demands. Improving this capability will help build a strong data management foundation.
“Organizational culture can accelerate the application of analytics, amplify its power, and steer companies away from risky outcomes.”– McKinsey, 2018
Some say it’s the new oil. Or the currency of the new business landscape. Others describe it as the fuel of the digital economy. But we don’t need platitudes — we need real ways to extract the value from our data. – Jim Love, CIO and Chief Digital Officer, IT World Canada, 2018
Our practical step-by-step approach helps you to formulate a data strategy that delivers business value.
“Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful.”
“Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track.”
“We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place.”
“Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project.”
More than at any other time, our world is changing. As a result, organizations – and their vendors – need to be able to adapt their plans to accommodate risk on an unprecedented level.
It is increasingly likely that one of your vendors, or their n-party support vendors, will fall out of regulatory compliance. Therefore, organizations must protect themselves by creating better mechanisms to hold their n-party vendors accountable and validate that they comply.
Vendor management practices educate organizations on the different potential risks from vendors in your market and suggest creative and alternative ways to avoid and help manage them.
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Use this research to identify and quantify the potential regulatory impacts caused by vendors. Use Info-Tech's approach to look at the regulatory impact from various perspectives to better prepare for issues that may arise.
By playing the “what if” game and asking probing questions to draw out – or eliminate – possible negative outcomes, everyone involved adds their insight into parts of the organization to gather a comprehensive picture of potential impacts.
Organizations must understand the regulatory damage vendors may cause from lack of compliance.
![]() |
The sheer number of regulations on the international market is immense, ever-changing, and make it almost impossible for any organization to consistently keep up with compliance. As regulatory enforcement increases, organizations must hold their vendors accountable for compliance through ongoing monitoring and validation of regulatory compliance to the relevant standards in their industries, or face increasing penalties for non-compliance. Frank Sewell, Research Director, Vendor Management Info-Tech Research Group |
Your Challenge |
Common Obstacles |
Info-Tech’s Approach |
---|---|---|
More than at any previous time, our world is changing rapidly. As a result, organizations – and their vendors – need to be able to adapt their plans to accommodate risk on an unprecedented level. It is increasingly likely that one of your vendors, or their n-party support vendors, will fall out of regulatory compliance. Organizations must protect themselves by creating better mechanisms to hold their n-party vendors accountable and validate that they comply. |
Identifying and managing a vendor’s potential regulatory impact on your organization requires multiple people in the organization across several functions. Those people all need coaching on the potential changes in the market and how these changes may affect operations. Organizational leadership is often taken unaware by changes, and their plans lack the flexibility to adjust to significant regulatory upheavals. |
Vendor management practices educate organizations on the different potential risks from vendors in your market and suggest creative and alternative ways to avoid and help manage them. Prioritize and classify your vendors with quantifiable, standardized rankings. Prioritize focus on your high-risk vendors. Standardize your processes for identifying and monitoring vendor risks with our Regulatory Risk Impact Tool to manage potential impacts. |
Info-Tech Insight
Organizations must evolve their risk assessments to be more adaptive to respond to regulatory changes in the global market. Ongoing monitoring of the vendors who must comply with industry and governmental regulations is crucial to avoiding penalties and maintaining your regulatory compliance.
This series will focus on the individual components of vendor risk and how vendor management practices can facilitate organizations’ understanding of those risks.
Out of Scope:
This series will not tackle risk governance, determining overall risk tolerance and appetite, or quantifying inherent risk.
The IT market is constantly reacting to global influences. By anticipating changes, leaders can set expectations and work with their vendors to accommodate them and avoid penalties.
When the unexpected happens, being able to adapt quickly to new priorities and regulations ensures continued long-term business success.
Below are some things no one expected to happen in the last few years:
45% Have no visibility into their upstream supply chain, or they can only see as far as their first-tier suppliers. 2022 McKinsey |
61% Of compliance officers expect to increase investment in their compliance function over the next two years. 2022 Accenture |
$770k+ Breaches involving third-party vendors cost more on average. 2022 HIT Consultant.net |
Consider implementing vendor management initiatives and practices in your organization to help gain compliance with your expanding vendor landscape.
Your organizational risks may be monitored but are your n-party vendors?
Review your expectations with your vendors and hold them accountable.
Regulatory entities are looking beyond your organization’s internal compliance these days. More and more they are diving into your third-party and downstream relationships, particularly as awareness of downstream breaches increases globally.
Are you confident your vendors meet your standards?
Environmental, Social, Governance (ESG)
Regulatory agencies are putting more enforcement on ESG practices across the globe. As a result, organizations will need to monitor the changing regulations and validate that their vendors and n-party support vendors are adhering to these regulations, or face penalties for non-compliance.
Data Protection
Data Protection remains an issue in the world. Organizations should ensure that the data their vendors obtain remains protected throughout the vendor’s lifecycle, including post-termination. Otherwise, they could be monitoring for a data breach in perpetuity.
Mergers and Acquisitions
More prominent vendors continuously buy smaller companies to control the market in the IT industry. Therefore, organizations should put protections in their contracts to ensure that an IT vendor’s acquisition does not put them in a relationship with someone that could cause them an issue.
(Adapted from COSO)
Understand the organization’s regulatory risks to prepare for the “What If” game exercise.
Play the “What If” game with the right people at the table.
Pull all the information together in a presentation document.
Work with leadership to ensure that the proposed risks are in line with their thoughts.
Lower the overall risk potential by putting mitigations in place.
It is important not only to have a plan but also to socialize it in the organization for awareness.
Once the plan is finalized and socialized, put it in place with continued monitoring for success.
Regulatory risk impacts often come from unexpected places and have significant consequences. Knowing who your vendors are using for their support and supply chain could be crucial in eliminating the risk of non-compliance for your organization. Having a plan to identify and validate the regulatory compliance of your vendors is a must for any organization, to avoid penalties.
Insight 1 |
Organizations fail to plan for vendor acquisitions appropriately. Vendors routinely get acquired in the IT space. Does your organization have appropriate safeguards from inadvertently entering a negative relationship? Do you have plans around replacing critical vendors purchased in such a manner? |
Insight 2 |
Organizations often fail to understand how n-party vendors could place them in non-compliance. Even if you know your complete third-party vendor landscape, you may not be aware of the downstream vendors in play. Ensure that you get visibility into this space as well and hold your direct vendors accountable for the actions of their vendors. |
Insight 3 |
Organizations need to know where their data lives and ensure it is protected. Make sure you know which vendors are accessing/storing your data, where they are keeping it, and that you can get it back and have the vendors destroy it when the relationship is over. Without adequate protection throughout the lifecycle of the vendor, you could be monitoring for breaches in perpetuity. |
See the blueprint Build an IT Risk Management Program
Review your risk management plans for new risks on a regular basis.
Keep in mind Risk = Likelihood x Impact (R=L*I).
Impact (I) tends to remain the same, while Likelihood (L) is becoming closer to 100% as threat actors become more prevalent
Organizations must review their regulatory risk appetite and tolerance levels, considering their complete landscape.
Changing regulations, acquisitions, and events that affect global supply chains are current realities, not unlikely scenarios.
Sometimes disasters occur despite our best plans to manage them.
When this happens, it is important to document the lessons learned and update our plans.
1-3 hours
Vendor management professionals are in an excellent position to help senior leadership identify and pull together resources across the organization to determine potential risks. By playing the "what if" game and asking probing questions to draw out – or eliminate – possible adverse outcomes, everyone involved adds their insight into parts of the organization to gather a comprehensive picture of potential impacts.
Input | Output |
---|---|
|
|
Materials | Participants |
|
|
How to mitigate:
Contractually insist that the vendor have a third-party security audit performed annually, with the stipulation that they will not denigrate below your acceptable standards.
Note: Even though a few items are “scored” they have not been added to the overall weight, signaling that the company has noted but does not necessarily hold them against the vendor.
Keeping up with the ever-changing regulations can make compliance a difficult task.
Organizations should increase the resources dedicated to monitoring these regulations as agencies continue to hold them more accountable.
Identify and Manage Financial Risk Impacts on Your Organization
Identify and Manage Reputational Risk Impacts on Your Organization
Identify and Manage Strategic Risk Impacts on Your Organization
Info-Tech Insight
It is easier for prospective clients to find out what you did wrong than that you fixed the issue.
Alicke, Knut, et al. "Taking the pulse of shifting supply chains", McKinsey & Company, August 26th 2022. Accessed October 31st
Regan, Samantha, et al. "Can compliance keep up with warp-speed Change?", accenture, May 18th 2022. Accessed Oct 31st 2022.
Feria, Nathalie, and Rosenberg, Daniel. "Mitigating Healthcare Cyber Risk Through Vendor Management", HIT Consultant, October 17th 2022. Accessed Oct 31st 2022.
Tonello, Matteo. “Strategic Risk Management: A Primer for Directors.” Harvard Law School Forum on Corporate Governance, 23 Aug. 2012.
Frigo, Mark L., and Richard J. Anderson. “Embracing Enterprise Risk Management: Practical Approaches for Getting Started.” COSO, 2011.
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Our concise executive brief explains to you the challenges associated with the organizational redesign. We'll show you our methodology and the ways we can help you in completing this.
The design principles will govern your organizational redesign; Align the principles with your business strategy.
Your operating model must account for the company's nuances and culture.
Go from an operating model to the structure fit for your company.
Change does not come easy. People will be anxious. Craft your communications to address critical concerns and obtain buy-in from the organization. If the reorganization will be painful, be up-front on that, and limit the time in which people are uncertain.
Do you seek an external expert to help you prepare for a thorough IT audit of your company? Tymans Group serves as a consulting company with extensive expertise in helping small and medium enterprises. Read on and learn more about how our consulting firm can help your company with an external IT audit.
Regularly preparing for an IT audit of your company with the help of of an experienced consultancy company like Tymans Group is a great way to discover any weaknesses within your IT and data security management systems, as well as your applications and data architecture, before the real audits by your regulator happen After all, you can only tackle any possible issues when you know their exact nature and origin. Additionally, the sooner you are aware of any security threats in your company thanks to an external audit, the smaller the chances outside forces will be able to take advantage of these threats to harm your business.
Embed security thinking through aligning your security strategy to business goals and values
If you hire our consultancy firm to prepare for an external IT audit in your firm, our guides will allow you to thoroughly analyze your systems and protocols to discover flaws and threats. Based on this analysis, your firm will receive concrete advice and practical solutions on dealing with the findings of in advance of an external audit. Besides identifying threats, the findings of will also offer your business insights in possible optimizations and processes which could benefit from automation. As such, you benefit from our consultancy company’s extensive experience in corporate security management and IT.
If you hire our consulting company to help you prepare for an IT audit of your firm, you will receive guides that enable you to make a critical analysis of your IT security, as well as practical solutions based on our holistic approach. We are happy to tell you more about our services for small and medium business and to offer insights into any issues you may be facing. Our help is available offline and online, through one-hour talks with our expert Gert Taeymans. Contact us to set up an appointment online or on-site now.
With COVID-19's rapid spread through populations, governments are looking for technology tools that can augment the efforts of manual contact tracing processes. How the system is designed is crucial to a positive outcome.
Mobile contact tracing apps that use a decentralized design approach will be the most likely to be adopted by a wide swath of the population.
There are some key considerations to realize from the way different governments are approaching contact tracing:
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
This research focuses on verified digital identity ecosystems and explores risks, opportunities, and challenges of relying on verified digital IDs and also how adopting digital identity initiatives can improve customer experience and operational efficiency. It covers:
Your Challenge |
Common Obstacles |
Info-Tech’s Approach |
---|---|---|
Amid the pandemic-fueled surge of online services, organizations require secure solutions to safeguard digital interactions. These solutions must be uniform, interoperable, and fortified against security threats. Although the digital identity ecosystem has garnered significant attention and investment, many organizations remain uncertain about its potential for authentication and authorization required for B2B and B2C transactions. They still wonder if digital ID can help reduce cost of operations and transfer data risks. |
Limited or lack of understanding of the global Digital ID ecosystem and its varying approaches across countries handicap businesses in defining the potential benefits Digital ID can bring to customer interactions and overall business management. In addition, key obstacles exist in balancing customer privacy (including the right to be forgotten), data security, and regulatory requirements while pursuing desired end-user experience and high customer adoption. |
Digital ID has many dimensions, and its ecosystem's sustainability lies in the key principles it is built on. Understanding the digital identity ecosystem and its responsibilities is crucial to formulate an approach to adopt it. Also, focusing on key success factors drives digital ID adoption. Before embarking on the digital identity adoption journey, it is essential to assess your readiness. It is also necessary to understand the risks and challenges. Specific steps to digital ID adoption can help realize the potential of digital identity and enhance the customers' experience. |
Info-Tech Insight
Focusing on customer touchpoints and transforming them is key to excellent user experience and increasing their lifetime value (LTV) to them and to your organization. Digital ID is that tool of transformation.
Manish Jain Principal Research Director |
“I just believed. I believed that the technology would change people's lives. I believed putting real identity online - putting technology behind real identity - was the missing link.” - Sheryl Sandberg (Brockes, Emma. “Facebook’s Sheryl Sandberg: who are you calling bossy?” The Guardian, 5 April 2014)Sometimes dismissed as mere marketing gimmicks, digital identity initiatives are anything but. While some argue that any online credential is a "Digital ID," rendering the hype around it pointless, the truth is that a properly built digital ID ecosystem has the power to transform laggard economies into global digital powerhouses. Moreover, digital IDs can help businesses transfer some of their cybersecurity risks and unlock new revenue channels by enabling a foundation for secure and efficient value delivery. In addition, digital identity is crucial for digital and financial inclusion, simplifying onboarding processes and opening up new opportunities for previously underserved populations. For example, in India, the Aadhaar digital ID ecosystem brought over 481 million1 people into the formal economy by enabling access to financial services. Similarly, in Indonesia, the e-KIP digital ID program paved the way for 10 million new bank accounts, 94% of which were for women2. However, digital identity initiatives also come with valid concerns, such as the risk of a single point of failure and the potential to widen the digital divide. This research focuses on the verified digital identity ecosystem, exploring the risks, opportunities, and challenges organizations face relying on these verified digital IDs to know their customers before delivering value. By understanding and adopting digital identity initiatives, organizations can unlock their full potential and provide a seamless customer experience while ensuring operational efficiency. 1 India Aadhaar PMJDY (https://pmjdy.gov.in/account)2 Women’s World Banking, 2020. |
“Digital identity (ID) is a set of attributes that links a physical person with their online interactions. Digital ID refers to one’s online persona - an online footprint. It touches important aspects of one’s everyday life, from financial services to health care and beyond.” - DIACC Canada
“Digital identity is a digital representation of a person. It enables them to prove who they are during interactions and transactions. They can use it online or in person.” - UK Digital Identity and Attributes Trust Framework
“Digital identity is an electronic representation of an entity (person or other entity such as a business) and it allows people and other entities to be recognized online.” - Australia Trusted Digital Identity Framework
A digital identity is primarily an electronic form of identity representing an entity uniquely , while abstracting all other identity attributes of the entity. In addition to an electronic form, it may also exist in a physical form (identity certificate), linked through an identifier representing the same entity.
Trust
|
Subject
|
Usability
|
Provider
|
Jurisdiction
|
Form
|
Governance
|
Expiry
|
Usage Mode
|
Purpose
|
Info-Tech Insight
Digital ID has taken different meanings for different people, serving different purposes in different environments. Based on various aspects of Digital Identification, it can be categorized in several types. However, most of the time when people refer to a form of identification as Digital ID, they refer to a verified id with built-in trust either from the government OR the eco-system.
Info-Tech Insight
Digital identity ecosystems comprise many entities playing different roles, and sometimes more than one. In addition, variations in approach by jurisdictions drive how many active players are in the ecosystem for that jurisdiction.
For example, in countries like Estonia and India, government plays the role of trust and governance authority as well as ID provider, but didn’t start with any Digital ID wallet. In contrast, in Ukraine, Diia App is primarily a Digital ID Wallet. Similarly, in the US, different states are adopting private Digital ID Wallet providers like Apple.
Social, economic, and legal alignment with target stakeholders
Transparent governance and operation
Legally auditable and enforceable
Robust and Resilient – High availability
Security – At rest, in progress, and in transit
Privacy and Control with users
Omni-channel Convenience – User and Operations
Minimum data transfer between entities
Technical interoperability enabled through open standards and protocol
Scalable and interoperable at policy level
Cost effective – User and operations
Inclusive and accessible
Info-Tech Insight
A transparent, resilient, and auditable digital ID system must be aligned with socio-economic realities of the target stakeholders. It not only respects their privacy and security of their data by minimizing the data transfer between entities, but also drives desired customer experience by providing an omni-channel, interoperable, scalable, and inclusive ecosystem while still being cost-effective for the collaborators.
Digital ID success factors
Legislative regulatory framework – Removes uncertainty
Security & Privacy Assurance- builds trust
Smooth user experience – Drives preferences
Transparent ecosystem – Drives inclusivity
Multi-channel – Drive consistent experience online / offline
Inter-operability thorough open standards
Digital literacy – Education and awareness
Multi-purpose & reusable – Reduce consumer burden
Collaborative ecosystem –Build network effect
Info-Tech Insight
Driving adoption of Digital ID requires affirmative actions from all ecosystem players including governing authorities, identity providers, and identity consumers (relying parties).
These nine success factors can help drive sustainable adoption of the Digital ID.
|
![]() |
|
Info-Tech Insight
The world became global a long time ago; however, it sustained economic progress without digital IDs for most of the world's population.
With the pandemic, when political rhetoric pointed to the demand for localized supply chains, economies became irreversibly digital. In this digital economy, the digital ID ecosystem is the fulcrum of sustainable growth.
At a time in overlapping jurisdictions, multiple digital IDs can exist. For example, one is issued by a local municipality, one by the province, and another by the national government.
Info-Tech Insight
Countries’ approach to the digital ID is rooted in their socio-economic environment and global aspirations.
Emerging economies with large underserved populations prioritize fast implementation of digital ID through centralized systems.
Developed economies with smaller populations, low trust in government, and established ID systems prioritize developing trust frameworks to drive decentralized full-scale implementation.
There is no right way except the one which follows Digital ID principles and aligns with a country’s and its people’s aspirations.
|
|
Uniqueness Estonia pioneered the digital ID implementation with a centralized approach and later transitioned to a decentralized ecosystem driving trust to attract non-citizens into Estonia’s digital economy. |
99% Of Estonian residents have an ID card enabling use of electronic ID 1.4 B Digital signatures given (2021) 99% Public Services available as e-Services 17K+ Productive years saved (five working days/citizen/year saved accessing public services) 25K E-resident companies contributed more than €32 million in tax *Source: https://e-estonia.com/wp-content/uploads/e-estonia-211022_eng.pdf ; |
|
| 1.36B People enrolled 80% Beneficiaries feel Aadhaar has made PDS, employment guarantee and social pensions more reliable 91.6% Are very satisfied or somewhat satisfied with Aadhaar 14B eKYC transactions done by 218 eKYC authentication agencies (KUA) Source: https://uidai.gov.in/aadhaar_dashboard/india.php; https://www.stateofaadhaar.in/ | Uniqueness “The Aadhaar digital identity system could reduce onboarding costs for Indian firms from 1,500 rupees to as low as an estimated 10 rupees.” -World Bank Report on Private Sector Impacts from ID With lack of public trust in private sector, government brought in private sector executives in public ecosystem to lead the largest identity program globally and build the India stack to leverage the power of Digital Identity. |
Regulatory Accountability and Operational Governance: Ministry of Digital Transformation. Identity provider: Federated govt. agencies. Digital identity form: Diia App & Portal as a digital wallet for all IDs including digital driving license. |
| 18.5M People downloaded the Diia app. 14 Digital IDs provided by other ID providers are available through Diia. 70 Government services are available through Diia. ~1M Private Entrepreneurs used Diia to register their companies. 1300 Tons of paper estimated to be saved by reducing paper applications for new IDs and replacements. Source:
| Uniqueness “One of the reasons for the Diia App's popularity is its focus on user experience. In September 2022, the Diia App simplified 25 public services and digitized 16 documents. The Ministry of Digital Transformation aims to make 100% of all public services available online by 2024.” - Vladyslava Aleksenko Project Lead—digital Identity, Ukraine |
|
| ![]() | 82% People supportive of Digital ID. 2/3 Canadians prefer public-private partnership for Pan-Canadian digital ID framework. >40% Canadians prefer completing various tasks and transactions digitally. 75% Canadians are willing to share personal information for better experience. >80% Trust government, healthcare providers, and financial institutions with their personal information. Source: DIACC Survey 2021 | Uniqueness Although a few provinces in Canada started their Digital ID journey already, federally, Canada lacked an approach. Now Canada is developing a federated Digital ID ecosystem driven through the Pan-Canadian Trust Framework (PCTF) led by a non-profit (DIACC) formed with public and private partnership. |
| 8.6M People using myGovID by Jun-2022 117 Services accessible through Digital Id System
| Uniqueness Australia started its journey of Digital ID with a centralized Digital ID ecosystem. However, now it preparing to transition to a centrally governed Trust framework-based ecosystem expanding to private sector. |
| ![]() | Uniqueness UK embarked its Digital ID journey through Gov.UK Verify but decided to scrap it recently. It is now preparing to build a trust framework-based federated digital ID ecosystem with roles like schema-owners and orchestration service providers for private sector and drive the collaboration between industry players. |
Cross Industry |
Financial Services |
Insurance |
E-governance |
Healthcare & Lifesciences |
Travel and Tourism |
E-Commerce |
|
|
|
|
|
|
|
INDUSTRY: Travel & Tourism
Source: Info-Tech Research Group
Challenge |
Solution |
Results |
---|---|---|
Verifying the driver’s license (DL) is the first step a car rental company takes before handing over the keys. While the rental company only need to know the validity of the DL and if it belongs to the presenter, is bears the liability of much more data presented to them through the DL. For customers, it is impossible to rent a car if they forget their DL. If the customer has their driver’s license, they compromise their privacy and security as they hand over their license to the representative. The process is not only time consuming, it also creates unnecessary risks to both the business and the renter. |
A digital id-based rental process allows the renter to present the digital id online or in person. As the customer approaches the car rental they present their digital id on the mobile app, which has already authenticated the presenter though the biometrics or other credentials. The customer selects the purpose of the business as “Car Rental”, and only the customer’s name, photo, and validity of the DL appear on the screen for the representative to see (selective disclosures). If the car pick-up is online, only this information is shared with the car rental company, which in turn shares the car and key location with the renter. |
A digital identity-based identity verification can ensure a rental company has access to the minimum data it needs to comply with local laws, which in turn reduces its data leak risk. It also reduces customer risks linked to forgetting the DL, and data privacy. Digital identity also reduces the risk originated from identity fraud leading to stolen cars. |
INDUSTRY: Government
Source: Info-Tech Research Group
Challenge | Solution | Results |
---|---|---|
In both emerging and developed economies, public distribution of resources – food, subsidies, or cash – is a critical process through which many people (especially from marginalized sections) survive on. They often either don’t have required valid proof of identity or fall prey to low-level corruption when someone defrauds them by claiming the benefit. As a result, they either completely miss out on claiming government-provided social benefits OR only receive a part of what they are eligible for. | A Digital ID based public distribution can help created a Direct Benefit Transfer ecosystem. Here beneficiaries register (manually OR automatically from other government records) for the benefits they are eligible for. On the specific schedule, they receive their benefit – monetary benefit in their bank accounts, and non-cash benefits, in person from authorized points-of-sales (POS), without any middleman with discretionary decision powers on the distribution. | India launched its Financial Inclusion Program (Prime Minister's Public Finance Scheme) in 2014. The program was linked with India’s Digital Id Aadhaar to smoothen the otherwise bureaucratic and discretionary process for opening a bank account. In last eight years, ~481M (Source: PMJDY) beneficiaries have opened a bank account and deposited ~ ₹1.9Trillion (USD$24B), a part of which came as social benefits directly deposited to these accounts from the government of India. |
INDUSTRY: Asset Management
Source: Info-Tech Research Group
Challenge | Solution | Results |
---|---|---|
“Impersonators posing as homeowners linked to 32 property fraud cases in Ontario and B.C.” – Global News Canada1 “The level of fraud in the UK is such that it is now a national security threat” – UK Finance Lobby Group2 Real estate is the most expensive investment people make in their lives. However, lately it has become a soft target for title fraud. Fraudsters steal the title to one’s home and sell it or apply for a new mortgage against it. At the root cause of these fraud are usually identity theft when a fraudster steals someone’s identity and impersonates them as the title owner. | Digital identity tagged to the home ownership / title record can reduce the identity fraud in title transfer. When a person wants to sell their house OR apply for a new mortgage on house, multiple notifications will be triggered to their contact attributes on digital ID – phone, email, postal address, and digital ID Wallet, if applicable. The homeowner will be mandated to authorize the transaction on at least two channels they had set as preferred, to ensure that the transaction has the consent of the registered homeowner. | This process will stop any fraud transactions until at least two modes are compromised. Even if two modes are compromised, the real homeowner will receive the notification on offline communication modes, and they can then alert the institution or lawyer to block the transaction. It will especially help elderly people, who are more prone to fall prey to identity frauds when somebody uses their IDs to impersonate them. |
1 Global News (https://globalnews.ca/news/9437913/homeowner-impersonators-lined-32-fraud-cases-ontario-bc/)
2 UK Finance Lobby Group (https://www.ukfinance.org.uk/system/files/Half-year-fraud-update-2021-FINAL.pdf)
Governments & identity providers (public & private) |
Customers and end users (subjects) |
Identity consumer (relying parties) |
---|---|---|
|
|
|
Governments and identity providers (public and private) |
---|
|
Customers and end users (subjects) |
---|
|
Identity consumer (relying parties) |
---|
|
Does your target jurisdiction have adequate legislative framework to enable uses of digital identities in your industry?
If the Digital ID ecosystem in your target jurisdiction is trust framework-based, do you have adequate understanding of it?
Do you have exact understanding of value stream and customer touch-points where you interact with user identity?
Do you have exact understanding of the identity attributes that your business processes need to deliver customer value?
Do you have required systems to ensure your compliance with industry regulations around customer PII and identity?
Is your existing identity management system interoperable with Open-source Digital Identity ecosystem?
Have you established an integrated enterprise governance framework covering business processes, technical systems, and risk management?
Do have a clear strategy (mode, method, means) to communicate with your target customer and persuade them to adopt digital identity?
Do you have security operations center coordinating detection, response, resolution, and communication of potential data breaches?
Considering the complexity of digital identity adoption, and its impact on customer experience, it is vital to assess the ecosystem and adopt an MVP approach before a big-bang launch.
|
|
Digital ID adoption is a major change for everyone in the ecosystem. Manage associated risks to avoid the derailing of integration with your business processes and a negative impact on customer experience.
|
|
1 |
Customer-centricity Digital identity initiative should prioritize customer experience when evaluating its fit in the value stream. Adopting it should not sacrifice end-user experience to gain a few brownie points. See Info-Tech’s Adopt Design Thinking in Your Organization blueprint, to ensure customer remains at the center of your Digital Adoption initiative. |
---|---|
2 |
Privacy and security Adopting digital identity reduces data risk by minimizing data transfer between providers and consumers. However, securing identity attributes in value streams still requires strengthening enterprise security systems and processes. See Info-Tech’s Assess and Govern Identity Security blueprint for the actions you may take to secure and govern digital identity. |
3 |
Inclusion and awareness Adopting digital identity may alter customer interaction with an organization. To avoid excluding target customer segments, design digital identity accordingly. Educating and informing customers about the changes can facilitate faster adoption. See Info-Tech’s Social Media blueprint and IT Diversity & Inclusion Tactics to make inclusion and awareness part of digital adoption |
4 |
Quantitative success metrics To measure the success of a digital ID adoption program, it's essential to use quantitative metrics that align with business KPIs. Some measurable KPIs may include:
|
Continues..
Attributes: An identity attribute is a statement or information about a specific aspect of entity’s identity ,substantiating they are who they claim to be, own, or have.
Attribute (or Credential) provider: An attribute or credential provider could be an organization which issues the primary attribute or credential to a subject or entity. They are also responsible for identity-attribute binding, credential maintenance, suspension, recovery, and authentication.
Attribute (or Credential) service provider: An attribute service provider could be an organization which originally vetted user’s credentials and certified a specific attribute of their identity. It could also be a software, such as digital wallet, which can store and share a user’s attribute with a third party once consented by the user. (Source: UK Govt. Trust Framework)
Attribute binding: This is a process an attribute service providers uses to link the attributes they created to a person or an organization through an identifier. This process makes attributes useful and valuable for other entities using these attributes. For example, when a new employee joins a company, they are given a unique employee number (an identifier), which links the person with their job title and other aspects (attributes) of his job. (Source: UK Govt. Trust Framework)
Authentication service provider: An organization which is responsible for creating and managing authenticators and their lifecycle (issuance, suspension, recovery, maintenance, revocation, and destruction of authenticators). (Source: DIACC)
Authenticator: Information or biometric characteristics under the control of an individual that is a specific instance of something the subject has, knows, or does. E.g. private signing keys, user passwords, or biometrics like face, fingerprints. (Source: Canada PCTF)
Authentication (identity verification): The process of confirming or denying that the identity presented relates to the subject who is making the claim by comparing the credentials presented with the ones presented during identity proofing.
Authorization: The process of validating if the authenticated entity has permission to access a resource (service or product).
Biometrics attributes: Human attributes like retina (iris), fingerprint, heartbeat, facial, handprint, thumbprint, voice print.
Centralized identity: Digital identities which are fully governed by a centralized government entity. It may have enrollment or registration agencies, private or public sector, to issue the identities, and the technical system may still be decentralized to keep data federated.
Certificate Authority (CA or accredited assessors): An organization or an entity that conducts assessments to validate the framework compliance of identity or attribute providers (such as websites, email addresses, companies, or individual persons) serving other users, and binding them to cryptographic keys through the issuance of electronic documents known as digital certificates.
Continues..
Collective (non-resolvable) attributes: Nationality, domicile, citizenship, immigration status, age group, disability, income group, membership, (outstanding) credit limit, credit score range.
Contextual identity: A type of identity which establishes an entity’s existence in a specific context – real or virtual. These can be issued by public or private identity providers and are governed by the organizational policies. E.g. employee ID, membership ID, social media ID, machine ID.
Credentials: A physical or a digital representation of something that establishes an entity’s eligibility to do something for which it is seeking permission, or an association/affiliation with another, generally well-known entity. E.g. Passport, DL, password. In the context of Digital Identity, every identity needs to be attached with a credential to ensure that the subject of the identity can control how and by whom that identity can be used.
Cryptographic hash function: A hash function is a one-directional mathematical operation performed on a message of any length to get a unique, deterministic, and fixed size numerical string (the hash) which can’t be reverse engineered to get the input data without deploying disproportionate resources. It is the foundation of modern security solutions in DLT / blockchain as they help in verifying the integrity and authenticity of the message.
Decentralized identity (DID) or self-sovereign identity: This is a way to give back the control of identity to the subject whose identity it is, using an identity wallet in which they collect verified information about themselves from certified issuers (such as the government). By controlling what information is shared from the wallet to requesting third parties (e.g. when registering for a new online service), the user can better manage their privacy, such as only presenting proof that they’re over 18 without needing to reveal their date of birth. Source: (https://www.gsma.com/identity/decentralised-identity)
Digital identity wallet: A type of digital wallet refers to a secure, trusted software applications (native mobile app, mobile web apps, or Rivas-hosted web applications) based on common standards, allowing a user to store and use their identity attributes, identifiers, and other credentials without loosing or sharing control of them. This is different than Digital Payment Wallets used for financial transactions. (Source: https://www.worldbank.org/content/dam/photos/1440x300/2022/feb/eID_WB_presentation_BS.pdf)
Digital identity: A digital identity is primarily an electronic form of identity representing an entity uniquely , while abstracting all other identity attributes of the entity. In addition to an electronic form, it may also exist in a physical form (identity certificate), linked through an identifier representing the same entity. E.g. Estonia eID , India Aadhar, digital citizenship ID.
Digital object architecture: DOA is an open architecture for interoperability among various information systems, including ID wallets, identity providers, and consumers. It focuses on digital objects and comprises three core components: the identifier/resolution system, the repository system, and the registry system. There are also two protocols that connect these components. (Source: dona.net)
Digital signature: A digital signature is an electronic, encrypted stamp of authentication on digital information such as email messages, macros, or electronic documents. A signature confirms that the information originated from the signer and has not been altered. (Source: Microsoft)
Continues..
Entity (or Subject): In the context of identity, an entity is a person, group, object, or a machine whose claims need to be ascertained and identity needs to be established before his request for a service or products can be fulfilled. An entity can also be referred to as a subject whose identity needs to be ascertained before delivering a service.
Expiry: This is another dimension of an identity and determines the validity of an ID. Most of the identities are longer term, but there can be a few like digital tokens and URLs which can be issued for a few hours or even minutes. There are some which can be revoked after a pre-condition is met.
Federated identity: Federated identity is an agreement between two organizations about the definition and use of identity attributes and identifiers of a consumer entity requesting a service. If successful, it allows a consumer entity to get authenticated by one organization (identity provider) and then authorized by another organization. E.g. accessing a third-party website using Google credentials.
Foundational identity: A type of identity which establishes an entity’s existence in the real world. These are generally issued by public sector / government agencies, governed by a legal farmwork within a jurisdiction, and are widely accepted at least in that jurisdiction. E.g. birth certificate, citizenship certificate.
Governance: This is a dimension of identity that covers the governance model for a digital ID ecosystem. While traditionally it has been under the sovereign government or a federated structure, in recent times, it has been decentralized through DLT technologies or trust-framework based. It can also be self-sovereign, where individuals fully control their data and ID attributes.
Identifier: A digital identifier is a string of characters that uniquely represents an entity’s identity in a specific context and scope even if one or more identity attributes of the subject change over time. E.g. driver’s license, SSN, SIN, email ID, digital token, user ID, device ID, cookie ID.
Identity: An identity is an instrument used by an entity to provide the required information about itself to another entity in order to avail a service, access a resource, or exercise a privilege. An identity formed by 1-n identity attributes and a unique identifier.
Identity and access management (IAM): IAM is a set of frameworks, technologies, and processes to enable the creation, maintenance, and use of digital identity, ensuring that the right people gain access to the right materials and records at the right time. (Source: https://iam.harvard.edu/)
Identity consumer (Relying party): An organization, or an entity relying on identity provider to mitigate IT risks around knowing its customers before delivering the end-user value (product/service) without deteriorating end-user experience. E.g. Canada Revenue Agency using SecureKey service and relying on Banking institutions to authenticate users; Telecom service providers in India relying on Aadhaar identity system to authenticate the customer's identity.
Identity form: A dimension of identity that defines its forms depending on the scope it wants to serve. It can be a physical card for offline uses, a virtual identifier like a number, or an app/account with multiple identity attributes. Cryptographic keys and tokens can also be forms of identity.
Continues...
Identity infrastructure provider: Organizations involved in creating and maintaining technological infrastructure required to manage the lifecycle of digital identities, attributes, and credentials. They implement functions like security, privacy, resiliency, and user experience as specified in the digital identity policy and trust framework.
Identity proofing: A process of asserting the identification of a subject at a useful identity assurance level when the subject provides evidence to a credential service provider (CSP), reliably identifying themselves. (Source: NIST Special Publication 800-63A)
Identity provider (Attestation authority): An organization or an entity validating the foundation or contextual claims of a subject and establishing identifier(s) for a subject. E.g. DMV (US) and MTA (Canada) issuing drivers’ licenses; Google / Facebook issuing authentication tokens for their users logging in on other websites.
Identity validation: The process of confirming or denying the accuracy of identity information of a subject as established by an authorized party. It doesn’t ensure that the presenter is using their own identity.
Identity verification (Authentication): The process of confirming or denying that the identity presented relates to the subject who is making the claim by comparing the credentials presented with the ones presented during identity proofing.
Internationalized resource identifier (IRI): IRIs are equivalent to URIs except that IRIs also allow non-ascii characters in the address space, while URIs only allow us-ascii encoding. (Source: w3.org)
Jurisdiction: A dimension of identity that covers the physical area or virtual space where an identity is legally acceptable for the purpose defined under law. It can be global, like it is for passport, or it can be local within a municipality for specific services. For unverified digital IDs, it can be the social network.
Multi-factor Authentication (MFA): Multi-factor authentication is a layered approach to securing digital assets (data and applications), where a system requires a user to present a combination of two or more credentials to verify a user’s identity for login. These factors can be a combination of (i) something you know like a password/PIN; (ii) something you have like a token on mobile device; and (iii) something you are like a biometric. (Adapted from https://www.cisa.gov/publication/multi-factor-authentication-mfa)
Oauth (Open authorization): OAuth is a standard authorization protocol and used for access delegation. It allows internet users to access websites by using credentials managed by a third-party authorization server / Identity Provider. It is designed for HTTP and allows access tokens to be issued by an authorization server to third-party websites. E.g. Google, Facebook, Twitter, LinkedIn use Oauth to delegate access.
OpenID: OpenID is a Web Authentication Protocol and implements reliance authentication mechanism. It facilitates the functioning of federated identity by allowing a user to use an existing account (e.g. Google, Facebook, Yahoo) to sign into third-party websites without needing to create new credentials. (Source: https://openid.net/).
Continues...
Personally identifiable information (PII): PII is a set of attributes which can be used, through direct or indirect means, to infer the real-world identity of the individual whose information is input. E.g. National ID (SSN/SIN/Aadhar) DL, name, date of birth, age, address, age, identifier, university credentials, health condition, email, domain name, website URI (web resolvable) , phone number, credit card number, username/password, public key / private key. (Source: https://www.dol.gov)
Predicates: The mathematical or logical operations such as equality or greater than on attributes (e.g. prove your salary is greater than x or your age is greater than y) to prove a claim without sharing the actual values.
Purpose: This dimension of a digital id defines for what purpose digital id can be used. It can be one or many of these – authentication, authorization, activity linking, historical record keeping, social interactions, and machine connectivity for IoT use cases.
Reliance authentication: Relying on a third-party authentication before providing a service. It is a method followed in a federated entity system.
Risk-based authentication: A mechanism to protect against account compromise or identity theft. It correlates an authentication request with transitional facts like requester’s location, past frequency of login, etc. to reduce the risk of potential fraud.
Scheme in trust framework: A specific set of rules (standard and custom) around the use of digital identities and attributes as agreed by one or more organizations. It is useful when those organizations have similar products, services, business processes. (Source: UK Govt. Trust Framework). E.g. Many credit unions agree on how they will use the identity in loan origination and servicing.
Selective disclosure (Assertion): A way to present one’s identity by sharing only a limited amount information that is critical to make an authentication / authorization decision. E.g. when presenting your credentials, you could share something proving you are 18 years or above, but not share your name, exact age, address, etc.
Trust: A dimension of an identity, which essentially is a belief in the reliability, truth, ability, or strength of that identity. While in the physical world all acceptable form of identities come with a verified trust, in online domain, it can be unverified. Also, where an identity is only acceptable as per the contract between two entities, but not widely.
Trust framework: The trust framework is a set of rules that different organizations agree to follow to deliver one or more of their services. This includes legislation, standards, guidance, and the rules in this document. By following these rules, all services and organizations using the trust framework can describe digital identities and attributes they’ve created in a consistent way. This should make it easier for organizations and users to complete interactions and transactions or share information with other trust framework participants. (Source: UK Govt. Trust Framework)
Continues...
Uniform resource identifier (URI): A universal name in registered name spaces and addresses referring to registered protocols or name spaces.
Uniform resource locator (URL): A type of URI which expresses an address which maps onto an access algorithm using network protocols. (Source: https://www.w3.org/)
Uniform resource name (URN): A type of URI that includes a name within a given namespace but may not be accessible on the internet.
Usability: A dimension of identity that defines how many times it can be used. While most of the identities are multi-use, a few digital identities are in token form and can be used only once to authenticate oneself.
Usage mode: A dimension of identity that defines the service mode in which a digital ID can be used. While all digital IDs are made for online usage, many can also be used in offline interactions.
Verifiable credentials: This W3C standard specification provides a standard way to express credentials on the Web in a way that is cryptographically secure, privacy-respecting, and machine-verifiable. (Source: https://www.w3.org/TR/vc-data-model/)
X.509 Certificates: X.509 certificates are standard digital documents that represent an entity providing a service to another entity. They're issued by a certification authority (CA), subordinate CA, or registration authority. These certificates play an important role in ascertaining the validity of an identity provider and in turn the identities issued by it. (Source: https://learn.microsoft.com/en-us/azure/iot-hub/reference-x509-certificates)
Zero-knowledge proofs: A method by which one party (the prover) can prove to another party (the verifier) that something is true, without revealing any information apart from the fact that this specific statement is true. (Source: 1989 SIAM Paper)
Zero-trust security: A cybersecurity paradigm focused on resource protection and the premise that trust is never granted implicitly but must be continually evaluated. It evaluates each access request as if it is a fraud attempt, and grants access only if it passes the authentication and authorization test. (Source: Adapted from NIST, SP 800-207: Zero Trust Architecture, 2020)
Build a Zero Trust Roadmap
Leverage an iterative and repeatable process to apply zero trust to your organization.
Assess and Govern Identity Security
Strong identity security and governance are the keys to the zero-trust future.
Adopt Design Thinking in Your Organization
Innovation needs design thinking to ensure customer remains at the center of everything the organization does.
Social Media
Leveraging Social Media to connect with your customers and educate them to drive the value proposition of your efforts.
IT Diversity & Inclusion Tactics
Equip your teams to create an inclusive environment and mobilize inclusion efforts across the organization.
![]() |
David Wallace |
![]() |
Erik Avakian |
![]() |
Matthew Bourne |
![]() |
Mike Tweedie |
![]() |
Aaron Shum |
India Aadhaar PMJDY (https://pmjdy.gov.in/account)
Theis, S., Rusconi, G., Panggabean, E., Kelly, S. (2020). Delivering on the Potential of Digitized G2P: Driving Women’s Financial Inclusion and Empowerment through Indonesia’s Program Keluarga Harapan. Women’s World Banking.
DIACC Canada (https://diacc.ca/the-diacc/)
UK digital identity & attributes trust framework alpha v2 (0.2) - GOV.UK (https://www.gov.uk/government/publications/uk-digital-identity-attributes-trust-framework-updated-version/uk-digital-identity-and-attributes-trust-framework-alpha-version-2)
Australia Trusted Digital Identity Framework (https://www.digitalidentity.gov.au/tdif#changes)
eIDAS (https://digital-strategy.ec.europa.eu/en/policies/eidas-regulation)
Europe Digital Wallet – POTENTIAL (https://www.digital-identity-wallet.eu/)
Canada PCTF (https://diacc.ca/trust-framework/)
Identification Revolution: Can Digital ID be harnessed for Development? (Gelb & Metz), 2018
e-Estonia website (https://e-estonia.com/solutions/e-identity/id-card/)
Aadhaar Dashboard (https://uidai.gov.in/)
DIACC Website (https://diacc.ca/the-diacc/)
Australia Digital ID website (https://www.digitalidentity.gov.au/tdif#changes)
UK Policy paper - digital identity & attributes trust framework (https://www.gov.uk/government/publications/uk-digital-identity-attributes-trust-framework-updated-version/uk-digital-identity-and-attributes-trust-framework-alpha-version-2)
Ukraine Govt. website (https://ukraine.ua/invest-trade/digitalization/)
Singapore SingPass Website (https://www.tech.gov.sg/products-and-services/singpass/)
Norway BankID Website (https://www.bankid.no/en/private/about-us/)
Brazil National ID Card website (https://www.gov.br/casacivil/pt-br/assuntos/noticias/2022/julho/nova-carteira-de-identidade-nacional-modelo-unico-a-partir-de-agosto)
Indonesia Coverage in Professional Security Magazine (https://www.professionalsecurity.co.uk/products/id-cards/indonesian-cards/)
Philippine ID System (PhilSys) website (https://www.philsys.gov.ph/)
China coverage on eGovReview (https://www.egovreview.com/article/news/559/china-announces-plans-national-digital-ids)
Thales Group Website - DHS’s Automated Biometric Identification System IDENT (https://www.thalesgroup.com/en/markets/digital-identity-and-security/government/customer-cases/ident-automated-biometric-identification-system)
FranceConnect (https://franceconnect.gouv.fr/)
Germany: Office for authorization cert. (https://www.personalausweisportal.de/Webs/PA/DE/startseite/startseite-node.html)
Italian Digital Services Authority (https://www.spid.gov.it/en/)
Monacco Mconnect (https://mconnect.gouv.mc/en)
Estonia eID (https://e-estonia.com/wp-content/uploads/e-estonia-211022_eng.pdf)
E-Residency Dashboard (https://www.e-resident.gov.ee/dashboard)
Unique ID authority of India (https://uidai.gov.in/aadhaar_dashboard/india.php)
State of Aadhaar (https://www.stateofaadhaar.in/)
World Bank (https://documents1.worldbank.org/curated/en/219201522848336907/pdf/Private-Sector-Economic-Impacts-from-Identification-Systems.pdf)
WorldBank - ID4D 2022 Annual Report (https://documents.worldbank.org/en/publication/documents-reports/documentdetail/099437402012317995/idu00fd54093061a70475b0a3b50dd7e6cdfe147)
Ukraine Govt. Website for Invest and trade (https://ukraine.ua/invest-trade/digitalization/)
Diia Case study prepared for the office of Canadian senator colin deacon (https://static1.squarespace.com/static/63851cbda1515c69b8a9a2b9/t/6398f63a9d78ae73d2fd5725/1670968891441/2022-case-study-report-diia-mobile-application.pdf)
Canadian Digital Identity Research (https://diacc.ca/wp-content/uploads/2022/04/DIACC-2021-Research-Report-ENG.pdf)
Voilà Verified Trustmark (https://diacc.ca/voila-verified/)
Digital Identity, 06A Federation Onboarding Guidance paper, March 2022 (https://www.digitalidentity.gov.au/sites/default/files/2022-04/TDIF%2006A%20Federation%20Onboarding%20Guidance%20-%20Release%204.6%20%28Doc%20Version%201.2%29.pdf)
UK digital identity & attributes trust framework alpha v2 (0.2) - GOV.UK (https://www.gov.uk/government/publications/uk-digital-identity-attributes-trust-framework-updated-version/uk-digital-identity-and-attributes-trust-framework-alpha-version-2)
A United Nations Estimate of KYC/AML (https://www.imf.org/Publications/fandd/issues/2018/12/imf-anti-money-laundering-and-economic-stability-straight)
India Aadhaar PMJDY (https://pmjdy.gov.in/account)
Global News (https://globalnews.ca/news/9437913/homeowner-impersonators-lined-32-fraud-cases-ontario-bc/)
UK Finance Lobby Group (https://www.ukfinance.org.uk/system/files/Half-year-fraud-update-2021-FINAL.pdf)
McKinsey Digital ID report (
https://www.mckinsey.com/capabilities/mckinsey-digital/our-insights/digital-identification-a-key-to-inclusive-growth)
International Peace Institute (
https://www.ipinst.org/2016/05/information-technology-and-governance-estonia#7)
E-Estonia Report (https://e-estonia.com/wp-content/uploads/e-estonia-211022_eng.pdf)
2022 Budget Statement (https://diacc.ca/2022/04/07/2022-budget-statement/)
World Bank ID4D - Private Sector Economic Impacts from Identification Systems 2018 (https://documents1.worldbank.org/curated/en/219201522848336907/Private-Sector-Economic-Impacts-from-Identification-Systems.pdf)
DIACC Canada (https://diacc.ca/the-diacc/)
UK digital identity & attributes trust framework alpha v2 (0.2) - GOV.UK (https://www.gov.uk/government/publications/uk-digital-identity-attributes-trust-framework-updated-version/uk-digital-identity-and-attributes-trust-framework-alpha-version-2)
https://www.gsma.com/identity/decentralised-identity
https://www.worldbank.org/content/dam/photos/1440x300/2022/feb/eID_WB_presentation_BS.pdf
Microsoft Digital signatures and certificates (https://support.microsoft.com/en-us/office/digital-signatures-and-certificates-8186cd15-e7ac-4a16-8597-22bd163e8e96)
https://www.worldbank.org/content/dam/photos/1440x300/2022/feb/eID_WB_presentation_BS.pdf
https://www.dona.net/digitalobjectarchitecture
IAM (https://iam.harvard.edu/)
NIST Special Publication 800-63A (https://pages.nist.gov/800-63-3/sp800-63a.html)
https://www.cisa.gov/publication/multi-factor-authentication-mfa
https://openid.net/
U.S. DEPARTMENT OF LABOR (https://www.dol.gov/)
UK govt. trust framework (https://www.gov.uk/government/publications/uk-digital-identity-attributes-trust-framework-updated-version/uk-digital-identity-and-attributes-trust-framework-alpha-version-2)
https://www.w3.org/
Verifiable Credentials Data Model v1.1 (https://www.w3.org/TR/vc-data-model/)
https://learn.microsoft.com/en-us/azure/iot-hub/reference-x509-certificates
Data security consultancy makes up one of Tymans Group’s areas of expertise as a corporate consultancy firm. We are happy to offer our insights and solutions regarding data security and risk to businesses, both through online and offline channels. Read on and discover how our consultancy company can help you set up practical data security management solutions within your firm.
Data security management should be an important aspect of your business. As a data security consultancy firm, Tymans Group is happy to assist your small or medium-sized enterprise with setting up clear protocols to keep your data safe. As such, we can advise on various aspects comprising data security management. This ranges from choosing a fit-for-purpose data architecture to introducing IT incident management guidelines. Moreover, we can perform an external IT audit to discover which aspects of your company’s data security are vulnerable and which could be improved upon.
Embed security thinking through aligning your security strategy to business goals and values
Data security is just one aspect with which our consultancy firm can assist your company. Tymans Group offers its extensive expertise in various corporate management domains, such as quality management and risk management. Our solutions all stem from our vast expertise and have proven their effectiveness. Moreover, when you choose to employ our consultancy firm for your data security management, you benefit from a holistic, people-oriented approach.
Do you wish to learn more about our data security management solutions and services for your company? We are happy to analyze any issues you may be facing and offer you a practical solution if you contact us for an appointment. You can book a one-hour online talk or elect for an on-site appointment with our experts. Contact us to set up your appointment now.
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
This phase will provide an overview of the incident lifecycle and an activity on how to classify the various types of incidents in your environment.
This phase will help you develop a categorization scheme for incident handling that ensures success and keeps it simple. It will also help you identify the most important runbooks necessary to create first.
This phase will help you identify how to use a knowledgebase to resolve incidents quicker. Identify what needs to be answered during a post-incident review and identify the criteria needed to invoke problem management.
Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.
Assess the current state of the incident management lifecycle within the organization.
Understand the incident lifecycle and how to classify them in your environment.
Identify the roles and responsibilities of the incident response team.
Document the incident workflows to identify areas of opportunities.
1.1 Outline your incident lifecycle challenges.
1.2 Identify and classify incidents.
1.3 Identify roles and responsibilities for incident handling.
1.4 Design normal and critical incident workflows for target state.
List of incident challenges for each phase of the incident lifecycle
Incident classification scheme mapped to resolution team
RACI chart
Incident Workflow Library
Design or improve upon current incident and ticket categorization schemes, priority, and impact.
List of the most important runbooks necessary to create first and a usable template to go forward with
2.1 Improve incident categorization scheme.
2.2 Prioritize and define SLAs.
2.3 Understand the purpose of runbooks and prioritize development.
2.4 Develop a runbook template.
Revised ticket categorization scheme
Prioritization matrix based on impact and urgency
IT Incident Runbook Prioritization Tool
Top priority incident runbook
Respond, recover, and close incidents with root-cause analysis, knowledgebase, and incident runbooks.
This module will help you to identify how to use a knowledgebase to resolve quicker.
Identify what needs to be answered during a post-incident review.
Identify criteria to invoke problem management.
3.1 Build a targeted knowledgebase.
3.2 Build a post-incident review process.
3.3 Identify metrics to track success.
3.4 Build an incident matching process.
Working knowledgebase template
Root-cause analysis template and post-incident review checklist
List of metrics
Develop criteria for problem management
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Read our executive brief to understand everyday struggles regarding application maintenance, the root causes, and our methodology to overcome these. We show you how we can support you.
Identify your stakeholders and understand their drivers.
Identify the right level of governance appropriate to your company and business context for your application maintenance. That ensures that people uphold standards across maintenance practices.
Most companies cannot do everything for all applications and systems. Build your maintenance triage and prioritization rules to safeguard your company, maximize business value generation and IT risks and requirements.
Define quality standards in maintenance practices. Enforce these in alignment with the governance you have set up. Show a high degree of transparency and open discussions on development challenges.
I'm proud to announce our new Customer Value Contribution Calculator©, or CVCC© in short.
It enhances and possibly replaces the BIA (Business Impact Analysis) process with a much simpler way.
More info to follow shortly.
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Identify and validate goals and collaboration tools that are used by your users, and the collaboration capabilities that must be supported by your desired ECS.
Map a path forward by creating a collaboration capability map and documenting your ECS requirements.
Effectively engage everyone to ensure the adoption of your new ECS. Engagement is crucial to the overall success of your project.
Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.
Create a vision for the future of your ECS.
Validate and bolster your strategy by involving your end users.
1.1 Prioritize Components of Your ECS Strategy to Improve
1.2 Create a Plan to Gather Requirements From End Users
1.3 Brainstorm the Collaboration Services That Are Used by Your Users
1.4 Focus Group
Defined vision and mission statements
Principles for your ECS
ECS goals
End-user engagement plan
Focus group results
ECS executive presentation
ECS strategy
Streamline your collaboration service portfolio.
Documented the business requirements for your collaboration services.
Reduced the number of supported tools.
Increased the effectiveness of training and enhancements.
2.1 Create a Current-State Collaboration Capability Map
2.2 Build a Roadmap for Desired Changes
2.3 Create a Future-State Capability Map
2.4 Identify Business Requirements
2.5 Identify Use Requirements and User Processes
2.6 Document Non-Functional Requirements
2.7 Document Functional Requirements
2.8 Build a Risk Register
Current-state collaboration capability map
ECS roadmap
Future-state collaboration capability map
ECS business requirements document
Ensure the system is supported effectively by IT and adopted widely by end users.
Unlock the potential of your ECS.
Stay on top of security and industry good practices.
Greater end-user awareness and adoption.
3.1 Develop an IT Training Plan
3.2 Develop a Communications Plan
3.3 Create Initial Marketing Material
IT training plan
Communications plan
App marketing one-pagers
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Build the foundations for the program to succeed.
Define processes for requesting, procuring, receiving, and deploying hardware.
Define processes and policies for managing, securing, and maintaining assets then disposing or redeploying them.
Plan the hardware budget, then build a communication plan and roadmap to implement the project.
Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.
Build the foundations for the program to succeed.
Evaluation of current challenges and maturity level
Defined scope for HAM program
Defined roles and responsibilities
Identified metrics and reporting requirements
1.1 Outline hardware asset management challenges.
1.2 Conduct HAM maturity assessment.
1.3 Classify hardware assets to define scope of the program.
1.4 Define responsibilities.
1.5 Use a RACI chart to determine roles.
1.6 Identify HAM metrics and reporting requirements.
HAM Maturity Assessment
Classified hardware assets
Job description templates
RACI Chart
Define processes for requesting, procuring, receiving, and deploying hardware.
Defined standard and non-standard requests for hardware
Documented procurement, receiving, and deployment processes
Standardized asset tagging method
2.1 Identify IT asset procurement challenges.
2.2 Define standard hardware requests.
2.3 Document standard hardware request procedure.
2.4 Build a non-standard hardware request form.
2.5 Make lease vs. buy decisions for hardware assets.
2.6 Document procurement workflow.
2.7 Select appropriate asset tagging method.
2.8 Design workflow for receiving and inventorying equipment.
2.9 Document the deployment workflow(s).
Non-standard hardware request form
Procurement workflow
Receiving and tagging workflow
Deployment workflow
Define processes and policies for managing, securing, and maintaining assets then disposing or redeploying them.
Policies and processes for hardware maintenance and asset security
Documented workflows for hardware disposal and recovery/redeployment
3.1 Build a MAC policy, request form, and workflow.
3.2 Design process and policies for hardware maintenance, warranty, and support documentation handling.
3.3 Revise or create an asset security policy.
3.4 Identify challenges with IT asset recovery and disposal and design hardware asset recovery and disposal workflows.
User move workflow
Asset security policy
Asset disposition policy, recovery and disposal workflows
Select tools, plan the hardware budget, then build a communication plan and roadmap to implement the project.
Shortlist of ITAM tools
Hardware asset budget plan
Communication plan and HAM implementation roadmap
4.1 Generate a shortlist of ITAM tools that will meet requirements.
4.2 Use Info-Tech’s HAM Budgeting Tool to plan your hardware asset budget.
4.3 Build HAM policies.
4.4 Develop a communication plan.
4.5 Develop a HAM implementation roadmap.
HAM budget
Additional HAM policies
HAM communication plan
HAM roadmap tool
"Asset management is like exercise: everyone is aware of the benefits, but many struggle to get started because the process seems daunting. Others fail to recognize the integrative potential that asset management offers once an effective program has been implemented.
A proper hardware asset management (HAM) program will allow your organization to cut spending, eliminate wasteful hardware, and improve your organizational security. More data will lead to better business decision-making across the organization.
As your program matures and your data gathering and utility improves, other areas of your organization will experience similar improvements. The true value of asset management comes from improved IT services built upon the foundation of a proactive asset management program." - Sandi Conrad, Practice Lead, Infrastructure & Operations Info-Tech Research Group
Info-Tech Insight
Hardware asset management (HAM) provides a framework for managing equipment throughout its entire lifecycle. HAM is more than just keeping an inventory; it focuses on knowing where the product is, what costs are associated with it, and how to ensure auditable disposition according to best options and local environmental laws.
Implementing a HAM practice enables integration of data and enhancement of many other IT services such as financial reporting, service management, green IT, and data and asset security.
Cost savings and efficiency gains will vary based on the organization’s starting state and what measures are implemented, but most organizations who implement HAM benefit from it. As organizations increase in size, they will find the greatest gains operationally by becoming more efficient at handling assets and identifying costs associated with them.
A 2015 survey by HDI of 342 technical support professionals found that 92% say that HAM has helped their teams provide better support to customers on hardware-related issues. Seventy-seven percent have improved customer satisfaction through managing hardware assets. (HDI, 2015)
HAM cost savings aren’t necessarily realized through the procurement process or reduced purchase price of assets, but rather through the cost of managing the assets.
HAM delivers cost savings in several ways:
Benefit | Calculation | Sample Annual Savings |
---|---|---|
Reduced help desk support
|
# of hardware-related support tickets per year * cost per ticket * % reduction in average call length | 2,000 * $40 * 20% = $16,000 |
Greater inventory efficiency
|
Hours required to complete inventory * staff required * hourly pay rate for staff * number of times a year inventory required | 8 hours * 5 staff * $33 per hour * 2 times a year = $2,640 |
Improved employee productivity
|
# of employees * percentage of employees who encounter productivity loss through unauthorized software * number of hours per year spent using unauthorized software * average hourly pay rate | 500 employees * 10% * 156 hours * $18 = $140,400 |
Improved security
|
# of devices lost or stolen last year * average replacement value of device + # of devices stolen * value of data lost from device | (50 * $1,000) + (50 * $5,000) = $300,000 |
Total Savings: | $459,040 |
Organizations that struggle to implement ITAM successfully usually fall victim to these barriers:
Senior-level sponsorship, engagement, and communication is necessary to achieve the desired outcomes of ITAM; without it, ITAM implementations stall and fail or lack the necessary resources to deliver the value.
ITAM often becomes an added responsibility for resources who already have other full-time responsibilities, which can quickly cause the program to lose focus. Increase the chance of success through dedicated resources.
Many organizations buy a tool thinking it will do most of the work for them, but without supporting processes to define ITAM, the data within the tool can become unreliable.
Some organizations are able to track assets through manual discovery, but as their network and user base grows, this quickly becomes impossible. Choose a tool and build processes that will support the organization as it grows.
Often, organizations implement ITAM only to the extent necessary to achieve compliance for audits, but without investigating the underlying causes of non-compliance and thus not solving the real problems.
IT Asset Procurement:
IT Asset Intake and Deployment:
IT Asset Security and Maintenance:
IT Asset Disposal or Recovery:
Phase 1: Assess & Plan | Phase 2: Procure & Receive | Phase 3: Maintain & Dispose | Phase 4: Plan Budget & Build Roadmap |
1.1 Assess current state & plan scope | 2.1 Request & procure | 3.1 Manage & maintain | 4.1 Plan budget |
1.2 Build team & define metrics | 2.2 Receive & deploy | 3.2 Redeploy or dispose | 4.2 Communicate & build roadmap |
HAM Maturity Assessment | Procurement workflow | User move workflow | HAM Budgeting Tool |
Classified hardware assets | Non-standard hardware request form | Asset security policy | HAM Communication Plan |
RACI Chart | Receiving & tagging workflow | Asset disposition policy | HAM Roadmap Tool |
Job Descriptions | Deployment workflow | Asset recovery & disposal workflows | Additional HAM policies |
Industry IT
Source Cisco Systems, Inc.
Cisco Systems, Inc.
Cisco Systems, Inc. is the largest networking company in the world. Headquartered in San Jose, California, the company employees over 70,000 people.
Asset Management
As is typical with technology companies, Cisco boasted a proactive work environment that encouraged individualism amongst employees. Unfortunately, this high degree of freedom combined with the rapid mobilization of PCs and other devices created numerous headaches for asset tracking. At its peak, spending on hardware alone exceeded $100 million per year.
Results
Through a comprehensive ITAM implementation, the new asset management program at Cisco has been a resounding success. While employees did have to adjust to new rules, the process as a whole has been streamlined and user-satisfaction levels have risen. Centralized purchasing and a smaller number of hardware platforms have allowed Cisco to cut its hardware spend in half, according to Mark Edmondson, manager of IT services expenses for Cisco Finance.
This case study continues in phase 1
HAM Standard Operating Procedures (SOP)
HAM Maturity Assessment
Non-Standard Hardware Request Form
HAM Visio Process Workflows
HAM Policy Templates
HAM Budgeting Tool
HAM Communication Plan
HAM Implementation Roadmap Tool
GI | Measured Value |
---|---|
Phase 1: Lay Foundations |
|
Phase 2: Procure & Receive |
|
Phase 3: Maintain & Dispose |
|
Phase 4: Plan Implementation |
|
Total savings | $25,845 |
“Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful.”
“Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track.”
“We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place.”
“Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project.”
1. Lay Foundations | 2. Procure & Receive | 3. Maintain & Dispose | 4. Budget & Implementation | |
---|---|---|---|---|
Best-Practice Toolkit |
1.1 Assess current state & plan scope 1.2 Build team & define metrics |
2.1 Request & procure 2.2 Receive & deploy |
3.1 Manage & maintain 3.2 Redeploy or dispose |
4.1 Plan budget 4.2 Communicate & build roadmap |
Guided Implementation |
|
|
|
|
Results & Outcomes |
|
|
|
|
Contact your account representative or email Workshops@InfoTech.comfor more information.
Phases: | Teams, Scope & Hardware Procurement | Hardware Procurement and Receiving | Hardware Maintenance & Disposal | Budgets, Roadmap & Communications |
---|---|---|---|---|
Duration* | 1 day | 1 day | 1 day | 1 day |
* Activities across phases may overlap to ensure a timely completion of the engagement | ||||
Projected Activities |
|
|
|
|
Projected Deliverables |
|
|
Industry IT
Source Cisco Systems, Inc.
Cisco Systems’ hardware spend was out of control. Peaking at $100 million per year, the technology giant needed to standardize procurement processes in its highly individualized work environment.
Users had a variety of demands related to hardware and network availability. As a result, data was spread out amongst multiple databases and was managed by different teams.
The IT team at Cisco set out to solve their hardware-spend problem using a phased project approach.
The first major step was to identify and use the data available within various departments and databases. The heavily siloed nature of these databases was a major roadblock for the asset management program.
This information had to be centralized, then consolidated and correlated into a meaningful format.
The centralized tracking system allowed a single point of contact (POC) for the entire lifecycle of a PC. This also created a centralized source of information about all the PC assets at the company.
This reduced the number of PCs that were unaccounted for, reducing the chance that Cisco IT would overspend based on its hardware needs.
There were still a few limitations to address following the first step in the project, which will be described in more detail further on in this blueprint.
This case study continues in phase 2
1.1 Assess current state & plan scope
1.2 Build team & define metrics
1.1.1 Complete MGD (optional)
1.1.2 Outline hardware asset management challenges
1.1.3 Conduct HAM maturity assessment
1.1.4 Classify hardware assets to define scope of the program
1.1.1 Optional Diagnostic
The MGD allows you to understand the landscape of all IT processes, including asset management. Evaluate all team members’ perceptions of each process’ importance and effectiveness.
Use the results to understand the urgency to change asset management and its relevant impact on the organization.
Establish process owners and hold team members accountable for process improvement initiatives to ensure successful implementation and realize the benefits from more effective processes.
To book a diagnostic, or get a copy of our questions to inform your own survey, visit Info-Tech’s Benchmarking Tools, contact your account manager, or call toll-free 1-888-670-8889 (US) or 1-844-618-3192 (CAN).
Processes and Policies:
Tracking:
Security and Risk:
Procurement:
Receiving:
Disposal:
Contracts:
1.1.1 Brainstorm HAM challenges
A. As a group, outline the hardware asset management challenges facing the organization.
Use the previous slide to help you get started. You can use the following headings as a guide or think of your own:
B. If you get stuck, use the Hardware Asset Management Maturity Assessment Tool to get a quick view of your challenges and maturity targets and kick-start the conversation.
Drivers of effective HAM | Results of effective HAM | |
---|---|---|
Contracts and vendor licensing programs are complex and challenging to administer without data related to assets and their environment. | → | Improved access to accurate data on contracts, licensing, warranties, installed hardware and software for new contracts, renewals, and audit requests. |
Increased need to meet compliance requires a formal approach to tracking and managing assets, regardless of device type. | → | Encryption, hardware tracking and discovery, software application controls, and change notifications all contribute to better asset controls and data security. |
Cost cutting is on the agenda, and management is looking to reduce overall IT spend in the organization in any possible way. | → | Reduction of hardware spend by as much as 5% of the total budget through data for better forecasting and planning. |
Assets with sensitive data are not properly secured, go missing, or are not safely disposed of when retired. | → | Document and enforce security policies for end users and IT staff to ensure sensitive data is properly secured, preventing costs much larger than the cost of only the device. |
Maturity | People & Policies | Processes | Technology |
---|---|---|---|
Chaos |
|
|
|
Reactive |
|
|
|
Controlled |
|
|
|
Proactive |
|
|
|
Optimized |
|
|
|
1.1.3 Complete HAM Maturity Assessment Tool
Complete the Hardware Asset Management Maturity Assessment Tool to understand your organization’s overall maturity level in HAM, as well as the starting maturity level aligned with each step of the blueprint, in order to identify areas of strength and weakness to plan the project. Use this to track progress on the project.
The hardware present in your organization can be classified into four categories of ascending strategic complexity: commodity, inventory, asset, and configuration.
Commodity items are devices that are low-cost, low-risk items, where tracking is difficult and of low value.
Inventory is tracked primarily to identify location and original expense, which may be depreciated by Finance. Typically there will not be data on these devices and they’ll be replaced as they lose functionality.
Assets will need the full lifecycle managed. They are identified by cost and risk. Often there is data on these devices and they are typically replaced proactively before they become unstable.
Configuration items will generally be tracked in a configuration management database (CMDB) for the purpose of enabling the support teams to make decisions involving dependencies, configurations, and impact analysis. Some data will be duplicated between systems, but should be synchronized to improve accuracy between systems.
See Harness Configuration Management Superpowers to learn more about building a CMDB.
ASSET - Items of high importance and may contain data, such as PCs, mobile devices, and servers.
INVENTORY - Items that require significant financial investment but no tracking beyond its existence, such as a projector.
COMMODITY - Items that are often in use but are of relatively low cost, such as keyboards or mice.
1.1.4 Define the assets to be tracked within your organization
Document in the Standard Operating Procedures, Section 1 – Overview & Scope
Industry Public Administration
Source Client Case Study
A state government designed a process to track hardware worth more than $1,000. Initially, most assets consisted of end-user computing devices.
The manual tracking process, which relied on a series of Excel documents, worked well enough to track the lifecycle of desktop and laptop assets.
However, two changes upended the organization’s program: the cost of end-user computing devices dropped dramatically and the demand for network services led to the proliferation of expensive equipment all over the state.
The existing program was no longer robust enough to meet business requirements. Networking equipment was not only more expensive than end-user computing devices, but also more critical to IT services.
What was needed was a streamlined process for procuring high-cost, high-utility equipment, tracking their location, and managing their lifecycle costs without compromising services.
The organization decided to formalize, document, and automate hardware asset management processes to meet the new challenges and focus efforts on high-cost, high-utility end-user computing devices only.
Phase 1: Assess & Plan
1.1 Assess current state & plan scope
1.2 Build team and define metrics
1.2.1 Define responsibilities for Asset Manager and Asset Administrator
1.2.2 Use a RACI chart to determine roles within HAM team
1.2.3 Further clarify HAM responsibilities for each role
1.2.4 Identify HAM reporting requirements
Asset management is an organizational change. To gain buy-in for the new processes and workflows that will be put in place, a dedicated, passionate team needs to jump-start the project.
Delegate the following roles to team members and grow your team accordingly.
Asset Manager |
|
---|---|
Asset Administrator |
|
Service Desk, IT Operations, Applications |
|
Info-Tech Insight
Ensure that there is diversity within the ITAM team. Assets for many organizations are diverse and the composition of your team should reflect that. Have multiple departments and experience levels represented to ensure a balanced view of the current situation.
1.2.1 Use Info-Tech’s job description templates to define roles
The role of the IT Asset Manager is to oversee the daily and long-term strategic management of software and technology- related hardware within the organization. This includes:
The role of the IT Asset Administrator is to actively manage hardware and software assets within the organization. This includes:
Use Info-Tech’s job description templates to assist in defining the responsibilities for these roles.
Typically the asset manager will answer to either the CFO or CIO. Occasionally they answer to a vendor manager executive. The hierarchy may vary based on experience and how strategic a role the asset manager will play.
1.2.2 Complete a RACI
A RACI chart will identify who should be responsible, accountable, consulted, and informed for each key activity during the consolidation.
Document in the Standard Operating Procedure.
A sample RACI chart is provided on the next slide
1.2.2 Complete a RACI chart for your organization
HAM Tasks | CIO | CFO | HAM Manager | HAM Administrator | Service Desk (T1,T2, T3) | IT Operations | Security | Procurement | HR | Business Unit Leaders | Compliance /Legal | Project Manager |
---|---|---|---|---|---|---|---|---|---|---|---|---|
Policies and governance | A | I | R | I | I | C | I | C | C | I | I | |
Strategy | A | R | R | R | R | |||||||
Data entry and quality management | C | I | A | I | C | C | I | I | C | C | ||
Risk management and asset security | A | R | C | C | R | C | C | |||||
Process compliance auditing | A | R | I | I | I | I | I | |||||
Awareness, education, and training | I | A | I | I | C | |||||||
Printer contracts | C | A | C | C | C | R | C | C | ||||
Hardware contract management | A | I | R | R | I | I | R | R | I | I | ||
Workflow review and revisions | I | A | C | C | C | C | ||||||
Budgeting | A | R | C | I | C | |||||||
Asset acquisition | A | R | C | C | C | C | I | C | C | |||
Asset receiving (inspection/acceptance) | I | A | R | R | I | |||||||
Asset deployment | A | R | R | I | I | |||||||
Asset recovery/harvesting | A | R | R | I | I | |||||||
Asset disposal | C | A | R | R | I | I | ||||||
Asset inventory (input/validate/maintain) | I | I | A/R | R | R | R | I | I | I |
1.2.3 Define roles and responsibilities for the HAM team
Role | Responsibility |
---|---|
IT Manager |
|
Asset Managers |
|
Service Desk | |
Desktop team | |
Security | |
Infrastructure teams |
Follow a process for establishing metrics:
CSF | KPI | Metrics |
---|---|---|
Improve accuracy of IT budget and forecasting |
|
|
Identify discrepancies in IT environment |
|
|
Avoid over purchasing equipment |
|
|
Make more-effective purchasing decisions |
|
|
Improve accuracy of data |
|
|
Improved service delivery |
|
|
1.2.4 Identify asset reporting requirements
Document in the Standard Operating Procedures, Section 13: Reporting
CSF | KPI | Metrics | Stakeholder/frequency |
---|---|---|---|
Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.
Complete these steps on your own or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.
Proposed Time to Completion: 4 weeks
Start with an analyst kick-off call:
Then complete these activities…
With these tools & templates:
HAM Maturity Assessment
Standard Operating Procedures
Review findings with analyst:
Then complete these activities…
With these tools & templates:
RACI Chart
Asset Manager and Asset Administrator Job Descriptions
Standard Operating Procedures
Phase 1 Results & Insights:
For asset management to succeed, it needs to support the business. Engage business leaders to determine needs and build your HAM program around these goals.
1.1.4 Classify hardware assets to define scope of the program
Determine value/risk threshold at which assets should be tracked, then divide a whiteboard into four quadrants representing four categories of assets. Participants write assets down on sticky notes and place them in the appropriate quadrant to classify assets.
1.2.2 Build a RACI chart to determine responsibilities
Identify all roles within the organization that will play a part in hardware asset management, then document all core HAM processes and tasks. For each task, assign each role to be responsible, accountable, consulted, or informed.
2.1 Request & Procure
2.2 Receive & Deploy
2.1.1 Identify IT asset procurement challenges
2.1.2 Define standard hardware requests
2.1.3 Document standard hardware request procedure
2.1.4 Build a non-standard hardware request form
2.1.5 Make lease vs. buy decisions for hardware assets
2.1.6 Document procurement workflow
2.1.7 Build a purchasing policy
Industry Government
Source Itassetmanagement.net
Signed July 27, 2004, Executive order S-20-04, the “Green Building Initiative,” placed strict regulations on energy consumption, greenhouse gas emissions, and raw material usage and waste.
In compliance with S-20-04, the State of California needed to adopt a new procurement strategy. Its IT department was one of the worst offenders given the intensive energy usage by the variety of assets managed under the IT umbrella.
A green IT initiative was enacted, which involved an extensive hardware refresh based on a combination of agent-less discovery data and market data (device age, expiry dates, power consumption, etc.).
A hardware refresh of almost a quarter-million PCs, 9,500 servers, and 100 email systems was rolled out as a result.
Other changes, including improved software license compliance and data center consolidation, were also enacted.
Because of the scale of this hardware refresh, the small changes meant big savings.
A reduction in power consumption equated to savings of over $40 million per year in electricity costs. Additionally, annual carbon emissions were trimmed by 200,000 tons.
Standardize processes: Using standard products throughout the enterprise lowers support costs by reducing the variety of parts that must be stocked for onsite repairs or for provisioning and supporting equipment.
Align procurement processes: Procurement processes must be aligned with customers’ business requirements, which can have unique needs.
Define SLAs: Providing accurate and timely performance metrics for all service activities allows infrastructure management based on fact rather than supposition.
Reduce TCO: Management recognizes service infrastructure activities as actual cost drivers.
Implement a single POC: A consolidated service desk is used where the contact understands both standards (products, processes, and practices) and the user’s business and technical environment.
2.1.1 Identify IT asset procurement challenges
The first step in your procurement workflow will be to determine what is in scope for a standard request, and how non-standard requests will be handled. Questions that should be answered by this procedure include:
If your end-user device strategy requires an overhaul, schedule time with an Info-Tech analyst to review our blueprint Build an End-User Computing Strategy.
Once you’ve answered questions like these, you can outline your hardware standards as in the example below:
Use Case | Mobile Standard | Mac Standard | Mobile Power User |
---|---|---|---|
Asset | Lenovo ThinkPad T570 | iMac Pro | Lenovo ThinkPad P71 |
Operating system | Windows 10 Pro | Mac OSX | Windows 10 Pro, 64 bit |
Display | 15.6" | 21.5" | 17.3” |
Memory |
32GB | 8GB | 64GB |
Processor | Intel i7 – 7600U Processor | 2.3GHz | Xeon E3 v6 Processor |
Drive | 500GB | 1TB | 1TB |
Warranty | 3 year | 1 year + 2 extended | 3 year |
Info-Tech Insight
Approach hardware standards from a continual improvement frame of mind. Asset management is a dynamic process. Hardware standards will need to adapt over time to match the needs of the business. Plan assessments at routine intervals to ensure your current hardware standards align with business needs.
Determine environmental requirements and constraints.
Power management
Compare equipment for power consumption and ability to remotely power down machines when not in use.
Heat and noise
Test equipment run to see how hot the device gets, where the heat is expelled, and how much noise is generated. This may be particularly important for users who are working in close quarters.
Carbon footprint
Ask what the manufacturer is doing to reduce post-consumer waste and eliminate hazardous materials and chemicals from their products.
Ensure security requirements can be met.
Review features available to enhance manageability.
"If you are looking for a product for two or three years, you can get it for less than half the price of new. I bought refurbished equipment for my call center for years and never had a problem". – Glen Collins, President, Applied Sales Group
Info-Tech Insight
Price differences are minimal between large and small vendors when dealing with refurbished machines. The decision to purchase should be based on ability to provide and service equipment.
2.1.2 Identify standards for hardware procurement by role
Document in the Standard Operating Procedures, Section 7: Procurement.
Department | Core Hardware Assets | Optional Hardware Assets |
---|---|---|
IT | PC, tablet, monitor | Second monitor |
Sales | PC, monitor | Laptop |
HR | PC, monitor | Laptop |
Marketing | PC (iMac) | Tablet, laptop |
2.1.3 Document standard hardware request procedure
Document in the Standard Operating Procedures, Section 6: End-User Request Process.
Discuss and document the end-user request process:
End-User Request Process
2.1.4 Build a non-standard hardware request form
Info-Tech Insight
Include non-standard requests in continual improvement assessment. If a large portion of requests are for non-standard equipment, it’s possible the hardware doesn’t meet the recommended requirements for specialized software in use with many of your business users. Determine if new standards need to be set for all users or just “power users.”
Categories | Peripherals | Desktops/Laptops | Servers |
---|---|---|---|
Financial |
|
|
|
Request authorization |
|
|
|
Required approvals |
|
|
|
Warranty requirements |
|
|
|
Inventory requirements |
|
|
|
Tracking requirements |
|
|
|
Info-Tech Best Practice
Take into account the possibility of encountering taxation issues based on where the equipment is being delivered as well as taxes imposed or incurred in the location from which the asset was shipped or sent. This may impact purchasing decisions and shipping instructions.
Improve procurement decisions:
Document the following in your procurement procedure:
Info-Tech Insight
IT procurement teams are often heavily siloed from ITAM teams. The procurement team is typically found in the finance department. One way to bridge the gap is to implement routine, reliable reporting between departments.
2.1.4 Decide whether to purchase or lease
Document policy decisions in the Standard Operating Procedures – Section 7: Procurement
Determine acceptable response time, and weigh the cost of warranty against the value of service.
Speak to your partner to see how they can help the process of distributing machines.
Transaction-based purchases will receive the smallest discounting.
Bulk purchases will receive more aggressive discounting of 5-15% off suggested retail price, depending on quantities.
Larger quantities rolled out over time will require commitments to the manufacturer to obtain deepest discounts.
New or upgraded components will be introduced into configurations when it makes the most sense in a production cycle. This creates a challenge in comparing products, especially in an RFP. The best way to handle this is to:
"The hardware is the least important part of the equation. What is important is the warranty, delivery, imaging, asset tagging, and if they cannot deliver all these aspects the hardware doesn’t matter." – Doug Stevens, Assistant Manager Contract Services, Toronto District School Board
The procurement process should balance the need to negotiate appropriate pricing with the need to quickly approve and fulfill requests. The process should include steps to follow for approving, ordering, and tracking equipment until it is ready for receipt.
Within the process, it is particularly important to decide if this is where equipment is added into the database or if it will happen upon receipt.
Info-Tech Insight
Where the Hardware Asset Manager is unable to affect procurement processes to reduce time to deliver, consider bringing inventory onsite or having your hardware vendor keep stock, ready to ship on demand. Projects, replacements, and new-user requests cannot be delayed in a service-focused IT organization due to bureaucratic processes.
Determine if you need one workflow for all equipment or multiples for small vs. large purchases.
Occasionally large rollouts require significant changes from lower dollar purchases.
This sample can be found in the HAM Process Workflows.
2.1.6 Illustrate procurement workflow with a tabletop exercise
Document in the Standard Operating Procedures, Section 7: Procurement
2.1.7 Build a purchasing policy
A purchasing policy helps to establish company standards, guidelines, and procedures for the purchase of all information technology hardware, software, and computer-related components as well as the purchase of all technical services.
The policy will ensure that all purchasing processes are consistent and in alignment with company strategy. The purchasing policy is key to ensuring that corporate purchases are effective and the best value for money is obtained.
Implement a purchasing policy to prevent or reduce:
Download Info-Tech’s Purchasing Policytemplate to build your own purchasing policy.
2.1 Request & Procure
2.2 Receive & Deploy
This step will walk you through the following activities:
2.2.1 Select appropriate asset tagging method
2.2.2 Design workflow for receiving and inventorying equipment
2.2.3 Document the deployment workflow(s)
This step involves the following participants:
Industry Networking
Source Cisco IT
Although Cisco Systems had implemented a centralized procurement location for all PCs used in the company, inventory tracking had yet to be addressed.
Inventory tracking was still a manual process. Given the volume of PCs that are purchased each year, this is an incredibly labor-intensive process.
Sharing information with management and end users also required the generation of reports – another manual task.
The team at Cisco recognized that automation was the key component holding back the success of the inventory management program.
Rolling out an automated process across multiple offices and groups, both nationally and internationally, was deemed too difficult to accomplish in the short amount of time needed, so Cisco elected to outsource its PC management needs to an experienced vendor.
As a result of the PC management vendor’s industry experience, the implementation of automated tracking and management functions drastically improved the inventory management situation at Cisco.
The vendor helped determine an ideal leasing set life of 30 months for PCs, while also managing installations, maintenance, and returns.
Even though automation helped improve inventory and deployment practices, Cisco still needed to address another key facet of asset management: security.
This case study continues in phase 3.
Examine your current process for receiving assets. Typical problems include:
Receiving inventory at multiple locations can lead to inconsistent processes. This can make invoice reconciliation challenging and result in untracked or lost equipment and delays in deployment.
Equipment not received and secured quickly. Idle equipment tends to go missing if left unsupervised for too long. Missed opportunities to manage returns where equipment is incorrect or defective.
Disconnect between procurement and receiving where ETAs are unknown or incorrect. This can create an issue where no one is prepared for equipment arrival and is especially problematic on large orders.
How do you solve these problems? Create a standardized workflow that outlines clear steps for asset receiving.
A workflow will help to answer questions such as:
The first step in effective hardware asset intake is establishing proper procedures for receiving and handling of assets.
Process: Start with information from the procurement process to determine what steps need to follow to receive into appropriate systems and what processes will enable tagging to happen as soon as possible.
People: Ensure anyone who may impact this process is aware of the importance of documenting before deployment. Having everyone who may be handling equipment on board is key to success.
Security: Equipment will be secured at the loading dock or reception. It will need to be secured as inventory and be secured if delivering directly to the bench for imaging. Ensure all receiving activities are done before equipment is deployed.
Tools: A centralized ERP system may already provide a place to receive and reconcile with purchasing and invoicing, but there may still be a need to receive directly into the ITAM and/or CMDB database rather than importing directly from the ERP system.
Tagging: A variety of methods can be used to tag equipment to assist with inventory. Consider the overall lifecycle management when determining which tagging methods are best.
Info-Tech Insight
Decentralized receiving doesn’t have to mean multiple processes. Take advantage of enterprise solutions that will centralize the data and ensure everyone follows the same processes unless there is an uncompromising and compelling logistical reason to deviate.
Method | Cost | Strengths | Weaknesses | Recommendation |
---|---|---|---|---|
RFID with barcoding – asset tag with both a barcode and RFID solution | $$$$ |
|
|
|
RFID only – small chip with significant data capacity | $$$ |
|
|
|
Barcoding only – adding tags with unique barcodes | $$ |
|
|
|
Method | Cost | Strengths | Weaknesses | Recommendation |
---|---|---|---|---|
QR codes – two-dimensional codes that can store text, binary, image, or URL data | $$ |
|
|
|
Manual tags – tag each asset with your own internal labels and naming system | $ |
|
|
|
Asset serial numbers – tag assets using their serial number | $ |
|
|
|
2.2.1 Select asset tagging method
Document in the Standard Operating Procedures, Section 8
Asset Type | Asset Tag Location |
---|---|
PC desktop | Right upper front corner |
Laptop | Right corner closest to user when laptop is closed |
Server | Right upper front corner |
Printer | Right upper front corner |
Modems | Top side, right corner |
Assign responsibility and accountability for inspection and acceptance of equipment, verifying the following:
The return merchandise authorization (RMA) process should be a standard part of the receiving process to handle the return of defective materials to the vendor for either repair or replacement.
If there is a standard process in place for all returns in the organization, you can follow the same process for returning hardware equipment:
Info-Tech Insight
Make sure you’re well aware of the stipulations in your contract or purchase order. Sometimes acceptance is assumed after 60 days or less, and oftentimes the clock starts as soon as the equipment is shipped out rather than when it is received.
Info-Tech Best Practice
Keep in mind that the serial number on the received assed may not be the asset that ultimately ends up on the user’s desk if the RMA process is initiated. Record the serial number after the RMA process or add a correction process to the workflow to ensure the asset is properly accounted for.
A common technique employed by asset managers is to categorize your assets using an ABC analysis. Assets are classified as either A, B, or C items. The ratings are based on the following criteria:
A
A items have the highest usage. Typically, 10-20% of total assets in your inventory account for upwards of 70-80% of the total asset requests.
A items should be tightly controlled with secure storage areas and policies. Avoiding stock depletion is a top priority.
B
B items are assets that have a moderate usage level, with around 30% of total assets accounting for 15-25% of total requests.
B items must be monitored; B items can transition to A or C items, especially during cycles of heavier business activity.
C
C items are assets that have the lowest usage, with upwards of 50% of your total inventory accounting for just 5% of total asset requests.
C items are reordered the least frequently, and present a low demand and high risk for excessive inventory (especially if they have a short lifecycle). Many organizations look to move towards an on-demand policy to mitigate risk.
Info-Tech Insight
Get your vendor to keep stock of your assets. If large quantities of a certain asset are required but you lack the space to securely store them onsite, ask your vendor to keep stock for you and release as you issue purchase orders. This speeds up delivery and delays warranty activation until the item is shipped. This does require an adherence to equipment standards and understanding of demand to be effective.
Define the following in your receiving process:
2.2.2 Illustrate receiving workflow with a tabletop exercise
Document in the Standard Operating Procedures, Section 8: Receiving and Equipment Inventory
Option 1: Whiteboard
Option 2: Tabletop Exercise
A software usage snapshot for an urban planner/engineer.
Define the process for deploying hardware to users.
Include the following in your workflow:
Large-scale desktop deployments or data center upgrades will likely be managed as projects.
These projects should include project plans, including resources, timelines, and detailed procedures.
Define the process for large-scale deployment if it will differ from the regular deployment process.
2.2.3 Document deployment workflows for desktop and large-scale deployment
Document in the Standard Operating Procedures, Section 9: Deployment
Document each step in the system deployment process with notecards or on a whiteboard. Identify the challenges faced by your organization and strategize potential solutions.
The biggest challenge in deploying equipment is meeting expectations of the business, and without cooperation from multiple departments, this becomes significantly more difficult.
Self-serve kiosks (vending machines) can provide cost reductions in delivery of up to 25%. Organizations that have a high distribution rate are seeing reductions in cost of peripherals averaging 30-35% and a few extreme cases of closer to 85%.
Benefits of using vending machines:
Complete these steps on your own or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.
Proposed Time to Completion: 4 weeks
Step 2.1: Request & Procure
Start with an analyst kick-off call:
Then complete these activities…
With these tools & templates:
Step 2.2: Receive & Deploy
Review findings with analyst:
Then complete these activities…
With these tools & templates:
Phase 2 Insight: Bridge the gap between IT and Finance to build a smoother request and procurement process through communication and routine reporting. If you’re unable to affect procurement processes to reduce time to deliver, consider bringing inventory onsite or having your hardware vendor keep stock, ready to ship on demand.
2.1.2 Define standard hardware requests
Divide whiteboard into columns representing core business areas. Define core hardware assets for end users in each division along with optional hardware assets. Discuss optional assets to narrow and define standard equipment requests.
2.2.1 Select appropriate method for tagging and tracking assets
Discuss the various asset tagging methods and choose the tagging method that is most appropriate for your organization. Define the process for tagging assets and document the standard asset tag location according to equipment type.
Industry Networking
Source Cisco IT
Cisco Systems had created a dynamic work environment that prized individuality. This environment created high employee satisfaction, but it also created a great deal of risk surrounding device security.
Cisco lacked an asset security policy; there were no standards for employees to follow. This created a surplus of not only hardware, but software to support the variety of needs amongst various teams at Cisco.
The ITAM team at Cisco recognized that their largest problem was the lack of standardization with respect to PCs. Variance in cost, lifecycle, and software needs/compatibility were primary issues.
Cisco introduced a PC leasing program with the help of a PC asset management vendor to correct these issues. The primary goal was to increase on-time returns of PCs. A set life of 30 months was defined by the vendor.
Cisco engaged employees to help contribute to improving its asset management protocols, and the approach worked.
On-time returns increased from 60% to 80%. Costs were reduced due to active tracking and disposal of any owned assets still present.
A reduction in hardware and software platforms has cut costs and increased security thanks to improved tracking capabilities.
This case study continues in phase 4
3.1 Manage & Maintain
3.2 Dispose or Redeploy
3.1.1 Build a MAC policy and request form
3.1.2 Build workflows to document user MAC processes
3.1.3 Design process and policies for hardware maintenance, warranty, and support documentation handling
3.1.4 Revise or create an asset security policy
Info-Tech Insight
One of the most common mistakes we see when it comes to asset management is to assume that the discovery tool will discovery most or all of your inventory and do all the work. It is better to assume only 80-90% coverage by the discovery tool and build ownership records to uncover the unreportable assets that are not tied into the network.
Conduct an annual hardware audit to ensure hardware is still assigned to the person and location identified in your ITAM system, and assess its condition.
Perform a quarterly review of hardware stock levels in order to ensure all equipment is relevant and usable. The table below is an example of how to organize this information.
Item | Target Stock Levels | Estimated $ Value |
---|---|---|
Desktop computers | ||
Standard issue laptops | ||
Mice | ||
Keyboards | ||
Network cables | ||
Phones |
Info-Tech Insight
Don’t forget about your remotely deployed assets. Think about how you plan to inventory remotely deployed equipment. Some tools will allow data collection through an agent that will talk to the server over the internet, and some will completely ignore those assets or provide a way to manually collect the data and email back to the asset manager. Mobile device management tools may also help with this inventory process. Determine what is most appropriate based on the volume of remote workers and devices.
IMAC services are usually performed at a user’s deskside by a services technician and can include:
Specific activities may include:
Changes
Moves
Installs and Adds
Recommendations:
Automate. Wherever possible, use tools to automate the IMAC process.
E-forms, help desk, ticketing, or change management software can automate the request workflow by allowing the requestor to submit a request ticket that can then be automatically assigned to a designated team member according to the established chain of command. As work is completed, the ticket can be updated, and the requestor will be able to check the status of the work at any time.
Communicate the length of any downtime associated with execution of the IMAC request to lessen the frustration and impatience among users.
Involve HR. When it comes to adding or removing user accounts, HR can be a valuable resource. As most new employees should be hired through HR, work with them to improve the onboarding process with enough advanced notice to set up accounts and equipment. Role changes with access rights and software modifications can benefit from improved communications. Review the termination process as well, to secure data and equipment.
A consistent Move, Add, Change (MAC) request process is essential for lessening the burden on the IT department. MAC requests are used to address any number of tasks, including:
If you are not using help desk or other ticketing software, create a request template that must be submitted for each MAC. The request should include:
3.1.1 Build a MAC policy and request form
Desktop Move/Add/Change Policy
This desktop move/add/change policy should be put in place to mitigate the risk associated with unauthorized changes, minimize disruption to the business, IT department, and end users, and maintain consistent expectations.
Move, Add, Change Request Form
Help end users navigate the move/add/change process. Use the Move/Add/Change Request Form to increase efficiency and organization for MAC requests.
Include the following in your process documentation:
3.1.2 Build MAC process workflows
Document in the Standard Operating Procedures, Section 10: Equipment Install, Adds, Moves, and Changes
Document each step in the system deployment process using notecards or on a whiteboard. Identify the challenges faced by your organization and strategize potential solutions.
Sample equipment maintenance policy terms:
3.1.3 Design process for hardware maintenance
Document in the Standard Operating Procedures, Section 10
ITAM complements and strengthens security tools and processes, improving the company’s ability to protect its data and systems and reduce operational risk.
It’s estimated that businesses worldwide lose more than $221 billion per year as a result of security breaches. HAM is one important factor in securing data, equipment investment, and meeting certain regulatory requirements.
How does HAM help keep your organization secure?
Best Practices
Organizations with a formal mobile management strategy have fewer problems with their mobile devices.
Develop a secure MDM to:
The benefits of a deployed MDM solution:
Mobile device management is constantly evolving to incorporate new features and expand to new control areas. This is a high-growth area that warrants constant up-to-date knowledge on the latest developments.
What can be packed into an MDM can vary and be customized in many forms for what your organization needs.
Endpoints | Average | None |
---|---|---|
Desktop | 73% | 4% |
Laptops | 65% | 9% |
Smartphones | 27% | 28% |
Netbooks | 26% | 48% |
Tablets | 16% | 59% |
Grand average | 41% |
It is nearly impossible to keep the types of data separate, even with a sandbox approach. Selective wipe will miss some corporate data, and even a full remote wipe can only catch some of users’ increasingly widely distributed data.
Not every violation of policy warrants a wipe. Playing Candy Crush during work hours probably does not warrant a wipe, but jail breaking or removing a master data management client can open up security holes that do warrant a wipe.
Data security is not simply restricted to compromised software. In fact, 70% of all data breaches in the healthcare industry since 2010 are due to device theft or loss, not hacking. (California Data Breach Report – October, 2014) ITAM is not just about tracking a device, it is also about tracking the data on the device.
Organizations often struggle with the following with respect to IT asset security:
Your security policy should seek to protect IT hardware and software that:
These assets should be documented and controlled in order to meet security requirements.
The asset security policy should encompass the following:
Info-Tech Insight
Hardware can be pricey; data is priceless. The cost of losing a device is minimal compared to the cost of losing data contained on a device.
3.1.4 Develop IT asset security policy
Document in the Asset Security Policy.
Challenge | Current Security Risk | Target Policy |
---|---|---|
Hardware removal | Secure access and storage, data loss | Designated and secure storage area |
BYOD | No BYOD policy in place | N/A → phasing out BYOD as an option |
Hardware data removal | Secure data disposal | Data disposal, disposal vendor |
Unused software | Lack of support/patching makes software vulnerable | Discovery and retirement of unused software |
Unauthorized software | Harder to track, less secure | Stricter stance on pirated software |
Industry Legal
Source ICO
The Ministry of Justice (MoJ) in the UK had a security problem: hard drives that contained sensitive prisoner data were unencrypted and largely unprotected for theft.
These hard drives contained information related to health, history of drug use, and past links to organized crime.
After two separate incidents of hard drive theft that resulted in data breaches, the Information Commissioner’s Office (ICO), stepped in.
It was determined that after the first hard drive theft in October 2011, replacement hard drives with encryption software were provisioned to prisons managed by the MoJ.
Unfortunately, the IT security personnel employed by the MoJ were unaware that the encryption software required manual activation.
When the second hard drive theft occurred, the digital encryption could not act as a backup to poor physical security (the hard drive was not secured in a locker as per protocol).
The perpetrators were never found and the stolen hard drives were never recovered.
As a result of the two data breaches, the MoJ had to implement costly security upgrades to its data protection system.
The ICO fined the MoJ £180,000 for its repeated security breaches. This costly fine could have been avoided if more diligence was present in the MoJ’s asset management program.
3.1 Manage & Maintain
3.2 Dispose or Redeploy
3.2.1 Identify challenges with IT asset recovery and disposal
3.2.2 Design hardware asset recovery and disposal workflows
3.2.3 Build a hardware asset disposition policy
$500MM); and orange is Overall.">
(Info-Tech Research Group; N=96)
Budget profiles | Refresh methods |
---|---|
Stretched Average equipment age: 7+ years |
To save money, some organizations will take a cascading approach, using the most powerful machines for engineers or scientists to ensure processing power, video requirements and drives will meet the needs of their applications and storage needs; then passing systems down to departments who will require standard-use machines. The oldest and least powerful machines are either used as terminals or disposed. |
Generous Average equipment age: 3 years |
Organizations that do not want to risk user dissatisfaction or potential compatibility or reliability issues will take a more aggressive replacement approach. These organizations often have less people assigned to end-user device maintenance and will not repair equipment outside of warranty. There is little variation in processing power among devices, with major differences determined by mobility and operating system. |
Cautious Average equipment age: 4 to 5 years |
Organizations that fit between the other two profiles will look to stretch the budget beyond warranty years, but will keep a close eye on maintenance requirements. Repairs needed outside of warranty will require an eye to costs, efforts, and subsequent administrative work of loaning equipment to keep the end user productive while waiting on service. Recommendations to keep users happy and equipment in prime form is to check condition at the 2-3 year mark, reimage at least once to improve performance, and have backup machines, if equipment starts to become problematic. |
VS.
Warning! Poor hardware disposal and recovery practices can be caused by the following:
How do you improve your hardware disposal and recovery process?
Sixty-five percent of organizations cite data security as their top concern. Many data breaches are a result of hardware theft or poor data destruction practices.
Choosing a reputable IT disposal company or data removal software is crucial to ensuring data security with asset disposal.
Electronics contain harmful heavy metals such as mercury, arsenic, and cadmium.
Disposal of e-waste is heavily regulated, and improper disposal can result in hefty fines and bad publicity for organizations.
Many obsolete IT assets are simply confined to storage at their end of life.
This often imposes additional costs with maintenance or storage fees and leaves a lot of value on the table through assets that could be sold or re-purposed within the organization.
3.2.1 Identify challenges with IT asset recovery and disposal
Economic | |||
---|---|---|---|
Challenge | Objectives | Targets | Initiatives |
No data capture during disposal | Develop reporting standards | 80% disposed assets recorded | Work with Finance to develop reporting procedure |
Idle assets | Find resale market/dispose of idle assets | 50% of idle assets disposed of within the year | Locate resale vendor and disposal service |
Ensure the following are addressed:
3.2.2 Design hardware asset recovery and disposal policies and workflows
Document in the Standard Operating Procedures, Sections 11 and 12
Document each step in the recovery and disposal process in two separate workflows using notecards or on a whiteboard. Identify the challenges faced by your organization and strategize potential solutions.
Although traditionally an afterthought in asset management, IT asset disposition (ITAD) needs to be front and center. Increase focus on data security and concern surrounding environmental sustainability and develop an awareness of the cost efficiencies possible through best-practices disposition.
Optimized ITAD solutions:
Info-Tech Insight
A well-thought-out asset management program mitigates risk and is typically less costly than dealing with a large-scale data loss incident or an inappropriate disposal suit. Also, it protects your company’s reputation – which is difficult to put a price on.
Maximizing returns on assets requires knowledge and skills in asset valuation, upgrading to optimize market return, supply chain management, and packaging and shipping. It’s unlikely that the return will be adequate to justify that level of investment, so partnering with a full-service ITAD vendor is a no-brainer.
Disposal doesn’t mean your equipment has to go to waste.
Additionally, your ITAD vendor can assist with a large donation of hardware to a charitable organization or a school.
Donating equipment to schools or non-profits may provide charitable receipts that can be used as taxable benefits.
Before donating:
Info-Tech Insight
Government assistance grants may be available to help keep your organization’s hardware up to date, thereby providing incentives to upgrade equipment while older equipment still has a useful life.
Failure to thoroughly investigate a vendor could result in a massive data breach, fines for disposal standards violations, or a poor resale price for your disposed assets. Evaluate vendors using questions such as the following:
ITAD vendors that focus on recycling will bundle assets to ship to an e-waste plant – leaving money on the table.
ITAD vendors with a focus on reuse will individually package salable assets for resale – which will yield top dollars.
Info-Tech Insight
To judge the success of a HAM overhaul, you need to establish a baseline with which to compare final results. Be sure to take HAM “snapshots” before ITAD partnering so it’s easy to illustrate the savings later.
Info-Tech Insight
Failure to properly dispose of data can not only result in costly data breaches, but also fines and other regulatory repercussions. Choosing an ITAD vendor or a vendor that specializes in data erasure is crucial. Depending on your needs, there are a variety of data wiping methods available.
Certified data erasure is the only method that leaves the asset’s hard drive intact for resale or donation. Three swipes is the bare minimum, but seven is recommended for more sensitive data (and required by the US Department of Defense). Data erasure applications may be destructive or non-destructive – both methods overwrite data to make it irretrievable.
Physical destruction must be done thoroughly, and rigorous testing must be done to verify data irretrievability. Methods such as hand drilling are proven to be unreliable.
Degaussing uses high-powered magnets to erase hard drives and makes them unusable. This is the most expensive option; degaussing devices can be purchased or rented.
Info-Tech Best Practice
Data wiping can be done onsite or can be contracted to an ITAD partner. Using an ITAD partner can ensure greater security at a more affordable price.
Work these rules into your disposition policy to mitigate data loss risk.
3.2.3 Build a Hardware Asset Disposition Policy
Implementation of a HAM program is a waste of time if you aren’t going to maintain it. Maintenance requires the implementation of detailed policies, training, and an ongoing commitment to proper management.
Use Info-Tech’s Hardware Asset Disposition Policy to:
Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.
Complete these steps on your own or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.
Proposed Time to Completion: 4 weeks
Start with an analyst kick-off call:
Then complete these activities…
With these tools & templates:
Review findings with analyst:
Then complete these activities…
With these tools & templates:
Phase 3 Insight: Not all assets are created equal. Taking a blanket approach to asset maintenance and security is time consuming and costly. Focus on the high-cost, high-use, and data-sensitive assets first.
3.1.4 Revise or create an asset security policy
Discuss asset security challenges within the organization; brainstorm reasons the challenges exist and process changes to address them. Document a new asset security policy.
3.2.2 Design hardware asset recovery and disposal workflows
Document each step in the hardware asset recovery and disposal process, including all decision points. Examine challenges and amend the workflow to address them.
Industry Networking
Source Cisco IT
Even though Cisco Systems had designed a comprehensive asset management program, implementing it across the enterprise was another story.
An effective solution, complete with a process that could be adopted by everyone within the organization, would require extensive internal promotion of cost savings, efficiencies, and other benefits to the enterprise and end users.
Cisco’s asset management problem was as much a cultural challenge as it was a process challenge.
The ITAM team at Cisco began discussions with departments that had been tracking and managing their own assets.
These sessions were used as an educational tool, but also as opportunities to gather internal best practices to deploy across the enterprise.
Eventually, Cisco introduced weekly meetings with global representation to encourage company-wide communication and collaboration.
“By establishing a process for managing PC assets, we have cut our hardware costs in half.” – Mark Edmonson, Manager – IT Services Expenses
Cisco reports that although change was difficult to adopt, end-user satisfaction has never been higher. The centralized asset management approach has resulted in better contract negotiations through better data access.
A reduced number of hardware and software platforms has streamlined tracking and support, and will only drive down costs as time goes on.
4.1 Plan Budget
4.2 Communicate & Build Roadmap
This step will walk you through the following activities:
4.1 Use Info-Tech’s HAM Budgeting Tool to plan your hardware asset budget
This step involves the following participants:
While some asset managers may not have experience managing budgets, there are several advantages to ITAM owning the hardware budget:
Your IT budget should be realistic, accounting for business needs, routine maintenance, hardware replacement costs, unexpected equipment failures, and associated support and warranty costs. Know where to find the data you need and who to work with to forecast hardware needs as accurately as possible.
Plan for:
Take into account:
Where do I find the information I need to budget accurately?
4.1.1 Build HAM budget
This tool is designed to assist in developing and justifying the budget for hardware assets for the upcoming year. The tool will allow you to budget for projects requiring hardware asset purchases as well as equipment requiring refresh and to adjust the budget as needed to accommodate both projects and refreshes. Follow the instructions on each tab to complete the tool.
The most successful relationships have a common vocabulary. Thus, it is important to translate “tech speak” into everyday language and business goals and initiatives as you plan your budget.
One of the biggest barriers that infrastructure and operations team face with regards to equipment budgeting is the lack of understanding of IT infrastructure and how it impacts the rest of the organization. The biggest challenge is to help the rest of the organization overcome this barrier.
There are several things you can do to overcome this barrier:
Info-Tech Insight
Err on the side of inviting more discussion. Your budgeting process relies on business decision makers and receiving actionable feedback requires an ongoing exchange of information.
Getting business users to support regular investments in maintenance relies on understanding and trust. Present the facts in plain language. Provide options, and clearly state the impact of each option.
Example: Your storage environment is nearing capacity.
Don’t:
Explain the project exclusively in technical terms or slang.
“We’re exploring deduping technology as well as cheap solid state, SATA, and tape storage to address capacity.”
Do:
“Deduplication technology can reduce our storage needs by up to 50%, allowing us to defer a new storage purchase.”
“Without implementing deduplication technology, we will need to purchase additional storage by the end of the year at an estimated cost of $25,000.”
“This is a cost-effective technique to increase storage capacity to manage annual average data growth at around 20% per year.”
4.1 Plan Budget
4.2 Communicate & Build Roadmap
This step will walk you through the following activities:
4.2 Develop a HAM implementation roadmap
This step involves the following participants:
As part of your communication plan and overall HAM implementation, training should be provided to end users within the organization.
All facets of the business, from management to new hires, should be provided with ITAM training to help them understand their role in the project’s success.
ITAM solutions are complex by nature with both business process and technical knowledge required to use them correctly. Keep the message appropriate to the audience – end users don’t need to know the complete process, but will need to know policy and how to request.
Management may have priorities that appear to clash with new processes. Engage management by making them aware of the benefits and importance of ITAM. Include the benefits and consequences of not implementing ITAM in your education approach. Encourage them to support efforts by reinforcing your messages to end users.
New hires should have ITAM training bundled into their onboarding process. Fresh minds are easier to train and the ITAM program will be seen as an organizational standard, not merely a change.
Policy documents can help summarize end users’ obligations and clarify processes. Consider an IT Resources Acceptable UsePolicy.
"The lowest user is the most important user in your asset management program. New employees are your most important resource. The life cycle of the assets will go much smoother if new employees are brought on board." – Tyrell Hall, ITAM Program Coordinator
Info-Tech Insight
During training, you should present the material through the lens of “what’s in it for me?” Otherwise, you risk alienating end users through implementing organizational change viewed as low value.
Info-Tech Insight
Use policy templates to jumpstart your policy development and ensure policies are comprehensive, but be sure to modify and adapt policies to suit your corporate culture or they will not gain buy-in from employees. For a policy to be successful, it must be a living document and have participation and involvement from the committees and departments to whom it will pertain.
4.2.1 Build HAM policies
Use these HAM policy templates to get started:
Information Technology Standards Policy
This policy establishes standards and guidelines for a company’s information technology environment to ensure the confidentiality, integrity, and availability of company computing resources.
Desktop Move/Add/Change Policy
This desktop move/add/change policy is put in place for users to request to change their desktop computing environments. This policy applies configuration changes within a company.
The purchasing policy helps to establish company standards, guidelines, and procedures for the purchase of all information technology hardware, software, and computer-related components as well as the purchase of all technical services.
Hardware Asset Disposition Policy
This policy assists in creating guidelines around disposition in the last stage of the asset lifecycle.
Info-Tech Insight
Use policy templates to jumpstart your policy development and ensure policies are comprehensive, but modify and adapt them to suit your corporate culture or they will not gain buy-in from employees. For a policy to be successful, it must be a living document and have participation from the committees and departments to whom it will pertain.
Communication is crucial to the integration and overall implementation of your ITAM program. An effective communication plan will:
Use the variety of components as part of your communication plan in order to reach the organization.
4.2.2 Develop a communication plan to convey the right messages
Document in the HAM Communication Plan
Group | Benefits | Impact | Method | Timeline |
---|---|---|---|---|
Service Desk | Improve end-user device support | Follow new processes | Email campaign | 3 months |
Executives | Mitigate risks, better security, more data for reporting | Review and sign off on policies | ||
End Users | Smoother request process | Adhere to device security and use policies | ||
Infrastructure | Faster access to data and one source of truth | Modified processes for centralized procurement and inventory |
Now that your asset lifecycle environment has been constructed in full, it’s time to study it. Gather data about your assets and use the results to create reports and new solutions to continually improve the business.
↑ ITAM Program Maturity
To integrate your ITAM program into your organization effectively, a clear implementation roadmap needs to be designed. Prioritize “quick wins” in order to demonstrate success to the business early and gain buy-in from your team. Long-term goals should be designed that will be supported by the outcomes of the short-term gains of your ITAM program.
Short-term goal | Long-term goal |
---|---|
Identify inventory classification and tool (hardware first) | Hardware contract data integration (warranty, maintenance, lease) |
Create basic ITAM policies and processes | Continual improvement through policy impact review and revision |
Implement ITAM auto-discovery tools | Software compliance reports, internal audits |
Info-Tech Insight
Installing an ITAM tool does not mean you have an effective asset management program. A complete solution needs to be built around your tool, but the strength of ITAM comes from processes embedded in the organization that are shaped and supported by your ITAM data.
4.2.3 Develop a HAM implementation roadmap
Document in the IT Hardware Asset Management Implementation Roadmap
Act → Plan → Do → Check
Once ITAM is in place in your organization, a focus on continual improvement creates the following benefits:
Info-Tech Best Practice
Look for new uses for ITAM data. Ask management what their goals are for the next 12-18 months. Analyze the data you are gathering and determine how your ITAM data can assist with achieving these goals.
Call 1-888-670-8889 or email GuidedImplementations@InfoTech.com for more information.
Complete these steps on your own or call us to complete a guided implementation. A guided implementation is a series of 2-3 advisory calls that help you execute each phase of a project. They are included in most advisory memberships.
Start with an analyst kick-off call:
Then complete these activities…
With these tools & templates:
HAM Budgeting Tool
Review findings with analyst:
Then complete these activities…
With these tools & templates:
HAM policy templates
HAM Communication Plan
HAM Implementation Roadmap
4.1.1 Build a hardware asset budget
Review upcoming hardware refresh needs and projects requiring hardware purchases. Use this data to forecast and budget equipment for the upcoming year.
4.2.2 Develop a communication plan
Identify groups that will be affected by the new HAM program and for each group, document a communications plan.
HAM is more than just tracking inventory. A mature asset management program provides data for proactive planning and decision making to reduce operating costs and mitigate risk.
ITAM is not just IT. IT leaders need to collaborate with Finance, Procurement, Security, and other business units to make informed decisions and create value across the enterprise.
Treat HAM like a process, not a project. HAM is a dynamic process that must react and adapt to the needs of the business.
For asset management to succeed, it needs to support the business. Engage business leaders to determine needs and build your HAM program around these goals.
Bridge the gap between IT and Finance to build a smoother request and procurement process through communication and routine reporting. If you’re unable to affect procurement processes to reduce time to deliver, consider bringing inventory onsite or having your hardware vendor keep stock, ready to ship on demand.
Not all assets are created equal. Taking a blanket approach to asset maintenance and security is time consuming and costly. Focus on the high-cost, high-use, and data-sensitive assets first.
Deploying a fancy ITAM tool will not make hardware asset management implementation easier. Implementation is a project that requires you focus on people and process first – the technology comes after.
Implement Software Asset Management
Build an End-User Computing Strategy
Find the Value – and Remain Valuable – With Cloud Asset Management
Consolidate IT Asset Management
Chalkley, Martin. “Should ITAM Own Budget?” The ITAM Review. 19 May 2011. Web.
“CHAMP: Certified Hardware Asset Management Professional Manual.” International Association of Information Technology Asset Managers, Inc. 2008. Web.
Foxen, David. “The Importance of Effective HAM (Hardware Asset Management).” The ITAM Review. 19 Feb. 2015. Web.
Foxen, David. “Quick Guide to Hardware Asset Tagging.” The ITAM Review. 5 Sep. 2014. Web.
Galecki, Daniel. “ITAM Lifecycle and Savings Opportunities – Mapping out the Journey.” International Association of IT Asset Managers, Inc. 16 Nov. 2014. Web.
“How Cisco IT Reduced Costs Through PC Asset Management.” Cisco IT Case Study. 2007. Web.
Irwin, Sherry. “ITAM Metrics.” The ITAM Review. 14 Dec. 2009. Web.
“IT Asset and Software Management.” ECP Media LLC, 2006. Web.
Rains, Jenny. “IT Hardware Asset Management.” HDI Research Brief. May 2015. Web.
Riley, Nathan. “IT Asset Management and Tagging Hardware: Best Practices.” Samanage Blog. 5 March 2015. Web.
“The IAITAM Practitioner Survey Results for 2016 – Lean Toward Ongoing Value.” International Association of IT Asset Managers, Inc. 24 May 2016. Web.
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Equip managers to become more effective with managing remote teams.
The workbook serves as a reference guide participants will use to support formal training.
Many organizations are developing plans to allow employees more flexible work options, including remote work. Use these resources to help managers and employees make the most of remote work arrangements.
Describe the benefits of virtual teams.
Create a plan for adopting effective management practices and setting clear expectations with virtual teams.
Identify potential solutions to the challenges of managing performance and developing members of virtual teams.
Create an action plan to increase effectiveness in managing virtual teams.
People managers who manage or plan to manage virtual teams.
Two three-hour sessions
Section 1 |
Section 2 |
||
---|---|---|---|
10 min |
Welcome: Overview & Introductions
|
10 min |
Welcome: Overview & Introductions
|
50 min |
1.1 Introduction to virtual teams
|
55 min |
2.1 Managing wellbeing in a virtual team context
|
5 min |
Break |
5 min | Break |
45 min |
1.2 Laying the foundation for a virtual team
|
60 min |
2.2 Managing performance in a virtual team context
|
10 min |
Break |
10 min | Break |
55 min |
1.2 Laying the foundation for a virtual team
|
40 min |
Action planning & conclusion
|
5 min |
Session 1 Wrap-Up |
Review all slides and adjust the language or content as needed to suit your organizational context and culture.
The pencil icon to the left denotes slides requiring customization of the slide and/or the speaker’s notes, e.g. adding in an organization-specific process.
Customization instructions are found in the notes pane.
Practical foundations for managing teams in a remote environment
Most organizations are planning some combination of remote and onsite work in 2022.
Source: IT Talent Trends, 2022; n=199
Most organizations are planning some combination of remote and onsite work in 2022 – the highest reported plans for WFH were hybrid, balanced, and partial work-from-home. This builds on our findings in the IT Talent Trends 2022 report.
What percentage of roles in IT are capable of being performed remotely permanently?
IT Talent Trends, 2022; n=207
80% of respondents estimated that 50 to 100% of IT roles can be performed remotely.
A virtual team is any team that has members that are not colocated and relies on technology for communications.
Before we start, it will be useful to review what we mean by the term “virtual team.” For our purposes we will be defining a virtual team as any team that has members that are not colocated and relies on technology for communications.
There are a wide variety of virtual work arrangements and a variety of terms used to describe them. For example, some common terms include:
Our definition of virtual work covers all of these terms. It is also distance neutral, meaning that it applies equally to teams that are dispersed globally or regionally or even those working in the same cities but dispersed throughout different buildings. Our definition also applies whether virtual employees work full time or part time.
The challenges facing managers arise as soon as some team members are not colocated and have to rely on technology to communicate and coordinate work. Greater distances between employees can complicate challenges (e.g. time zone coordination), but the core challenges of managing virtual teams are the same whether those workers are merely located in different buildings in the same city or in different buildings on different continents.
Working on your own, take five minutes to figure out what kind of virtual team you lead.
Download the Workbook: Equip Managers to Effectively Manage Virtual Teams
Benefits to the organization |
Benefits to employees |
---|---|
Operational continuity in disaster situations that prevent employees from coming into the office. |
Cost savings: Employees who WFH half the time can save $2,500 to $4,000 per year (Global Workplace Analytics, 2021). |
Cost savings: Organizations save ~$11,000 annually per employee working from home half the time (Global Workplace Analytics, 2021). |
Time savings: Employees who WFH half the time save on average 11 workdays per year (Global Workplace Analytics, 2021). |
Increased attraction: 71% of employees would likely choose one employer over another based on WFH offerings (Owl Labs, 2021). |
Improved wellbeing: 83% employees agree that WFH would make them happier. 80% agree that WFH would decrease their stress. 81% agree that WFH would improve their ability to manage their work-life balance. (Owl Labs, 2021) |
Increased retention: 74% of employees would be less likely to leave their employer if they could WFH (Owl Labs, 2021). |
Increased flexibility: 32% of employees rated the “ability to have a flexible schedule” as the biggest benefit of WFH (OWL Labs, 2021). |
Increased productivity: 50% of employees report they would maintain or increase their productivity while working from home (Glassdoor Team, 2020). |
|
Increased engagement: Offsite employees tend to have higher overall engagement than onsite employees (McLean & Company Engagement Survey, 2020). |
Remote work arrangements are becoming more and more common, and for good reason: there are a lot of benefits to the organization – and to employees.
Perhaps one of the most common reasons for opting for remote-work arrangements is the potential cost savings. One study found that organizations could save about $11,000 per employee working from home half the time (Global Workplace Analytics, 2021).
In addition, supporting remote-work arrangements can attract employees. One study found that 71% of employees would likely choose one employer over another based on WFH offerings (Owl Labs, 2019).
There are also improvements to productivity. Fifty percent of employees report they would maintain or increase their productivity while working from home (Glassdoor Team, 2020).
Remote work also has benefits to employees.
As with organizations, employees also benefit financially from remote work arrangements, saving between $2,500 and $4,000 and on average 11 working days while working from home half of the time.
Most employees agree that working from home makes them happier, reduces stress, and provides an improved work-life balance through increased flexibility.
Many of these barriers can be addressed by changing traditional mindsets and finding alternative ways of working, but the traditional approach to work is so entrenched that it has been hard to make the shift.
Many organizations are still grappling with the challenges of remote work. Some are just perceived challenges, while others are quite real.
Limited innovation and a lack of informal interaction are a potential consequence of failing to properly adapt to the remote-work environment.
Leaders also face challenges with remote work. Losing in-person supervision has led to the lack of trust and a perceived drop in productivity.
A study conducted 2021 asked remote workers to identify their biggest struggle with working remotely. The top three struggles remote workers report facing are unplugging after work, loneliness, and collaborating and/or communicating.
Seeing the struggles remote workers identify is a good reminder that these employees have a unique set of challenges. They need their managers to help them set boundaries around their work; create feelings of connectedness to the organization, culture, and team; and be expert communicators.
Download the Workbook: Equip Managers to Effectively Manage Virtual Teams
Laying the foundations for a virtual team
Inform |
Interact | Involve |
---|---|---|
↓ Down |
Connect |
↑ Up |
Tell employees the whys |
Get to know employees |
Solicit input from employees |
Effectively managing a virtual team really comes down to adopting management approaches that will engage virtual employees.
Managing a virtual team does not actually require a new management style. The basics of effective management are the same in both colocated and virtual teams; however, the emphasis on certain behaviors and actions we take often differs. Managing a virtual team requires much more thoughtfulness and planning in our everyday interactions with our teams as we cannot rely on the relative ease of face-to-face interactions available to colocated teams.
The 3i’s Engaging Management Model is useful when interacting with all employees and provides a handy framework for more planful interactions with virtual employees.
Think of your management responsibilities in these three buckets – they are the most important components of being an effective manager. We’re first going to look at inform and involve before moving on to interact.
Inform: Relay information down from senior management and leaders to employees. Communicate the rationale behind decisions and priorities, and always explain how they will directly affect employees.
Why is this important? According to McLean & Company’s Engagement Survey data, employees who say their managers keep them well informed about decisions that affect them are 3.4 times more likely to be engaged (Source: McLean & Company, 2020; N=77,363). Your first reaction to this might be “I already do this,” which may very well be the case. Keep in mind, though, we sometimes tend to communicate on a “need-to-know basis,” especially when we are stressed or short on time. Engaging employees takes more. Always focus on explaining the “why?” or the rationale behind business decisions.
It might seem like this domain should be the least affected, since important company announcements probably continue in a remote environment. But remember that information like that also flows informally. And even in formal settings, there are question-and-answer opportunities. Or maybe your employee might come to your office to ask for more details. Virtual team members can’t gather around the watercooler. They don’t have the same opportunities to hear information in passing as people who are colocated do, so managers need to make a concerted effort to share information with virtual team members in a clear and timely way.
Swinging over to the other end, we have involve: Involve your employees. Solicit information and feedback from employees and collaborate with them.
However, it’s not enough to just solicit their feedback and input; you also need to act on it.
Make sure you involve your employees in a meaningful way. Such collaboration makes employees feel like a valued part of the team. Not to mention that they often have information and perspectives that can help make your decisions stronger!
Employees who say their department leaders act on feedback from them are 3.9 times more likely to be engaged than those whose leaders don’t. (Source: McLean & Company, 2020; N=59,779). That is a huge difference!
Keeping virtual employees engaged and feeling connected and committed to the organization requires planful and regular application of the 3i’s model.
Finally, Interact: Connect with employees on a personal level; get to know them and understand who they are on a personal and professional level.
Why? Well, over and above the fact that it can be rewarding for you to build stronger relationships with your team, our data shows that human connection makes a significant difference with employees. Employees who believe their managers care about them as a person are 3.8 times more likely to be engaged than those who do not (Source: McLean & Company, 2017; N=70,927).
And you might find that in a remote environment, this is the area that suffers the most, since a lot of these interactions tend to be unscripted, unscheduled, and face to face.
Typically, if we weren’t in the midst of a pandemic, we’d emphasize the importance of allocating some budget to travel and get some face-to-face time with your staff. Meeting and interacting with team members face to face is crucial to building trusting relationships, and ultimately, an effective team, so given the context of our current circumstances, we recommend the use of video when interacting with your employees who are remote.
Relay information down from senior management to employees.
Ensure they’ve seen and understand any organization-wide communication.
Share any updates in a timely manner.
Connect with employees on a personal level.
Ask how they’re doing with the new work arrangement.
Express empathy for challenges (sick family member, COVID-19 diagnosis, etc.).
Ask how you can support them.
Schedule informal virtual coffee breaks a couple of times a week and talk about non-work topics.
Get information from employees and collaborate with them.
Invite their input (e.g. have a “winning remotely” brainstorming session).
Escalate any challenges you can’t address to your VP.
Give them as much autonomy over their work as possible – don’t micromanage.
Download the Workbook: Equip Managers to Effectively Manage Virtual Teams
Clear expectations are important in any environment, remote or not. But it is much harder to do in a remote environment. The barrier to seeking clarification is so much higher (For example, email vs. catching someone in hallway, or you can’t notice that a colleague is struggling without them asking).
Communication – This is one area where the importance actually changes in a remote context. We’ve been talking about a lot of practices that are the same in importance whether you’re in an office or remote, and maybe you just enact them differently. But clarity around communication processes is actually tremendously more important in a remote environment.
Suggested best practices: Hold daily team check-ins and hold separate individual check-ins. Increase frequency of these.
With organizational expectations set, we need to establish team expectations around how we collaborate and communicate.
Today there is no lack of technology available to support our virtual communication. We can use the phone, conference calls, videoconferencing, Skype, instant messaging, [insert organization-specific technological tools.], etc.
However, it is important to have a common understanding of which tools are most appropriate when and for what.
What are some of the communication channel techniques you’ve found useful in your informal interactions with employees or that you’ve seen work well between employees?
[Have participants share any technological tools they find useful and why.]
Whenever we interact, we make the following kinds of social exchanges. We exchange:
We need to make sure that these exchanges are happening as each team member intends. To do this, we have to be sensitive to what information is being conveyed, what emotions are involved in the interaction, and how we are motivating each other to act through the interaction. Every interaction will have intended and unintended effects on others. No one can pay attention to all of these aspects of communication all the time, but if we develop habits that are conducive to successful exchanges in all three areas, we can become more effective.
In addition to being mindful of the exchange in our communication, as managers it is critical to build trusting relationships and rapport with employees as we saw in the 3i's model. However, in virtual teams we cannot rely on running into someone in the kitchen or hallway to have an informal conversation. We need to be thoughtful and deliberate in our interactions with employees. We need to find alternative ways to build these relationships with and between employees that are both easy and accepted by ourselves and employees. Because of that, it is important to set communication norms and really understand each other’s preferences. For example:
Download the Workbook: Equip Managers to Effectively Manage Virtual Teams
Section 2.1
Balancing wellbeing and performance in a virtual team context
44% of employees reported declined mental wellbeing since the start of the pandemic.
"If one of our colleagues were to fall, break their leg, and get a cast, colleagues would probably rally around that person signing their cast. But, really, we don’t view the health of our brain the same as we do the health of our body."
– Centre for Addiction and Mental Health (CAMH) Employee
Despite being over two years into the pandemic, we are still seeing its effect on the physical and mental health of employees.
The mental health aspect has been often overlooked by organizations, but in order to have a safe, happy, and productive team, you need to give mental health the same level of focus as physical heath. This requires a change in mindset in order for you as a leader to support your team's mental wellbeing during the pandemic and beyond.
Employees report increasingly high levels of stress from the onset of COVID-19, stating that it has been the most stressful time in their careers.
(Qualtrics, 2020)
Similarly, employees’ anxiety levels have peaked because of the pandemic and the uncertainty it brings.
(Qualtrics, 2020)
The stress and uncertainty about the future caused by the pandemic and its fallout are posing the biggest challenges to employees.
Organizations shutting down operations, moving to fully remote, or requiring some of their employees to be on site based on the current situation causes a lot of anxiety as employees are not able to plan for what is coming next.
Adding in the loss of social networks and in-person interactions exacerbates the problem employees are facing. As leaders, it is your job to understand and mitigate these challenges wherever possible.
New Barriers |
Old Barriers |
---|---|
|
|
Organizational barriers to mental wellbeing are sadly not new. Workloads, stigma around mental health, lack of sick days, and limits to benefits for mental health supports were challenges before the pandemic. Adding in the new barriers can very easily result in a tipping point for many employees who are simply not equipped to deal with or supported in dealing with the added burden of remote work in a post-pandemic world.
To provide the needed support to your employees, it’s important to be mindful of the key considerations.
The physical body; ensuring a person has the freedom, opportunities, and resources needed to sustainably maintain bodily health.
The psychological ability to cope with information, emotions, desires, and stressors (e.g. change, threats, etc.) in a healthy and balanced way. Essential for day-to-day living and functioning.
The state of personal and professional relationships, including personal and community engagement. The capability for genuine, authentic, and mutually affirming interactions with others.
The state of a person’s finances; ensuring that a person feels capable to handle their financial situation and behaviors. The ability to live productively without the weight of financial stress.
As a manager, you need to be mindful of all of these. Create an atmosphere where people are able to come to you for help if they are struggling in one of these areas. For example, some people might be more comfortable raising physical safety or comfort concerns (personal protective equipment, ergonomics) than concerns about mental health. Or they might feel like their feelings of loneliness are not appropriate to bring into their professional life.
Wellbeing is a delicate subject, and most of the time, people are reluctant to talk about it. It requires vulnerability. And here’s the thing about it: Your staff will not drive a change in your team around making these topics more acceptable. It has to be the manager. You have to be the one to not just tell but show them that it’s OK to talk about this
As a leader, your focus should be on encouraging the right behaviors on your team and in yourself.
Show empathy; allowing room for emotion and showing you are willing and able to listen goes a long way to establishing trust.
A growth mindset applies to resilience too. A person with a growth mindset is more likely to believe that even though they’re struggling now, they will get through it.
Infuse fun – schedule social check-ins. This is not wasted time, or time off work – it is an integral part of the workday. We have less of it now organically, so you must bring it back deliberately. Remember that theme? We are deliberately reinfusing important organic elements into the workday.
The last item, empowerment, is interesting – being clear on accountability. Have clear performance expectations. It might sound like telling people what to do would be disempowering, but it’s the opposite. By clarifying the goals of what they need to achieve, you empower them to invent their own “how,” because you and they are both sure they will arrive at the place that you agreed on. We will talk more about this in performance management.
Emphasize the importance of wellbeing with what you do. If you do not model self-care behavior, people will follow what you do, not what you say.
Lead by example – Live the behaviors you want to see in your employees. If you show confidence, positivity, and resiliency, it will filter down to your team.
Encourage open communication – Have regular meetings where your team is able to set the agenda, or allow one-on-ones to be guided by the employee. Make sure these are scheduled and keep them a priority.
Acknowledge the situation – Pretending things are normal doesn’t help the situation. Talk about the stress that the team is facing and express confidence that you will get through it together.
Promote wellbeing – Take time off, don’t work when you’re sick, and you will be better able to support your team!
Reduce stigma – Call it out when you see it and be sure to remind people of and provide access to any supports that the organization has.
Going back to the idea of a growth mindset – this may be uncomfortable for you as a manager. So here’s a step-by-step guide that over time you can morph into your own style.
With your team – be prepared to share first and to show it is OK to be vulnerable and address wellbeing seriously.
As a leader, it is important to be on the lookout for warning signs of burnout and know when to step in and direct individuals to professional help.
Poor work performance – They struggle to maintain work performance, even after you’ve worked with them to create coping strategies.
Overwhelmed – They repeatedly tell you that they feel overwhelmed, very stressed, or physically unwell.
Frequent personal disclosure – They want to discuss their personal struggles at length on a regular basis.
Trouble sleeping and focusing – They tell you that they are not sleeping properly and are unable to focus on work.
Frequent time off – They feel the need to take time off more frequently.
Strained relationships – They have difficulty communicating effectively with coworkers; relationships are strained.
Substance abuse – They show signs of substance abuse (e.g. drunk/high while working, social media posts about drinking during the day).
Keeping an eye out for these signs and being able to step in before they become unmanageable can mean the difference between keeping and losing an employee experiencing burnout.
If you’ve got managers under you, be mindful of their unique stressors. Don’t forget to check in with them, too.
If you are a manager, remember to take care of yourself and check in with your own manager about your own wellbeing.
Download the Workbook: Equip Managers to Effectively Manage Virtual Teams
A survey indicated that, overall, remote employees showed less satisfaction with manager interactions compared to other non-remote employees.
In many cases, we have put people into virtual roles because they are self-directed and self-motivated workers who can thrive with the kind of autonomy and flexibility that comes with virtual work. As managers, we should expect many of these workers to be proactively interested in how they are performing and in developing their careers.
It would be a mistake to take a hands-off approach when managing virtual workers. A recent survey indicated that, overall, remote employees showed less satisfaction with manager interactions compared to other non-remote employees. It was also one of the aspects of their work experience they were least satisfied with overall (Gallup, State of the American Workplace, 2017). Simply put, virtual employees are craving more meaningful conversations with their managers.
While conversations about performance and development are important for all employees (virtual or non-virtual), managers of remote teams can have a significant positive impact on their virtual employees’ experience and engagement at work by making efforts to improve their involvement and support in these areas.
During this module we will work together to identify ways that each of us can improve how we manage the performance of our virtual employees. At the end of the module everyone will create an action plan that they can put in place with their own teams. In the next module, we go through a similar set of activities to create an action plan for our interactions with employees about their development.
[Include a visualization of your existing performance management process in the slide. Walk the participants through the process to remind them of what is expected. While the managers participating in the training should know this, there may be different understandings of it, or it might just be the case that it’s been a while since people looked at the official process. The intention here is merely to ensure everyone is on the same page for the purposes of the activities that follow.]
Now that we’ve reviewed performance management at a high level, let’s dive into what is currently happening with the performance management of virtual teams.
I know that you have some fairly extensive material at your organization around how to manage performance. This is fantastic. And we’re going to focus mainly on how things change in a virtual context.
When measuring progress, how do you as a manager make sure that you are comfortable not seeing your team physically at their desks? This is the biggest challenge for remote managers.
Download the Workbook: Equip Managers to Effectively Manage Virtual Teams
When assisting your employees with their goals, think about the organization’s overall mission and goals to help you determine team and individual goals.
Sometimes it’s difficult to get employees thinking about goals and they need assistance from managers. It’s also important to be clear on team goals to help guide employees in setting individual ones.
The basic idea is to show people how their individual day-to-day work contributes to the overall success of the organization. It gives them a sense of purpose and a rationale, which translates to motivation. And also helps them problem solve with more autonomy.
You’re giving people a sense of the importance of their own contribution.
Tailor performance goals to address any root causes of poor performance.
For example:
Focus on results: Be flexible about how and when work gets done, as long as team members are hitting their targets.
Encourage your team members to unplug: If they’re sending you emails late at night and they haven’t made an alternate work hours agreement with you, encourage them to take time away from work.
How well tasks are accomplished
Related to specific employee actions, skills, or attitudes
How much work gets done
Holistic measures demonstrate all the components required for optimal performance. This is the biggest driver in having comfort as a manager of a remote team and avoiding micromanagement. Typically these are set at the organizational level. You may need to adjust for individual roles, etc.
Metrics come in different types. One way to ensure your metrics capture the full picture is to use a mix of different kinds of metrics.
Some metrics are quantitative: they describe quantifiable or numerical aspects of the goal. This includes timeliness. On the other hand, qualitative metrics have to do with the final outcome or product. And behavioral metrics have to do with employees' actions, skills, or attitudes. Using different kinds of metrics together helps you set holistic measures, which capture all the components of optimal performance toward your goal and prevent gaming the system.
Let's take an example:
A courier might have an objective to do a good job delivering packages. An example of a quantitative measure might be that the courier is required to deliver X number of packages per day on time. The accompanying metrics would be the number of packages delivered per day and the ratio of packages delivered on time vs. late.
Can you see a problem if we use only these quantitative measures to evaluate the courier's performance?
Wait to see if anyone volunteers an answer. Discuss suggestions.
That's right, if the courier's only goal is to deliver more packages, they might start to rush, may ruin the packages, and may offer poor customer service. We can help to guard against this by implementing qualitative and behavioral measures as well. For example, a qualitative measure might be that the courier is required to deliver the packages in mint condition. And the metric would be the number of customer complaints about damaged packages or ratings on a satisfaction survey related to package condition.
For the behavioral aspect, the courier might be required to provide customer-centric service with a positive attitude. The metrics could be ratings on customer satisfaction surveys related to the courier's demeanor or observations by the manager.
It’s crucial to acknowledge that an employee might have an “off week” or need time to balance work and life – things that can be addressed with performance management (PM) techniques. Managers should move into the process for performance improvement when:
Always use video calls instead of phone calls when possible so that you don’t lose physical cues and body language.
Adding HR/your leader to a meeting invite about performance may cause undue stress. Think through who needs to participate and whether they need to be included in the invite itself.
Ensure there are no misunderstandings by setting context for each discussion and having the employee reiterate the takeaways back to you.
Don’t assume the intent behind the behavior(s) being discussed. Instead, just focus on the behavior itself.
Be sure to adhere to any relevant HR policies and support systems. Working with HR throughout the process will ensure none are overlooked.
There are a few best practices you should follow when having performance conversations:
Download the Workbook: Equip Managers to Effectively Manage Virtual Teams
As we have seen, our virtual employees crave more meaningful interactions with their managers. In addition to performance conversations, managers should also be having regular discussions with their employees about their employee development plans. One key component of these discussions is career planning. Whether you are thinking shorter term – how to become better at their current role – or longer term – how to advance beyond their current role – discussions about employee development are a great way to engage employees. Employees are ultimately responsible for creating and executing their own development plans, but managers are responsible for making sure that employees have thought through these plans and helping employees identify opportunities for executing those plans.
To help us think about our own employee development practices, identify challenges they pose when working with virtual employees, and create solutions to these challenges, it is useful to think about employee development opportunities according to three types:
According to McLean & Company, organizations should use the “70-20-10” rule as a rough guideline when working with employees to create their development plans: 10% of the plan should be dedicated to formal training opportunities, 20% to relational learning, and 70% to experiential learning. Managers should work with employees to identify their performance and career goals, ensure that their development plans are aligned with these goals, and include an appropriate mixture of all three kinds of development opportunities.
To help identify challenges and solutions, think about how virtual work arrangements will impact the employee’s ability to leverage each type of opportunity at our organization.
Here are some examples that can help us start thinking about the kinds of challenges virtual employees on our team face:
Now that we have considered some general examples of challenges and solutions, let’s look at our own employee development practices and think about the practical steps we can take as managers to improve employee development for our virtual employees.
[Customize this slide according to your organization’s own policies and processes for employee development. Provide useful images that outline this on the slide, and in these notes describe the processes/policies that are in place. Note: In some cases policies or processes may not be designed with virtual employees or virtual teams in mind. That is okay for the purposes of this training module. In the following activities participants will discuss how they apply these policies and processes with their virtual teams. If your organization is interested in adapting its policies/processes to better support virtual workers, it may be useful to record those conversations to supplement existing policies later.]
Now that we have considered some general examples of challenges and solutions, let’s look at our own employee development practices and think about the practical steps we can take as managers to improve employee development for our virtual employees.
Download the Workbook: Equip Managers to Effectively Manage Virtual Teams
Download the Workbook: Equip Managers to Effectively Manage Virtual Teams
If you would like additional support, have our analysts guide you through an info-tech workshop or guided implementation.
Contact your account representative for more information
workshops@infotech.com
1-888-670-8889
First, let’s take a moment to summarize the key things we have learned today:
Is there anything that anyone has learned that is not on this list and that they would like to share with the group?
Finally, were there any challenges identified today that were not addressed?
[Note to facilitator: Take note of any challenges not addressed and commit to getting back to the participants with some suggested solutions.]
Train managers to navigate the interpersonal challenges associated with change management and develop their communication and leadership skills. Upload this LMS module into your learning management system to enable online training.
Management skills training is needed, but organizations are struggling to provide training that makes a long-term difference in the skills managers use in their day to day.
Many training programs are ineffective because they offer the wrong content, deliver it in a way that is not memorable, and are not aligned with the IT department’s business objectives.
Assess and improve remote work performance with our ready-to-use tools.
April, Richard. “10 KPIs Every Sales Manager Should Measure in 2019.” HubSpot, 24 June 2019. Web.
Banerjea, Peter. “5 Powerful Strategies for Managing a Remote Sales Team.” Badger - Maps for field sales, n.d. Web.
Bibby, Adrianne. “5 Employers’ Awesome Quotes about Work Flexibility.” FlexJobs, 9 January 2017. Web.
Brogie, Frank. “The 14 KPIs every field sales rep should strive to improve.” Repsly, 2018. Web.
Dunn, Julie. “5 smart tips for leading field sales teams.” LevelEleven, March 2015. Web.
Edinger, Scott. “How great sales leaders coach.” Forbes, 2013. Web.
“Employee Outlook: Employee Views on Working Life.” CIPD, April 2016. Web.
Hall, Becki. “The 5 biggest challenges facing remote workers (and how to solve them).” interact, 7 July 2017. Web.
Hofstede, Geert. “National Cultural Dimensions.” Hofstede Insights, 2012. Web.
“Inventory of U.S. Greenhouse Gas Emissions and Sinks: 1990-2014 (EPA 430-R-16-002).” Environmental Protection Agency (EPA), 15 April 2016.
“Latest Telecommuting Statistics.” Global Workplace Analytics, June 2021. Web.
Knight, Rebecca. “How to manage remote direct reports.” Harvard Business Review, 2015. Web.
“Rewards and Recognition: 5 ways to show remote worker appreciation.” FurstPerson, 2019. Web.
Palay, Jonathan. "How to build your sales management cadence." CommercialTribe, 22 March 2018. Web.
“Sales Activity Management Matrix.” Asian Sales Guru, 2019. Web.
Smith, Simone. “9 Things to Consider When Recognizing Remote Employees.” hppy, 2018. Web.
“State of Remote Work 2017.” OWL Labs, 2021. Web.
“State of the American Workplace.” Gallup, 2017. Web.
“Telework Savings Potential.” Global Workplace Analytics, June 2021. Web.
“The Future of Jobs Employment Trends.” World Economic Forum, 2016. Web.
“The other COVID-19 crisis: Mental health.” Qualtrics, 14 April 2020. Web.
Thompson, Dan. “The straightforward truth about effective sales leadership.” Sales Hacker, 2017. Web.
Tsipursky, Gleb. “Remote Work Can Be Better for Innovation Than In-Person Meetings.” Scientific American, 14 Oct. 2021. Web.
Walsh, Kim. “New sales manager? Follow this guide to crush your first quarter.” HubSpot, May 2019. Web.
“What Leaders Need to Know about Remote Workers: Surprising Differences in Workplace Happiness and Relationships.” TINYpulse, 2016.
Zenger, Jack, and Joe Folkman. “Feedback: The Leadership Conundrum.” Talent Quarterly: The Feedback Issue, 2015.
Anonymous CAMH Employee
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Properly selecting and implementing an enterprise application requires a proper structure. This blueprint guides you with a framework to help in such project, including steps such as assessing readiness, plan for the right resources, requirements gathering, shortlisting, obtaining and evaluating vendor responses, and preparing for implementation.
The EAS Readiness Checklist includes a list of essential tasks to be completed prior to the enterprise application selection and implementation project.
These templates are specific to either ERP, HRIS, or CRM. Each template lists out a set of modules and features allowing you to easily build your requirements.
Configure this time-saving suite of tools to your organizational culture, needs, and most importantly the desired outcome of your RFP initiative.
Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.
Review evaluation framework.
Prepare for implementation.
1.1 Support the project team in establishing the evaluation framework.
1.2 Discuss demo scripts scenarios.
1.3 Discuss next steps and key items in preparation for the implementation.
Evaluation framework considerations.
Demo script considerations.
RFP considerations.
The facilitator works with the team to verify organizational readiness for EAS project and form the EAS project team.
Level-set on organizational readiness for EAS
Organizational project alignment
2.1 Introduce the workshop and complete an overview of activities.
2.2 Complete organizational context assessment to level-set understanding.
2.3 Complete EAS readiness assessment.
2.4 Form EAS selection team.
EAS readiness assessment
Structured EAS selection team
Determine the business capabilities and process impacted by the EAS.
Determine what the business needs to get out of the EAS solution.
Build the selection roadmap and project plan.
Business and ERP solution alignment
3.1 Map business capabilities/processes.
3.2 Inventory application and data flow.
3.3 List EAS requirements.
3.4 Prioritize EAS requirements.
Business capability/process map
List or map of application + data flow
Prioritized EAS requirements
Understand EAS market product offerings.
Readying key RFP aspects and expected vendor responses.
Shortlist of vendors to elicit RFP response.
Translated EAS requirements into RFP.
4.1 Build RFP.
4.2 Build vendor response template.
Draft of RFP template.
Draft of vendor response template.
Prepare for demonstration and evaluation.
Establish evaluation criteria.
Narrow your options for ERP selection to best-fit vendors.
5.1 Run an RFP evaluation simulation.
5.2 Establish evaluation criteria.
5.3 Customize the RFP and Demonstration and Scoring Tool.
Draft of demo script template.
Draft of evaluation criteria.
Draft of RFP and Demonstration and Scoring Tool.
Enterprise application software (EAS) is a core tool that a business leverages to accomplish its goals. An EAS that is doing its job well is invisible to the business. The challenges come when the tool is no longer invisible. It has become a source of friction in the functioning of the business.
EAS systems are expensive, their benefits are difficult to quantify, and they often suffer from poor user satisfaction. Post-implementation, technology evolves, organizational goals change, and the health of the system is not monitored. This is complicated in today’s digital landscape with multiple integration points, siloed data, and competing priorities.
Too often organizations jump into selecting replacement systems without understanding the needs of the organization. Alignment between business and IT is just one part of the overall strategy. Identifying key pain points and opportunities, assessed in the light of organizational strategy, will provide a strong foundation to the transformation of the EAS system. Learning about different vendor product offerings with a rigorous approach and evaluation framework will pave way for a better selection outcome.
Hong Kwok
Research Director
Info-Tech Research Group
Your Challenge | Common Obstacles | Info-Tech’s Approach |
---|---|---|
Selecting and implementing an EAS is one of the most expensive and time-consuming technology transformations an organization can undertake. EAS projects are notorious for time and budget overruns, with only a margin of the anticipated benefits being realized. Making the wrong technology selection or failing to plan for an EAS implementation has significant – and possibly career-ending – implications. |
The EAS technology market is so vast that it is nearly impossible to know where to start or how to differentiate between vendors and products. Inadequate and incomplete requirements skew the EAS selection in one direction to another. Many EAS projects fail due to a lack of clear description and specification of functional requirements. Organizations rarely have both the sufficient knowledge and resources to properly evaluate, select, and implement an EAS, forcing them to turn to external partnerships. |
EAS selection must be driven by your organization’s overall strategy. Ensure you are ready to embark on this journey with the right resources. Determine what EAS solution fits your organization through a structured requirement gathering process to a vendor evaluation framework. Ensure strong points of integration between EAS and other software such as ERP to HRIS. No EAS should live in isolation. |
Info-Tech Insight
Accountability for EAS success is shared between IT and the business. There is no single owner of an EAS. A unified approach to building your strategy promotes an integrated roadmap so all stakeholders have clear direction on the future state.
Decision making in selection often stands on functional fit; don’t forget to consider vendor fit.
As the ERP technology market becomes increasingly saturated and difficult to decode, vendors are trying to get ahead by focusing on building a partnership, not just making a sale.
68 % of organizations are satisfied with the overall ERP vendor experience, up from 54% in 2017.
Panorama Consulting Solutions, “Report,” 2018
Our Definition: Enterprise Application Software (EAS) is a large software system that provides a broad and integrated set of features which supports a range of business operations and processes across an organization. The system is broadly deployed, provides a unified interface and data structure, allowing for higher business productivity and reporting efficiencies. Best known EAS solutions include Enterprise Resource Planning (ERP), Human Resource Information System (HRIS), and Customer Relationship Management (CRM).
More focused EAS solutions may also bring benefits to your organization, depending on the scale of operations, complexity of operations, and functions. Here are some examples:
PSA: Professional Services Automation
SCMS: Supply Chain Management System
WMS: Warehouse Management System
EAM: Enterprise Asset Management
PIMS: Product Information Management System
MES: Manufacturing Execution System
MA: Marketing Automation
Our other Selection Framework
When selecting personal or commodity applications, or mid-tier applications with spend below $100,000, use our Rapid Application Selection Framework.
Enterprise resource planning (ERP) systems facilitate the flow of information across business units. They allow for the seamless integration of systems and create a holistic view of the enterprise to support decision making.
In many organizations, the ERP system is considered the lifeblood of the enterprise. Problems with this key operational system will have a dramatic impact on the ability of the enterprise to survive and grow.
An ERP system:
ERP use cases: | Product-centric Suitable for organizations that manufacture, assemble, distribute, or manage material goods. |
Service-centric Suitable for organizations that provide and manage field services and/or professional services. |
An HRIS is used to acquire, store, manipulate, analyze, retrieve, and distribute information regarding an organization’s human resources. HRIS covers the entire employee lifecycle from recruit to retire.
An HRIS:
A CRM platform (or suite) is a core enterprise application that provides a broad feature set for supporting customer interaction processes, typically across marketing, sales and customer service. These suites supplant more basic applications for customer interaction management (such as the contact management module of an ERP or office productivity suite).
A CRM suite provides many key capabilities, including but not limited to:
A CRM provides a host of native capabilities, but many organizations elect to tightly integrate their CRM solution with other parts of their customer experience ecosystem to provide a 360-degree view of their customers.
92% of organizations report that CRM use is important for accomplishing revenue objectives.
Source: Validity, 2020
Almost 26% of companies implement HRIS is to obtain greater functionalities, while other main reasons are to increase efficiencies, support growth, and consolidate systems.
Source: SoftwarePath, 2022
Functionality of an ERP is believed to be the most important aspect by almost 40% of companies.
Source: SelectHub, 2022
Statistical analysis of ERP projects indicates rates of failure vary from 50 to 70 percent. Taking the low end of those analyst reports, one in two ERP projects is considered a failure.
Source: Electric Journal of Information Systems Evaluation.
46% of HR technology projects exceed their planned timelines.
Source: Unleash, 2020
Almost 70% of all CRM implementation projects do not meet expected objectives.
Source: Future Computing and Informatics Journal
Finance, IT, Sales, HR, and other users of the Enterprise Application system can only optimize with the full support of each other. Cooperation between departments is crucial when trying to improve the technology capabilities and customer interaction.
Drivers of Dissatisfaction | |||
---|---|---|---|
Business | Data | People and teams | Technology |
|
|
|
|
Info-Tech Insight
While technology is the key enabler of building strong customer experiences, there are many other drivers of dissatisfaction. IT must stand shoulder-to-shoulder with the business to develop a technology framework for Enterprise Applications.
NETFLIX
INDUSTRY
Entertainment
SOURCE
Forbes, 2017
Challenge Blockbuster was the industry leader in video retail but was lagging in its response to industry, consumer, and technology trends around customer experience. |
Solution |
Results Netflix used disruptive technologies to innovatively build a customer experience that put it ahead of the long-time video rental industry leader, Blockbuster. |
1. Build alignment and assemble the team | 2. Define your EAS | 3. Engage, evaluate, and select | 4. Next steps | |
Phase steps |
|
|
|
|
Phase outcomes | Discuss organizational goals and how to advance those using the EA system. Identify gaps and remediation steps in preparation of the selection. Assemble the EA selection team. | List and review business capabilities and translate into EAS requirements. Prioritize requirements for selection. | Gain an understanding of the product offerings on the market. Engage the vendors through RFPs and conduct a proper evaluation with an objective evaluation criteria and framework. | Review and discuss the different elements required in preparation for the implementation project. |
Each step of this blueprint is accompanied by supporting deliverables to help you accomplish your goals:
ERP/HRIS/CRM Requirements Template
Accelerate your requirement gathering with a pre-compiled list of common requirements.
RFx Demo Scoring Tool
Quickly compare the vendors who respond to the RFx to identify the best fit for your needs.
Key deliverable:
RFx templates
Use one of our templates to build a ready-for-distribution implementation partner RFx tailored to the unique success factors of your implementation.
DIY Toolkit | Guided Implementation | Workshop | Consulting |
---|---|---|---|
"Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful." | "Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track." | "We need to his the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place." | "Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project." |
Diagnostics and consistent frameworks are used throughout all four options
A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization.
A typical GI is between six to ten calls over the course of four to six months.
What does a typical GI on this topic look like?
Phase 1 | Phase 2 | Phase 3 | Phase 4 |
---|---|---|---|
Call #1: Scoping call to understand the current situation. Call #2: Discuss readiness and resourcing needs. |
Call #3: Discuss the capabilities and application inventory. Call #4: Discuss requirement gathering and prioritization. |
Call #5: Go over SoftwareReviews and review draft RFx. Call #6: Discuss evaluation tool and evaluation process. |
Call #7: Discuss preparation for implementation. |
Day 1 | Day 2 | Day 3 | Day 4 | Day 5 | |
---|---|---|---|---|---|
Activities |
Organizational Strategic Needs 1.1 Review the business context. 1.2 Overview of the EAS Landscape 1.2 Assess EAS project readiness 1.3 Determine the members of the EAS selection team |
From Capabilities to Requirements 2.1 Map business capabilities 2.2 Inventory application and interactions 2.3 Gather requirements 2.4 Prioritize requirements |
Vendor Landscape and Your RFP 3.1 Understanding product offerings 3.2 Build a list of targeted vendors 3.3 Build RFP 3.4 Build vendor response template |
How to Evaluate Vendors 4.1 Run a RFP evaluation simulation 4.2 Build demo script 4.3 Establish evaluation criteria |
Next Steps and Wrap-Up (offsite) 5.1 Clean up in-progress deliverables from previous four days. 5.2 Set up review time for workshop deliverables and to discuss next steps. |
Deliverables |
|
|
|
|
|
Contact your account representative for more information.
workshops@infotech.com 1-888-670-8889
Phase 1
1.1 Enterprise Application Landscape
1.2 Validate Readiness
1.3 Determine Resourcing
Phase 2
1.1 Capability Mapping
1.2 Requirements Gathering Data Mapping
1.3 Requirements Prioritizing
Phase 3
3.1 Understanding Product Offerings
3.2 RFP & Demo Scripts
3.3 Evaluation
Select and Negotiate
Phase 4
4.1 Prepare for Implementation
This phase will walk you through the following activities:
Gain an understanding of recent EAS technology.
Validate readiness before starting EAS selection.
Assemble EAS selection team through identification of key players.
This phase involves the following participants:
Key stakeholders from the various areas of the business that will support the project, including:
Select an Enterprise Application
When someone at the organization asks you WHY, you need to deliver a compelling case. The ERP project will receive pushback, doubt, and resistance; if you can’t answer the question WHY, you will be left back-peddling.
When faced with a challenge, prepare for the WHY.
Most organizations can answer “What?”
Some organizations can answer “How?”
Very few organizations have an answer for “Why?”
Each stage of the project will be difficult and present its own unique challenges and failure points. Re-evaluate if you lose sight of WHY at any stage in the project.
Prior to embarking on selection, ensure you have set the right building blocks and completed the necessary prerequisites: your strategy and roadmap, and business case.
STRATEGY & ROADMAP
Whatever EAS is required, take the time to align your strategy and roadmap to business priorities. Right-size a technology strategy by assessing deployment model alternatives and future-state options with your EAS vision, operating model, and current-state assessment as inputs. Put your strategy to action with a living roadmap by following Info-Tech’s blueprint, Develop an Actionable Strategy and Roadmap.
EAS BUSINESS CASE
Use a business case to justify the business need for your EAS project and secure funding for moving forward with the proposal. A business case will further provide executive decision makers with the tools to compare and prioritize initiatives. Drive a consistent approach to promoting successful initiatives and holding the organization accountable to the projected benefits with Info-Tech’s blueprint, Reduce Time to Consensus With an Accelerated Business Case.
Corporate strategy | Unified strategy | EAS strategy |
---|---|---|
|
|
|
Info-Tech Insight
EAS projects are more successful when the management team understands the strategic importance and the criticality of alignment. Time needs to be spent upfront aligning business strategies with EAS capabilities. Effective alignment between IT and the business should happen daily. Alignment doesn’t just to occur at the executive level alone, but at each level of the organization.
Greenfield or brownfield: Do you currently have an EAS? Do you have multiple EASs? What is the history of your EAS deployment? How customized is it?
End of life: What lifecycle stage is it in?
Utilization: Are there point solutions in your application portfolio that support some EAS capabilities? Is functionality duplicated and/or underutilized?
Reason for change: What are your organizational drivers for this EAS project (e.g. acquisition/merger)?
APPLICATION PORTFOLIO STRATEGY
Business leaders need application managers to do more than support business operations. Applications must drive business growth, and application managers need their portfolios to be current and effective and to evolve continuously to support the business or risk being marginalized. Rationalize your applications with a roadmap that propels the business forward.
Fully leveraging your current software now will have two benefits:
1 | It may turn out that poor leveraging of your incumbent software was the problem all along; switching vendors won’t solve the problem by itself. As the data to the right shows, a fifth of SMEs and a quarter of large enterprises do not fully leverage their incumbent software. |
2 | If you still decide to switch, you’ll be in a good negotiating position. If vendors can see you are engaged and fully leveraging your software, they will be less complacent during negotiations to win you over. |
20% Small/Medium Enterprises |
25% Large Enterprises |
only occasionally or rarely/never use their software |
Source: SoftwareReviews, 2020; N=45,027
Info-Tech Insight
Switching vendors won’t improve poor internal processes. To be fully successful and meet the goals of the business case, new software implementations must be accompanied by process review and improvement.
How it got here | Where it’s going |
|
|
Info-Tech Insight
Evaluating the EAS vendor landscape is becoming increasingly difficult as the playing field evens out in terms of functionality offerings. As such, it is becoming increasingly important to more meticulously evaluate vendors themselves as part of the selection process. This is especially important in EAS projects, as they tend to be multi-year in nature and result in long-term vendor partnerships.
1. On Premises | 3. Proprietary Cloud | 4. White-Label Cloud | 2. SaaS |
---|---|---|---|
|
|
|
|
Info-Tech Insight
Cloud may apply in other ways to the EAS implementation. Most vendors offer particular EAS services delivered via the cloud. For example, some vendors offers CRM, project management, and payroll self-service as cloud-based options to augment on-premises ERP solutions.
Adopt a cloud-based EAS platform if you have: | Do not adopt a cloud-based EAS platform if you have: |
Standard processes – Businesses that have standard, repeatable processes can benefit greatly from the cost savings that cloud provides, as the need for expensive customizations is greatly minimized. | Highly regulated industry – Although there is no hard evidence that says cloud-based solutions are not able to support security or compliance needs, in certain industries such as banking or insurance, cloud is not the norm and may be a tough sell for IT. |
Lean IT operations – Organizations with lean IT or no formal IT departments supporting them will find SaaS EAS particularly appealing. Those with IT that can support day-to-day operations but are not prepared for disaster recovery should also consider cloud EAS, either hosted or SaaS-based. | Unreliable network – If the business regularly faces network outages or remote employees have unreliable internet connections, a cloud-based solution may not be the best option. IT would face many complaints from disgruntled workers unable to access data. |
Mobile workforce – Telecommuting is becoming more common, as is the requirement for data to be readily available for those on the road. Using cloud is a good way to provide this functionality. | Unsavvy workforce – Organizations that prefer to be late adopters of technology may face strong resistance to taking their software to the cloud. Some employees may not like the idea of using a browser to connect to the system. |
Info-Tech Insight
Knowing when to choose a cloud EAS deployment comes down to two main factors: knowing the level of complexity required by the business, and knowing the available IT resources that can be dedicated to support and manage EAS.
The Startup | The Spinoff | The Modernizer |
---|---|---|
|
|
|
Pre-work
Current State Understanding
Business Process Improvement
Future State Vision
Resources
Project Team
Governance Structures
Third-Party Partners
Cost and Budget
Buy-in
Goals and Objectives
Exec Business Sponsorship
Stakeholder Engagement
Change Management
STRATEGY and PLANNING
ERP Strategy & Roadmap
Risk Management
Project Metrics
Without a preparedness assessment, organizations end up wasting a lot of time on resolving gaps in planning that could have been mitigated upfront, which ultimately makes the implementation project more challenging.
– Suanne McGrath-Kelly, President & Principal Consultant, Plan in Motion Inc., interviewed by Info-Tech, 2019.
Preceding tasks | Risks of proceeding unprepared |
---|---|
Project Vision Project Scope EAS Business Case Current State Map Improvement Opportunity Analysis Future State Considerations Strategic Requirements Project Metrics and Benchmarks Risk Assessment EAS Strategic Roadmap EAS Project Work Initiatives |
Misalignment of project objectives Time and cost overruns Lack of executive buy-in or support Over- or under-investment in systems Unknown and unmet system requirements Product selection misfit Misalignment of requirements to needs Inability to measure project success Inability to proactively mitigate risk impact Lack of decision-making traceability Unclear expectations of tasks and roles |
1 – 2 hours
Input | Output |
---|---|
|
|
Materials | Participants |
|
|
Download the EAS Readiness Assessment Checklist
“Each individual should understand at least one business area and have a hand in another.”
– Mark Earley
Senior Research Director,
Info-Tech Research Group
Info-Tech Insight
An EAS selection and implementation requires more than just a procurement team. The core EAS project team should be cross-functional. .
It is important to understand where your organization’s resourcing gaps are when embarking on a selection and implementation project. Once gaps are identified, the amount of external support needed from vendor(s), consultants, or system integrators can be determined.
Select from the three most commonly used resourcing strategies for EAS selection and implementation projects:
Build your implementation team
Prioritize members from your core selection team. They will have strong insight into the tool and its envisioned position in the organization.
General Roles
External Roles
Full-Time Resourcing: At least one member of these five team members must be allocated to the selection initiative as a full-time resource.
IT Leader | Technical Lead | Business Analyst/ Project Manager |
Business Lead | Process Expert(s) |
---|---|---|---|---|
This team member is an IT director or CIO who will provide sponsorship and oversight from the IT perspective. | This team member will focus on application security, integration, and enterprise architecture. | This team member elicits business needs and translates them into technology requirements. | This team member will provide sponsorship from the business needs perspective. Typically, a CXO or SVP of a business function. | These team members are the business process owners who will help steer the requirements and direction. |
Info-Tech Insight
It is critical for the selection team to determine who has decision rights. Organizational culture will play the largest role in dictating which team member holds the final say for selection decisions. For more information on stakeholder management and involvement, see this guide.
Use Info-Tech’s 15-Step Selection Process:
Strengthen your procurement. If your organization lacks a clear selection process, refer to Info-Tech's Implement a Proactive and Consistent Vendor Selection Process research to help construct a formal process for procuring application technology.
Download the Implement a Proactive and Consistent Vendor Selection Process
Implementation | |||||
---|---|---|---|---|---|
Pre-Implementation | Post-Implementation | ||||
Baseline measure | Strategic insight | Strategic action | Success measure | End result | |
Use data you already have. Any given pain point can act as your pre-implementation baseline. Previously, this measure may have been evaluated by asking “what?” or “how much?” | Move away from looking at your baseline measure as transactional data, and incorporate the ability to generate strategic insight with your EAS. Change the questions you are asking to drive insights: “who?” “why?” and “how does it affect the business?” | Support the business by putting your strategic analytics into action. Ensure there are capabilities built into your ERP to strategically address your baseline measure. Leverage these functions to act on your strategic insights. | In the interest of IT and business alignment, speak the same language when measuring success. Use a business success measurement to determine the contribution made by your EAS strategy. | Visualize your success in the context of the business as a whole. Projecting success in the interest of your stakeholders will gain and maintain buy-in, allowing you to leverage the strategic functionality of your new EAS. | |
Example | Time to Procure | Delay in time to procure caused by bottleneck in requisition processing | ERP used to create advanced workflows to streamline requisition approval process | Time efficiencies gained free up employee time to focus on more strategic efforts | Contributed to strategic operational innovation |
Functional processes | IT resource efficiency | ||||
---|---|---|---|---|---|
Functional benefits and efficiencies gained through effectively diagnosing and meeting business needs. | Benefits enabled through reductions in IT system, network, and resource usage. | ||||
Example metrics | Record to report |
|
Market to order |
|
|
Quote to cash |
|
Issue to resolution |
|
||
Procure to pay |
|
Forecast to delivery |
|
||
Plan to perform |
|
Hire to retire |
|
Improve baseline metrics through…
1 hour
Input | Output |
---|---|
|
|
Materials | Participants |
|
|
Phase 1
1.1 Enterprise Application Landscape
1.2 Validate Readiness
1.3 Determine Resourcing
Phase 2
2.1 Capability Mapping
2.2 Requirements Gathering Data Mapping
2.3 Requirements Prioritizing
Phase 3
3.1 Understanding Product Offerings
3.2 RFP & Demo Scripts
3.3 Evaluation
Select and Negotiate
Phase 4
4.1 Prepare for
Implementation
This phase will walk you through the following activities:
Identifying business processes , inventory applications and data flows, gathering requirements and prioritizing them.
This phase involves the following participants:
Key stakeholders from the various areas of the business that will support the project including:
Select an Enterprise Application
Info-Tech’s Requirements Gathering Framework is a comprehensive approach to requirements management that can be scaled to any size of project or organization. This framework ensures that the application created will capture the needs of all stakeholders and deliver business value. Don’t treat elicitation, analysis, and validation in isolation: planning, monitoring, communicating, and managing must permeate all three stages in order to avoid makeshift solutions.
When examining HRMS optimization it is important to approach it from the appropriate layer.
Capability:
Process:
Feature:
In today’s complex organizations, it can be difficult to understand where inefficiencies stem from and how performance can be enhanced.
To fix problems and maximize efficiencies, organizations must examine business capabilities and processes to determine gaps and areas of lagging performance.
Info-Tech’s HRIS framework and industry tools such as the APQC’s Process Classification Framework can help make sense of this.
Business capability map (Level 0)
If you do not have a documented process model, you can use the APQC Framework to help define your inventory of business processes.
APQC’s Process Classification Framework is a taxonomy of cross-functional business processes intended to allow the objective comparison of organizational performance within and among organizations.
In business architecture, the primary view of an organization is known as a business capability map.
A business capability defines what a business does to enable value creation rather than how.
Business capabilities:
A business capability map provides details that help the business architecture practitioner direct attention to a specific area of the business for further assessment.
Objectives | The organization’s objectives are typically outcomes that the organization is looking to achieve as a result of the business strategy. |
Value Streams | Value streams are external/internal processes that help the organization realize its goals. |
Capabilities | The what: Business capabilities support value streams in the creation and capture of value. |
Processes | The how: Business processes define how they will fulfill a given capability. |
An operating model is a framework that drives operating decisions. It helps to set the parameters for the scope of EAS and the processes that will be supported. The operating model will serve to group core operational processes. These groupings represent a set of interrelated, consecutive processes aimed at generating a common output.
Value stream defined:
Value Streams | Design Product | Produce Product | Sell Product | Customer Service |
---|---|---|---|---|
|
|
|
|
Value streams connect business goals to the organization’s value realization activities in the marketplace. Those activities are dependent on the specific industry segment in which an organization operates.
There are two types of value streams: core and support.
An effective method for ensuring all value streams have been considered is to understand that there can be different end-value receivers.
1-3 hours
Input | Output |
---|---|
|
|
Materials | Participants |
|
|
Core finance | Core HR | Workforce management | Talent Management | Warehouse management | Enterprise asset management | ||||||
---|---|---|---|---|---|---|---|---|---|---|---|
Process | Technology | Process | Technology | Process | Technology | Process | Technology | Process | Technology | Process | Technology |
|
|
|
|
|
|
||||||
Planning and budgeting | Strategic HR | Procurement | Customer relationship management | Facilities management | Project management | ||||||
Process | Technology | Process | Technology | Process | Technology | Process | Technology | Process | Technology | Process | Technology |
|
|
|
|
|
|
Low satisfaction with software selection | High satisfaction with software selection | |||
---|---|---|---|---|
Process | % Used | % Used | Process | |
Used ROI/Cost Benefit Analysis | 42% | 43% | Used ROI/Cost-Benefit Analysis | |
Used Formal Decision Criteria | 39% | 41% | Used Formal Decision Criteria | |
Approval | 33% | 37% | Enterprise Architecture Oversight and Approval | |
Security Oversight and Approval | 27% | 36% | Security Oversight and Approval | |
Used Third-Party Data Reports | 26% | 28% | Procurement/Legal Oversight and Approval | |
Enterprise Architecture Oversight and Approval | 26% | 28% | Used Third-Party Data Reports | |
Used a Consultant | 21% | 17% | Used a Consultant |
High satisfaction was defined as a response of 8, 9, or 10 from the overall recommendation question. Low satisfaction was 7 or less.
Source: SoftwareReviews, 2018
When assessing the current application portfolio that supports your EAS, the tendency will be to focus on the applications under the EAS umbrella. These relate mostly to marketing, sales, and customer service. Be sure to include systems that act as input to, or benefit due to outputs from EAS or similar applications.
Be sure to include enterprise applications that are not included in the EAS application portfolio. Popular systems to consider for POIs include billing, directory services, content management, and collaboration tools.
Integration is paramount: your EAS application often integrates with other applications within the organization. Create an integration map to reflect a system of record and the exchange of data. To increase customer engagement, channel integration is a must (i.e. with robust links to unified communications solutions, email, and VoIP telephony systems).
1-3 hours
Input | Output |
---|---|
|
|
Materials | Participants |
|
|
Sponsor | End user | IT | Business | |
---|---|---|---|---|
Description | An internal stakeholder who has final sign-off on the ERP project. | Frontline users of the ERP technology. | Back-end support staff who are tasked with project planning, execution, and eventual system maintenance. | Additional stakeholders who will be impacted by any ERP technology changes. |
Examples |
|
|
|
|
Value | Executive buy-in and support is essential to the success of the project. Often, the sponsor controls funding and resource allocation. | End users determine the success of the system through user adoption. If the end user does not adopt the system, the system is deemed useless and benefits realization is poor. | IT is likely to be responsible for more in-depth requirements gathering. IT possesses critical knowledge concerning system compatibility, integration, and data. | Involving business stakeholders in the requirements gathering will ensure alignment between HR and organizational objectives. |
Stakeholder influence vs. interest
Large-scale EAS projects require the involvement of many stakeholders from all corners and levels of the organization, including project sponsors, IT, end users, and business stakeholders. Consider the influence and interest of stakeholders in contributing to the requirements elicitation process and involve them accordingly.
Once the most significant processes have been mapped, the business requirements must be extracted from the maps and transformed into functional and non-functional requirements. The example below illustrates how to extract requirements from an insurance claim process for the Record Claim step.
Task | Input | Output | Risks | Opportunities | Condition | Sample requirements |
---|---|---|---|---|---|---|
Record customer service claim | Customer email | Case record |
|
|
|
Business:
Non-functional:
Functional:
|
Time required varies
Input | Output |
---|---|
|
|
Materials | Participants |
|
|
Prioritization is the process of ranking each requirement based on its importance to project success. Hold a meeting for the domain SMEs, implementation SMEs, project managers, and project sponsors to prioritize the requirements list. At the conclusion of the meeting, each requirement should be assigned a priority level. The implementation SMEs will use these priority levels to ensure efforts are targeted toward the proper requirements and to plan features available on each release.
Use the MoSCoW Model of Prioritization to effectively order requirements.
The MoSCoW Model of Prioritization | |
Must have | Requirements must be implemented for the solution to be considered successful. |
Should have | Requirements that are high priority should be included in the solution if possible. |
Could have | Requirements are desirable but not necessary and could be included if resources are available. |
Won't have | Requirements won’t be in the next release, but will be considered for the future releases. |
The MoSCoW model was introduced by Dai Clegg of Oracle UK in 1994. MindTools.
Criteria | Description |
---|---|
Regulatory and legal compliance | These requirements will be considered mandatory. |
Policy compliance | Unless an internal policy can be altered or an exception can be made, these requirements will be considered mandatory. |
Business value significance | Give a higher priority to high-value requirements. |
Business risk | Any requirement with the potential to jeopardize the entire project should be given a high priority and implemented early. |
Likelihood of success | Especially in “proof of concept” projects, it is recommended that requirements have good odds. |
Implementation complexity | Give a higher priority to low implementation difficulty requirements. |
Alignment with strategy | Give a higher priority to requirements that enable the corporate strategy. |
Urgency | Prioritize requirements based on time sensitivity. |
Dependencies | A requirement on its own may be low priority, but if it supports a high-priority requirement, then its priority must match it. |
Time required varies
Input | Output |
---|---|
|
|
Materials | Participants |
|
|
Highlight must-haves in the RFP
WATCH OUT!
Many vendors will try to stretch their capabilities to fit your must-have requirements. Leverage vendor demos in the next stage of selection to quickly rule out products that do not cover your critical requirements.
Completing a process inventory and a list of EAS requirements often shows process areas that need updates and improvement. Take this opportunity to highlight areas where you would benefit from knowing about most recent best practices and technologies.
Inquire about these when engaging the vendor to know their level of knowledge and how their products work best in your industry.
Determine the product knowledge areas that are specific to your implementation.
Product Knowledge | Proof of Concept Development | Customer Service | Warehousing | Core HR | Other | Overall |
Data Security | * | |||||
Process Improvements | * | * | ||||
Configuration | ||||||
Data Architecture | * | |||||
Integration | ||||||
On premise Infrastructure | ||||||
Cloud Infrastructure | * | |||||
Other |
Identify the product knowledge that is required in relation to your implementation. This can include core product knowledge and should be related to larger infrastructure and organizational requirements.
What to include | What to look at | What is differentiating |
---|---|---|
|
|
|
Info-Tech Insight
Be wary of sunsetting products! Selecting the EAS based on a good knowledge of the vendor’s roadmap allows for business operations to continue without having to repeat a selection and implementation project in the near future.
Use case: Public sector
The service-centric ERP use case is suitable for most organizations in the public sector. With that in mind, consider ERP solutions that offer grant disbursements, fleet management, and staffing/resourcing capabilities.
Product-centric ERP | Service-centric ERP | |
---|---|---|
What it is | The product-centric ERP is suitable for organizations that manufacture, assemble, distribute, or manage material goods throughout a product lifecycle. ERP vendors and/or products that align to this use case usually cater to industries such as manufacturing, retail, aerospace and defense, distribution, and food and beverage. | The service-centric ERP use case is suitable for organizations that provide and manage field services and/or professional services throughout a project lifecycle. ERP vendors and/or products that align to this use case usually cater to industries such as utilities, maintenance and repair, government, education, and professional services (i.e. consulting, legal). |
How it works | Product-centric ERP has strong functionality in supply chain management, manufacturing, procurement management, and material job and project management. | Service-centric ERP has strong functionality in resource job and project management, service management, and customer relationship management. |
What are table stakes / standard features?
What is differentiating/additional feature?
Info-Tech Insight
If table stakes are all you need from your EAS solution, the only true differentiator for the organization is price. Otherwise, dig deeper to find the best price to value for your needs.
Remove the product from your shortlist if table stakes are not met!
Common pitfalls for EAS selection
Keeping stakeholders engaged and in line
Phase 1
1.1 Enterprise Application Landscape
1.2 Validate Readiness
1.3 Determine Resourcing
Phase 2
2.1 Capability Mapping
2.2 Requirements Gathering Data Mapping
2.3 Requirements Prioritizing
Phase 3
3.1 Understanding Product Offerings
3.2 RFP & Demo Scripts
3.3 Evaluation Select and Negotiate
Phase 4
4.1 Prepare for Implementation
This phase will walk you through the following activities:
In this phase of the project, you will review your RFx and build an initial list of vendors/implementors to reach out to. The final step is to build your evaluation checklist for rating the incoming responses.
This phase involves the following participants:
Key stakeholders from the various areas of the business that will support the project including:
Select an Enterprise Application
The Product | The Vendor | The VAR |
---|---|---|
A product is the software, hardware, add-ins, and any value-added services or tools that are bundled together, e.g. SAP Rise (see What is RISE with SAP), SAP S4/HANA, etc. | A vendor can carry and sell multiple products or lines of products (e.g. Oracle sells Oracle Fusion and NetSuite, etc.). | The Value-added reseller (VAR) can sell a pre-packaged / pre-configured product. VARs are usually partners of the vendor and typically provide other packaged services including system hosting, customization, implementation, and integrations. |
Info-Tech Insight
Selecting an Enterprise Application is much more than just selecting a software or product; it is selecting a long-term platform and partner to help achieve long-term strategic goals. Refer to our blueprint Select an ERP Implementation Partner.
Next steps will include:
SoftwareReviews
The Data Quadrant is a thorough evaluation and ranking of all software in an individual category to compare platforms across multiple dimensions.
Vendors are ranked by their Composite Score, based on individual feature evaluations, user satisfaction rankings, vendor capability comparisons, and likeliness to recommend the platform.
The Emotional Footprint is a powerful indicator of overall user sentiment toward the relationship with the vendor, capturing data across five dimensions.
Vendors are ranked by their Customer Experience (CX) Score, which combines the overall Emotional Footprint rating with a measure of the value delivered by the solution.
Fact-based reviews of business software from IT professionals.
Product and category reports with state-of-the-art data visualization.
Top-tier data quality backed by a rigorous quality assurance process.
User-experience insight that reveals the intangibles of working with a vendor.
SoftwareReviews is powered by Info-Tech.
Technology coverage is a priority for Info-Tech, and SoftwareReviews provides the most comprehensive unbiased data on today’s technology. The insights of our expert analysts provide unparalleled support to our members at every step of their buying journey.
CLICK HERE to access SoftwareReviews
Comprehensive software reviews to make better IT decisions.
We collect and analyze the most detailed reviews on enterprise software from real users to give you an unprecedented view into the product and vendor before you buy.
Manufacturer and retailer utilizes Info-Tech for goal of unifying four separate ERP systems
INDUSTRY
Manufacturing
SOURCE
Info-Tech Consulting
Challenge | Solution | Results |
---|---|---|
An amalgamation of eight different manufacturing, retail, and supply brands that operated four separate ERP systems and processes across the United States had poor visibility into operations. The organization had plans to unify the brands from a systems perspective and accommodate the company’s growth in a scalable and repeatable way. Info-Tech was previously engaged to perform an Establish a Concrete ERP Foundation workshop to set the groundwork for the eventual ERP selection. |
The organization engaged Info-Tech’s consulting group to assist in requirements gathering and RFP development. Info-Tech consultants traveled to five different states to gather ERP requirements from stakeholders and identify solution requirements. Info-Tech developed an ERP requirements matrix from the organization’s processes, including technical requirements and operations/support services. |
Info-Tech matched the organization with a use case and weighted requirements to assist in future scoring. An RFP was constructed using the organization’s requirements. and distributed to 10 qualified vendors for completion. |
A quality SOW is the result of a quality RFI/RFP (RFx).
Use Info-Tech’s RFP Review as a Service to review key items and ensure your RFP will generate quality responses and SOWs.
1-2 hours
Input | Output |
---|---|
|
|
Materials | Participants |
|
|
Download the ERP Request for Proposal Template
Sections of the tool:
1 Executive Summary
2 About the Vendor
3 Understanding of the Challenge
4 Methodology
5 Proposed Solution
6 Project Plan and Timeline
7 Vendor Qualifications
8 References
9 Additional Value-Added Services
10 Additional Value-Added Goods
For an explanation of how advanced features are determined, see Information Presentation – Feature Ranks (Stoplights) in the Appendix.
Validate the vendor responses so that there are no misunderstandings with their offer. Here are key items to validate.
Key items | Why is this important? |
About the Vendor | This is where the vendor will describe itself and prove its organizational viability. |
Understanding of the Challenge | Demonstrating understanding of the problem is the first step in being able to provide a solution. |
Methodology | Shows the vendor has a proven methodology to approach and solve the challenge. |
Proposed Solution | Describes how the vendor will address the challenge. This is a very important section as it will articulate what you will receive from the vendor as a solution. |
Project Plan and Timeline | Provides an overview of the project management methodology, phases of the project, and what will be delivered and when. |
Vendor Qualifications | Provides evidence of prior experience with delivering similar projects for similar clients. |
References | Provides contact information for individuals or organizations for which the vendor has worked and who can vouch for the experience and success of working with this vendor. |
Value-Added Services and Goods | Allows vendors an opportunity to set themselves apart from the competition with additional services and/or goods applicable to your project but not covered elsewhere in the template. |
1-2 hours
Download the ERP Vendor Response Template
Input | Output |
---|---|
|
|
Materials | Participants |
|
|
Varies
Input | Output |
---|---|
|
|
Materials | Participants |
|
|
Download the EAS RFP and Demonstration Scoring Tool
Describe use cases to indicate how the various processes will operate. This technique can help end-users describe what the solution must do without needing to know how to describe requirements. Outline scenarios based on these use cases for vendors to demonstrate how their solution can fulfill business requirements.
Define
Define objectives for each specific use case.
Explore
Explore the various process paths and alternate outcomes for each use case.
Build
Build the details of the scenarios to describe the roles of the people involved and the detailed process steps to be accomplished.
Use
For each scenario, outline the expected outputs and variations.
Info-Tech Insight
Do not exceed three vendors when selecting participants for a product demonstration. Each vendor demonstration should last between one day and one week, depending on the scope of the project. Exceeding the threshold of three vendors can be massively time consuming and yield diminishing returns.
Adhere to this framework when crafting your scenarios: | |
Simple and straightforward | Series of steps |
|
|
Specific | Suitable for your business |
|
|
Add your scenarios to Info-Tech’s sample EAS demo script
Almost – or equally – as important as evaluating vendor feature capabilities is the need to evaluate vendor viability and non-functional aspects of the EAS solution. Include an evaluation of the following criteria in your vendor scoring methodology.
Vendor capability | Description |
Usability and Intuitiveness | The degree to which the system interface is easy to use and intuitive to end users. |
Ease of IT Administration | The degree to which the IT administrative interface is easy to use and intuitive to IT administrators. |
Ease of Data Integration | The relative ease with which the system can be integrated with an organization’s existing application environment including legacy systems, point solutions, and other large enterprise applications. |
Ease of Customization | The relative ease with which a system can be customized to accommodate niche or industry-specific business or functional needs. |
Vendor Support Options | The availability of vendor support options including selection consulting, application development resources, implementation assistance, and ongoing support resources. |
Availability and Quality of Training | The availability of quality training services and materials that will enable users to get the most out of the product selected. |
Product Strategy, Direction, and Rate of Improvement | The vendor’s proven ability for constant product improvement, deliberate strategic direction, and overall commitment to research and development efforts in responding to emerging trends. |
Info-Tech Insight
Evaluating the vendor capabilities, not just product capabilities, is particularly important with EAS solutions. EAS solutions are typically long-term commitments; ensure that your organization is teaming up with a vendor or provider that you feel you can work well with and depend on.
INDUSTRY
Automotive
SOURCE
Research Interview
Challenge | Solution | Results |
This company is one of the largest automotive manufacturers worldwide and has various manufacturing facilities and distribution centers across Canada. With over 8,000 employees, the company has a multifaceted health and safety program. While head office enabled and used the health and safety module within the existing HRIS, some divisions within the company found the system complex and were still relying heavily on manual entry spreadsheets for incident investigations. As a result, the company decided to explore other options. |
A project team was created, led by a project manager from head office’s IT department. The team also included health and safety specialists from across the organization, who served as subject matter experts. The team put together a project outline, a roadmap for required functionality, and a business case to present to senior leadership, highlighting benefits and potential payback. After acquiring executive sponsorship, the team developed a Request for Proposal that was sent to 11 vendors. |
Among the evaluation criteria set in the RFP, injury cost analysis and analytics on safety were identified as the most critical requirements. Based on this criteria, the team narrowed down the options to four RFP responses, which were opened to 16 different sites to ensure consensus across the company. The team developed demo scripts to guide the product demonstrations. They also built evaluation scorecards that were used to narrow down the selection to two vendors. Ultimately, the final selection decision came down to how well the vendors’ teams knew the business, and the vendor that demonstrated greater industry expertise was selected. |
1-2 hours
Info-Tech Insight
Challenge vendor project teams during product demonstrations. Asking the vendor to make adjustments or customizations on the fly will allow you to get an authentic feel for product capability and flexibility and for the degree of adaptability of the vendor project team. Ask the vendor to demonstrate how to do things not listed in your user scenarios, such as change system visualizations or design, change underlying data, add additional data sets, demonstrate collaboration capabilities, or trace an audit trail.
Before the actual demonstrations, remember to communicate to the team the scenarios to be covered. Distribute the scripts ahead of the demonstrations so that the evaluation team know what is expected from the vendors.
Input | Output |
---|---|
|
|
Materials | Participants |
|
|
A vendor scoring model is a systematic method for effectively assessing competing vendors. A weighted-average scoring model is an approach that strikes a strong balance between rigor and evaluation speed.
How do I build a scoring model? | What are some of the best practices? |
---|---|
|
|
Info-Tech Insight
Even the best scoring model will still involve some “art” rather than science – scoring categories such as vendor viability always entail a degree of subjective interpretation.
Vendor demonstrations are an integral part of the selection process. Having clearly defined selection criteria will help with setting up relevant demos and informing the vendor scorecards.
Vendor evaluation criteria (weight)
Functionality (30%) | Ease of Use (25%) |
---|---|
|
|
Cost (15%) | Vendor (15%) |
|
|
Technology (15%) | |
|
|
Info-Tech Insight
Do not buy something that does not fit your functional needs just because it is the cheapest. ERP is a massive, long-term investment. If you purchase a system that does not contain the functionality that meets the organization’s business needs, not only will you face issues with user adoption, but you may also face having to revisit your ERP project down the road. In the end, this will cost you more than it will save you.
Vendors are inevitably going to provide references that will give positive feedback, but don’t be afraid to dig into the interviews to understand some of the limitations related to the solution.
Sample Reference Check Questions
Use Info-Tech’s Sample Reference Check Questions to provide a framework and starting point for your interviews with a vendor’s previous clients. Review the questions and customize to fit your needs.
EAS solutions include application costs and costs to design processes, install, and configure. These start-up costs can be a significant factor in whether the initial purchase is feasible.
EAS vendor costs | Internal costs |
---|---|
|
|
When thinking about vendor costs, also consider the matching internal cost associated with the vendor activity (e.g. data cleansing, internal support). | Project management is a top-five critical success factor at all stages of an enterprise application initiative from planning to post-implementation (Information Systems Frontiers). Ensuring that costs for such critical areas are accurately represented will contribute to success. |
Bring in the right resources to guarantee success. Work with the PMO or project manager to get creating the SOW.
60% of IT projects are not finished “mostly or always” on time (Wellingtone, 2018).
55% of IT personnel feel that the business objectives of their software projects are clear to them (Geneca, 2017).
Download the blueprint Improve Your Statements of Work to Hold Your Vendors Accountable to define requirements for installation and configuration.
Time required varies
Customize Info-Tech’s RFP and Demonstration Scoring Tool to build an evaluation framework for vendor responses based on set criteria rather than relative comparisons.
This tool allows you to evaluate whether your organization’s requirements have been met by the vendor RFP response and provides a location for comprehensive documentation of the RFP response and demonstration details, including costing and availability/quality of product features, architecture, and vendor support.
Finally, the tool gives you the ability to evaluate your shortlisted vendors’ demonstrations.
Input | Output |
---|---|
|
|
Materials | Participants |
|
|
Time required varies
Download the EAS RFP and Demonstration Scoring Tool
Info-Tech Insight
Do not reveal your evaluation criteria to vendors. Allowing vendors to see what matters most to your organization may sway their response and/or demo. Avoid this by keeping your decided evaluation criteria and weightings among your selection team only.
Time required varies
Input | Output |
---|---|
|
|
Materials | Participants |
|
|
Download the EAS RFP and Demonstration Scoring Tool
After reviewing all vendor responses to your RFP, conducting vendor demos, and running a pilot project (if applicable) – the time has arrived to select your finalist.
All core selection team members should hold a session to score each shortlisted vendor against the criteria enumerated on the previous slide, based on an in-depth review of proposals, the demo sessions, and any pilots or technical assessments.
The vendor that scores the highest in aggregate is your finalist.
Congratulations – you are now ready to proceed to final negotiation and inking a contract. This blueprint provides a detailed approach on the mechanics of a major vendor negotiation.
Vendors will give time-limited discounts to obtain your buy-in.
Use Info-Tech’s vendor services
Info-Tech’s vendor management services has price benchmarks as well knowledgeable advisors who can help evaluate proposals to obtain the best value
Speak to a vendor management services’ advisor today.
The RFP process is a standard business practice. As a customer, you are not under any obligation to educate the vendor as to the details of acceptance or rejection. However, consider every point of contact as an opportunity to build a strong network of potential vendors to help you acquire the best products for your organization.
Use Info-Tech’s Vendor Communication Set template to communicate with the vendor following the demonstration and product evaluations. This set includes:
Rejection Notice: Inform the vendor that they are no longer under consideration and highlight opportunities for future debrief.
Approval Notice: Inform the vendor of its progress to the next stage of selection and identify next steps.
Phase 1
1.1 Enterprise Application Landscape
1.2 Validate Readiness
1.3 Determine Resourcing
Phase 2
2.1 Capability Mapping
2.2 Requirements Gathering Data Mapping
2.3 Requirements Prioritizing
Phase 3
3.1 Understanding Product Offerings
3.2 RFP & Demo Scripts
3.3 Evaluation Select and Negotiate
Phase 4
4.1 Prepare for Implementation
This phase will walk you through the following activities:
Discussion on what it takes to transition to a proper implementation.
Key stakeholders from the various areas of the business that will support the project including:
Select an Enterprise Application
Assess
Prepare
Govern and course correct
Establish and execute an end-to-end, agile framework to succeed with the implementation of a major enterprise application.
The most common project resourcing structures for enterprise projects are:
Your own staff + |
1 Management Consultant 2 Vendor Consultant 3 System Integrator |
Consider the following:
Internal vs. External Roles and Responsibilities
Clearly delineate between internal and external team responsibilities and accountabilities, and communicate this to your technology partner upfront.
Internal vs. External Accountabilities
Accountability is different than responsibility. Your vendor or SI partner may be responsible for completing certain tasks, but be careful not to outsource accountability for the implementation – ultimately, the internal team will be accountable.
Partner Implementation Methodologies
Often vendors and/or SIs will have their own preferred implementation methodology. Consider the use of your partner's implementation methodology; however, you know what will work for your organization.
Info-Tech Insight
When contemplating a resourcing structure, consider:
When to choose… | Management consultant | Vendor consultant | System integrators |
---|---|---|---|
|
|
|
Info-Tech Insight
Depending on your internal resourcing constraints and IT maturity, you may need to work with multiple partners. If this is the case, just be aware that working with multiple partners can complicate vendor relationship management and makes having a dedicated vendor or partner relationship manager even more important.
1 – 2 hours
Utilize Info-Tech’s Governance and Management of Enterprise Software Implementation to establish your team composition. Within that blueprint:
Input | Output |
---|---|
|
|
Materials | Participants |
|
|
Governance and Management of Enterprise Software Implementation
Follow our iterative methodology with a task list focused on the business must-have functionality to achieve rapid execution and to allow staff to return to their daily work sooner.
Communication | Proximity | Trust |
---|---|---|
Teams must have some type of communication strategy. This can be broken into:
|
Distributed teams create complexity as communication can break down. This can be mitigated by:
|
Members should trust that other members are contributing to the project and completing their required tasks on time. Trust can be developed and maintained by:
|
The EAS kick-off meeting(s) should encompass:
The overall objective for inter-departmental EAS kick-off meetings is to confirm that all parties agree on certain key points and understand platform rationale and functionality.
The kick-off process will significantly improve internal communications by inviting all affected internal IT groups, including business units, to work together to address significant issues before the application process is formally activated.
Department groups or designated trainers should take the lead and implement a process for:
On-Premises | SaaS-based |
---|---|
|
|
Data interchange between the EAS solution and other data sources is necessary | Formulate a comprehensive map of the systems, hardware, and software with which the EAS solution must be able to integrate. Master data needs to constantly be synchronized; without this, you lose out on one of the primary benefits of integration. These connections should be bidirectional for maximum value (i.e. marketing data to the CRM, customer data to MMS). |
Specialized projects that include an intricate prospect or customer list and complex rules may need to be built by IT | The more custom fields you have in your EAS and point solutions, the more schema mapping you will have to do. Include this information in the RFP to receive guidance from vendors regarding the ease with which integration can be achieved. |
Pay attention to legacy apps and databases | If you have a legacy EAS and databases, more custom code will be required. Many vendors claim that custom integrations can be performed for most systems, but custom comes at a cost. Don’t just ask if they can integrate; ask how long it will take and for references from organizations which have been successful in this. |
Cost element – Custom Data Integration | $ |
2 FTEs for double entry of sales order data | $ 100,000/year |
One-time migration of product data to CRM | $ 240,000 otc |
Product data maintenance | $ 60,000/year |
Customer data synchronization interface build | $ 60,000 otc |
Customer data interface maintenance | $ 10,000/year |
Data quality issues | $ 100,000/year |
New SaaS integration built in year 3 | $ 300,000 otc |
New SaaS integration maintenance | $ 150,000/year |
Cost element – Data Integration Tool | $ |
DI strategy and platform implementation | $1,500,000 otc |
DI tool maintenance | $ 15,000/year |
New SaaS integration point in year 3 | $ 300,000 otc |
Custom integration is costing this organization $300,000/year for one SaaS solution.
The proposed integration solution would have paid for itself in 3-4 years and saved exponential costs in the long run.
Info-Tech Insight
If you have a complex EAS environment, appoint data stewards for each major domain and procure a de-dupe tool. As the complexity of EAS system-to-system integrations increase, so will the chance that data quality errors will crop up – for example, bi-directional POI with other sources of customer information dramatically increase the chances of conflicting/duplicate data.
Identify and eliminate dead weight | Poor data can originate in the firm’s EAS system. Custom queries, stored procedures, or profiling tools can be used to assess the key problem areas. |
Loose rules in the EAS system lead to records of no significant value in the database. Those rules need to be fixed, but if changes are made before the data is fixed, users could encounter database or application errors, which will reduce user confidence in the system. | |
|
Create and enforce standards and policies | Now that the data has been cleaned, it’s important to protect the system from relapsing. |
Work with business users to find out what types of data require validation and which fields should have changes audited. Whenever possible, implement drop-down lists to standardize values and make programming changes to ensure that truncation ceases. | |
|
Info-Tech Insight
Data quality concerns proliferate with the customization level of your platform. The more extensive the custom integration points and module/database extensions that you have made, the more you will need to have a plan in place for managing data quality from a reactive and proactive standpoint.
Five secrets of UAT success
1 | Create the plan | With the information collected from requirements gathering, create the plan. Make sure this information is added to the main project plan documentation. |
2 | Set the agenda | The time allotted will vary depending on the functionality being tested. Ensure that the test schedule allows for the resolution of issues and discussion. |
3 | Determine who will participate | Work with relevant stakeholders to identify the people who can best contribute to system testing. Look for experienced power users who have been involved in earlier decision making about the system. |
4 | Highlight acceptance criteria | With the UAT group, pinpoint the criteria to determine system acceptability. Refer to requirements specified in use cases in the initial requirements-gathering stages of the project. |
5 | Collect end user feedback | Weaknesses in resolution workflow design, technical architecture, and existing customer service processes can be highlighted and improved with ongoing surveys and targeted interviews. |
EAS selection and implementation metrics | ||||
---|---|---|---|---|
Description | Formula | Current or estimated | Target | Post-deployment |
End-user satisfaction | # of satisfied users # of end users |
70% | 90% | 85% |
Percentage over/under estimated budget | Amount spent – 100% Budget |
5% | 0% | 2% |
Percentage over/under estimated timeline | Project length – 100% Estimated timeline |
10% | -5% | -10% |
EAS strategy metrics | ||||
---|---|---|---|---|
Description | Formula | Current or estimated | Target | Post-deployment |
Number of leads generated (per month) | # of leads generated | 150 | 200 | 250 |
Average time to resolution (in minutes) | Time spent on resolution # of resolutions |
30 minutes | 10 minutes | 15 minutes |
Cost per interaction by campaign | Total campaign spending # of customer interactions |
$17.00 | $12.00 | $12.00 |
Business needs will not stop changing whether you have an ongoing EAS or other application project. It is thus important to keep your governance efficient and streamlined to capture these needs to then make the EAS continue deliver value and remain aligned to long-term corporate objectives.
EAS technology is critical to facilitating an organization’s flow of information across business units. It allows for seamless integration of systems and creates a holistic view of the enterprise to support decision making. Having a structured approach to gathering the necessary resources, defining key requirements, and engaging with the right shortlist of vendors to pick the best finalist is crucial.
This selection guide allows organizations to execute a structured methodology for picking an EAS that aligns with their needs. This includes:
This formal EAS selection initiative will drive business-IT alignment, identify data and integration priorities, and allow for the rollout of a platform that’s highly likely to satisfy all stakeholder needs.
If you would like additional support, have our analysts guide you through other phases as part of an Info-Tech workshop.
Contact your account representative for more information.
workshops@infotech.com
1-888-670-8889
Name | Title | Organization |
---|---|---|
Anonymous | Anonymous | Telecommunications industry |
Anonymous | Anonymous | Construction material industry |
Anonymous | Anonymous | Automotive industry |
Corey Tenenbaum | Head of IT | Taiga Motors |
Mark Earley | Director, Consulting | Info-Tech Research Group |
Ricardo di Olivera | Research Director, Enterprise Applications | Info-Tech Research Group |
“2016 Report on ERP Systems and Enterprise Software.” Panorama Consulting Solutions, 2016. Web.
“2018 Report on ERP Systems and Enterprise Software.” Panorama Consulting Solutions, 2018. Web.
“2022 HRIS Software Report.” SoftwarePath, 2022 . Web
Cross-Industry Process Classification Framework (PCF) Version 7.2.1. APQC, 26 Sept. 2019. Web.
“Doomed From the Start? Why a Majority of Business and IT Teams Anticipate Their Software Development Projects Will Fail.” Geneca, 25 Jan. 2017. Web.
Farhan, Marwa Salah, et al. “A Systematic Review for the Determination and Classification of the CRM Critical Success Factors Supporting with Their Metrics.” Future Computing and Informatics Journal, vol. 3, no. 2, Dec. 2018, pp. 398–416.
Gheorghiu, Gabriel. “ERP Buyer’s Profile for Growing Companies.” SelectHub, 23 Sept. 2022. Web
“Process Frameworks.” APQC, 4 Nov. 2020. Web.
“Process vs. Capability: Understanding the Difference.” APCQ, 2017. Web.
Savolainen, Juha, et al. “Transitioning from Product Line Requirements to Product Line Architecture.” 29th Annual International Computer Software and Applications Conference (COMPSAC'05), IEEE, vol. 1, 2005, pp. 186-195, doi: 10.1109/COMPSAC.2005.160
Saxena, Deepak, and Joe McDonagh. "Evaluating ERP Implementations: The Case for a Lifecycle based Interpretive Approach." Electronic Journal of Information Systems Evaluation 22.1 (2019): pp29-37.
“SOA Reference Architecture – Capabilities and the SOA RA.” The Open Group, TOGAF, n.d. Web.
Smith, Anthony. “How To Create A Customer-Obsessed Company Like Netflix.” Forbes, 12 Dec. 2017. Web.
"The Moscow Method", MindTools. Web.
“The State of CRM Data Management 2020.” Validity, 2020. Web.
“The State of Project Management Annual Survey 2018.” Wellingtone, 2018. Web.
“Why HR Projects Fail.” Unleash, 2021. Web
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Whether you have no Service Desk customer feedback program in place or you need to improve your existing process for gathering and responding to feedback, this deck will help you design your surveys and act on their results to improve CSAT scores.
This template provides a sample transactional (ticket) satisfaction survey. If your ITSM tool or other survey mechanism allows you to design or write your own survey, use this template as a starting point.
Use the Sample Size Calculator to calculate your ideal sample size for your relationship surveys.
This template will help you map out the step-by-step process to review collected feedback from your end-user satisfaction surveys, analyze the data, and act on it.
EXECUTIVE BRIEF
Natalie Sansone, PhD
Info-Tech Research Group |
Often when we ask service desk leaders where they need to improve and if they’re measuring customer satisfaction, they either aren’t measuring it at all, or their ticket surveys are turned on but they get very few responses (or only positive responses). They fail to see the value of collecting feedback when this is their experience with it. Feedback is important because traditional service desk metrics can only tell us so much. We often see what’s called the “watermelon effect”: metrics appear “green”, but under the surface they’re “red” because customers are in fact dissatisfied for reasons unmeasured by standard internal IT metrics. Customer satisfaction should always be the goal of service delivery, and directly measuring satisfaction in addition to traditional metrics will help you get a clearer picture of your strengths and weaknesses, and where to prioritize improvements. It’s not as simple as asking customers if they were satisfied with their ticket, however. There are two steps necessary for success. The first is collecting feedback, which should be done purposefully, with clear goals in mind in order to maximize the response rate and value of responses received. The second – and most critical – is acting on that feedback. Use it to inform improvements and communicate those improvements. Doing so will not only make your service desk better, increasing satisfaction through better service delivery, but also will make your customers feel heard and valued, which alone increases satisfaction. |
Emily Sugerman, PhD
Info-Tech Research Group |
Your Challenge |
Common Obstacles |
Info-Tech’s Approach |
---|---|---|
|
|
|
Asking your customers for feedback then doing nothing with it is worse than not asking for feedback at all. Your customers may end up more dissatisfied than they were before, if their opinion is sought out and then ignored. It’s valuable to collect feedback, but the true value for both IT and its customers comes from acting on that feedback and communicating those actions back to your users.
The watermelon effect
When a service desk appears to hit all its targets according to the metrics it tracks, but service delivery is poor and customer satisfaction is low, this is known as the “watermelon effect”. Service metrics appear green on the outside, but under the surface (unmeasured), they’re red because customers are dissatisfied.
Traditional SLAs and service desk metrics (such as time to respond, average resolution time, percentage of SLAs met) can help you understand service desk performance internally to prioritize your work and identify process improvements. However, they don’t tell you how customers perceive the service or how satisfied they are.
Providing good service to your customers should be your end goal. Failing to measure, monitor, and act on customer feedback means you don’t have the whole picture of how your service desk is performing and whether or where improvements are needed to maximize satisfaction.
The Service Desk Institute (SDI) suggests that customer satisfaction is the most important indicator of service desk success, and that traditional metrics around SLA targets – currently the most common way to measure service desk performance – may become less valuable or even obsolete in the future as customer experience-focused targets become more popular. (Service Desk Institute, 2021)
SDI conducted a Customer Experience survey of service desk professionals from a range of organizations, both public and private, from January to March 2018. The majority of respondents said that customer experience is more important than other metrics such as speed of service or adherence to SLAs, and that customer satisfaction is more valuable than traditional metrics. (SDI, 2018).
Obstacles to collecting feedback |
Obstacles to acting on collected feedback |
---|---|
|
|
Insight into customer experience |
Gather insight into both the overall customer relationship with the service desk and individual transactions to get a holistic picture of the customer experience. |
---|---|
Data to inform decisions |
Collect data to inform decisions about where to spend limited resources or time on improvement, rather than guessing or wasting effort on the wrong thing. |
Identification of areas for improvement |
Better understand your strengths and weaknesses from the customer’s point of view to help you identify gaps and priorities for improvement. |
Customers feel valued |
Make customers feel heard and valued; this will improve your relationship and their satisfaction. |
Ability to monitor trends over time |
Use the same annual relationship survey to be able to monitor trends and progress in making improvements by comparing data year over year. |
Foresight to prevent problems from occurring |
Understand where potential problems may occur so you can address and prevent them, or who is at risk of becoming a detractor so you can repair the relationship. |
IT staff coaching and engagement opportunities |
Turn negative survey feedback into coaching and improvement opportunities and use positive feedback to boost morale and engagement. |
Phase |
1. Understand how to measure customer satisfaction |
2. Design and implement transactional surveys |
3. Design and implement relationship surveys |
4. Analyze and act on feedback |
---|---|---|---|---|
Phase outcomes |
Understand the main types of customer satisfaction surveys, principles for survey design, and best practices for surveying your users. |
Learn why and how to design a simple survey to assess satisfaction with individual service desk transactions (tickets) and a methodology for survey delivery that will improve response rates. |
Understand why and how to design a survey to assess overall satisfaction with the service desk across your organization, or use Info-Tech’s diagnostic. |
Measure and analyze the results of both surveys and build a plan to act on both positive and negative feedback and communicate the results with the organization. |
Key Insight:
Asking your customers for feedback then doing nothing with it is worse than not asking for feedback at all. Your customers may end up more dissatisfied than they were before if they’re asked for their opinion then see nothing done with it. It’s valuable to collect feedback, but the true value for both IT and its customers comes from acting on that feedback and communicating those actions back to your users.
Additional insights:
Insight 1 |
Take the time to define the goals of your transactional survey program before launching it – it’s not as simple as just deploying the default survey of your ITSM tool out of the box. The objectives of the survey – including whether you want to keep a pulse on average satisfaction or immediately act on any negative experiences – will influence a range of key decisions about the survey configuration. |
---|---|
Insight 2 |
While transactional surveys provide useful indicators of customer satisfaction with specific tickets and interactions, they tend to have low response rates and can leave out many users who may rarely or never contact the service desk, but still have helpful feedback. Include a relationship survey in your customer feedback program to capture a more holistic picture of what your overall user base thinks about the service desk and where you most need to improve. |
Insight 3 |
Satisfaction scores provide valuable data about how your customers feel, but don’t tell you why they feel that way. Don’t neglect the qualitative data you can gather from open-ended comments and questions in both types of satisfaction surveys. Take the time to read through these responses and categorize them in at least a basic way to gain deeper insight and determine where to prioritize your efforts. |
Understand the main types of customer satisfaction surveys, principles for survey design, and best practices for surveying your users.
Phase 1: |
Phase 2: |
Phase 3: |
Phase 4: |
---|---|---|---|
Understand how to measure customer satisfaction |
Design and implement transactional surveys |
Design and implement relationship surveys |
Analyze and act on feedback |
Transactional |
Relationship |
One-off |
|
---|---|---|---|
Also known as |
Ticket surveys, incident follow-up surveys, on-going surveys |
Annual, semi-annual, periodic, comprehensive, relational |
One-time, single, targeted |
Definition |
|
|
|
Transactional | Relationship | One-off | |
---|---|---|---|
Pros |
|
|
|
Cons |
|
|
|
Only relying on one type of survey will leave gaps in your understanding of customer satisfaction. Include both transactional and relationship surveys to provide a holistic picture of customer satisfaction with the service desk.
If you can only start with one type, choose the type that best aligns with your goals and priorities:
If your priority is to identify larger improvement initiatives the service desk can take to improve overall customer satisfaction and trust in the service desk: |
If your priority is to provide customers with the opportunity to let you know when transactions do not go well so you can take immediate action to make improvements: |
↓ | ↓ |
Start with a relationship survey |
Start with a transactional survey |
Info-Tech Insight
One-off surveys can be useful to assess whether a specific change has impacted satisfaction, or to inform a planned change/initiative. However, as they aren’t typically part of an on-going customer feedback program, the focus of this research will be on transactional and relationship surveys.
CSAT | CES | NPS | |
---|---|---|---|
Name | Customer Satisfaction | Customer Effort Score | Net Promoter score |
What it measures | Customer happiness | Customer effort | Customer loyalty |
Description | Measures satisfaction with a company overall, or a specific offering or interaction | Measures how much effort a customer feels they need to put forth in order to accomplish what they wanted | Single question that asks consumers how likely they are to recommend your product, service, or company to other people |
Survey question | How satisfied are/were you with [company/service/interaction/product]? | How easy was it to [solve your problem/interact with company/handle my issue]? Or: The [company] made it easy for me to handle my issue | How likely are you to recommend [company/service/product] to a friend? |
Scale | 5, 7, or 10 pt scale, or using images/emojis | 5, 7, or 10 pt scale | 10-pt scale from highly unlikely to highly likely |
Scoring | Result is usually expressed as a percentage of satisfaction | Result usually expressed as an average | Responses are divided into 3 groups where 0-6 are detractors, 7-8 are passives, 9-10 are promoters |
Pros |
|
|
|
Cons |
|
|
|
While we focus mainly on traditional survey-based approaches to measuring customer satisfaction in this blueprint, there’s no need to limit yourselves to surveys as your only method. Consider multiple techniques to capture a wider audience, including:
Don’t include unnecessary questions that won’t give you actionable information; it will only waste respondents’ time.
Keep each question as short as possible and limit the total number of survey questions to avoid survey fatigue.
Most of your measures will be close-ended, but include at least one comment box to allow for qualitative feedback.
Ensure that question wording is clear and specific so that all respondents interpret it the same way.
You won’t get accurate results if your question leads respondents into thinking or answering a certain way.
Don’t ask about two different things in the same question – it will confuse respondents and make your data hard to interpret.
Response options should include all possible opinions (including “don’t know”) to avoid frustrating respondents.
Pre-populate information where possible (e.g. name, department) and ensure the survey is responsive on mobile devices.
If every question is mandatory, respondents may leave the survey altogether if they can’t or don’t want to answer one question.
Test your survey with your target audience before launching, and incorporate feedback - they may catch issues you didn’t notice.
There are two types of survey fatigue:
Occurs when users are overwhelmed by too many requests for feedback and stop responding.
Occurs when the survey is too long or irrelevant to users, so they grow tired and abandon the survey.
Fight survey fatigue:
Learn why and how to design a simple survey to assess satisfaction with individual service desk transactions (tickets) and a methodology for survey delivery that will improve response rates.
Phase 1: | Phase 2: | Phase 3: | Phase 4: |
---|---|---|---|
Understand how to measure customer satisfaction | Design and implement transactional surveys | Design and implement relationship surveys | Analyze and act on feedback |
While feedback on transactional surveys is specific to a single transaction, even one negative experience can impact the overall perception of the service desk. Pair your transactional surveys with an annual relationship survey to capture broader sentiment toward the service desk.
Transactional surveys serve several purposes:
Decision | Considerations | For more guidance, see |
What are the goals of your survey? | Are you hoping to get an accurate pulse of customer sentiment (if so, you may want to randomly send surveys) or give customers the ability to provide feedback any time they have some (if so, send a survey after every ticket)? | Slide 25 |
How many questions will you ask? | Keep the survey as short as possible – ideally only one mandatory question. | Slide 26 |
What questions will you ask? | Do you want a measure of NPS, CES, or CSAT? Do you want to measure overall satisfaction with the interaction or something more specific about the interaction? | Slide 27 |
What will be the response options/scale? | Keep it simple and think about how you will use the data after. | Slide 28 |
How often will you send the survey? | Will it be sent after every ticket, every third ticket, or randomly to a select percentage of tickets, etc.? | Slide 29 |
What conditions would apply? | For example, is there a subset of users who you never want to receive a survey or who you always want to receive a survey? | Slide 30 |
What mechanism/tool will you use to send the survey? | Will your ITSM tool allow you to make all the configurations you need, or will you need to use a separate survey tool? If so, can it integrate to your ITSM solution? | Slide 30 |
Decision | Considerations | For more guidance, see |
What will trigger the survey? | Typically, marking the ticket as either ‘resolved’ or ‘closed’ will trigger the survey. | Slide 31 |
How long after the ticket is closed will you send the survey? | You’ll want to leave enough time for the user to respond if the ticket wasn’t resolved properly before completing a survey, but not so much time that they don’t remember the ticket. | Slide 31 |
Will the survey be sent in a separate email or as part of the ticket resolution email? | A separate email might feel like too many emails for the user, but a link within the ticket closure email may be less noticeable. | Slide 32 |
Will the survey be embedded in email or accessed through a link? | If the survey can be embedded into the email, users will be more likely to respond. | Slide 32 |
How long will the survey link remain active, and will you send any reminders? | Leave enough time for the user to respond if they are busy or away, but not so much time that the data would be irrelevant. Balance the need to remind busy end users with the possibility of overwhelming them with survey fatigue. | Slide 32 |
What other text will be in the main body of the survey email and/or thank you page? | Keep messaging short and straightforward and remind users of the benefit to them. | Slide 33 |
Where will completed surveys be sent/who will have access? | Will the technician assigned to the ticket have access or only the manager? What email address/DL will surveys be sent to? | Slide 33 |
If your objective is: |
|
Keep a continual pulse on average customer satisfaction |
Gain the opportunity to act on negative feedback for any poor experience |
Then: |
|
Send survey randomly |
Send survey after every ticket |
Rationale: |
|
Sending a survey less often will help avoid survey fatigue and increase the chances of users responding whether they have good, bad, or neutral feedback |
Always having a survey available means users can provide feedback every time they want to, including for any poor experience – giving you the chance to act on it. |
Service Managers often get caught up in running a transactional survey program because they think it’s standard practice, or they need to report a satisfaction metric. If that’s your only objective, you will fail to derive value from the data and will only turn customers away from responding.
As you design your survey, keep in mind the following principles:
Q: How many questions should the survey contain?
A: Ideally, your survey will have only one mandatory question that captures overall satisfaction with the interaction.
This question can be followed up with an optional open-ended question prompting the respondent for more details. This will provide a lot more context to the overall rating.
If there are additional questions you need to ask based on your goals, clearly make these questions optional so they don’t deter respondents from completing the survey. For example, they can appear only after the respondent has submitted their overall satisfaction response (i.e. on a separate, thank you page).
Additional (optional) measures may include:
Tips for writing survey questions:
Sample question wording:
How satisfied are you with this support experience?
How would you rate your support experience?
Please rate your overall satisfaction with the way your issue was handled.
Instead of this…. |
Ask this…. |
---|---|
“We strive to provide excellent service with every interaction. Please rate how satisfied you are with this interaction.” |
“How satisfied were you with this interaction?” |
“How satisfied were you with the customer service skills, knowledge, and responsiveness of the technicians?” |
Choose only one to ask about. |
“How much do you agree that the service you received was excellent?” |
“Please rate the service you received.” |
“On a scale of 1-10, thinking about your most recent experience, how satisfied would you say that you were overall with the way that your ticket was resolved?” |
“How satisfied were you with your ticket resolution?” |
When planning your response options, remember to keep the survey as easy to respond to as possible – this means allowing a one-click response and a scale that’s intuitive and simple to interpret. |
Think about how you will use the responses and interpret the data. If you choose a 10-point scale, for example, what would you classify as a negative vs positive response? Would a 5-point scale suffice to get the same data? |
Again, use your goals to inform your response options. If you need a satisfaction metric, you may need a numerical scale. If your goal is just to capture negative responses, you may only need two response options: good vs bad. |
Common response options:
|
Investigate the capabilities of your ITSM tool. It may only allow one built-in response option style. But if you have the choice, choose the simplest option that aligns with your goals. |
There are two common choices for when to send ticket satisfaction surveys:
After random tickets |
After every ticket |
|
Pros |
|
|
Cons |
|
|
SDI’s 2018 Customer Experience in ITSM survey of service desk professionals found:
Almost two-thirds (65%) send surveys after every ticket.
One-third (33%) send surveys after randomly selected tickets are closed.
Send a survey after every ticket so that anyone who has feedback gets the opportunity to provide it – and you always get the chance to act on negative feedback. But, limit how often any one customer receives a ticket to avoid over-surveying them – restrict to anywhere between one survey a week to one per month per customer.
Decision #1 |
Decision #2 |
---|---|
What tool will you use to deliver the survey? |
What (if any) conditions apply to your survey? |
Considerations
|
Considerations Is there a subset of users who you never want to receive a survey (e.g. a specific department, location, role, or title)? Is there a subset of users who you always want to receive a survey, no matter how often they contact the service desk (e.g. VIP users, a department that scored low on the annual satisfaction survey, etc.)? Are there certain times of the year that you don’t want surveys to go out (e.g. fiscal year end, holidays)? Are there times of the day that you don’t want surveys to be sent (e.g. only during business hours; not at the end of the day)? |
Recommendations The built-in functionality of your ITSM tool’s surveys will be easiest to send and track; use it if possible. However, if your tool’s survey module is limited and won’t give you the value you need, consider a third-party solution or survey tool that integrates with your ITSM solution and won’t require significant manual effort to send or review the surveys. |
Recommendations If your survey module allows you to apply conditions, think about whether any are necessary to apply to either maximize your response rate (e.g. don’t send a survey on a holiday), avoid annoying certain users, or seek extra feedback from dissatisfied users. |
Decision #2 | Decision #1 |
---|---|
What will trigger the survey? | When will the survey be sent? |
Considerations
| Considerations
|
Recommendations Only send the survey once you’re sure the issue has actually been resolved; you could further upset the customer if you ask them how happy they are with the resolution if resolution wasn’t achieved. This means sending the survey once the user confirms resolution (which closes ticket) or the agent closes the ticket. | Recommendations If you are sending the survey upon ticket status moving to ‘resolved’, wait at least 24 hours before sending the survey in case the user responds that their issue wasn’t actually resolved. However, if you are sending the survey after the ticket has been verified resolved and closed, you can send the survey immediately while the experience is still fresh in their memory. |
Decision #1 | Decision #2 |
---|---|
How will the survey appear in email? | How long will the survey remain active? |
Considerations
| Considerations
|
Recommendations Send the survey separately from the ticket resolution email or users will never notice it. However, if possible, have the entire survey embedded within the email so users can click to respond directly from their email without having to open a separate link. Reduce effort, to make users more likely to respond. | Recommendations Leave enough time for the user to respond if they are busy or away, but not so much time that the data will be irrelevant. Balance the need to remind busy end users, with the possibility of overwhelming them with survey fatigue. About a week is typical. |
Decision #1 | Decision #2 |
---|---|
What will the body of the email/messaging say? | Where will completed surveys be sent? |
Considerations
| Considerations
|
Recommendations Most users won’t read a long message, especially if they see it multiple times, so keep the email short and simple. Tell users you value their feedback, indicate which interaction you’re asking about, and say how long the survey should take. Thank them after they submit and tell them you will act on their feedback. | Recommendations Survey results should be sent to the Service Manager, Customer Experience Lead, or whoever is the person responsible for managing the survey feedback. They can choose how to share feedback with specific agents and the service desk team. |
Most IT organizations see transactional survey response rates of less than 20%.
Source: SDI, 2018SDI’s 2018 Customer Experience in ITSM survey of service desk professionals found that 69% of respondents had survey response rates of 20% or less. However, they did not distinguish between transactional and relationship surveys. |
Reasons for low response rates:
|
“In my experience, single digits are a sign of a problem. And a downward trend in response rate is also a sign of a problem. World-class survey response rates for brands with highly engaged customers can be as high as 60%. But I’ve never seen it that high for internal support teams. In my experience, if you get a response rate of 15-20% from your internal customers then you’re doing okay. That’s not to say you should be content with the status quo, you should always be looking for ways to increase it.” – David O’Reardon, Founder & CEO of Silversix |
Don’t over-survey any one user or they will start to ignore the surveys.
Ask for feedback soon after the ticket was resolved so it’s fresh in the user’s memory.
Keep the survey short, concise, and simple to respond to.
Minimize effort involved as much as possible. Allow users to respond directly from email and from any device.
Experiment with your subject line or email messaging to draw more attention.
Respond to customers who provide feedback – especially negative – so they know you’re listening.
Demonstrate that you are acting on feedback so users see the value in responding.
Once you’ve worked through all the decisions in this step, you’re ready to configure your transactional survey in your ITSM solution or survey tool.
As a starting point, you can leverage Info-Tech’s Transactional Service Desk Survey Templatee to design your templates and wording.
Make adjustments to match your decisions or your configuration limitations as needed.
Refer to the key decisions tables on slides 24 and 25 to ensure you’ve made all the configurations necessary as you set up your survey.
Understand why and how to design a survey to assess overall satisfaction with the service desk across your organization, or use Info-Tech’s diagnostic.
Phase 1: | Phase 2: | Phase 3: | Phase 4: |
---|---|---|---|
Understand how to measure customer satisfaction | Design and implement transactional surveys | Design and implement relationship surveys | Analyze and act on feedback |
Evaluating service quality in any industry is challenging for both those seeking feedback and those consuming the service: “service quality is more difficult for the consumer to evaluate than goods quality.”
You are in the position of trying to measure something intangible: customer perception, which “result[s] from a comparison of consumer expectations with actual service performance,” which includes both the service outcome and also “the process of service delivery”
(Source: Parasuraman et al, 1985, 42).
Your mission is to design a relationship survey that is:
Annual relationship surveys provide great value in the form of year-over-year internal benchmarking data, which you can use to track improvements and validate the impact of your service improvement efforts.
The Service Quality Model (Parasuraman, Zeithaml and Berry, 1985) shows how perceived service quality is negatively impacted by the gap between expectations for quality service and the perceptions of actual service delivery: Gap 1: Consumer expectation – Management perception gap: Are there differences between your assumptions about what users want from a service and what those users expect? Gap 2: Management perception – Service quality specification gap: Do you have challenges translating user expectations for service into standardized processes and guidelines that can meet those expectations? Gap 3: Service quality specifications – Service delivery gap: Do staff members struggle to carry out the service quality processes when delivering service? Gap 4: Service delivery – External communications gap: Have users been led to expect more than you can deliver? Alternatively, are users unaware of how the organization ensures quality service, and therefore unable to appreciate the quality of service they receive? Gap 5: Expected service – Perceived service gap: Is there a discrepancy between users’ expectations and their perception of the service they received (regardless of any user misunderstanding)? |
![]() |
---|
Your survey questions about service and support should provide insight into where these gaps exist in your organization
Decision/step | Considerations |
Align the relationship survey with your goals | Align what is motivating you to launch the survey at this time and the outcomes it is intended to feed into. |
Identify what you’re measuring | Clarify the purpose of the questions. Are you measuring feedback on your service desk, specifically? On all of IT? Are you trying to capture user effort? User satisfaction? These decisions will affect how you word your questions. |
Determine a framework for your survey | Reporting on results and tracking year-over-year changes will be easier if you design a basic framework that your survey questions fall into. Consider drawing on an existing service quality framework to match best practices in other industries. |
Cover logistical details | Designing a relationship survey requires attention to many details that may initially be overlooked: the survey’s length and timing, who it should be sent to and how, what demographic info you need to collect to slice and dice the results, and if it will be possible to conduct the survey anonymously. |
Design question wording | It is important to keep questions clear and concise and to avoid overly lengthy surveys. |
Select answer scales | The answer scales you select will depend on how you have worded the questions. There is a wide range of answer scales available to you; decide which ones will produce the most meaningful data. |
Test the survey | Testing the survey before widely distributing it is key. When collecting feedback, conduct at least a few in person observations of someone taking the survey to get their unvarnished first impressions. |
Monitor and maximize your response rate | Ensure success by staying on top of the survey during the period it is open. |
What is motivating you to launch the survey at this time?
Is there a renewed focus on customer service satisfaction? If so, this survey will track the initiative’s success, so its questions must align with the sponsors’ expectations.
Are you surveying customer satisfaction in order to comply with legislation, or directives to measure customer service quality?
What objectives/outcomes will this survey feed into?
What do you need to report on to your stakeholders? Have they communicated any expectations regarding the data they expect to see?
Does the CIO want the annual survey to measure end-user satisfaction with all of IT?
In 1993 the U.S. president issued an Executive Order requiring executive agencies to “survey customers to determine the kind and quality of services they want and their level of satisfaction with existing services” and “post service standards and measure results against them.” (Clinton, 1993)
Examples of Measures |
||
Clarify the purpose of the questions Each question should measure something specific you want to track and be phrased accordingly. |
Are you measuring feedback on the service desk? | Service desk professionalism |
Are you measuring user satisfaction? |
Service desk timeliness |
|
Your customers’ happiness with aspects of IT’s service offerings and customer service |
Trust in agents’ knowledge |
|
Users’ preferred ticket intake channel (e.g. portal vs phone) |
||
Satisfaction with self-serve features |
||
Are you measuring user effort? |
Are you measuring feedback on IT overall? |
Satisfaction with IT’s ability to enable the business |
How much effort your customer needs to put forth to accomplish what they wanted/how much friction your service causes or alleviates |
Satisfaction with company-issued devices |
|
Satisfaction with network/Wi-Fi | ||
Satisfaction with applications |
As you compose survey questions, decide whether they are intended to capture user satisfaction or effort: this will influence how the question is worded. Include a mix of both.
If your relationship survey covers satisfaction with service support, ensure the questions cover the major aspects of service quality. You may wish to align your questions on support with existing frameworks: for example, the SERVQUAL service quality measurement instrument identifies 5 dimensions of service quality: Reliability, Assurance, Tangibles, Empathy, and Responsiveness (see below). As you design the survey, consider if the questions relate to these five dimensions. If you have overlooked any of the dimensions, consider if you need to revise or add questions.
Service dimension |
Definition |
Sample questions |
---|---|---|
Reliability |
“Ability to perform the promised service dependably and accurately”1 |
|
Assurance |
“Knowledge and courtesy of employees and their ability to convey trust and confidence”2 |
|
Tangibles |
“Appearance of physical facilities, equipment, personnel, and communication materials”3 |
|
Empathy |
“Caring, individualized attention the firm provides its customers”4 |
|
Responsiveness |
“Willingness to help customers and provide prompt service”5 |
|
Identify who you will send it to Will you survey your entire user base or a specific subsection? For example, a higher education institution may choose to survey students separately from staff and faculty. If you are gathering data on customer satisfaction with a specific implementation, only survey the affected stakeholders. Determine timing Avoid sending out the survey during known periods of time pressure or absence (e.g. financial year-end, summer vacation). Decide upon its length Consider what survey length your users can tolerate. Configure the survey to show the respondents’ progression or their percentage complete. Clearly introduce the survey The survey should begin with an introduction that thanks users for completing the survey, indicates its length and anonymity status, and conveys how the data will be used, along with who the participants should contact with any questions about the survey. Decide upon incentives Will you incentivize participation (e.g. by entering the participants in a draw or rewarding highest-participating department)? |
Collect demographic information Ensure your data can be “sliced and diced” to give you more granular insights into the results. Ask respondents for information such as department, location, seniority, and tenure to help with your trend analysis later. Clarify if anonymous Users may be more comfortable participating if they can do so anonymously (Quantisoft, n.d.). If you promise anonymity, ensure your survey software/ partner can support this claim. Note the difference between anonymity (identity of participant is not collected) and confidentiality (identifying data is collected but removed from the reported results). Decide how to deliver the survey Will you be distributing the survey yourself through your own licensed software (e.g. through Microsoft Forms if you are an MS shop)? Or, will you be partnering with a third-party provider? Is the survey optimized for mobile? Some find up to 1/3 of participants use mobile devices for their surveys (O’Reardon, 2018). |
Use Info-Tech’s Sample Size Calculator to calculate the number of people you need to complete your survey to have statistically representative results. In the example above, the service desk supports 1000 total users (and sent the survey to each one). To be 95% confident that the survey results fall within 5% of the true value (if every user responded), they would need 278 respondents to complete their survey. In other words, to have a sample that is representative of the whole population, they would need 278 completed surveys. |
Explanation of terms: Confidence Level: A measure of how reliable your survey is. It represents the probability that your sample accurately reflects the true population (e.g. your entire user base). The industry standard is typically 95%. This means that 95 times out of 100, the true data value that you would get if you surveyed the entire population would fall within the margin of error. Margin of Error: A measure of how accurate the data is, also known as the confidence interval. It represents the degree of error around the data point, or the range of values above and below the actual results from a survey. A typical margin of error is 5%. This means that if your survey sample had a score of 70%, the true value if you sampled the entire population would be between 65% and 75%. To narrow the margin of error, you would need a bigger sample size. Population Size: The total set of people you want to study with your survey. For example, the total number of users you support. Sample Size: The number of people who participate in your survey (i.e. complete the survey) out of the total population. |
I need to measure and report customer satisfaction with all of IT:
|
Both products measure end-user satisfaction One is more general to IT One is more specific to service desk |
I need to measure and report more granularly on Service Desk customer satisfaction:
|
Choose Info-Tech's End User Satisfaction Survey |
Choose Info-Tech’s Service Desk Satisfaction Survey |
Write accessible questions: | Instead of this…. | Ask this…. |
48% of US adults meet or exceed PIACC literacy level 3 and thus able to deal with texts that are “often dense or lengthy.” 52% of US adults meet level 2 or lower. Keep questions clear and concise. Avoid overly lengthy surveys. Source: Highlights of the 2017 U.S. PIAAC Results Web Report |
Users will have difficulty perceiving the difference between these two questions. |
|
Tips for writing survey questions: | “How satisfied are you with the customer service skills, knowledge, and responsiveness of the technicians?” This question measures too many things and the data will not be useful. | Choose only one to ask about. |
| “On a scale of 1-10, thinking about the past year, how satisfied would you say that you were overall with the way that your tickets were resolved?” This question is too wordy. | “How satisfied were you with your ticket resolution?” |
Likert scale
Respondents select from a range of statements the position with which they most agree:
E.g. How satisfied are you with how long it generally takes to resolve your issue completely?
Frequency scale
How often does the respondent have to do something, or how often do they encounter something?
E.g. How frequently do you need to re-open tickets that have been closed without being satisfactorily resolved?
Numeric scale
By asking users to rate their satisfaction on a numeric scale (e.g., 1-5, 1-10), you can facilitate reporting on averages:
E.g. How satisfied are you with IS’s ability to provide services to allow the organization to meet its goals?
Forced ranking
Learn more about your users’ priorities by asking them to rank answers from most to least important, or selecting their top choices (Sauro, 2018):
E.g. From the following list, drag and drop the 3 aspects of our service that are most important to you into the box on the right.
Always include an optional open-ended question, which allows customers to provide more feedback or suggestions.
Test the survey with different stakeholder groups:
Testing methodology:
In the survey testing phase, try to capture at least a few real-time responses to the survey. If you collect survey feedback only once the test is over, you may miss some key insights into the user experience of navigating the survey.
“Follow the golden rule: think of your audience and what they may or may not know. Think about what kinds of outside pressures they may bring to the work you’re giving them. What time constraints do they have?”
– Sally Colwell, Project Officer, Government of Canada Pension Centre
“[Send] one reminder to those who haven’t completed the survey after a few days. Don’t use the word ‘reminder’ because that’ll go straight in the bin, better to say something like, ‘Another chance to provide your feedback’”
– David O’Reardon, Founder & CEO of Silversix
Measure and analyze the results of both surveys and build a plan to act on both positive and negative feedback and communicate the results with the organization.
Phase 1: | Phase 2: | Phase 3: | Phase 4: |
---|---|---|---|
Understand how to measure customer satisfaction | Design and implement transactional surveys | Design and implement relationship surveys | Analyze and act on feedback |
A service failure or a poor experience isn’t what determines customer satisfaction – it’s how you respond to the issue and take steps to fix it that really matters.
This means one poor experience with the service desk doesn’t necessarily lead to an unhappy user; if you quickly and effectively respond to negative feedback to repair the relationship, the customer may be even happier afterwards because you demonstrated that you value them.
“Every complaint becomes an opportunity to turn a bad IT customer experience into a great one.”
– David O’Reardon, Founder & CEO of Silversix
|
![]() |
“Your IT service desk’s CSAT survey should be the means of improving your service (and the employee experience), and something that encourages people to provide even more feedback, not just the means for understanding how well it’s doing” – Joe the IT Guy, SysAid |
If collecting and analyzing customer feedback is something that happens off the side of your desk, it either won’t get done or won’t get done well.
Assign accountability for the customer feedback program to one person (i.e. Service Desk Manager, Service Manager, Infrastructure & Operations Lead, IT Director), who may take on or assign responsibilities such as:
Info-Tech Insight
While feedback can feed into internal coaching and training, the goal should never be to place blame or use metrics to punish agents with poor results. The focus should always be on improving the experience for end users.
Calculating NPS Scores
Categorize respondents into 3 groups:
Calculate overall NPS score:
Calculating CSAT Scores
Why analyze qualitative data |
How to analyze qualitative data |
||||||
---|---|---|---|---|---|---|---|
|
Methods range in sophistication; choose a technique depending on your tools available and goals of your program.
|
Successful customer satisfaction programs respond effectively to both positive and negative outcomes. Late or lack of responses to negative comments may increase customer frustration, while not responding at all to the positive comments may give the perception of indifference.
E.g. Scores of 1 to 2 out of 5 are negative, scores of 4 to 5 out of 5 are positive.
1. Who should receive communication? |
Each audience will require different messaging, so start by identifying who those audiences are. At a minimum, you should communicate to your end users who provided feedback, your service desk/IT team, and business leaders or stakeholders. |
---|---|
2. What information do they need? |
End users: Thank them for providing feedback. Demonstrate what you will do with that feedback. IT team: Share results and what you need them to do differently as a result. Business leaders: Share results, highlight successes, share action plan for improvement. |
3. Who is responsible for communication? |
Typically, this will be the person who is accountable for the customer feedback program, but you may have different people responsible for communicating to different audiences. |
4. When will you communicate? |
Frequency of communication will depend on the survey type – relationship or transactional – as well as the audience, with internal communication being much more frequent than end-user communication. |
5. How will you communicate? |
Again, cater your approach to the audience and choose a method that will resonate with them. End users may view an email, an update on the portal, a video, or update in a company meeting; your internal IT team can view results on a dashboard and have regular meetings. |
![]() Based on the Customer Communication Cycle by David O’Reardon, 2018 |
|
---|
Focus your communications to users around them, not you. Demonstrate that you need feedback to improve their experience, not just for you to collect data.
Prioritize improvements |
Prioritize improvements based on low scores and most commonly received feedback, then build into an action plan. |
---|---|
Take immediate action on negative feedback |
Investigate the issue, diagnose the root cause, and repair both the relationship and issue – just like you would an incident. |
Apply lessons learned from positive feedback |
Don’t neglect actions you can take from positive feedback – identify how you can expand upon or leverage the things you’re doing well. |
Use feedback in coaching and training |
Share positive experiences with the team as lessons learned, and use negative feedback as an input to coaching and training. |
Make the change stick |
After making a change, train and communicate it to your team to ensure the change sticks and any negative experiences don’t happen again. |
“Without converting feedback into actions, surveys can become just a pointless exercise in number watching.”
Outline exactly what you plan to do to address customer feedback in an action plan, and regularly review that action plan to select and prioritize initiatives and monitor progress.
For more guidance on tracking and prioritizing ongoing improvement initiatives, see the blueprints Optimize the Service Desk with a Shift Left Strategy and Build a Continual Improvement Plan for the Service Desk.
Improve service desk processes: |
Improve end-user self-service options: |
Assess and optimize service desk staffing: |
Improve ease of contacting the service desk: |
---|---|---|---|
Standardize the Service Desk | Optimize the Service Desk With a Shift-Left Strategy | Staff the Service Desk to Meet Demand | Improve Service Desk Ticket Intake |
Improve service desk processes: |
Improve end-user self-service options: |
Assess and optimize service desk staffing: |
Improve ease of contacting the service desk:: |
Improve Incident and Problem Management | Improve Incident and Problem Management | Deliver a Customer Service Training Program to Your IT Department | Modernize and Transform Your End-User Computing Strategy |
This project will help you build and improve essential service desk processes, including incident management, request fulfillment, and knowledge management to create a sustainable service desk.
Optimize the Service Desk With a Shift-Left Strategy
This project will help you build a strategy to shift service support left to optimize your service desk operations and increase end-user satisfaction.
Build a Continual Improvement Plan
This project will help you build a continual improvement plan for the service desk to review key processes and services and manage the progress of improvement initiatives.
Deliver a Customer Service Training Program to Your IT Department
This project will help you deliver a targeted customer service training program to your IT team to enhance their customer service skills when dealing with end users, improve overall service delivery and increase customer satisfaction.
Amaresan, Swetha. “The best time to send a survey, according to 5 studies.” Hubspot. 15 Jun 2021. Accessed October 2022.
Arlen, Chris. “The 5 Service Dimensions All Customers Care About.” Service Performance Inc. n.d. Accessed October 2022.
Clinton, William Jefferson. “Setting Customer Service Standards.” (1993). Federal Register, 58(176).
“Understanding Confidentiality and Anonymity.” The Evergreen State College. 2022. Accessed October 2022.
"Highlights of the 2017 U.S. PIAAC Results Web Report" (NCES 2020-777). U.S. Department of Education. Institute of Education Sciences, National Center for Education Statistics.
Joe the IT Guy. “Are IT Support’s Customer Satisfaction Surveys Their Own Worst Enemy?” Joe the IT Guy. 29 August 2018. Accessed October 2022.
O’Reardon, David. “10 Ways to Get the Most out of your ITSM Ticket Surveys.” LinkedIn. 2 July 2019. Accessed October 2022.
O'Reardon, David. "13 Ways to increase the response rate of your Service Desk surveys".LinkedIn. 8 June 2016. Accessed October 2022.
O’Reardon, David. “IT Customer Feedback Management – A Why & How Q&A with an Expert.” LinkedIn. 13 March 2018. Accessed October 2022.
Parasuraman, A., Zeithaml, V. A., & Berry, L. L. (1985). "A Conceptual Model of Service Quality and Its Implications for Future Research." Journal of Marketing, 49(4), 41–50.
Quantisoft. "How to Increase IT Help Desk Customer Satisfaction and IT Help Desk Performance.“ Quantisoft. n.d. Accessed November 2022.
Rumberg, Jeff. “Metric of the Month: Customer Effort.” HDI. 26 Mar 2020. Accessed September 2022.
Sauro, Jeff. “15 Common Rating Scales Explained.” MeasuringU. 15 August 2018. Accessed October 2022.
SDI. “Customer Experience in ITSM.” SDI. 2018. Accessed October 2022.
SDI. “CX: Delivering Happiness – The Series, Part 1.” SDI. 12 January 2021. Accessed October 2022.
Wronski, Laura. “Who responds to online surveys at each hour of the day?” SurveyMonkey. n.d. Accessed October 2022.
Sally Colwell
Project Officer
Government of Canada Pension Centre
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Read our executive brief to understand why you should develop a PPM strategy and understand how our methodology can help you. We show you how we can support you.
Ensure your strategy is a cultural fit or cultural-add for your company.
Use the advice and tools in this stage to align the PPM processes.
Use the inputs from the previous stages and add a cost-benefit analysis and tool recommendation.
Define quality standards in maintenance practices. Enforce these in alignment with the governance you have set up. Show a high degree of transparency and open discussions on development challenges.
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Read our concise Executive Brief to find out how you can reduce your IT cost in the short term while establishing a foundation for long-term sustainment of IT cost containment.
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Manage organizational risk and viability during the first 30 days of a crisis.
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Assess the maturity of your existing change management practice and define the scope of change management for your organization.
Build your change management team and standardized process workflows for each change type.
Bookend your change management practice by standardizing change intake, implementation, and post-implementation activities.
Form an implementation plan for the project, including a metrics evaluation, change calendar inputs, communications plan, and roadmap.
[infographic]
Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.
Discuss the existing challenges and maturity of your change management practice.
Build definitions of change categories and the scope of change management.
Understand the starting point and scope of change management.
Understand the context of change request versus other requests such as service requests, projects, and operational tasks.
1.1 Outline strengths and challenges
1.2 Conduct a maturity assessment
1.3 Build a categorization scheme
1.4 Build a risk assessment matrix
Change Management Maturity Assessment Tool
Change Management Risk Assessment Tool
Define roles and responsibilities for the change management team.
Develop a standardized change management practice for approved changes, including process workflows.
Built the team to support your new change management practice.
Develop a formalized and right-sized change management practice for each change category. This will ensure all changes follow the correct process and core activities to confirm changes are completed successfully.
2.1 Define the change manager role
2.2 Outline the membership and protocol for the Change Advisory Board (CAB)
2.3 Build workflows for normal, emergency, and pre-approved changes
Change Manager Job Description
Change Management Standard Operating Procedure (SOP)
Change Management Process Library
Create a new change intake process, including a new request for change (RFC) form.
Develop post-implementation review activities to be completed for every IT change.
Bookend your change management practice by standardizing change intake, implementation, and post-implementation activities.
3.1 Define the RFC template
3.2 Determine post-implementation activities
3.3 Build your change calendar protocol
Request for Change Form Template
Change Management Post-Implementation Checklist
Project Summary Template
Develop a plan and project roadmap for reaching your target for your change management program maturity.
Develop a communications plan to ensure the successful adoption of the new program.
A plan and project roadmap for reaching target change management program maturity.
A communications plan ready for implementation.
4.1 Identify metrics and reports
4.2 Build a communications plan
4.3 Build your implementation roadmap
Change Management Metrics Tool
Change Management Communications Plan
Change Management Roadmap Tool
Right-size IT change management practice to protect the live environment.
Change management (change enablement, change control) is a balance of efficiency and risk. That is, pushing changes out in a timely manner while minimizing the risk of deployment. On the one hand, organizations can attempt to avoid all risk and drown the process in rubber stamps, red tape, and bureaucracy. On the other hand, organizations can ignore process and push out changes as quickly as possible, which will likely lead to change related incidents and debilitating outages.
Right-sizing the process does not mean adopting every recommendation from best-practice frameworks. It means balancing the efficiency of change request fulfillment with minimizing risk to your organization. Furthermore, creating a process that encourages adherence is key to avoid change implementers from skirting your process altogether.
Benedict Chang, Research Analyst, Infrastructure and Operations, Info-Tech Research Group
Infrastructure and application change occurs constantly and is driven by changing business needs, requests for new functionality, operational releases and patches, and resolution of incidents or problems detected by the service desk.
IT managers need to follow a standard change management process to ensure that rogue changes are never deployed while the organization remains responsive to demand.
IT system owners often resist change management because they see it as slow and bureaucratic.
At the same time, an increasingly interlinked technical environment may cause issues to appear in unexpected places. Configuration management systems are often not kept up-to-date and do not catch the potential linkages.
Infrastructure changes are often seen as “different” from application changes and two (or more) processes may exist.
Info-Tech’s approach will help you:
Two goals of change management are to protect the live environment and deploying changes in a timely manner. These two may seem to sometimes be at odds against each other, but assessing risk at multiple points of a change’s lifecycle can help you achieve both.
Having a right-sized process is not enough. You need to build and communicate the process to gather adherence. The process is useless if stakeholders are not aware of it or do not follow it.
Of the eight infrastructure & operations processes measured in Info-Tech’s IT Management and Governance Diagnostic (MGD) program, change management has the second largest gap between importance and effectiveness of these processes.
Source: Info-Tech 2020; n=5,108 IT professionals from 620 organizations
“Why should I fill out an RFC when it only takes five minutes to push through my change?”
“We’ve been doing this for years. Why do we need more bureaucracy?”
“We don’t need change management if we’re Agile.”
“We don’t have the right tools to even start change management.”
“Why do I have to attend a CAB meeting when I don’t care what other departments are doing?”
“The scope of change management is defined by each organization…the purpose of change management is to maximize the number of successful service and product changes by ensuring that the risk have been properly assessed, authorizing changes to process, and managing the change schedule.” – ALEXOS Limited, ITIL 4
Building a unified process that oversees all changes to the technical environment doesn’t have to be burdensome to be effective. However, the process is a necessary starting point to identifying cross dependencies and avoiding change collisions and change-related incidents.
Simply asking, “What is the risk?” will result in subjective responses that will likely minimize the perceived risk. The level of due diligence should align to the criticality of the systems or departments potentially impacted by the proposed changes.
Change management in isolation will provide some stability, but maturing the process through service integrations will enable data-driven decisions, decrease bureaucracy, and enable faster and more stable throughput.
Change and DevOps tend to be at odds, but the framework does not have to change. Lower risk changes in DevOps are prime candidates for the pre-approved category. Much of the responsibility traditionally assigned to the CAB can be diffused throughout the software development lifecycle.
Look for these DevOps callouts throughout this storyboard to guide you along the implementation.
Business Benefits
IT satisfaction with change management will drive business satisfaction with IT. Once the process is working efficiently, staff will be more motivated to adhere to the process, reducing the number of unauthorized changes. As fewer changes bypass proper evaluation and testing, service disruptions will decrease and business satisfaction will increase.
Change management brings daily control over the IT environment, allowing you to review every relatively new change, eliminate changes that would have likely failed, and review all changes to improve the IT environment.
Change management planning brings increased communication and collaboration across groups by coordinating changes with business activities. The CAB brings a more formalized and centralized communication method for IT.
Request for change templates and a structured process result in implementation, test, and backout plans being more consistent. Implementing processes for pre-approved changes also ensures these frequent changes are executed consistently and efficiently.
Change management processes will give your organization more confidence through more accurate planning, improved execution of changes, less failure, and more control over the IT environment. This also leads to greater protection against audits.
Source: Info-Tech 2020; n=5,108 IT Professionals from 620 organizations
Of the eight infrastructure and operations processes measured in Info-Tech’s IT Management and Governance Diagnostic (MGD) program, change management consistently has the second largest gap between importance and effectiveness of these processes.
Info-Tech’s IT Management and Governance Diagnostic (MGD) program assesses the importance and effectiveness of core IT processes. Since its inception, the MGD has consistently identified change management as an area for immediate improvement.
Source: Info-Tech 2020; n=5,108 IT Professionals from 620 organizations
No importance: 1.0-6.9
Limited importance: 7.0-7.9
Significant importance: 8.0-8.9
Critical importance: 9.0-10.0
Not in place: n/a
Not effective: 0.0-4.9
Somewhat Ineffective: 5.0-5.9
Somewhat effective: 6.0-6.9
Very effective: 7.0-10.0
Which of these have you heard in your organization?
Reality | |
---|---|
“It’s just a small change; this will only take five minutes to do.” | Even a small change can cause a business outage. That small fix could impact a large system connected to the one being fixed. |
“Ad hoc is faster; too many processes slow things down.” | Ad hoc might be faster in some cases, but it carries far greater risk. Following defined processes keeps systems stable and risk-averse. |
“Change management is all about speed.” | Change management is about managing risk. It gives the illusion of speed by reducing downtime and unplanned work. |
“Change management will limit our capacity to change.” | Change management allows for a better alignment of process (release management) with governance (change management). |
Change Prioritization
Change Deployment
1. Define Change Management | 2. Establish Roles and Workflows | 3. Define the RFC and Post-Implementation Activities | 4. Measure, Manage, and Maintain | |
---|---|---|---|---|
Phase Steps |
1.1 Assess Maturity 1.2 Categorize Changes and Build Your Risk Assessment |
2.1 Determine Roles and Responsibilities 2.2 Build Core Workflows |
3.1 Design the RFC 3.2 Establish Post-Implementation Activities |
4.1 Identify Metrics and Build the Change Calendar 4.2 Implement the Project |
Change Management Standard Operating Procedure (SOP) Change Management Project Summary Template | ||||
Phase Deliverables |
|
|
|
|
Each step of this blueprint is accompanied by supporting deliverables to help you accomplish your goals:
Document your normal, pre-approved, and emergency change lifecycles with the core process workflows .
Test Drive your impact and likelihood assessment questionnaires with the Change Management Risk Assessment Tool.
Summarize your efforts in the Optimize IT Change Management Improvement Initiative: Project Summary Template.
Record your action items and roadmap your steps to a mature change management process.
Document and formalize your process starting with the change management standard operating procedure (SOP).
Define Change Management
Establish Roles and Workflows
Define RFC and Post-Implementation Activities
Measure, Manage, and Maintain
A major technology company implemented change management to improve productivity by 40%. This case study illustrates the full scope of the project.
A large technology firm experienced a critical outage due to poor change management practices. This case study illustrates the scope of change management definition and strategy.
Ignorance of change management process led to a technology giant experiencing a critical cloud outage. This case study illustrates the scope of the process phase.
A manufacturing company created a makeshift CMDB in the absence of a CMDB to implement change management. This case study illustrates the scope of change intake.
A financial institution tracked and recorded metrics to aid in the success of their change management program. This case study illustrates the scope of the implementation phase.
Guided Implementation | Measured Vale |
---|---|
Phase 1: Define Change Management |
|
Phase 2: Establish Roles and Workflows |
|
Phase 3: Define the RFC and Post-Implementation Activities |
|
Phase 4: Measure, Manage, and Maintain |
|
Total Savings | $10,800 |
Industry: Technology
Source: Daniel Grove, Intel
Founded in 1968, the world’s largest microchip and semiconductor company employs over 100,000 people. Intel manufactures processors for major players in the PC market including Apple, Lenovo, HP, and Dell.
With close to 4,000 changes occurring each week, managing Intel’s environment is a formidable task. Before implementing change management within the organization, over 35% of all unscheduled downtime was due to errors resulting from change and release management. Processes were ad hoc or scattered across the organization and no standards were in place.
After a robust implementation of change management, Intel experienced a number of improvements including automated approvals, the implementation of a formal change calendar, and an automated RFC form. As a result, Intel improved change productivity by 40% within the first year of the program’s implementation.
Define Change Management
↓
Establish Roles and Workflows
↓
Define RFC and Post-Implementation Activities
↓
Measure, Manage, and Maintain
"Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful."
"Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track."
"We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place."
"Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project."
Diagnostics and consistent frameworks are used throughout all four options.
A Guided Implementation (GI) is series of calls with an Info-Tech analyst to help implement our best practices in your organization.
A typical GI is between 8 to 12 calls over the course of 4 to 6 months.
Contact your account representative for more information.
workshops@infotech.com 1-888-670-8889
Day 1 | Day 2 | Day 3 | Day 4 | Day 5 | |
---|---|---|---|---|---|
Activities |
Define Change Management 1.1 Outline Strengths and Challenges 1.2 Conduct a Maturity Assessment 1.3 Build a Change Categorization Scheme 1.4 Build Your Risk Assessment |
Establish Roles and Workflows 2.1 Define the Change Manager Role 2.2 Outline CAB Protocol and membership 2.3 Build Normal Change Process 2.4 Build Emergency Change Process 2.5 Build Pre-Approved Change Process |
Define the RFC and Post-Implementation Activities 3.1 Create an RFC Template 3.2 Determine Post-Implementation Activities 3.3 Build a Change Calendar Protocol |
Measure, Manage, and Maintain 4.1 Identify Metrics and Reports 4.2 Create Communications Plan 4.3 Build an Implementation Roadmap |
Next Steps and Wrap-Up (offsite) 5.1 Complete in-progress deliverables from previous four days 5.2 Set up review time for workshop deliverables and to discuss next steps |
Deliverables |
|
|
|
|
|
1.1 Assess Maturity
1.2 Categorize Changes and Build Your Risk Assessment
Establish Roles and Workflows
2.1 Determine Roles and Responsibilities
2.2 Build Core Workflows
Define the RFC and Post-Implementation Activities
3.1 Design the RFC
3.2 Establish Post-Implementation Activities
Measure, Manage, and Maintain
4.1 Identify Metrics and Build the Change Calendar
4.2 Implement the Project
This phase will guide you through the following steps:
This phase involves the following participants:
1.1.1 Outline the Organization’s Strengths and Challenges
1.1.2 Complete a Maturity Assessment
Step 1.1: Assess Maturity → Step 1.2: Categorize Changes and Build Your Risk Assessment
Ensure the Release Manager is present as part of your CAB. They can explain any change content or dependencies, communicate business approval, and advise the service desk of any defects.
As seen in the context diagram, change management interacts closely with many other IT processes including release management and configuration management (seen below). Ensure you delineate when these interactions occur (e.g. RFC updates and CMDB queries) and which process owns each task.
“With no controls in place, IT gets the blame for embarrassing outages. Too much control, and IT is seen as a roadblock to innovation.” – Anonymous, VP IT of a federal credit union
Download the Optimize IT Change Management Improvement Initiative: Project Summary Template
Chaos | Reactive | Controlled |
Proactive | Optimized | |
---|---|---|---|---|---|
Change Requests | No defined processes for submitting changes | Low process adherence and no RFC form | RFC form is centralized and a point of contact for changes exists | RFCs are reviewed for scope and completion | RFCs trend analysis and proactive change exists |
Change Review | Little to no change risk assessment | Risk assessment exists for each RFC | RFC form is centralized and a point of contact for changes exists | Change calendar exists and is maintained | System and component dependencies exist (CMDB) |
Change Approval | No formal approval process exists | Approval process exists but is not widely followed | Unauthorized changes are minimal or nonexistent | Change advisory board (CAB) is established and formalized | Trend analysis exists increasing pre-approved changes |
Post-Deployment | No post-deployment change review exists | Process exists but is not widely followed | Reduction of change-related incidents | Stakeholder satisfaction is gathered and reviewed | Lessons learned are propagated and actioned |
Process Governance | Roles & responsibilities are ad hoc | Roles, policies & procedures are defined & documented | Roles, policies & procedures are defined & documented | KPIs are tracked, reported on, and reviewed | KPIs are proactively managed for improvement |
Reaching an optimized level is not feasible for every organization. You may be able to run a very good change management process at the Proactive or even Controlled stage. Pay special attention to keeping your goals attainable.
Download the Change Management Maturity Assessment Tool
Even Google isn’t immune to change-related outages. Plan ahead and communicate to help avoid change-related incidents
Industry: Technology
Source: The Register
As part of a routine maintenance procedure, Google engineers moved App Engine applications between data centers in the Central US to balance out traffic.
Unfortunately, at the same time that applications were being rerouted, a software update was in progress on the traffic routers, which triggered a restart. This temporarily diminished router capacity, knocking out a sizeable portion of Google Cloud.
The server drain resulted in a huge spike in startup requests, and the routers simply couldn’t handle the traffic.
As a result, 21% of Google App Engine applications hosted in the Central US experienced error rates in excess of 10%, while an additional 16% of applications experienced latency, albeit at a lower rate.
Thankfully, engineers were actively monitoring the implementation of the change and were able to spring into action to halt the problem.
The change was rolled back after 11 minutes, but the configuration error still needed to be fixed. After about two hours, the change failure was resolved and the Google Cloud was fully functional.
One takeaway for the engineering team was to closely monitor how changes are scheduled. Ultimately, this was the result of miscommunication and a lack of transparency between change teams.
1.2.1 Define What Constitutes a Change
1.2.2 Build a Change Categorization Scheme
1.2.3 Build a Classification Scheme to Assess Impact
1.2.4 Build a Classification Scheme to Define Likelihood
1.2.5 Evaluate and Adjust Your Risk Assessment Scheme
Step 1.1: Assess Maturity → Step 1.2: Categorize Changes and Build Your Risk Assessment
Successfully managed changes will optimize risk exposure, severity of impact, and disruption. This will result in the bottom-line business benefits of removal of risk, early realization of benefits, and savings of money and time.
80%
In organizations without formal change management processes, about 80% (The Visible Ops Handbook) of IT service outage problems are caused by updates and changes to systems, applications, and infrastructure. It’s crucial to track and systematically manage change to fully understand and predict the risks and potential impact of the change.
The core business of the enterprise or supporting functions may be affected.
If it’s for a local application, it’s a service request
It should usually impact more than a single user (in most cases).
Any impact on a business process is a change; adding a user or a recipient to a report or mailing list is not a change.
If it’s a new service, then it’s better described as a project.
It needs to be within the scope of IT for the change management process to apply.
As a general rule, if it takes longer than 40 hours of work to complete, it’s likely a project.
Change | Service Request (User) | Operational Task (Backend) |
---|---|---|
|
|
|
Change | Project | Service Request (User) | Operational Task (Backend) | Release |
---|---|---|---|---|
Changing Configuration | ERP upgrade | Add new user | Delete temp files | Software release |
Download the Change Management Standard Operating Procedure (SOP).
In addition to assigning a category to each RFC based on risk assessment, each RFC should also be assigned a priority based on the impact of the change on the IT organization, in terms of the resources needed to effect the change.
Normal
Emergency
Pre-Approved
The majority of changes will be pre-approved or normal changes. Definitions of each category are provided on the next slide.
Info-Tech uses the term pre-approved rather than the ITIL terminology of standard to more accurately define the type of change represented by this category.
A potential fourth change category of expedited may be employed if you are having issues with process adherence or if you experience changes driven from outside change management’s control (e.g. from the CIO, director, judiciary, etc.) See Appendix I for more details.
Do not rush to designate changes as pre-approved. You may have a good idea of which changes may be considered pre-approved, but make sure they are in fact low-risk and well-documented before moving them over from the normal category.
Pre-Approved | Normal | Emergency | |
---|---|---|---|
Definition |
|
|
|
Trigger |
|
|
|
Workflow |
|
|
|
Approval |
|
|
|
Pay close attention to defining your pre-approved changes. They are going to be critical for running a smooth change management practice in a DevOps Environment
Pre-Approved (AKA Standard) | Normal | Emergency |
---|---|---|
|
Major
Medium
Minor
|
|
The following slides guide you through the steps of formalizing a risk assessment according to impact and likelihood:
Info-Tech Insight
All changes entail an additional level of risk. Risk is a function of impact and likelihood. Risk may be reduced, accepted, or neutralized through following best practices around training, testing, backout planning, redundancy, timing and sequencing of changes, etc.
How is risk rating determined?
Who determines priority?
How is risk rating used?
RFCs need to clearly identify the risk level of the proposed change. This can be done through statement of impact and likelihood (low/medium/high) or through pertinent questions linked with business rules to assess the risk.
Risk always has a negative impact, but the size of the impact can vary considerably in terms of cost, number of people or sites affected, and severity of the impact. Impact questions tend to be more objective and quantifiable than likelihood questions.
Impact | ||||
---|---|---|---|---|
Weight | Question | High | Medium | Low |
15% | # of people affected | 36+ | 11-35 | <10 |
20% | # of sites affected | 4+ | 2-3 | 1 |
15% | Duration of recovery (minutes of business time) | 180+ | 30-18 | <3 |
20% | Systems affected | Mission critical | Important | Informational |
30% | External customer impact | Loss of customer | Service interruption | None |
LIKELIHOOD | ||||
---|---|---|---|---|
Weight | Question | High | Medium | Low |
25% | Has this change been tested? | No | Yes | |
10% | Have all the relevant groups (companies, departments, executives) vetted the change? | No | Partial | Yes |
5% | Has this change been documented? | No | Yes | |
15% | How long is the change window? When can we implement? | Specified day/time | Partial | Per IT choice |
20% | Do we have trained and experienced staff available to implement this change? If only external consultants are available, the rating will be “medium” at best. | No | Yes | |
25% | Has an implementation plan been developed? | No | Yes |
Download the Change Management Rick Assessment Tool.
# |
Change Example |
Impact |
Likelihood |
Risk |
1 |
ERP change |
High |
Medium |
Major |
2 |
Ticket system go-live |
Medium |
Low |
Minor |
3 |
UPS replacement |
Medium |
Low |
Minor |
4 |
Network upgrade |
Medium |
Medium |
Medium |
5 |
AD upgrade |
Medium |
Low |
Minor |
6 |
High availability implementation |
Low |
Medium |
Minor |
7 |
Key-card implementation |
Low |
High |
Medium |
8 |
Anti-virus update |
Low |
Low |
Minor |
9 |
Website |
Low |
Medium |
Minor |
The company was planning to implement a CMDB; however, full implementation was still one year away and subject to budget constraints.
Without a CMDB, it would be difficult to understand the interdependencies between systems and therefore be able to provide notifications to potentially affected user groups prior to implementing technical changes.
This could have derailed the change management project.
An Excel template was set up as a stopgap measure until the full implementation of the CMDB. The template included all identified dependencies between systems, along with a “dependency tier” for each IT service.
Tier 1: The dependent system would not operate if the upstream system change resulted in an outage.
Tier 2: The dependent system would suffer severe degradation of performance and/or features.
Tier 3: The dependent system would see minor performance degradation or minor feature unavailability.
As a stopgap measure, the solution worked well. When changes ran the risk of degrading downstream dependent systems, the impacted business system owner’s authorization was sought and end users were informed in advance.
The primary takeaway was that a system to manage configuration linkages and system dependencies was key.
While a CMDB is ideal for this use case, IT organizations shouldn’t let the lack of such a system stop progress on change management.
Founded in 1968, the world’s largest microchip and semiconductor company employs over 100,000 people. Intel manufactures processors for major players in the PC market including Apple, Lenovo, HP, and Dell.
Intel IT supports over 65,000 servers, 3.2 petabytes of data, over 70,000 PCs, and 2.6 million emails per day.
Intel’s change management program is responsible for over 4,000 changes each week.
Due to the sheer volume of change management activities present at Intel, over 35% of unscheduled outages were the result of changes.
Ineffective change management was identified as the top contributor of incidents with unscheduled downtime.
One of the major issues highlighted was a lack of process ownership. The change management process at Intel was very fragmented, and that needed to change.
Daniel Grove, Senior Release & Change Manager at Intel, identified that clarifying tasks for the Change Manager and the CAB would improve process efficiency by reducing decision lag time. Roles and responsibilities were reworked and clarified.
Intel conducted a maturity assessment of the overall change management process to identify key areas for improvement.
For running change management in DevOps environment, see Appendix II.
Define Change Management
1.1 Assess Maturity
1.2 Categorize Changes and Build Your Risk Assessment
Establish Roles and Workflows
2.1 Determine Roles and Responsibilities
2.2 Build Core Workflows
Define RFC and Post-Implementation Activities
3.1 Design the RFC
3.2 Establish Post-Implementation Activities
Measure, Manage, and Maintain
4.1 Identify Metrics and Build the Change Calendar
4.2 Implement the Project
This phase will guide you through the following steps:
This phase involves the following participants:
2.1.1 Capture Roles and Responsibilities Using a RACI Chart
2.1.2 Determine Your Change Manager’s Responsibilities
2.1.3 Define the Authority and Responsibilities of Your CAB
2.1.4 Determine an E-CAB Protocol for Your Organization
Step 2.1: Determine Roles and Responsibilities → Step 2.2: Build Core Workflows
This step involves the following participants:
Change Management Tasks | Originator | System Owner | Change Manager | CAB Member | Technical SME | Service Desk | CIO/ VP IT | E-CAB Member |
---|---|---|---|---|---|---|---|---|
Review the RFC | C | C | A | C | R | C | R | |
Validate changes | C | C | A | C | R | C | R | |
Assess test plan | A | C | R | R | C | I | ||
Approve the RFC | I | C | A | R | C | I | ||
Create communications plan | R | I | A | I | I | |||
Deploy communications plan | I | I | A | I | R | |||
Review metrics | C | A | R | C | I | |||
Perform a post implementation review | C | R | A | I | ||||
Review lessons learned from PIR activities | R | A | C |
Info-Tech Best Practice
Some organizations will not be able to assign a dedicated Change Manager, but they must still task an individual with change review authority and with ownership of the risk assessment and other key parts of the process.
1.Using the previous slide, Info-Tech’s Change Manager Job Description, and the examples below, brainstorm responsibilities for the Change Manager.
2.Record the responsibilities in Section 3.2 of your Change Management SOP.
Change Manager: James Corey
Responsibilities
Download the Change Manager Job Description
See what responsibilities in the CAB’s process are already performed by the DevOps lifecycle (e.g. authorization, deconfliction etc.). Do not duplicate efforts.
Based on the core responsibilities you have defined, the CAB needs to be composed of a diverse set of individuals who provide quality:
CAB Representation | Value Added | |
---|---|---|
Business Members |
|
|
IT Operations Members |
|
|
CAB Attendees |
|
|
Info-Tech Best Practice
Form a core CAB (members attend every week) and an optional CAB (members who attend only when a change impacts them or when they can provide value in discussions about a change). This way, members can have their voice heard without spending every week in a meeting where they do not contribute.
1.Using the previous slide and the examples below, list the authorities and responsibilities of your CAB.
2.Record the responsibilities in section 3.3.2 of your Change Management SOP and the Project Summary Template.
CAP Authority | CAP Responsibilities |
---|---|
|
|
Change owner conferences with E-CAB (best efforts to reach them) through email or messaging.
E-CAB members and business system owners are provided with change details. No decision is made without feedback from at least one E-CAB member.
If business continuity is being affected, the Change Manager has authority to approve change.
Full documentation of the change (a retroactive RFC) is done after the change and is then reviewed by the CAB.
Info-Tech Best Practice
Members of the E-CAB should be a subset of the CAB who are typically quick to respond to their messages, even at odd hours of the night.
Assemble E-CAB
Assess Change
Test (if Applicable)
Deploy Change
Create Retroactive RFC
Review With CAB
2.2.1 Build a CMDB-lite as a Reference for Requested Changes
2.2.2 Create a Normal Change Process
2.2.3 Create a Pre-Approved Change Process
2.2.4 Create an Emergency Change Process
Step 2.1: Determine Roles and Responsibilities → Step 2.2: Build Core Workflows
This step involves the following participants:
Supplier
Input
Process
Output
Customer
Metrics
Controls
Dependencies
RACI
Identify all components of the change.
Ask how changes will affect:
Frame the change from a business point of view to identify potential disruptions to business activities.
Your assessment should cover:
Each new change can impact the level of service available.
Examine the impact on:
Once risk has been assessed, resources need to be identified to ensure the change can be executed.
These include:
System | Primary Users | SME | Backup SME(s) | Business System Owner | Tier 1 Dependency (system functionality is down) | Tier 2 (impaired functionality/ workaround available) | Tier 3 Dependency (nice to have) |
---|---|---|---|---|---|---|---|
Enterprise | Naomi | Amos | James |
|
|
||
Conferencing Tool | Enterprise | Alex | Shed | James |
|
|
|
ITSM (Service Now) | Enterprise (Intl.) | Anderson | TBD | Mike |
|
|
|
ITSM (Manage Engine) | North America | Bobbie | Joseph | Mike |
|
|
Info-Tech Best Practice
Define a list pre-approved changes and automate them (if possible) using your ITSM solution. This will save valuable time for more important changes in the queue.
Example:
Change Category | Change Authority |
---|---|
Pre-approved change | Department head/manager |
Emergency change | E-CAB |
Normal change – low and medium risk | CAB |
Normal change – high risk | CAB and CIO (for visibility) |
Change initiation allows for assurance that the request is in scope for change management and acts as a filter for out-of-scope changes to be redirected to the proper workflow. Initiation also assesses who may be assigned to the change and the proper category of the change, and results in an RFC to be populated before the change reaches the build and test phase.
The change trigger assessment is critical in the DevOps lifecycle. This can take a more formal role of a technical review board (TRB) or, with enough maturity, may be automated. Responsibilities such as deconfliction, dependency identification, calendar query, and authorization identification can be done early in the lifecycle to decrease or eliminate the burden on CAB.
For the full process, refer to the Change Management Process Library.
For the full process, refer to the Change Management Process Library.
For the full process, refer to the Change Management Process Library.
For the full process, refer to the Change Management Process Library.
Download the Change Management Process Library.
Info-Tech Best Practice
At the beginning of a change management process, there should be few active pre-approved changes. However, prior to launch, you may have IT flag changes for conversion.
For the full process, refer to the Change Management Process Library.
Info-Tech Best Practice
Other reasons for moving a pre-approved change back to the normal category is if the change led to an incident during implementation or if there was an issue during implementation.
Seek new pre-approved change submissions. → Re-evaluate the pre-approved change list every 4-6 months.
For the full process, refer to the Change Management Process Library.
Sample Change | Quick Check | Emergency? |
---|---|---|
Install the latest critical patches from the vendor. | Are the patches required to resolve or prevent an imminent critical incident? | No |
A virus or worm invades the network and a patch is needed to eliminate the threat. | Is the patch required to resolve or prevent an imminent critical incident? | Yes |
Info-Tech Best Practice
Change requesters should be made aware that senior management will be informed if an emergency RFC is submitted inappropriately. Emergency requests trigger urgent CAB meetings, are riskier to deploy, and delay other changes waiting in the queue.
When building your emergency change process, have your E-CAB protocol from activity 2.1.4 handy.
For the full process, refer to the Change Management Process Library.
Industry: Technology
Source: Daniel Grove, Intel
Founded in 1968, the world’s largest microchip and semiconductor company employs over 100,000 people. Intel manufactures processors for major players in the PC market including Apple, Lenovo, HP, and Dell.
Intel IT supports over 65,000 servers, 3.2 petabytes of data, over 70,000 PCs, and 2.6 million emails per day.
Intel’s change management program is responsible for over 4,000 changes each week.
Intel identified 37 different change processes and 25 change management systems of record with little integration.
Software and infrastructure groups were also very siloed, and this no doubt contributed to the high number of changes that caused outages.
The task was simple: standards needed to be put in place and communication had to improve.
Once process ownership was assigned and the role of the Change Manager and CAB clarified, it was a simple task to streamline and simplify processes among groups.
Intel designed a new, unified change management workflow that all groups would adopt.
Automation was also brought into play to improve how RFCs were generated and submitted.
Define Change Management
1.1 Assess Maturity
1.2 Categorize Changes and Build Your Risk Assessment
Establish Roles and Workflows
2.1 Determine Roles and Responsibilities
2.2 Build Core Workflows
Define the RFC and Post-Implementation Activities
3.1 Design the RFC
3.2 Establish Post-Implementation Activities
Measure, Manage, and Maintain
4.1 Identify Metrics and Build the Change Calendar
4.2 Implement the Project
This phase will guide you through the following activities:
This phase involves the following participants:
3.1.1 Evaluate Your Existing RFC Process
3.1.2 Build the RFC Form
Step 3.1: Design the RFC
Step 3.2: Establish Post-Implementation Activities
This step involves the following participants:
Info-Tech Insight
Keep the RFC form simple, especially when first implementing change management, to encourage the adoption of and compliance with the process.
Download the Request for Change Form Template.
Draft:
Technical Build:
CAB:
Complete:
Use the RFC to point to documentation already gathered in the DevOps lifecycle to cut down on unnecessary manual work while maintaining compliance.
Info-Tech Best Practice
Technical and SME contacts should be noted in each RFC so they can be easily consulted during the RFC review.
Industry: Technology
Source: Daniel Grove, Intel
Founded in 1968, the world’s largest microchip and semiconductor company employs over 100,000 people. Intel manufactures processors for major players in the PC market including Apple, Lenovo, HP, and Dell.
Intel IT supports over 65,000 servers, 3.2 petabytes of data, over 70,000 PCs, and 2.6 million emails per day.
Intel’s change management program is responsible for over 4,000 changes each week.
One of the crucial factors that was impacting Intel’s change management efficiency was a cumbersome RFC process.
A lack of RFC usage was contributing to increased ad hoc changes being put through the CAB, and rescheduled changes were quite high.
Additionally, ad hoc changes were also contributing heavily to unscheduled downtime within the organization.
Intel designed and implemented an automated RFC form generator to encourage end users to increase RFC usage.
As we’ve seen with RFC form design, the UX/UI of the form needs to be top notch, otherwise end users will simply circumvent the process. This will contribute to the problems you are seeking to correct.
Thanks to increased RFC usage, Intel decreased emergency changes by 50% and reduced change-caused unscheduled downtime by 82%.
3.2.1 Determine When the CAB Would Reject Tested Changes
3.2.2 Create a Post-Implementation Activity Checklist
Step 3.1: Design RFC
Step 3.2: Establish Post-Implementation Activities
This step involves the following participants:
Possible reasons the CAB would reject a change include:
Info-Tech Best Practice
Many reasons for rejection (listed above) can be caught early on in the process during the technical review or change build portion of the change. The earlier you catch these reasons for rejection, the less wasted effort there will be per change.
Sample RFC | Reason for CAP Rejection |
---|---|
There was a request for an update to a system that a legacy application depends on and only a specific area of the business was aware of the dependency. | The CAB rejects it due to the downstream impact. |
There was a request for an update to a non-supported application, and the vendor was asking for a premium support contract that is very costly. | It’s too expensive to implement, despite the need for it. The CAB will wait for an upgrade to a new application. |
There was a request to update application functionality to a beta release. | The risk outweighs the business benefits. |
The implementation phase is the final checkpoint before releasing the new change into your live environment. Once the final checks have been made to the change, it’s paramount that teams work together to transition the change effectively rather than doing an abrupt hand-off. This could cause a potential outage.
1.
Implement change →
2.
A backout plan needs to contain a record of the steps that need to be taken to restore the live environment back to its previous state and maintain business continuity. A good backout plan asks the following questions:
Notify the Service Desk
Disable Access
Conduct Checks
Enable User Access
Notify the Service Desk
Info-Tech Best Practice
As part of the backout plan, consider the turnback point in the change window. That is, the point within the change window where you still have time to fully back out of the change.
Update the service catalog with new information as a result of the implemented change.
Update new dependencies present as a result of the new change.
Add notes about any assets newly affected by changes.
Update your map based on the new change.
Update your technical documentation to reflect the changes present because of the new change.
Update your training documentation to reflect any information about how users interact with the change.
Info-Tech Best Practice
Review PIR reports at CAB meetings to highlight the root causes of issues, action items to close identified gaps, and back-up documentation required. Attach the PIR report to the relevant RFC to prevent similar changes from facing the same issues in the future.
Frequency | Part of weekly review (IT team meeting) |
Participants |
|
Categories under review |
Current deviations and action items from previous PIR:
|
Output |
|
Controls |
|
Download the Change Management Post-Implementation Checklist
Industry: Technology
Source: Jason Zander, Microsoft
In November 2014, Microsoft deployed a change intended to improve Azure storage performance by reducing CPU footprint of the Azure Table Front-Ends.
The deployment method was an incremental approach called “flighting,” where software and configuration deployments are deployed incrementally to Azure infrastructure in small batches.
Unfortunately, this software deployment caused a service interruption in multiple regions.
Before the software was deployed, Microsoft engineers followed proper protocol by testing the proposed update. All test results pointed to a successful implementation.
Unfortunately, engineers pushed the change out to the entire infrastructure instead of adhering to the traditional flighting protocol.
Additionally, the configuration switch was incorrectly enabled for the Azure Blob storage Front-Ends.
A combination of the two mistakes exposed a bug that caused the outage.
Thankfully, Microsoft had a backout plan. Within 30 minutes, the change was rolled back on a global scale.
It was determined that policy enforcement was not integrated across the deployment system. An update to the system shifted the process of policy enforcement from human-based decisions and protocol to automation via the deployment platform.
Defined PIR activities enabled Microsoft to take swift action against the outage and mitigate the risk of a serious outage.
Define Change Management
1.1 Assess Maturity
1.2 Categorize Changes and Build Risk Assessment
Establish Roles and Workflows
2.1 Determine Roles and Responsibilities
2.2 Build Core Workflows
Define RFC and Post-Implementation Activities
3.1 Design RFC
3.2 Establish post-implementation activities
Measure, Manage, and Maintain
4.1 Identify Metrics and Build the Change Calendar
4.2 Implement the Project
This phase will guide you through the following activities:
This phase involves the following participants:
4.1.1 Create an Outline for Your Change Calendar
4.1.2 Determine Metrics, Key Performance Indicators (KPIs), and Critical Success Factors (CSFs)
4.1.3 Track and Record Metrics Using the Change Management Metrics Tool
Step 4.1: Identify Metrics and Build the Change Calendar
Step 4.2: Implement the Project
This step involves the following participants:
“The one who has more clout or authority is usually the one who gets changes scheduled in the time frame they desire, but you should really be evaluating the impact to the organization. We looked at the risk to the business of not doing the change, and that’s a good way of determining the criticality and urgency of that change.” – Joseph Sgandurra, Director, Service Delivery, Navantis
Info-Tech Insight
Avoid a culture where powerful stakeholders are able to push change deployment on an ad hoc basis. Give the CAB the full authority to make approval decisions based on urgency, impact, cost, and availability of resources.
“Our mantra is to put it on the calendar. Even if it’s a preapproved change and doesn’t need a vote, having it on the calendar helps with visibility. The calendar is the one-stop shop for scheduling and identifying change dependencies.“ – Wil Clark, Director of Service and Performance Management, University of North Texas Systems
The change calendar is a critical pre-requisite to change management in DevOps. Use the calendar to be proactive with proposed implementation dates and deconfliction before the change is finished.
Info-Tech Insight
Start simple. Metrics can be difficult to tackle if you’re starting from scratch. While implementing your change management practice, use these three metrics as a starting point, since they correlate well with the success of change management overall. The following few slides provide more insight into creating metrics for your change process.
Purposely use SDLC and change lifecycle metrics to find bottlenecks and automation candidates.
Metrics are easily measured datapoints that can be pulled from your change management tool. Examples: Number of changes implemented, number of changes without incident.
Key Performance Indicators are metrics presented in a way that is easily digestible by stakeholders in IT. Examples: Change efficiency, quality of changes.
Critical Success Factors are measures of the business success of change management taken by correlating the CSF with multiple KPIs. Examples: consistent and efficient change management process, a change process mapped to business needs
Metric/Report (by team) | Benefit |
---|---|
Total number of RFCs and percentages by category (pre-approved, normal, emergency, escalated support, expedited) |
|
Pre-approved change list (and additions/removals from the list) | Workload and process streamlining (i.e. reduce “red tape” wherever possible) |
Average time between RFC lifecycle stages (by service/application) | Advance planning for proposed changes |
Number of changes by service/application/hardware class |
|
Change triggers | Business- vs. IT-initiated change |
Number of RFCs by lifecycle stage | Workload planning |
List of incidents related to changes | Visible failures of the CM process |
Percentage of RFCs with a tested backout/validation plan | Completeness of change planning |
List of expedited changes | Spotlighting poor planning and reducing the need for this category going forward (“The Hall of Shame”) |
CAB approval rate | Change coordinator alignment with CAB priorities – low approval rate indicates need to tighten gatekeeping by the change coordinator |
Calendar of changes | Planning |
Ref # | Metric |
---|---|
M1 |
Number of changes implemented for a time period |
M2 | Number of changes successfully implemented for a time period |
M3 | Number of changes implemented causing incidents |
M4 | Number of accepted known errors when change is implemented |
M5 | Total days for a change build (specific to each change) |
M6 | Number of changes rescheduled |
M7 | Number of training questions received following a change |
Ref# | KPI | Product |
---|---|---|
K1 | Successful changes for a period of time (approach 100%) | M2 / M1 x 100% |
K2 | Changes causing incidents (approach 0%) | M3 / M1 x 100% |
K3 | Average days to implement a change | ΣM5 / M1 |
K4 | Change efficiency (approach 100%) | [1 - (M6 / M1)] x 100% |
K5 | Quality of changes being implemented (approach 100%) | [1 - (M4 / M1)] x 100% |
K6 | Change training efficiency (approach 100%) | [1 - (M7 / M1)] x 100% |
Ref# | CSF | Indicator |
---|---|---|
C1 | Successful change management process producing quality changes | K1, K5 |
C2 | Consistent efficient change process | K4, K6 |
C3 | Change process maps to business needs | K5, K6 |
Info-Tech Best Practice
Make sure you’re measuring the right things and considering all sources of information. It’s very easy to put yourself in a position where you’re congratulating yourselves for improving on a specific metric such as number of releases per month, but satisfaction remains low.
Tracking the progress of metrics is paramount to the success of any change management process. Use Info-Tech’s Change Management Metrics Tool to record metrics and track your progress. This tool is intended to be a substitute for organizations who do not have the capability to track change-related metrics in their ITSM tool.
Download the Change Management Metrics Tool
Industry: Federal Credit Union (anonymous)
Source: Info-Tech Workshop
At this federal credit union, the VP of IT wanted a tight set of metrics to engage with the business, communicate within IT, enable performance management of staff, and provide visibility into workload demands, among other requirements.
The organization was suffering from “metrics fatigue,” with multiple reports being generated from all groups within IT, to the point that weekly/monthly reports were being seen as spam.
Stakeholders were provided with an overview of change management benefits and were asked to identify one key attribute that would be useful to their specific needs.
Metrics were designed around the stakeholder needs, piloted with each stakeholder group, fine-tuned, and rolled out.
Some metrics could not be automated off-the-shelf and were rolled out in a manual fashion. These metrics were subsequently automated and finally made available through a dashboard.
The business received clear guidance regarding estimated times to implement changes across different elements of the environment.
The IT managers were able to plan team workloads with visibility into upstream change activity.
Architects were able to identify vendors and systems that were the leading source of instability.
The VP of IT was able to track the maturity growth of the change management process and proactively engage with the business on identified hot spots.
4.2.1 Use a Communications Plan to Gain End User Buy-In
4.2.2 Create a Project Roadmap to Track Your Implementation Progress
Step 4.1: Identify Metrics and Build the Change Calendar
Step 3.2: Implement the Project
This step involves the following participants:
Change management provides value by promptly evaluating and delivering changes required by the business and by minimizing disruption and rework caused by failed changes. Communication of your new change management process is key. If people do not understand the what and why, it will fail to provide the desired value.
Info-Tech Best Practice
Gather feedback from end users about the new process: if the process is too bureaucratic, end users are more likely to circumvent it.
Info-Tech Insight
The success of change communication can be measured by monitoring the number of service desk tickets related to a change that was not communicated to users.
Why? What problems are you trying to solve?
What? What processes will it affect (that will affect me)?
Who? Who will be affected? Who do I go to if I have issues with the new process?
When? When will this be happening? When will it affect me?
How? How will these changes manifest themselves?
Goal? What is the final goal? How will it benefit me?
Info-Tech Insight
Pay close attention to the medium of communication. For example, stakeholders on their feet all day would not be as receptive to an email communication compared to those who primarily work in front of a computer. Put yourself into various stakeholders’ shoes to craft a tailored communication of change management.
Group | Benefits | Impact | Method | Timeline |
---|---|---|---|---|
IT | Standardized change process | All changes must be reviewed and approved | Poster campaign | 6 months |
End Users | Decreased wait time for changes | Formal process for RFCs | Lunch-and-learn sessions | 3 months |
Business | Reduced outages | Increased involvement in planning and approvals | Monthly reports | 1 year |
Download the Change Management Communications Plan
Know your audience:
Info-Tech Insight
The support of senior executive stakeholders is critical to the success of your SOP rollout. Try to wow them with project benefits and make sure they know about the risks/pain points.
Download the Change Management Project Summary Template
Download the Change Management Roadmap Tool
Industry: Technology
Source: Daniel Grove, Intel
Founded in 1968, the world’s largest microchip and semiconductor company employs over 100,000 people. Intel manufactures processors for major players in the PC market including Apple, Lenovo, HP, and Dell.
Intel IT supports over 65,000 servers, 3.2 petabytes of data, over 70,000 PCs, and 2.6 million emails per day.
Intel’s change management program is responsible for over 4,000 changes each week.
Intel had its new change management program in place and the early milestones planned, but one key challenge with any new project is communication.
The company also needed to navigate the simplification of a previously complex process; end users could be familiar with any of the 37 different change processes or 25 different change management systems of record.
Top-level buy-in was another concern.
Intel first communicated the process changes by publishing the vision and strategy for the project with top management sponsorship.
The CIO published all of the new change policies, which were supported by the Change Governance Council.
Intel cited the reason for success as the designation of a Policy and Guidance Council – a group designed to own communication and enforcement of the new policies and processes put in place.
You now have an outline of your new change management process. The hard work starts now for an effective implementation. Make use of the communications plan to socialize the new process with stakeholders and the roadmap to stay on track.
Remember as you are starting your implementation to keep your documents flexible and treat them as “living documents.” You will likely need to tweak and refine the processware and templates several times to continually improve the process. Furthermore, don’t shy away from seeking feedback from your stakeholders to gain buy-in.
Lastly, keep an eye on your progress with objective, data-driven metrics. Leverage the trends in your data to drive your decisions. Be sure to revisit the maturity assessment not only to measure and visualize your progress, but to gain insight into your next steps.
Contact your account representative for more information.
workshops@infotech.com
1-888-670-8889
To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team.
Info-Tech analysts will join you and your team at your location or welcome you to Info-Tech’s historic office in Toronto, Ontario, Canada to participate in an innovative onsite workshop.
Contact your account representative for more information.
workshops@infotech.com 1-888-670-8889
The following are sample activities that will be conducted by Info-Tech analysts with your team:
Run through the change management maturity assessment with tailored commentary for each action item outlining context and best practices.
Build a normal change process using Info-Tech’s Change Management Process Library template with an analyst helping you to right size the process for your organization.
Improve customer service by driving consistency in your support approach and meeting SLAs.
Maintain both speed and control while improving the quality of deployments and releases within the infrastructure team.
Don’t let persistent problems govern your department.
AXELOS Limited. ITIL Foundation: ITIL 4th edition. TSO, 2019, pp. 118–120.
Behr, Kevin and George Spafford. The Visible Ops Handbook: Implementing ITIL in 4 Practical and Auditable Steps. IT Revolution Press. 2013.
BMC. “ITIL Change Management.” BMC Software Canada, 22 December 2016.
Brown, Vance. “Change Management: The Greatest ROI of ITIL.” Cherwell Service Management.
Cisco. “Change Management: Best Practices.” Cisco, 10 March 2008.
Grove, Daniel. “Case Study ITIL Change Management Intel Corporation.” PowerShow, 2005.
ISACA. “COBIT 5: Enabling Processes.” ISACA, 2012.
Jantti, M. and M. Kainulainen. “Exploring an IT Service Change Management Process: A Case Study.” ICDS 2011: The Fifth International Conference on Digital Society, 23 Feb. 2011.
Murphy, Vawns. “How to Assess Changes.” The ITSM Review, 29 Jan. 2016.
Nyo, Isabel. “Best Practices for Change Management in the Age of DevOps.” Atlassian Engineering, 12 May 2021.
Phillips, Katherine W., Katie A. Liljenquist, and Margaret A. Neale. “Better Decisions Through Diversity.” Kellogg Insight, 1 Oct. 2010.
Pink Elephant. “Best Practices for Change Management.” Pink Elephant, 2005.
Sharwood, Simon. “Google broke its own cloud by doing two updates at once.” The Register, 24 Aug. 2016.
SolarWinds. “How to Eliminate the No: 1 Cause of Network Downtime.” SolarWinds Tech Tips, 25 Apr. 2014.
The Stationery Office. “ITIL Service Transition: 2011.” The Stationary Office, 29 July 2011.
UCISA. “ITIL – A Guide to Change Management.” UCISA.
Zander, Jason. “Final Root Cause Analysis and Improvement Areas: Nov 18 Azure Storage Service Interruption.” Microsoft Azure: Blog and Updates, 17 Dec. 2014.
In many organizations, there are changes which may not fit into the three prescribed categories. The reason behind why the expedited category may be needed generally falls between two possibilities:
For the full process, refer to the Change Management Process Library.
The core tenets of change management still apply no matter the type of development environment an organization has. Changes in any environment carry risk of degrading functionality, and must therefore be vetted. However, the amount of work and rigor put into different stages of the change life cycle can be altered depending on the maturity of the development workflows. The following are several stage gates for change management that MUST be considered if you are a DevOps or Agile shop:
"Understand that process is hard and finding a solution that fits every need can be tricky. With this change management process we do not try to solve every corner case so much as create a framework by which best judgement can be used to ensure maximum availability of our platforms and services while still complying with our regulatory requirements and making positive changes that will delight our customers.“ -IT Director, Information Cybersecurity Organization
The core differences between an Agile or DevOps transition and a traditional approach are the restructuring and the team behind it. As a result, the stakeholders of change management must be onboard for the process to work. This is the most difficult problem to solve if it’s an issue, but open avenues of feedback for a process build is a start.
Automation comes in many forms and is well documented in many development workflows. Having automated signoffs for QA/security checks and stakeholders/cross dependency owner sign offs may not fully replace the CAB but can ease the burden on discussions before implementation.
Canary releases, phased releases, dark releases, and toggles are all options you can employ to reduce risk during a release. Furthermore, building in contingencies to the test/rollback plan decreases the risk of the change by decreasing the factor of likelihood.
Building change from the ground up doesn’t meant the process has to be fully fledged before launch. Iterative improvements are possible before achieving an optimal state. Having the proper metrics on the pain points and bottlenecks in the process can identify areas for automation and improvement.
A properly optimized CRM ecosystem will reduce costs and increase productivity.
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Gather information around the application:
Assess CRM and related environment. Perform CRM process assessment. Assess user satisfaction across key processes, applications, and data. Understand vendor satisfaction
Build your optimization roadmap: process improvements, software capability improvements, vendor relationships, and data improvement initiatives.
Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.
Define your CRM application vision.
Develop an ongoing application optimization team.
Realign CRM and business goals.
Understand your current system state capabilities.
Explore CRM and related costs.
1.1 Determine your CRM optimization team.
1.2 Align organizational goals.
1.3 Inventory applications and interactions.
1.4 Define business capabilities.
1.5 Explore CRM-related costs (optional).
CRM optimization team
CRM business model
CRM optimization goals
CRM system inventory and data flow
CRM process list
CRM and related costs
Map current-state capabilities.
Complete a CRM process gap analysis to understand where the CRM is underperforming.
Review the CRM application portfolio assessment to understand user satisfaction and data concerns.
Undertake a software review survey to understand your satisfaction with the vendor and product.
2.1 Conduct gap analysis for CRM processes.
2.2 Perform an application portfolio assessment.
2.3 Review vendor satisfaction.
CRM process gap analysis
CRM application portfolio assessment
CRM software reviews survey
Assess CRM.
Learn which processes you need to focus on.
Uncover underlying user satisfaction issues to address these areas.
Understand where data issues are occurring so that you can mitigate this.
Investigate your relationship with the vendor and product, including that relative to others.
Identify any areas for cost optimization (optional).
3.1 Explore process gaps.
3.2 Analyze user satisfaction.
3.3 Assess data quality.
3.4 Understand product satisfaction and vendor management.
3.5 Look for CRM cost optimization opportunities (optional).
CRM process optimization priorities
CRM vendor optimization opportunities
CRM cost optimization
Build the optimization roadmap.
Understanding where you need to improve is the first step, now understand where to focus your optimization efforts.
4.1 Identify key optimization areas.
4.2 Build your CRM optimization roadmap and next steps.
CRM optimization roadmap
In today’s connected world, continuous optimization of enterprise applications to realize your digital strategy is key.
Customer relationship management (CRM) systems are at the core of a customer-centric strategy to drive business results. They are critical to supporting marketing, sales, and customer service efforts.
CRM systems are expensive, their benefits are difficult to quantify, and they often suffer from poor user satisfaction. Post implementation, technology evolves, organizational goals change, and the health of the system is not monitored. This is complicated in today’s digital landscape with multiple integration points, siloed data, and competing priorities.
Too often organizations jump into the selection of replacement systems without understanding the health of their current systems. IT leaders need to stop reacting and take a proactive approach to continually monitor and optimize their enterprise applications. Strategically realign business goals, identify business application capabilities, complete a process assessment, evaluate user adoption, and create an optimization roadmap that will drive a cohesive technology strategy that delivers results.
Lisa Highfield
Research Director,
Enterprise Applications
Info-Tech Research Group
In today’s connected world, continuous optimization of enterprise applications to realize your digital strategy is key.
Enterprise applications often involve large capital outlay and unquantified benefits.
CRM application portfolios are often messy. Add to that poor processes, distributed data, and lack of training – business results and user dissatisfaction is common.
Technology owners are often distributed across the business. Consolidation of optimization efforts is key.
Enterprise applications involve large numbers of processes and users. Without a clear focus on organizational needs, decisions about what and how to optimize can become complicated.
Competing and conflicting priorities may undermine optimization value by focusing on the approaches that would only benefit one line of business rather than the entire organization.
Teams do not have a framework to illustrate, communicate, and justify the optimization effort in the language your stakeholders understand.
Build an ongoing optimization team to conduct application improvements.
Assess your CRM application(s) and the environment in which they exist. Take a business-first strategy to prioritize optimization efforts.
Validate CRM capabilities, user satisfaction, issues around data, vendor management, and costs to build out an optimization strategy
Pull this all together to develop a prioritized optimization roadmap.
CRM implementation should not be a one-and-done exercise. A properly optimized CRM ecosystem will reduce costs and increase productivity.
CRM platforms are the applications that provide functional capabilities and data management around the customer experience (CX).
Marketing, sales, and customer service are enabled through CRM technology.
CRM technologies facilitate an organization’s relationships with customers, service users, employees, and suppliers.
CRM technology is critical to managing the lifecycle of these relationships, from lead generation, to sales opportunities, to ongoing support and nurturing of these relationships.
Customer relationship management suites are one piece of the overall customer experience management ecosystem, alongside tools such as customer intelligence platforms and adjacent point solutions for sales, marketing, and customer service. Review Info-Tech’s CXM blueprint to build a complete, end-to-end customer interaction solution portfolio that encompasses CRM alongside other critical components. The CXM blueprint also allows you to develop strategic requirements for CRM based on customer personas and external market analysis.
Statistical analysis of CRM projects indicate failures vary from 18% to 69%. Taking an average of those analyst reports, about one-third of CRM projects are considered a failure.
Source: CIO Magazine, 2017
Companies that apply the principles of behavioral economics outperform their peers by 85% in sales growth and more than 25% in gross margin.
Source: Gallup, 2012
In 2019, 40% of executives name customer experience the top priority for their digital transformation.
Source: CRM Magazine, 2019
Drivers of Dissatisfaction |
|||
---|---|---|---|
Business | Data | People and Teams | Technology |
|
|
|
|
While technology is the key enabler of building strong customer experiences, there are many other drivers of dissatisfaction. IT must stand shoulder to shoulder with the business to develop a technology framework for customer relationship management.
Marketing, Sales, and Customer Service, along with IT, can only optimize CRM with the full support of each other. The cooperation of the departments is crucial when trying to improve CRM technology capabilities and customer interaction.
“A successful application optimization strategy starts with the business need in mind and not from a technological point of view. No matter from which angle you look at it, modernizing a legacy application is a considerable undertaking that can’t be taken lightly. Your best approach is to begin the journey with baby steps.”
– Ernese Norelus, Sreeni Pamidala, and Oliver Senti
Medium, 2020
1. Map Current-State Capabilities | 2. Assess Your Current State | 3. Build Your Optimization Roadmap | |
---|---|---|---|
Phase Steps |
|
|
|
Phase Outcomes |
|
|
|
Each step of this blueprint is accompanied by supporting deliverables to help you accomplish your goals.
CRM Optimization Roadmap (Tab 8)
Complete an assessment of processes, user satisfaction, data quality, and vendor management using the Workbook or the APA diagnostic.
Align your business and technology goals and objectives in the current environment.
Identify and prioritize your CRM optimization goals.
Assess IT-enabled user satisfaction across your CRM portfolio.
Understand areas for improvement.
Align strategy and technology to meet consumer demand.
INDUSTRY - Entertainment
SOURCE - Forbes, 2017
Beginning as a mail-out service, Netflix offered subscribers a catalog of videos to select from and have mailed to them directly. Customers no longer had to go to a retail store to rent a video. However, the lack of immediacy of direct mail as the distribution channel resulted in slow adoption.
Blockbuster was the industry leader in video retail but was lagging in its response to industry, consumer, and technology trends around customer experience
In response to the increasing presence of tech-savvy consumers on the internet, Netflix invested in developing its online platform as its primary distribution channel. The benefit of doing so was two-fold: passive brand advertising (by being present on the internet) and meeting customer demands for immediacy and convenience. Netflix also recognized the rising demand for personalized service and created an unprecedented, tailored customer experience.
Netflix’s disruptive innovation is built on the foundation of great customer experience management. Netflix is now a $28-billion company, which is tenfold what Blockbuster was worth.
Netflix used disruptive technologies to innovatively build a customer experience that put it ahead of the long-time, video rental industry leader, Blockbuster.
“Our team has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful.”
“Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keep us on track.”
“We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place.”
“Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project.”
Phase 1 | Phase 2 | Phase 3 | ||
---|---|---|---|---|
Call #1: Scope requirements, objectives, and your specific challenges. |
Call #2: Build the CRM team. Align organizational goals. |
Call #4: Conduct gap analysis for CRM processes. Prepare application portfolio assessment. |
Call #5: Understand product satisfaction and vendor management. Look for CRM cost optimization opportunities (optional). |
Call #7: Identify key optimization areas. Build out optimization roadmap and next steps. |
Call #3: Map current state. Inventory CRM processes. Explore CRM-related costs. |
Call #6: Review APA results. |
A Guided Implementation (GI) is series of calls with an Info-Tech analyst to help implement our best practices in your organization.
A typical GI is between 8 to 12 calls over the course of 4 to 6 months.
Contact your account representative for more information.
workshops@infotech.com 1-888-670-8889
Day 1 | Day 2 | Day 3 | Day 4 | Day 5 | |
---|---|---|---|---|---|
Define Your CRM Application Vision | Map Current-State Capabilities | Assess CRM | Build the Optimization Roadmap | Next Steps and Wrap-Up (offsite) | |
Activities |
1.1 Determine your CRM optimization team 1.2 Align organizational goals 1.3 Inventory applications and interactions 1.4 Define business capabilities 1.5 Explore CRM-related costs |
2.1 Conduct gap analysis for CRM processes 2.2 Perform an application portfolio assessment 2.3 Review vendor satisfaction |
3.1 Explore process gaps 3.2 Analyze user satisfaction 3.3 Assess data quality 3.4 Understand product satisfaction and vendor management 3.5 Look for CRM cost optimization opportunities (optional) |
4.1 Identify key optimization areas 4.2 Build your CRM optimization roadmap and next steps |
5.1 Complete in-progress deliverables from previous four days 5.2 Set up review time for workshop deliverables and to discuss next steps |
Deliverables |
|
|
|
|
Get the Most Out of Your CRM
Integration is paramount: your CRM application often integrates with other applications within the organization. Create an integration map to reflect a system of record and the exchange of data. To increase customer engagement, channel integration is a must (i.e. with robust links to unified communications solutions, email, and VoIP telephony systems).
CRM plays a key role in the more holistic customer experience framework. However, it is heavily influenced by and often interacts with many other platforms.
Data is one key consideration that needs to be considered here. If customer information is fragmented, it will be nearly impossible to build a cohesive view of the customer. Points of integration (POIs) are the junctions between the CRM(s) and other applications where data is flowing to and from. They are essential to creating value, particularly in customer insight-focused and omnichannel-focused deployments.
CRM strategy is a critical component of customer experience (CX).
Source: Forbes, 2019
Build a cohesive CRM strategy that aligns business goals with CRM capabilities.
Customers expect to interact with organizations through the channels of their choice. Now more than ever, you must enable your organization to provide tailored customer experiences.
Technology is the key enabler of building strong customer experiences: IT must stand shoulder to shoulder with the business to develop a technology framework for customer relationship management.
1.1.1 Identify the stakeholders whose support will be critical to success
1.1.2 Select your CRM optimization team
Understand the roles necessary to get the most out of your CRM.
Understand the role of each player within your optimization initiative. Look for listed participants on the activity slides to determine when each player should be involved.
Do not limit input or participation. Include subject matter experts and internal stakeholders at stages within the optimization initiative. Such inputs can be solicited on a one-off basis as needed. This ensures you take a holistic approach to creating your CRM optimization strategy.
Title | Roles Within CRM Optimization Initiative |
---|---|
Optimization Sponsor |
|
Optimization Initiative Manager |
|
Business Leads/ |
|
CRM Optimization Team |
|
Steering Committee |
|
Consider the core team functions when composing the CRM optimization team. Form a cross-functional team (i.e. across IT, Marketing, Sales, Service, Operations) to create a well-aligned CRM optimization strategy.
Don’t let your core team become too large when trying to include all relevant stakeholders. Carefully limiting the size of the optimization team will enable effective decision making while still including functional business units such as Marketing, Sales, Service, and Customer Service.
Required Skills/Knowledge |
Suggested Optimization Team Members |
---|---|
Business |
|
|
|
IT |
|
|
|
Other | |
|
|
Get the Most Out of Your CRM Workbook
Map Current-State Capabilities
Your corporate strategy:
Your CRM Strategy:
CRM projects are more successful when the management team understands the strategic importance and the criticality of alignment. Time needs to be spent upfront aligning business strategies with CRM capabilities. Effective alignment between Sales, Marketing, Customer Service, Operations, IT, and the business should happen daily. Alignment doesn’t just need to occur at the executive level but at each level of the organization.
Increase Revenue |
Enable lead scoring |
Deploy sales collateral management tools |
Improve average cost per lead via a marketing automation tool |
---|---|---|---|
Enhance Market Share |
Enhance targeting effectiveness with a CRM |
Increase social media presence via an SMMP |
Architect customer intelligence analysis |
Improve Customer Satisfaction |
Reduce time-to-resolution via better routing |
Increase accessibility to customer service with live chat |
Improve first contact resolution with customer KB |
Increase Customer Retention |
Use a loyalty management application |
Improve channel options for existing customers |
Use customer analytics to drive targeted offers |
Create Customer-Centric Culture |
Ensure strong training and user adoption programs |
Use CRM to provide 360-degree view of all customer interactions |
Incorporate the voice of the customer into product development |
Identifying organizational objectives of high priority will assist in breaking down business needs and CRM objectives. This exercise will better align the CRM systems with the overall corporate strategy and achieve buy-in from key stakeholders.
Business Needs |
Business Drivers |
Technology Drivers |
Environmental Factors |
|
---|---|---|---|---|
Definition | A business need is a requirement associated with a particular business process. | Business drivers can be thought of as business-level goals. These are tangible benefits the business can measure such as employee retention, operation excellence, and financial performance. | Technology drivers are technological changes that have created the need for a new CRM enablement strategy. Many organizations turn to technology systems to help them obtain a competitive edge. | External considerations are factors taking place outside of the organization that are impacting the way business is conducted inside the organization. These are often outside the control of the business. |
Examples |
|
|
|
|
One of the biggest drivers for CRM adoption is the ability to make decisions through consolidated data. This driver is a result of external considerations. Many industries today are highly competitive, uncertain, and rapidly changing. To succeed under these pressures, there needs to be timely information and visibility into all components of the organization.
Get the Most Out of Your CRM Workbook
![]() |
|||
---|---|---|---|
External Considerations |
Organizational Drivers |
Technology Considerations |
Functional Requirements |
|
|
|
|
There are several different factors that may stifle the success of an CRM portfolio. Organizations creating an CRM foundation must scan their current environment to identify internal barriers and challenges.
Management Support |
Organizational Culture |
Organizational Structure |
IT Readiness |
|
---|---|---|---|---|
Definition | The degree of understanding and acceptance towards CRM technology and systems. | The collective shared values and beliefs. | The functional relationships between people and departments in an organization. | The degree to which the organization’s people and processes are prepared for new CRM system(s.) |
Questions |
|
|
|
|
Impact |
|
|
|
|
Get the Most Out of Your CRM Workbook
![]() |
|||
---|---|---|---|
Functional Gaps |
Technical Gaps |
Process Gaps |
Barriers to Success |
|
|
|
|
![]() | |||
---|---|---|---|
Business Benefits | IT Benefits | Organizational Benefits | Enablers of Success |
|
|
|
|
Increase Revenue | CRM Benefits |
---|---|
|
|
|
|
|
|
|
Download the Get the Most Out of Your CRM Workbook
1.3.1 Inventory applications and interactions
Be sure to include enterprise applications that are not included in the CRM application portfolio. Popular systems to consider for POIs include billing, directory services, content management, and collaboration tools.
When assessing the current application portfolio that supports CRM, the tendency will be to focus on the applications under the CRM umbrella, relating mostly to Marketing, Sales, and Customer Service. Be sure to include systems that act as input to, or benefit due to outputs from, the CRM or similar applications.
1.4.1 Define business capabilities
1.4.2 List your key CRM processes
In business architecture, the primary view of an organization is known as a business capability map.
A business capability defines what a business does to enable value creation, rather than how.
Business capabilities:
A business capability map provides details that help the business architecture practitioner direct attention to a specific area of the business for further assessment.
When examining CRM optimization, it is important we approach this from the appropriate layer.
In today’s complex organizations, it can be difficult to understand where inefficiencies stem from and how performance can be enhanced.
To fix problems and maximize efficiencies business capabilities and processes need to be examined to determine gaps and areas of lagging performance.
Info-Tech’s CRM framework and industry tools such as the APQC’s Process Classification Framework can help make sense of this.
CRM Application Inventory Tool
An operating model is a framework that drives operating decisions. It helps to set the parameters for the scope of CRM and the processes that will be supported. The operating model will serve to group core operational processes. These groupings represent a set of interrelated, consecutive processes aimed at generating a common output.
Value Streams |
Design Product |
Produce Product |
Sell Product |
Customer Service |
---|---|---|---|---|
|
|
|
|
Value streams connect business goals to the organization’s value realization activities in the marketplace. Those activities are dependent on the specific industry segment in which an organization operates.
There are two types of value streams: core value streams and support value streams.
An effective method for ensuring all value streams have been considered is to understand that there can be different end-value receivers.
Source: APQC, 2020
If you do not have a documented process model, you can use the APQC Framework to help define your inventory of sales business processes.
APQC’s Process Classification Framework is a taxonomy of cross-functional business processes intended to allow the objective comparison of organizational performance within and among organizations.
APQC provides a process classification framework. It allows organizations to effectively define their processes and manage them appropriately.
THE APQC PROCESS CLASSIFICATION FRAMEWORK (PCF)® was developed by non-profit APQC, a global resource for benchmarking and best practices, and its member companies as an open standard to facilitate improvement through process management and benchmarking, regardless of industry, size, or geography. The PCF organizes operating and management processes into 12 enterprise level categories, including process groups and over 1,000 processes and associated activities. To download the full PCF or industry-specific versions of the PCF as well as associated measures and benchmarking, visit www.apqc.org/pcf.
Level 1 | Level | Level 3 | Level 4 |
---|---|---|---|
Market and sell products and services |
Understand markets, customers, and capabilities | Perform customer and market intelligence analysis | Conduct customer and market research |
Market and sell products and services |
Develop sales strategy | Develop sales forecast | Gather current and historic order information |
Deliver services |
Manage service delivery resources | Manage service delivery resource demand | Develop baseline forecasts |
? | ? | ? | ? |
Focus your initial assessment on the level 1 processes that matter to your organization. This allows you to target your scant resources on the areas of optimization that matter most to the organization and minimize the effort required from your business partners.
You may need to iterate the assessment as challenges are identified. This allows you to be adaptive and deal with emerging issues more readily and become a more responsive partner to the business.
Get the Most Out of Your CRM Workbook
*Adapted from the APQC Cross-Industry Process Classification Framework, 2019.
1.5.1 List CRM-related costs (optional)
Before you can make changes and optimization decisions, you need to understand the high-level costs associated with your current application architecture. This activity will help you identify the types of technology and people costs associated with your current systems.
Get the Most Out of Your CRM Workbook
Option 1: Use Info-Tech’s Application Portfolio Assessment to generate your user satisfaction score. This tool not only measures application satisfaction but also elicits great feedback from users regarding support they receive from the IT team.
Option 2: Use the method of choice to elicit current user satisfaction for each of the processes identified as important to the organization.
Understand user satisfaction across capabilities and departments within your organization.
Download the CRM Application Inventory Tool
Using the results from the Application Portfolio Assessment or your own user survey:
Understand user satisfaction across capabilities and departments within your organization.
2.3.1 Rate your vendor and product satisfaction
2.3.2 Enter SoftwareReviews scores from your CRM Product Scorecard (optional)
Source: SoftwareReviews, March 2019
80% satisfaction score, and the other list is CIOs with <80% satisfaction score.">
The data shows that effective IT leaders invest a significant amount of time (8%) on vendor management initiatives.
Be proactive in managing you calendar and block time for these important tasks.
Analysis of CIOs’ calendars revealed that how CIOs spend their time has a correlation to both stakeholder IT satisfaction and CEO-CIO alignment.
Those CIOs that prioritized vendor management were more likely to have a business satisfaction score greater than 80%.
Use Info-Tech’s vendor satisfaction survey to identify optimization areas with your CRM product(s) and vendor(s).
Option 1 (recommended): Conduct a satisfaction survey using SoftwareReviews. This option allows you to see your results in the context of the vendor landscape.
Download the Get the Most Out of Your CRM Workbook
Option 2: Use your Get the Most Out of Your CRM Workbook, tab “6. Vendor Optimization,” to review your satisfaction with your software.
SoftwareReviews’ Customer Relationship Management
Download the Get the Most Out of Your CRM Workbook
SoftwareReviews’ Customer Relationship Management
Support user satisfaction
Enabling a high-performing, customer-centric sales, marketing, and customer service operations program requires excellent management practices and continuous optimization efforts.
Technology portfolio and architecture is important, but we must go deeper. Taking a holistic view of CRM technologies in the environments in which they operate allows for the inclusion of people and process improvements – this is key to maximizing business results.
Using a formal CRM optimization initiative will drive business-IT alignment, identify IT automation priorities, and dig deep into continuous process improvement.
Data Quality Management | Effective Data Governance | Data-Centric Integration Strategy | Extensible Data Warehousing |
---|---|---|---|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
A VMI is a formalized process within an organization, responsible for evaluating, selecting, managing, and optimizing third-party providers of goods and services.
The amount of resources you assign to managing vendors depends on the number and value of your organization’s relationships. Before optimizing your vendor management program around the best practices presented in this blueprint, assess your current maturity and build the process around a model that reflects the needs of your organization.
Info-Tech uses VMI interchangeably with the terms “vendor management office (VMO),” “vendor management function,” “vendor management process,” and “vendor management program.”
See previous slide for help around implementing a vendor management initiative.
Before you can make changes and optimization decisions, you need to understand the high-level costs associated with your current application architecture. This activity will help you identify the types of technology and people costs associated with your current systems.
This is meant as a high-level roadmap. For formal, ongoing optimization project management, refer to “Build a Better Backlog” (Phase 2 of the Info-Tech blueprint Deliver on Your Digital Product Vision).
Use a holistic assessment of the “interest” paid on technical debt to quantify and prioritize risk and enable the business make better decisions.
Phase 2: Build a Better Product Backlog
Build a structure for your backlog that supports your product vision.
An ongoing CRM optimization effort is best facilitated through a continuous Agile process. Use info-Tech’s developed tools to build out your backlog.
The key to a better backlog is a common structure and guiding principles that product owners and product teams can align to.
Exceptional customer value begins with a clearly defined backlog focused on items that will create the greatest human and business benefits.
Activity Participants | ||||||||
---|---|---|---|---|---|---|---|---|
Backlog Activity | Quality Filter | Product Manager | Product Owner | Dev Team | Scrum Master | Business | Architects | |
Sprint | Sprint Planning | “Accepted” | ✔ | ✔ | ✔ | |||
Ready | Refine | “Ready” | ✔ | ✔ | ✔ | |||
Qualified | Analysis | “Qualified” | ✔ | ✔ | ✔ | ✔ | ✔ | |
Ideas | Intake | “Backlogged” | ✔ | ✔ | ✔ | ✔ | ✔ |
A product owner is accountable for defining and prioritizing the work that will be of the greatest value to the organization and its customers. The backlog is the key to facilitating this process and accomplishing the most fundamental goals of delivery.
For more information on the role of a product owner, see Build a Better Product Owner.
Highly effective Agile teams spend 28% of their time on product backlog management and roadmapping (Quantitative Software Management, 2015).
A well-formed backlog can be thought of as a DEEP backlog:
Detailed Appropriately: PBIs are broken down and refined as necessary.
Emergent: The backlog grows and evolves over time as PBIs are added and removed.
Estimated: The effort a PBI requires is estimated at each tier.
Prioritized: The PBI’s value and priority are determined at each tier.
![]() |
3 - IDEASComposed of raw, vague, and potentially large ideas that have yet to go through any formal valuation. |
2 - QUALIFIEDResearched and qualified PBIs awaiting refinement. |
|
1 - READYDiscrete, refined PBIs that are ready to be placed in your development teams’ sprint plans. |
CRM technology is critical to facilitate an organization’s relationships with customers, service users, employees, and suppliers. CRM implementation should not be a one-and-done exercise. There needs to be an ongoing optimization to enable business processes and optimal organizational results.
Get the Most Out of Your CRM allows organizations to proactively implement continuous assessment and optimization of a customer relationship management system. This includes:
This formal CRM optimization initiative will drive business-IT alignment, identify IT automation priorities, and dig deep into continuous process-improvement.
Contact your account representative for more information
workshops@infotech.com
1-866-670-8889
Ben Dickie
Research Practice Lead
Info-Tech Research Group
Ben Dickie is a Research Practice Lead at Info-Tech Research Group. His areas of expertise include customer experience management, CRM platforms, and digital marketing. He has also led projects pertaining to enterprise collaboration and unified communications.
Scott Bickley
Practice Lead & Principal Research Director
Info-Tech Research Group
Scott Bickley is a Practice Lead & Principal Research Director at Info-Tech Research Group focused on vendor management and contract review. He also has experience in the areas of IT asset management (ITAM), software asset management (SAM), and technology procurement, along with a deep background in operations, engineering, and quality systems management.
Andy Neil
Practice Lead, Applications
Info-Tech Research Group
Andy is Senior Research Director, Data Management and BI, at Info-Tech Research Group. He has over 15 years of experience in managing technical teams, information architecture, data modeling, and enterprise data strategy. He is an expert in enterprise data architecture, data integration, data standards, data strategy, big data, and the development of industry-standard data models.
Armel, Kate. “Data-driven Estimation, Management Lead to High Quality.” Quantitative Software Management Inc. 2015. Web.
Chappuis, Bertil, and Brian Selby. “Looking beyond Technology to Drive Sales Operations.” McKinsey & Company, 24 June 2016. Web.
Cross-Industry Process Classification Framework (PCF) Version 7.2.1. APQC, 26 Sept. 2019. Web.
Fleming, John, and Hater, James. “The Next Discipline: Applying Behavioral Economics to Drive Growth and Profitability.” Gallup, 22 Sept. 2012. Accessed 6 Oct. 2020.
Hinchcliffe, Dion. “The evolving role of the CIO and CMO in customer experience.” ZDNet, 22 Jan. 2020. Web.
Karlsson, Johan. “Backlog Grooming: Must-Know Tips for High-Value Products.” Perforce. 18 May 2018. Web. Feb. 2019.
Klie, L. “CRM Still Faces Challenges, Most Speakers Agree: CRM systems have been around for decades, but interoperability and data siloes still have to be overcome.” CRM Magazine, vol. 23, no. 5, 2019, pp. 13-14.
Kumar, Sanjib, et al. “Improvement of CRM Using Data Mining: A Case Study at Corporate Telecom Sector.” International Journal of Computer Applications, vol. 178, no. 53, 2019, pp. 12-20, doi:10.5120/ijca2019919413.
Morgan, Blake. “50 Stats That Prove The Value Of Customer Experience.” Forbes, 24 Sept. 2019. Web.
Norelus, Ernese, et al. “An Approach to Application Modernization: Discovery and Assessment Phase.” IBM Garage, Medium, 24 Feb 2020. Accessed 4 Mar. 2020.
“Process Frameworks.” APQC, 4 Nov. 2020. Web.
“Process vs. Capability: Understanding the Difference.” APCQ, 2017. Web.
Rubin, Kenneth S. "Essential Scrum: A Practical Guide to the Most Popular Agile Process." Pearson Education, 2012.
Savolainen, Juha, et al. “Transitioning from Product Line Requirements to Product Line Architecture.” 29th Annual International Computer Software and Applications Conference (COMPSAC'05), IEEE, vol. 1, 2005, pp. 186-195, doi: 10.1109/COMPSAC.2005.160
Smith, Anthony. “How To Create A Customer-Obsessed Company Like Netflix.” Forbes, 12 Dec. 2017. Web.
“SOA Reference Architecture – Capabilities and the SOA RA.” The Open Group, TOGAF. Web.
Taber, David. “What to Do When Your CRM Project Fails.” CIO Magazine, 18 Sept. 2017. Web.
“Taudata Case Study.” Maximizer CRM Software, 17 Jan. 2020. Web.
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Understand the importance of customer service training, then deliver Info-Tech's training program to your IT team.
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
This blueprint provides the steps necessary to build your own enterprise application implementation playbook that can be deployed and leveraged by your implementation teams.
Build a proposal deck to make the case for legacy application modernization for your stakeholders. This will contain a definition of what a legacy application is in the context of your organization, a list of candidate applications to modernize, and a disposition strategy for each selected application.
Legacy systems remain well-embedded in the fabric of many organizations' application portfolios. They were often custom-built to meet the needs of the business. Typically, these are core tools that the business leverages to accomplish its goals.
A legacy application becomes something we need to address when it no longer supports our business goals, is no longer supportable, bears an unsustainable ownership cost, or poses a threat to the organization's cybersecurity or compliance.
When approaching your legacy application strategy, you must navigate a complex web of business, stakeholder, software, hardware, resourcing, and financial decisions. To complicate matters, the full scope of required effort is not immediately clear. Years of development are embedded in these legacy applications, which must be uncovered and dealt with appropriately.
IT leaders require a proactive approach for evaluating the current state, developing a legacy application strategy, and executing in an agile manner. When coupled with a business case and communications strategy, the organization will have a clear decision-making framework that will maximize business outcomes and deliver value where needed.
Ricardo de Oliveira
Research Director, Enterprise Applications
Info-Tech Research Group
Your Challenge | Common Obstacles | Info-Tech's Approach |
|
|
|
Info-Tech Insight
Legacy modernization is a process, not a single event. Your modernization approach requires you to understand your landscape and decide on a path that minimizes business continuity risks, keeps investments under control, and is prepared for surprises but always has your final state in mind.
Understand Assess the challenges, lay out the reasons, define your legacy, and prepare to remove the barriers to modernization. |
|
Assess Determine the benefits by business capability. Leverage APM foundations to select the candidate applications and prioritize. |
![]() |
Define Use the prioritized application list to drive the next steps to modernization. |
The 2022 State CIO Survey by NASCIO shows that legacy application modernization jumped from fifth to second in state CIO priorities.
"Be patient and also impatient. Patient because all states have a lot of legacy tech they are inheriting and government is NOT easy. But also, impatient because there is a lot to do - make your priorities clear but also find out what the CIO needs to accomplish those priorities."
Source: NASCIO, 2022
In fiscal year 2021, the US government planned to spend over $100 billion on information technology. Most of that was to be used to operate and maintain existing systems, including legacy applications, which can be both more expensive to maintain and more vulnerable to hackers. The Government Accountability Office (GAO) identified:
Source: U.S. Government Accountability Office, 2021
Increasing competition from fintech | 73% of financial services executives perceive retail banking as being the most susceptible to fintech disruption (PwC, 2016) |
Growing number of neo-banks | The International Monetary Fund (IMF) notes the fast growth of fintech in financial services is creating systemic risk to global financial stability (IMF, 2022) |
Access to data and advanced analytics | Estimated global bank revenue lost due to poor data is 15% to 25% (MIT, 2017) |
Shifting client expectations/demographics | 50% of Gen X, millennials, and Gen Z use a digital bank to provide their primary checking account (Finextra, 2022) |
Generational transfer of wealth | It is estimated that up to US$68 trillion in wealth will be transferred from baby boomers (Forbes, 2021) |
Delta takes off with a modernized blend of mainframes and cloud
INDUSTRY: Transportation
SOURCE: CIO Magazine, 2023
Challenge The airline has hundreds of applications in the process of moving to the cloud, but most main capabilities are underpinned by workloads on the mainframe and will remain so for the foreseeable future. Some of those workloads include travel reservation systems and crew scheduling systems - mission-critical, 24/7 applications that are never turned off. |
Solution Delta has shifted to a hybrid architecture, with a customer experience transformation that makes the most of the cloud's agility and the mainframe's dependability. Delta's foray into the cloud began about two years ago as the pandemic brought travel to a virtual halt. The airline started migrating many front-end and distributed applications to the cloud while retaining traditional back-end workloads on the mainframe. |
Results Hybrid infrastructures are expected to remain in complex industries such as airlines and banking, where high availability and maximum reliability are non-negotiable. While some CIOs are sharpening their mainframe exit strategies by opting for a steep journey to the cloud, mainframes remain ideal for certain workloads. |
Phase 1
1.1 Understand your challenges
1.2 Define legacy applications
1.3 Assess your barriers
1.4 Find the impacted capabilities
1.5 Define candidate applications
1.6 Now, Next, Later
This phase will walk you through the following activities:
This phase involves the following participants:
Exploring the enterprise collaboration marketspace is difficult. The difficulty in finding a suitable collaboration tool is that there are many ways to collaborate, with just as many tools to match.
Map your organizational goals to the administration features available in the Office 365 console. Your governance should reflect your requirements.
The result is a defined plan for controlling Office 365 by leveraging hard controls to align Microsoft’s toolset with your needs and creating acceptable use policies and communication plans to highlight the impact of the transition to Office 365 on the end-user population.
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Develop a list of organizational goals that will enable you to leverage the Office 365 toolset to its fullest extent while also implementing sensible governance.
Use Info-Tech's toolset to build out controls for OneDrive, SharePoint, and Teams that align with your organizational goals as they relate to governance.
Communicate the results of your Office 365 governance program using Info-Tech's toolset.
Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.
Develop a plan to assess the capabilities of the Office 365 solution and select licensing for the product.
Office 365 capability assessment (right-size licensing)
Acceptable Use Policies
Mapped Office 365 controls
1.1 Review organizational goals.
1.2 Evaluate Office 365 capabilities.
1.3 Conduct the Office 365 capability assessment.
1.4 Define user groups.
1.5 Finalize licensing.
List of organizational goals
Targeted licensing decision
Leverage the Office 365 governance framework to develop and refined governance priorities.
Build a SharePoint acceptable use policy and define SharePoint controls.
Refined governance priorities
List of SharePoint controls
SharePoint acceptable use policy
2.1 Explore the Office 365 Framework.
2.2 Conduct governance priorities refinement exercise.
2.3 Populate the Office 365 control map (SharePoint).
2.4 Build acceptable use policy (SharePoint).
Refined governance priorities
SharePoint control map
Sharepoint acceptable use policy
Implement governance priorities for OneDrive and Teams.
Clearly defined acceptable use policies for OneDrive and Teams
List of OneDrive and Teams controls
3.1 Populate the Office 365 Control Map (OneDrive).
3.2 Build acceptable use policy (OneDrive).
3.3 Populate the Office 365 Control Map (Teams).
3.4 Build acceptable use policy (Teams).
OneDrive controls
OneDrive acceptable use policy
Teams controls
Teams acceptable use policy
Build a plan to communicate coming changes to the productivity environment.
Communication plan covering SharePoint, Teams, and OneDrive
4.1 Build SharePoint one pager.
4.2 Build OneDrive one pager.
4.3 Build Teams one pager.
4.4 Finalize communication plan.
SharePoint one pager
OneDrive one pager
Teams one pager
Overall finalized communication plan
Finalize deliverables and plan post-workshop communications.
Completed Office 365 governance plan
Finalized deliverables
5.1 Completed in-progress deliverables from previous four days.
5.2 Set up review time for workshop deliverables and to discuss next steps.
5.3 Validate governance with stakeholders.
Completed acceptable use policies
Completed control map
Completed communication plan
Completed licensing decision
Info-Tech’s approach to establishing and sustaining effective data governance is anchored in the strong alignment of organizational value streams and their business capabilities with key data governance dimensions and initiatives. Info-Tech's approach will help you:
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Data governance is a strategic program that will help your organization control data by managing the people, processes, and information technology needed to ensure that accurate and consistent data policies exist across varying lines of the business, enabling data-driven insight. This research will provide an overview of data governance and its importance to your organization, assist in making the case and securing buy-in for data governance, identify data governance best practices and the challenges associated with them, and provide guidance on how to implement data governance best practices for a successful launch.
This workbook will help your organization understand the business and user context by leveraging your business capability map and value streams, develop data use cases using Info-Tech's framework for building data use cases, and gauge the current state of your organization's data culture.
This business needs gathering activity will highlight and create relevant use cases around data-related problems or opportunities that are clear and contained and, if addressed, will deliver value to the organization. This template provides a framework for data requirements and a mapping methodology for creating use cases.
This tool will help your organization plan the sequence of activities, capture start dates and expected completion dates, and create a roadmap that can be effectively communicated to the organization.
Use this template to document information about key data assets such as data definition, source system, possible values, data sensitivity, data steward, and usage of the data.
This template will help get the backing required to get a data governance project rolling. The program charter will help communicate the project purpose, define the scope, and identify the project team, roles, and responsibilities.
This policy establishes uniform data governance standards and identifies the shared responsibilities for assuring the integrity of the data and that it efficiently and effectively serves the needs of your organization.
Use this exemplar to understand how to establish data governance in your organization. Follow along with the sections of the blueprint Establish Data Governance and complete the document as you progress.
Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.
Identify key business data assets that need to be governed.
Create a unifying vision for the data governance program.
Understand the value of data governance and how it can help the organization better leverage its data.
Gain knowledge of how data governance can benefit both IT and the business.
1.1 Establish business context, value, and scope of data governance at the organization
1.2 Introduction to Info-Tech’s data governance framework
1.3 Discuss vision and mission for data governance
1.4 Understand your business architecture, including your business capability map and value streams
1.5 Build use cases aligned to core business capabilities
Sample use cases (tied to the business capability map) and a repeatable use case framework
Vision and mission for data governance
Assess which data contains value and/or risk and determine metrics that will determine how valuable the data is to the organization.
Assess where the organization currently stands in data governance initiatives.
Determine gaps between the current and future states of the data governance program.
Gain a holistic understanding of organizational data and how it flows through business units and systems.
Identify which data should fall under the governance umbrella.
Determine a practical starting point for the program.
2.1 Understand your current data governance capabilities and maturity
2.2 Set target-state data governance capabilities
Current state of data governance maturity
Definition of target state
Determine strategic initiatives and create a roadmap outlining key steps required to get the organization to start enabling data-driven insights.
Determine timing of the initiatives.
Establish clear direction for the data governance program.
Step-by-step outline of how to create effective data governance, with true business-IT collaboration.
3.1 Evaluate and prioritize performance gaps
3.2 Develop and consolidate data governance target-state initiatives
3.3 Define the role of data governance: data domain to data governance role mapping
Target-state data governance initiatives
Data domain to data governance role mapping
Consolidate the roadmap and other strategies to determine the plan of action from Day One.
Create the required policies, procedures, and positions for data governance to be sustainable and effective.
Prioritized initiatives with dependencies mapped out.
A clearly communicated plan for data governance that will have full business backing.
4.1 Identify and prioritize next steps
4.2 Define roles and responsibilities and complete a high-level RACI
4.3 Wrap-up and discuss next steps and post-workshop support
Initialized roadmap
Initialized RACI
Data governance does not sit as an island on its own in the organization – it must align with and be driven by your enterprise governance. As you build out data governance in your organization, it’s important to keep in mind that this program is meant to be an enabling framework of oversight and accountabilities for managing, handling, and protecting your company’s data assets. It should never be perceived as bureaucratic or inhibiting to your data users. It should deliver agreed-upon models that are conducive to your organization’s operating culture, offering clarity on who can do what with the data and via what means. Data governance is the key enabler for bringing high-quality, trusted, secure, and discoverable data to the right users across your organization. Promote and drive the responsible and ethical use of data while helping to build and foster an organizational culture of data excellence.
Crystal Singh
Director, Research & Advisory, Data & Analytics Practice
Info-Tech Research Group
The amount of data within organizations is growing at an exponential rate, creating a need to adopt a formal approach to governing data. However, many organizations remain uninformed on how to effectively govern their data. Comprehensive data governance should define leadership, accountability, and responsibility related to data use and handling and be supported by a well-oiled operating model and relevant policies and procedures. This will help ensure the right data gets to the right people at the right time, using the right mechanisms.
Organizations are faced with challenges associated with changing data landscapes, evolving business models, industry disruptions, regulatory and compliance obligations, and changing and maturing user landscape and demand for data. Although the need for a data governance program is often evident, organizations miss the mark when their data governance efforts are not directly aligned to delivering measurable business value. Initiatives should support key strategic initiatives, as well as value streams and their underlying business capabilities.
Info-Tech’s approach to establishing and sustaining effective data governance is anchored in the strong alignment of organizational value streams and their business capabilities with key data governance dimensions and initiatives. Organizations should:
Your organization’s value streams and the associated business capabilities require effectively governed data. Without this, you face elevated operating costs, missed opportunities, eroded stakeholder satisfaction, and increased business risk.
As you embark on establishing data governance in your organization, it’s vital to ensure from the get-go that you define the drivers and business context for the program. Data governance should never be attempted without direction on how the program will yield measurable business value.
“Data processing and cleanup can consume more than half of an analytics team’s time, including that of highly paid data scientists, which limits scalability and frustrates employees.” – Petzold, et al., 2020
“The productivity of employees across the organization can suffer.” – Petzold, et al., 2020
Respondents to McKinsey’s 2019 Global Data Transformation Survey reported that an average of 30% of their total enterprise time was spent on non-value-added tasks because of poor data quality and availability. – Petzold, et al., 2020
78% of companies (and 92% of top-tier companies) have a corporate initiative to become more data-driven. – Alation, 2020
But despite these ambitions, there appears to be a “data culture disconnect” – 58% of leaders overestimate the current data culture of their enterprises, giving a grade higher than the one produced by the study. – Fregoni, 2020
Respond to industry disruptors
Optimize the way you serve your stakeholders and customers
Develop products and services to meet ever-evolving needs
Manage operations and mitigate risk
Data Disengaged
You have a low appetite for data and rarely use data for decision making.
Data Enabled
Technology, data architecture, and people and processes are optimized and supported by data governance.
Data Driven
You are differentiating and competing on data and analytics; described as a “data first” organization. You’re collaborating through data. Data is an asset.
Data governance is an enabling framework of decision rights, responsibilities, and accountabilities for data assets across the enterprise.
Data governance is:
If done correctly, data governance is not:
Conformance: Establishing data governance to meet regulations and compliance requirements.
Performance: Establishing data governance to fuel data-driven decision making for driving business value and managing and mitigating business risk.
“Albert Einstein is said to have remarked, ‘The world cannot be changed without changing our thinking.’ What is clear is that the greatest barrier to data success today is business culture, not lagging technology. “– Randy Bean, 2020
“It is not enough for companies to embrace modern data architectures, agile methodologies, and integrated business-data teams, or to establish centers of excellence to accelerate data initiatives, when only about 1 in 4 executives reported that their organization has successfully forged a data culture.”– Randy Bean, 2020
Data-driven culture = “data matters to our company”
Data debt is “the accumulated cost that is associated with the sub-optimal governance of data assets in an enterprise, like technical debt.”
Data debt is a problem for 78% of organizations.
40% of organizations say individuals within the business do not trust data insights.
66% of organizations say a backlog of data debt is impacting new data management initiatives.
33% of organizations are not able to get value from a new system or technology investment.
30% of organizations are unable to become data-driven.
Source: Experian, 2020
Only 3% of companies’ data meets basic quality standards. (Source: Nagle, et al., 2017)
Organizations suspect 28% of their customer and prospect data is inaccurate in some way. (Source: Experian, 2020)
Only 51% of organizations consider the current state of their CRM or ERP data to be clean, allowing them to fully leverage it. (Source: Experian, 2020)
35% of organizations say they’re not able to see a ROI for data management initiatives. (Source: Experian, 2020)
Make the available data governance tools and technology work for you:
While data governance tools and technologies are no panacea, leverage their automated and AI-enabled capabilities to augment your data governance program.
Put data governance into the context of the business:
Start substantiating early on how you are going to measure success as your data governance program evolves.
Key considerations:
Data Governance Leadership & Org Structure Definition
Define the home for data governance and other key roles around ownership and stewardship, as approved by senior leadership.
Data Governance Charter and Policies
Create a charter for your program and build/refresh associated policies.
Data Culture Diagnostic
Understand the organization’s current data culture, perception of data, value of data, and knowledge gaps.
Use Case Build and Prioritization
Build a use case that is tied to business capabilities. Prioritize accordingly.
Business Data Glossary
Build and/or refresh the business’ glossary for addressing data definitions and standardization issues.
Tools & Technology
Explore the tools and technology offering in the data governance space that would serve as an enabler to the program. (e.g. RFI, RFP).
Data governance leadership and sponsorship is key.
Ensure strategic business alignment.
Build and foster a culture of data excellence.
Evolve along the data journey.
Make data governance an enabler, not a hindrance.
Your organization’s value streams and the associated business capabilities require effectively governed data. Without this, you face the impact of elevated operational costs, missed opportunities, eroded stakeholder satisfaction, and exposure to increased business risk.
Data governance should not sit as an island in your organization. It must continuously align with the organization’s enterprise governance function. It shouldn’t be perceived as a pet project of IT, but rather as an enterprise-wide, business-driven initiative.
Ensure your data governance program delivers measurable business value by aligning the associated data governance initiatives with the business architecture. Leverage the measures of success or KPIs of the underlying business capabilities to demonstrate the value data governance has yielded for the organization.
Data governance remains the foundation of all forms of reporting and analytics. Advanced capabilities such as AI and machine learning require effectively governed data to fuel their success.
Tailor your data literacy program to meet your organization’s needs, filling your range of knowledge gaps and catering to your different levels of stakeholders. When it comes to rolling out a data literacy program, there is no one-size-fits-all solution. Your data literacy program is intended to fill the knowledge gaps about data, as they exist in your organization. It should be targeted across the board – from your executive leadership and management through to the subject matter experts across different lines of the business in your organization.
1. Build Business and User Context | 2. Understand Your Current Data Governance Capabilities | 3. Build a Target State Roadmap and Plan | |
---|---|---|---|
Phase Steps |
|
|
|
Phase Outcomes |
|
|
|
Each step of this blueprint is accompanied by supporting deliverables to help you accomplish your goals:
Data Governance Planning and Roadmapping Workbook
Use the Data Governance Planning and Roadmapping Workbook as you plan, build, roll-out, and scale data governance in your organization.
Data Use Case Framework Template
This template takes you through a business needs gathering activity to highlight and create relevant use cases around the organization’s data-related problems and opportunities.
Business Data Glossary
Use this template to document the key data assets that are to be governed and create a data flow diagram for your organization.
Data Culture Diagnostic and Scorecard
Leverage Info-Tech’s Data Culture Diagnostic to understand how your organization scores across 10 areas relating to data culture.
Data Governance Planning and Roadmapping Workbook
In phases 1 and 2 of this blueprint, we will help you establish the business context, define your business drivers and KPIs, and understand your current data governance capabilities and strengths.
In phase 3, we will help you develop a plan and a roadmap for addressing any gaps and improving the relevant data governance capabilities so that data is well positioned to deliver on those defined business metrics.
"Our team, has already made this critical project a priority, and we have the time and capability, but some guidance along the way would be helpful."
"Our team knows that we need to fix a process, but we need assistance to determine where to focus. Some check-ins along the way would help keeps us on track."
"We need to hit the ground running and get this project kicked off immediately. Our team has the ability to take this over once we get a framework and strategy in place."
"Our team does not have the time or the knowledge to take this project on. We need assistance through the entirety of this project."
1. Build Business and User context | 2. Understand Your Current Data Governance Capabilities | 3. Build a Target State Roadmap and Plan | |
---|---|---|---|
Best-Practice Toolkit |
|
|
|
Guided Implementation |
|
|
|
Phase Outcomes |
|
|
|
A Guided Implementation (GI) is a series of calls with an Info-Tech analyst to help implement our best practices in your organization. A typical GI is between 8 to 12 calls over the course of 4 to 6 months.
Day 1 | Day 2 | Day 3 | Day 4 | |
---|---|---|---|---|
Establish Business Context and Value | Understand Current Data Governance Capabilities and Plot Target-State Levels | Build Data Domain to Data Governance Role Mapping | Formulate a Plan to Get to Your Target State | |
Activities |
|
|
|
|
Deliverables |
|
|
|
|
“When business users are invited to participate in the conversation around data with data users and IT, it adds a fundamental dimension — business context. Without a real understanding of how data ties back to the business, the value of analysis and insights can get lost.” – Jason Lim, Alation
This phase will guide you through the following activities:
This phase involves the following participants:
Activities
1.1.1 Identify Your Business Capabilities
1.1.2 Categorize Your Organization’s Key Business Capabilities
1.1.3 Develop a Strategy Map Tied to Data Governance
This step will guide you through the following activities:
Outcomes of this step
Gaining a sound understanding of your business architecture (value streams and business capabilities) is a critical foundation for establishing and sustaining a data governance program that delivers measurable business value.
Confirm your organization's existing business capability map or initiate the formulation of a business capability map:
Note: A business capability defines what a business does to enable value creation. Business capabilities are business terms defined using descriptive nouns such as “Marketing” or “Research and Development.” They represent stable business functions, are unique and independent of each other, and typically will have a defined business outcome.
Input
Output
Materials
Participants
For more information, refer to Info-Tech’s Document Your Business Architecture.
Value streams connect business goals to the organization’s value realization activities. These value realization activities, in turn, depend on data.
If the organization does not have a business architecture function to conduct and guide Activity 1.1.1, you can leverage the following approach:
Value streams enable the organization to create or capture value in the market in which it operates by engaging in a set of interconnected activities.
Your organization’s value streams and the associated business capabilities require effectively governed data. Without this, you face the possibilities of elevated operational costs, missed opportunities, eroded stakeholder satisfaction, negative impact to reputation and brand, and/or increased exposure to business risk.
Value streams connect business goals to the organization’s value realization activities.
Value streams enable the organization to create or capture value in the market in which it operates by engaging in a set of interconnected activities.
For this value stream, download Info-Tech’s Info-Tech’s Industry Reference Architecture for Retail Banking.
Value streams connect business goals to the organization’s value realization activities.
Value streams enable the organization to create or capture value in the market in which it operates by engaging in a set of interconnected activities.
For this value stream, download Info-Tech’s Industry Reference Architecture for Higher Education.
Value streams connect business goals to the organization’s value realization activities.
Value streams enable the organization to create or capture value in the market in which it operates by engaging in a set of interconnected activities.
For this value stream, download Info-Tech’s Industry Reference Architecture for Local Government.
Value streams connect business goals to the organization’s value realization activities.
Value streams enable the organization to create or capture value in the market in which it operates by engaging in a set of interconnected activities.
For this value stream, download Info-Tech’s Industry Reference Architecture for Manufacturing.
Value streams connect business goals to the organization’s value realization activities.
Value streams enable the organization to create or capture value in the market in which it operates by engaging in a set of interconnected activities.
For this value stream, download Info-Tech’s Industry Reference Architecture for Retail.
A business capability defines what a business does to enable value creation. Business capabilities represent stable business functions and typically will have a defined business outcome.
Business capabilities can be thought of as business terms defined using descriptive nouns such as “Marketing” or “Research and Development.”
If your organization doesn’t already have a business capability map, you can leverage the following approach to build one. This initiative requires a good understanding of the business. By working with the right stakeholders, you can develop a business capability map that speaks a common language and accurately depicts your business.
Working with the stakeholders as described above:
A business capability map can be thought of as a visual representation of your organization’s business capabilities and hence represents a view of what your data governance program must support.
For more information, refer to Info-Tech’s Document Your Business Architecture.
A business capability map can be thought of as a visual representation of your organization’s business capabilities and hence represents a view of what your data governance program must support.
Validate your business capability map with the right stakeholders, including your executive team, business unit leaders, and/or other key stakeholders.
Leverage your business capability map verification session with these key stakeholders as a prime opportunity to share and explain the role of data and data governance in supporting the very value realization capabilities under discussion. This will help to build awareness and visibility of the data governance program.
Example business capability map for: Retail Banking
For this business capability map, download Info-Tech’s Industry Reference Architecture for Retail Banking.
A business capability map can be thought of as a visual representation of your organization’s business capabilities and hence represents a view of what your data governance program must support.
Validate your business capability map with the right stakeholders, including your executive team, business unit leaders, and/or other key stakeholders.
Leverage your business capability map verification session with these key stakeholders as a prime opportunity to share and explain the role of data and data governance in supporting the very value realization capabilities under discussion. This will help to build awareness and visibility of the data governance program.
Example business capability map for: Higher Education
For this business capability map, download Info-Tech’s Industry Reference Architecture for Higher Education.
A business capability map can be thought of as a visual representation of your organization’s business capabilities and hence represents a view of what your data governance program must support.
Validate your business capability map with the right stakeholders, including your executive team, business unit leaders, and/or other key stakeholders.
Leverage your business capability map verification session with these key stakeholders as a prime opportunity to share and explain the role of data and data governance in supporting the very value realization capabilities under discussion. This will help to build awareness and visibility of the data governance program.
Example business capability map for: Local Government
For this business capability map, download Info-Tech’s Industry Reference Architecture for Local Government.
A business capability map can be thought of as a visual representation of your organization’s business capabilities and hence represents a view of what your data governance program must support.
Validate your business capability map with the right stakeholders, including your executive team, business unit leaders, and/or other key stakeholders.
Leverage your business capability map verification session with these key stakeholders as a prime opportunity to share and explain the role of data and data governance in supporting the very value realization capabilities under discussion. This will help to build awareness and visibility of the data governance program.
Example business capability map for: Manufacturing
For this business capability map, download Info-Tech’s Industry Reference Architecture for Manufacturing.
A business capability map can be thought of as a visual representation of your organization’s business capabilities and hence represents a view of what your data governance program must support.
Validate your business capability map with the right stakeholders, including your executive team, business unit leaders, and/or other key stakeholders.
Leverage your business capability map verification session with these key stakeholders as a prime opportunity to share and explain the role of data and data governance in supporting the very value realization capabilities under discussion. This will help to build awareness and visibility of the data governance program.
Example business capability map for: Retail
For this business capability map, download Info-Tech’s Industry Reference Architecture for Retail.
Determine which capabilities are considered high priority in your organization.
This categorization/prioritization exercise helps highlight prime areas of opportunity for building use cases, determining prioritization, and the overall optimization of data and data governance.
Input
Output
Materials
Participants
For more information, refer to Info-Tech’s Document Your Business Architecture.
This exercise is useful in ensuring the data governance program is focused and aligned to support the priorities and direction of the business.
Example: Retail
For this business capability map, download Info-Tech’s Industry Reference Architecture for Retail.
Identify the strategic objectives for the business. Knowing the key strategic objectives will drive business-data governance alignment. It’s important to make sure the right strategic objectives of the organization have been identified and are well understood.
Guide to creating your map: Starting with strategic objectives, map the value streams that will ultimately drive them. Next, link the key capabilities that enable each value stream. Then map the data and data governance to initiatives that support those capabilities. This is one approach to help you prioritize the data initiatives that deliver the most value to the organization.
Input
Output
Materials
Participants
Download Info-Tech’s Data Governance Planning and Roadmapping Workbook
Start with the strategic objectives, then map the value streams that will ultimately drive them. Next, link the key capabilities that enable each value stream. Then map the data and data governance initiatives that support those capabilities. This process will help you prioritize the data initiatives that deliver the most value to the organization.
Example: Retail
For this strategy map, download Info-Tech’s Industry Reference Architecture for Retail.
Activities
1.2.1 Build High-Value Use Cases
This step will guide you through the following activities:
Outcomes of this step
One of the most important aspects when building use cases is to ensure you include KPIs or measures of success. You have to be able to demonstrate how the use case ties back to the organizational priorities or delivers measurable business value. Leverage the KPIs and success factors of the business capabilities tied to each particular use case.
This business needs-gathering activity will highlight and create relevant use cases around data-related problems or opportunities that are clear and contained and, if addressed, will deliver value to the organization.
Tip: Don’t conclude these use case discussions without substantiating what measures of success will be used to demonstrate the business value of the effort to produce the desired future state, as relevant to each particular use case.
Input
Output
Materials
Participants
Download Info-Tech’s Data Use Case Framework Template
Leveraging your business capability map, build use cases that align with the organization’s key business capabilities.
Consider:
Info-Tech’s Data Requirements and Mapping Methodology for Creating Use Cases
The resulting use cases are to be prioritized and leveraged for informing the business case and the data governance capabilities optimization plan.
Taken from Info-Tech’s Data Use Case Framework Template
This phase will guide you through the following activities:
This phase involves the following participants:
This step will guide you through the following activities:
Outcomes of this step
A well-defined data governance program will deliver:
The key components of establishing sustainable enterprise data governance, taken from Info-Tech’s Data Governance Framework:
The office of the chief data officer (CDO):
“Compared to most of their C-suite colleagues, the CDO is faced with a unique set of problems. The role is still being defined. The chief data officer is bringing a new dimension and focus to the organization: ‘data.’ ”
– Carruthers and Jackson, 2020
“The title matters. In my opinion, you can’t have a CDO without executive authority. Otherwise no one will listen.”
– Anonymous European CDO
“The reporting structure depends on who’s the ‘glue’ that ties together all these uniquely skilled individuals.”
– John Kemp, Senior Director, Executive Services, Info-Tech Research Group
Who are best suited to be data owners?
Data owners are typically senior business leaders with the following characteristics:
Data governance working groups:
Traditionally, data stewards:
Your organization’s value streams and the associated business capabilities require effectively governed data. Without this, you face elevated operational costs, missed opportunities, eroded stakeholder satisfaction, and exposure to increased business risk.
Enabling business capabilities with data governance role definitions
“Generate excitement for data: When people are excited and committed to the vision of data enablement, they’re more likely to help ensure that data is high quality and safe.” – Petzold, et al., 2020
Operating Model
Defining your data governance operating model will help create a well-oiled program that sustainably delivers value to the organization and manages risks while building and fostering a culture of data excellence along the way. Some organizations are able to establish a formal data governance office, whether independent or attached to the office of the chief data officer. Regardless of how you are organized, data governance requires a home, a leader, and an operating model to ensure its sustainability and evolution.
Examples of focus areas for your operating model:
The key is to determine what style will work best in your organization, taking into consideration your organizational culture, executive leadership support (present and ongoing), catalysts such as other enterprise-wide transformative and modernization initiatives, and/or regulatory and compliances drivers.
Furthermore, communication with the wider organization of data producers, users, and consumers is one of the core elements of the overall data governance communications plan.
Communication is vital for ensuring acceptance of new processes, rules, guidelines, and technologies by all data producers and users as well as for sharing success stories of the program.
“Leading organizations invest in change management to build data supporters and convert the skeptics. This can be the most difficult part of the program, as it requires motivating employees to use data and encouraging producers to share it (and ideally improve its quality at the source)[.]” – Petzold, et al., 2020
Examples of focus areas for your operating model (continued):
Preparing people for change well in advance will allow them to take the steps necessary to adapt and reduce potential confrontation. By planning for and efficiently communicating any changes that a data governance initiative may bring, many initial issues can be resolved from the outset.
Attempting to implement change without an effective communications plan can result in disagreements over data control and stalemates between stakeholder units. The recommendations of the governance group must reflect the needs of all stakeholders or there will be pushback.
Aligning your data governance to the organization's value realization activities enables you to leverage the KPIs of those business capabilities to demonstrate tangible and measurable value. Use terms and language that will resonate with your senior business leadership.
Launching a data governance program will bring with it a level of disruption to the culture of the organization. That disruption doesn’t have to be detrimental if you are prepared to manage the change proactively and effectively.
“Data standards are the rules by which data are described and recorded. In order to share, exchange, and understand data, we must standardize the format as well as the meaning.” – U.S. Geological Survey
Examples of data policies:
“Organizational culture can accelerate the application of analytics, amplify its power, and steer companies away from risky outcomes.” – Petzold, et al., 2020
What does a healthy data culture look like?
Building a culture of data excellence.
Leverage Info-Tech’s Data Culture Diagnostic to understand your organization’s culture around data.
Contact your Info-Tech Account Representative for more information on the Data Culture Diagnostic
“People are at the heart of every culture, and one of the biggest challenges to creating a data culture is bringing everyone into the fold.” – Lim, Alation
“Companies that have succeeded in their data-driven efforts understand that forging a data culture is a relentless pursuit, and magic bullets and bromides do not deliver results.” – Randy Bean, 2020
There is a trusted, single source of data the whole company can draw from.
There’s a business glossary and data catalog and users know what the data fields mean.
Users have access to data and analytics tools. Employees can leverage data immediately to resolve a situation, perform an activity, or make a decision – including frontline workers.
Data literacy, the ability to collect, manage, evaluate, and apply data in a critical manner, is high.
Data is used for decision making. The company encourages decisions based on objective data and the intelligent application of it.
Data governance will support your organization’s ethical use and handling of data by facilitating definition around important factors, such as:
Activities
2.2.1 Gauge Your Organization’s Current Data Culture
This step will guide you through the following activities:
Outcomes of this step
Conduct a Data Culture Survey or Diagnostic
The objectives of conducting a data culture survey are to increase the understanding of the organization's data culture, your users’ appetite for data, and their appreciation for data in terms of governance, quality, accessibility, ownership, and stewardship. To perform a data culture survey:
Input
Output
Materials
Participants
Contact your Info-Tech Account Representative for details on launching a Data Culture Diagnostic.
“Achieving data success is a journey, not a sprint.” Companies that set a clear course, with reasonable expectations and phased results over a period of time, get to the destination faster.” – Randy Bean, 2020
This phase will guide you through the following activities:
This phase involves the following participants:
This step will guide you through the following activities:
Outcomes of this step
Key considerations:
Sample milestones:
Data Governance Leadership & Org Structure Definition
Define the home for data governance and other key roles around ownership and stewardship, as approved by senior leadership.
Data Governance Charter and Policies
Create a charter for your program and build/refresh associated policies.
Data Culture Diagnostic
Understand the organization’s current data culture, perception of data, value of data, and knowledge gaps.
Use Case Build and Prioritization
Build a use case that is tied to business capabilities. Prioritize accordingly.
Business Data Glossary/Catalog
Build and/or refresh the business’ glossary for addressing data definitions and standardization issues.
Tools & Technology
Explore the tools and technology offering in the data governance space that would serve as an enabler to the program. (e.g. RFI, RFP).
Define key roles for getting started.
Start small and then scale – deliver early wins.
Start understanding data knowledge gaps, building the program, and delivering.
Make the available data governance tools and technology work for you.
Sample data governance roadmap milestones:
Key Considerations:
Your organization’s value streams and the associated business capabilities require effectively governed data. Without this, you face elevated operational costs, missed opportunities, eroded stakeholder satisfaction, and exposure to increased business risk.
Enable business capabilities with data governance role definitions.
These are some of the data governance tools and technology players. Check out SoftwareReviews for help making better software decisions.
The data steward must be empowered and backed politically with decision-making authority, or the role becomes stale and powerless.
Ensuring compliance can be difficult. Data stewards may experience pushback from stakeholders who must deliver on the policies, procedures, and processes that the data steward enforces.
Because the data steward must enforce data processes and liaise with so many different people and departments within the organization, the data steward role should be their primary full-time job function – where possible.
However, in circumstances where budget doesn’t allow a full-time data steward role, develop these skills within the organization by adding data steward responsibilities to individuals who are already managing data sets for their department or line of business.
A stewardship role is generally more about managing the cultural change that data governance brings. This requires the steward to have exceptional interpersonal skills that will assist in building relationships across departmental boundaries and ensuring that all stakeholders within the organization believe in the initiative, understand the anticipated outcomes, and take some level of responsibility for its success.
Data governance initiatives must contain a strong organizational disruption component. A clear and concise communication strategy that conveys milestones and success stories will address the various concerns that business unit stakeholders may have.
By planning for and efficiently communicating any changes that a data governance initiative may bring, many initial issues can be resolved from the outset.
Governance recommendations will require significant business change. The redesign of a substantial number of data processes affecting various business units will require an overhaul of the organization’s culture, thought processes, and procedures surrounding its data. Preparing people for change well in advance will allow them to take the necessary steps to adapt and reduce potential confrontation.
Because a data governance initiative will involve data-driven business units across the organization, the governance team must present a compelling case for data governance to ensure acceptance of new processes, rules, guidelines, and technologies by all data producers and users.
Attempting to implement change without an effective communication plan can result in disagreements over data control and stalemates between stakeholder units. The recommendations of the governance group must reflect the needs of all stakeholders or there will be pushback.
Launching a data governance initiative is guaranteed to disrupt the culture of the organization. That disruption doesn’t have to be detrimental if you are prepared to manage the change proactively and effectively.
To create a strong vision for data governance, there must be participation from the business and IT. A common vision will articulate the state the organization wishes to achieve and how it will reach that state. Visioning helps to develop long-term goals and direction.
Once the vision is established, it must be effectively communicated to everyone, especially those who are involved in creating, managing, disposing, or archiving data.
The data governance program should be periodically refined. This will ensure the organization continues to incorporate best methods and practices as the organization grows and data needs evolve.
A successful data governance communications plan involves making the initiative visible and promoting staff awareness. Educate the team on how data is collected, distributed, and used, what internal processes use data, and how that data is used across departmental boundaries.
By demonstrating how data governance will affect staff directly, you create a deeper level of understanding across lines of business, and ultimately, a higher level of acceptance for new processes, rules, and guidelines.
A clear and concise communications strategy will raise the profile of data governance within the organization, and staff will understand how the program will benefit them and how they can share in the success of the initiative. This will end up providing support for the initiative across the board.
Focus on literacy and communication: include training in the communication plan. Providing training for data users on the correct procedures for updating and verifying the accuracy of data, data quality, and standardized data policies will help validate how data governance will benefit them and the organization.
The data governance program is responsible for continuously promoting the value of data to the organization. The data governance program should seek a variety of ways to educate the organization and data stakeholders on the benefit of data management.
Even if data policies and procedures are created, they will be highly ineffective if they are not properly communicated to the data producers and users alike.
There needs to be a communication plan that highlights how the data producer and user will be affected, what their new responsibilities are, and the value of that change.
To learn how to manage organizational change, refer to Info-Tech’s Master Organizational Change Management Practices.
It can be difficult to understand what a policy is, and what it is not. Start by identifying the differences between a policy and standards, guidelines, and procedures.
The following are key elements of a good policy:
Heading | Descriptions |
---|---|
Purpose | Describes the factors or circumstances that mandate the existence of the policy. Also states the policy’s basic objectives and what the policy is meant to achieve. |
Scope | Defines to whom and to what systems this policy applies. Lists the employees required to comply or simply indicates “all” if all must comply. Also indicates any exclusions or exceptions, i.e. those people, elements, or situations that are not covered by this policy or where special consideration may be made. |
Definitions | Define any key terms, acronyms, or concepts that will be used in the policy. A standard glossary approach is sufficient. |
Policy Statements | Describe the rules that comprise the policy. This typically takes the form of a series of short prescriptive and proscriptive statements. Sub-dividing this section into sub-sections may be required depending on the length or complexity of the policy. |
Non-Compliance | Clearly describe consequences (legal and/or disciplinary) for employee non-compliance with the policy. It may be pertinent to describe the escalation process for repeated non-compliance. |
Agreement | Confirms understanding of the policy and provides a designated space to attest to the document. |
Most organizations have problems with policy management. These include:
Technology should be used as a means to solve these problems and effectively monitor, enforce, and communicate policies.
Product Overview
myPolicies is a web-based solution to create, distribute, and manage corporate policies, procedures, and forms. Our solution provides policy managers with the tools they need to mitigate the risk of sanctions and reduce the administrative burden of policy management. It also enables employees to find the documents relevant to them and build a culture of compliance.
Some key success factors for policy management include:
Data policies are short statements that seek to manage the creation, acquisition, integrity, security, compliance, and quality of data. These policies vary amongst organizations, depending on your specific data needs.
Trust
Availability
Security
Compliance
Info-Tech’s Data Management Policy:
This policy establishes uniform data management standards and identifies the shared responsibilities for assuring the integrity of the data and that it efficiently and effectively serves the needs of the organization. This policy applies to all critical data and to all staff who may be creators and/or users of such data.
Info-Tech’s Data Entry Policy:
The integrity and quality of data and evidence used to inform decision making is central to both the short-term and long-term health of an organization. It is essential that required data be sourced appropriately and entered into databases and applications in an accurate and complete manner to ensure the reliability and validity of the data and decisions made based on the data.
Info-Tech’s Data Provenance Policy:
Create policies to keep your data's value, such as:
Info-Tech’s Data Integration and Virtualization Policy:
This policy aims to assure the organization, staff, and other interested parties that data integration, replication, and virtualization risks are taken seriously. Staff must use the policy (and supporting guidelines) when deciding whether to integrate, replicate, or virtualize data sets.
Although they can be highly subjective, metrics are extremely important to data governance success.
Policies are great to have from a legal perspective, but unless they are followed, they will not benefit the organization.
Review metrics on an ongoing basis with those data owners/stewards who are accountable, the data governance steering committee, and the executive sponsors.
Examples include:
Have a fundamental data definition model for the entire business to adhere to. Those in the positions that generate and produce data must follow the common set of standards developed by the steering committee and be accountable for the creation of valid, clean data.
By planning for and efficiently communicating any changes that a data governance initiative may bring, many initial issues can be resolved from the outset.
Governance recommendations will require significant business change. The redesign of a substantial number of data processes affecting various business units will require an overhaul of the organization’s culture, thought processes, and procedures surrounding its data. Preparing people for change well in advance will allow them to take the necessary steps to adapt and reduce potential confrontation.
Because a data governance initiative will involve data-driven business units across the organization, the governance team must present a compelling case for data governance to ensure acceptance of new processes, rules, guidelines, and technologies by all data producers and users.
Attempting to implement change without an effective communications plan can result in disagreements over data control and stalemates between stakeholder units. The recommendations of the governance group must reflect the needs of all stakeholders or there will be pushback.
Data governance initiatives will very likely bring about a level of organizational disruption. A clear and concise communications strategy that conveys milestones and success stories will address the various concerns that business unit stakeholders may have.
Launching a data governance program will bring with it a level of disruption to the culture of the organization. That disruption doesn’t have to be detrimental if you are prepared to manage the change proactively and effectively.
Contact your account representative for more information.
workshops@infotech.com 1-888-670-8889
To accelerate this project, engage your IT team in an Info-Tech workshop with an Info-Tech analyst team. Info-Tech analysts will join you and your team at your location or welcome you to Info-Tech’s historic Toronto office to participate in an innovative onsite workshop.
The following are sample activities that will be conducted by Info-Tech analysts with your team:
Build Your Business and User Context
Work with your core team of stakeholders to build out your data governance strategy map, aligning data governance initiatives with business capabilities, value streams, and, ultimately, your strategic priorities.
Formulate a Plan to Get to Your Target State
Develop a data governance future state roadmap and plan based on an understanding of your current data governance capabilities, your operating environment, and the driving needs of your business.
Key to building and fostering a data-driven culture.
Streamline your data management program with our simplified framework.
Be the voice of data in a time of transformation.
Name | Position | Company |
---|---|---|
David N. Weber | Executive Director - Planning, Research and Effectiveness | Palm Beach State College |
Izabela Edmunds | Information Architect | Mott MacDonald |
Andy Neill | Practice Lead, Data & Analytics | Info-Tech Research Group |
Dirk Coetsee | Research Director, Data & Analytics | Info-Tech Research Group |
Graham Price | Executive Advisor, Advisory Executive Services | Info-Tech Research Group |
Igor Ikonnikov | Research Director, Data & Analytics | Info-Tech Research Group |
Jean Bujold | Senior Workshop Delivery Director | Info-Tech Research Group |
Rajesh Parab | Research Director, Data & Analytics | Info-Tech Research Group |
Reddy Doddipalli | Senior Workshop Director | Info-Tech Research Group |
Valence Howden | Principal Research Director, CIO | Info-Tech Research Group |
Alation. “The Alation State of Data Culture Report – Q3 2020.” Alation, 2020. Accessed 25 June 2021.
Allott, Joseph, et al. “Data: The next wave in forestry productivity.” McKinsey & Company, 27 Oct. 2020. Accessed 25 June 2021.
Bean, Randy. “Why Culture Is the Greatest Barrier to Data Success.” MIT Sloan Management Review, 30 Sept. 2020. Accessed 25 June 2021.
Brence, Thomas. “Overcoming the Operationalization Challenge with Data Governance at New York Life.” Informatica, 18 March 2020. Accessed 25 June 2021.
Bullmore, Simon, and Stuart Coleman. “ODI Inside Business – a checklist for leaders.” Open Data Institute, 19 Oct. 2020. Accessed 25 June 2021.
Canadian Institute for Health Information. “Developing and implementing accurate national standards for Canadian health care information.” Canadian Institute for Health Information. Accessed 25 June 2021.
Carruthers, Caroline, and Peter Jackson. “The Secret Ingredients of the Successful CDO.” IRM UK Connects, 23 Feb. 2017.
Dashboards. “Useful KPIs for Healthy Hospital Quality Management.” Dashboards. Accessed 25 June 2021.
Dashboards. “Why (and How) You Should Improve Data Literacy in Your Organization Today.” Dashboards. Accessed 25 June 2021.
Datapine. “Healthcare Key Performance Indicators and Metrics.” Datapine. Accessed 25 June 2021.
Datapine. “KPI Examples & Templates: Measure what matters the most and really impacts your success.” Datapine. Accessed 25 June 2021.
Diaz, Alejandro, et al. “Why data culture matters.” McKinsey Quarterly, Sept. 2018. Accessed 25 June 2021.
Everett, Dan. “Chief Data Officer (CDO): One Job, Four Roles.” Informatica, 9 Sept. 2020. Accessed 25 June 2021.
Experian. “10 signs you are sitting on a pile of data debt.” Experian. Accessed 25 June 2021.
Fregoni, Silvia. “New Research Reveals Why Some Business Leaders Still Ignore the Data.” Silicon Angle, 1 Oct. 2020.
Informatica. Holistic Data Governance: A Framework for Competitive Advantage. Informatica, 2017. Accessed 25 June 2021.
Knight, Michelle. “What Is a Data Catalog?” Dataversity, 28 Dec. 2017. Web.
Lim, Jason. “Alation 2020.3: Getting Business Users in the Game.” Alation, 2020. Accessed 25 June 2021.
McDonagh, Mariann. “Automating Data Governance.” Erwin, 29 Oct. 2020. Accessed 25 June 2021.
NewVantage Partners. Data-Driven Business Transformation: Connecting Data/AI Investment to Business Outcomes. NewVantage Partners, 2020. Accessed 25 June 2021.
Olavsrud, Thor. “What is data governance? A best practices framework for managing data assets.” CIO.com, 18 March 2021. Accessed 25 June 2021.
Open Data Institute. “Introduction to data ethics and the data ethics canvas.” Open Data Institute, 2020. Accessed 25 June 2021.
Open Data Institute. “The UK National Data Strategy 2020: doing data ethically.” Open Data Institute, 17 Nov. 2020. Accessed 25 June 2021.
Open Data Institute. “What is the Data Ethics Canvas?” Open Data Institute, 3 July 2019. Accessed 25 June 2021.
Pathak, Rahul. “Becoming a Data-Driven Enterprise: Meeting the Challenges, Changing the Culture.” MIT Sloan Management Review, 28 Sept. 2020. Accessed 25 June 2021.
Redman, Thomas, et al. “Only 3% of Companies’ Data Meets Basic Quality Standards.” Harvard Business Review. 11 Sept 2017.
Petzold, Bryan, et al. “Designing data governance that delivers value.” McKinsey & Company, 26 June 2020. Accessed 25 June 2021.
Smaje, Kate. “How six companies are using technology and data to transform themselves.” McKinsey & Company, 12 Aug. 2020. Accessed 25 June 2021.
Talend. “The Definitive Guide to Data Governance.” Talend. Accessed 25 June 2021.
“The Powerfully Simple Modern Data Catalog.” Atlan, 2021. Web.
U.S. Geological Survey. “Data Management: Data Standards.” U.S. Geological Survey. Accessed 25 June 2021.
Waller, David. “10 Steps to Creating a Data-Driven Culture.” Harvard Business Review, 6 Feb. 2020. Accessed 25 June 2021.
“What is the Difference Between A Business Glossary, A Data Dictionary, and A Data Catalog, and How Do They Play A Role In Modern Data Management?” Analytics8, 23 June 2021. Web.
Wikipedia. “RFM (market research).” Wikipedia. Accessed 25 June 2021.
Windheuser, Christoph, and Nina Wainwright. “Data in a Modern Digital Business.” Thoughtworks, 12 May 2020. Accessed 25 June 2021.
Wright, Tom. “Digital Marketing KPIs - The 12 Key Metrics You Should Be Tracking.” Cascade, 3 March 2021. Accessed 25 June 2021.
The saying goes, "as time goes by," but these days, we should say "as speed picks up." We're already in month two, so high time we take a look at the priorities you hopefully already set at the end of last year.
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Get up-to-speed quickly on key PMO considerations by engaging PMO sponsors, assessing stakeholders, and taking stock of your PMO inventory.
Make your first major initiative as PMO director be engaging the wider pool of PMO stakeholders throughout the organization to determine their expectations for your office.
Review the organization’s current PPM capabilities in order to identify your ability to meet stakeholder expectations and define a sustainable mandate.
Communicate your strategic vision for the PMO and garner stakeholder buy-in.
Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.
Quickly develop an on-the-ground view of the organization’s project ecosystem and the PMO’s abilities to effectively serve.
A comprehensive and actionable understanding of the PMO’s tactical environment
1.1 Perform a PMO SWOT analysis.
1.2 Assess the organization’s portfolio management, project management, and organizational change management capability levels.
1.3 Take inventory of the PMO’s resourcing levels, project demand levels, and tools and artifacts.
Overview of current strengths, weaknesses, opportunities, and threats
Documentation of your current process maturity to execute key portfolio management, project management, and organizational change management functions
Stock of the PMO’s current access to PPM personnel relative to total project demand
Determine stakeholder expectations for the PMO.
An accurate understanding of others’ expectations to help ensure the PMO’s course of action is responsive to organizational culture and strategy
2.1 Conduct a PMO Mission Identification Survey with key stakeholders.
2.2 Map the PMO’s stakeholder network.
2.3 Analyze key stakeholders for influence, interest, and support.
An understanding of expected PMO outcomes
A stakeholder map and list of key stakeholders
A prioritized PMO requirements gathering elicitation plan
Develop a process and method to turn stakeholder requirements into a strategic vision for the PMO.
A strategic course of action for the PMO that is responsive to stakeholders’ expectations.
3.1 Assess the PMO’s ability to support stakeholder expectations.
3.2 Use Info-Tech’s PMO Strategic Expectations glossary to turn raw process and service requirements into specific strategic expectations.
3.3 Define an actionable tactical plan for each of the strategic expectations in your mandate.
An understanding of PMO capacity and limits
A preliminary PMO mandate
High-level statements of strategy to help support your mandate
Establish a final PMO mandate and a process to help garner stakeholder buy-in to the PMO’s long-term vision.
A viable PMO course of action complete with stakeholder buy-i
4.1 Finalize the PMO implementation timeline.
4.2 Finalize Info-Tech’s PMO Mandate and Strategy Roadmap Template.
4.3 Present the PMO’s strategy to key stakeholders.
A 3-to-5-year implementation timeline for key PMO process and staffing initiatives
A ready-to-present strategy document
Stakeholder buy-in to the PMO’s mandate
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Learn about how processes can make or break your adoption of emerging technologies.
Learn about how IT can transform its role within the organization to optimize business value.
Learn about how IT can attract and keep employees with the skills and knowledge needed to adopt these technologies for the business.
Understand how the adoption of emerging technologies has created new levels of risk and how cybersecurity and resilience can keep pace.
Learn how IT can leverage emerging technology for its own customers and those of its business partners.
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Build and manage the stakeholder team, and then document the business use case.
Redline the proposed SaaS contract.
Create a thorough negotiation plan.
Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.
Assemble documentation.
Understand current position before going forward.
1.1 Assemble existing contracts.
1.2 Document their strategic and tactical objectives.
1.3 Identify current status of the vendor relationship and any historical context.
1.4 Clarify goals for ideal future state.
Business Use Case.
Define the business use case and build a stakeholder team.
Create a business use case to document functional and non-functional requirements.
Build an internal cross-functional stakeholder team to negotiate the contract.
2.1 Establish a negotiation team and define roles.
2.2 Write a communication plan.
2.3 Complete a business use case.
RASCI Matrix
Communications Plan
SaaS TCO Calculator
Business Use Case
Examine terms and conditions and prioritize for negotiation.
Discover cost savings.
Improve agreement terms.
Prioritize terms for negotiation.
3.1 Review general terms and conditions.
3.2 Review license and application specific terms and conditions.
3.3 Match to business and technical requirements.
3.4 Redline the agreement.
SaaS Terms and Conditions Evaluation Tool
SaaS Contract Negotiation Terms Prioritization Checklist
Create a negotiation strategy.
Controlled communication established.
Negotiation tactics chosen.
Negotiation timeline plotted.
4.1 Review vendor and application specific negotiation tactics.
4.2 Build negotiation strategy.
Contract Negotiation Tactics Playbook
Controlled Vendor Communications Letter
Key Vendor Fiscal Year End Calendar
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
This phase of the blueprint will help in understanding the organization's business priorities, documenting the current SDLC process, and identifing current SDLC challenges.
This phase of the blueprint, will help with defining root causes, determining potential optimization initiatives, and defining the target state of the SDLC.
This phase of the blueprint will help with prioritizing initiatives in order to develop a rollout strategy, roadmap, and communication plan for the SDLC optimization.
Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.
Understand SDLC current state.
Understanding of your current SDLC state and metrics to measure the success of your SDLC optimization initiative.
1.1 Document the key business objectives that your SDLC delivers upon.
1.2 Document your current SDLC process using a SIPOC process map.
1.3 Identify appropriate metrics in order to track the effectiveness of your SDLC optimization.
1.4 Document the current state process flow of each SDLC phase.
1.5 Document the control points and tools used within each phase.
Documented business objectives
Documented SIPOC process map
Identified metrics to measure the effectiveness of your SDLC optimization
Documented current state process flows of each SDLC phase
Documented control points and tools used within each SDLC phase
Understand current SDLC challenges and root causes.
Understand the core areas of your SDLC that require optimization.
2.1 Identify the current challenges that exist within each SDLC phase.
2.2 Determine the root cause of the challenges that exist within each SDLC phase.
Identified current challenges
Identified root causes of your SDLC challenges
Understand common best practices and the best possible optimization initiatives to help optimize your current SDLC.
Understand the best ways to address your SDLC challenges.
3.1 Define optimization initiatives to address the challenges in each SDLC phase.
Defined list of potential optimization initiatives to address SDLC challenges
Define your SDLC target state while maintaining traceability across your overall SDLC process.
Understand what will be required to reach your optimized SDLC.
4.1 Determine the target state of your SDLC.
4.2 Determine the people, tools, and control points necessary to achieve your target state.
4.3 Assess the traceability between phases to ensure a seamlessly optimized SDLC.
Determined SDLC target state
Identified people, processes, and tools necessary to achieve target state
Completed traceability alignment map and prioritized list of initiatives
Define how you will reach your target state.
Create a plan of action to achieve your desired target state.
5.1 Gain the full scope of effort required to implement your SDLC optimization initiatives.Gain the full scope of effort required to implement your SDLC optimization initiatives.
5.2 Identify the enablers and blockers of your SDLC optimization.
5.3 Define your SDLC optimization roadmap.
5.4 Create a communication plan to share initiatives with the business.
Level of effort required to implement your SDLC optimization initiatives
Identified enablers and blockers of your SDLC optimization
Defined optimization roadmap
Completed communication plan to present your optimization strategy to stakeholders
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Use Info-Tech’s methodology to establish an effective service management program with proper oversight.
We have the highest respect for your person. We contact you only with responses to your questions. Our company ethics insist on transparency and honesty.
Having shifted operations almost overnight to a remote work environment, and with the crisis management phase of the COVID-19 pandemic winding down, IT leaders and organizations are faced with the following issues:
An organization’s shift back toward the pre-pandemic state cannot be carried out in isolation. Things have changed. Budgets, resource availability, priorities, etc., will not be the same as they were in early March. Organizations must ensure that all departments work collaboratively to support office repatriation. IT must quickly identify the must-dos to allow safe return to the office, while prioritizing tasks relating to the repopulation of employees, technical assets, and operational workloads via an informed and streamlined roadmap.
As employees return to the office, PMO and portfolio leaders must sift through unclear requirements and come up with a game plan to resume project activities mid-pandemic. You need to develop an approach, and fast.
Responsibly resume IT operations in the office:
Quickly restart the engine of your PPM:
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Identify the new risk landscape and risk tolerance for your organization post-pandemic. Determine how this may impact the second wave of pandemic transition tasks.
Prepare to return your employees to the office. Ensure that IT takes into account the health and safety of employees, while creating an efficient and sustainable working environment
Prepare the organization's assets for return to the office. Ensure that IT takes into account the off-license purchases and new additions to the hardware family that took place during the pandemic response and facilitates a secure reintegration to the workplace.
Prepare and position IT to support workloads in order to streamline office reintegration. This may include leveraging pre-existing solutions in different ways and providing additional workstreams to support employee processes.
Once you've identified IT's supporting tasks, it's time to prioritize. This phase walks through the activity of prioritizing based on cost/effort, alignment to business, and security risk reduction weightings. The result is an operational action plan for resuming office life.
Restarting the engine of the project portfolio mid-pandemic won’t be as simple as turning a key and hitting the gas. Use this concise research to find the right path forward for your organization.
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Use Info-Tech’s SOW review guidance to find common pitfalls and gotchas, to maximize the protections for your organization, and to hold vendors accountable.
Workshops offer an easy way to accelerate your project. If you are unable to do the project yourself, and a Guided Implementation isn't enough, we offer low-cost delivery of our project workshops. We take you through every phase of your project and ensure that you have a roadmap in place to complete your project successfully.
Gain a better understanding of common SOW clauses and phrases.
Reduce risk
Increase vendor accountability
Improve negotiation positions
1.1 Review sample SOW provisions, identify the risks, and develop a negotiation position.
1.2 Review Info-Tech tools.
Awareness and increased knowledge
Familiarity with the Info-Tech tools
Do you experience challenges with the following:
Use the reference architecture to plan for the solution you need and want to deploy. Infrastructure planning and strategy optimizes the container image supply chain, uses your current infrastructure, and reduces costs for compute and image scan time.
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
A document that walks you through the components of a container management solution and helps align your business objectives with your current infrastructure services and plan for your future assets.
Complete the reference architecture tool to strategize your container management.
Containers have become popular as enterprises use DevOps to develop and deploy applications faster. Containers require managed services because the sheer number of containers can become too complex for IT teams to handle. Orchestration platforms like Kubernetes can be complex, requiring management to automatically deploy container-based applications to operating systems and public clouds. IT operations staff need container management skills and training.
Installing and setting up container orchestration tools can be laborious and error-prone. IT organizations must first implement the right infrastructure setup for containers by having a solid understanding of the scope and scale of containerization projects and developer requirements. IT administrators also need to know how parts of the existing infrastructure connect and communicate to maintain these relationships in a containerized environment. Containers can run on bare metal servers, virtual machines in the cloud, or hybrid configurations, depending on your IT needs
Nitin Mukesh
Senior Research Analyst, Infrastructure and Operations
Info-Tech Research Group
Your Challenge | Common Obstacles | Info-Tech’s Approach |
The container software market is constantly evolving. Organizations must consider many factors to choose the right container management software for their specific needs and fit their future plans. It's important to consider your organization's current and future infrastructure strategy and how it fits with your container management strategy. The container management platform you choose should be compatible with the existing network infrastructure and storage capabilities available to your organization. |
IT operations staff have not been thinking the same way as developers who have now been using an agile approach for some time. Container image builds are highly automated and have several dependencies including scheduling, testing, and deployment that the IT staff is not trained for or lack the ability to create anything more than a simple image. |
Use the reference architecture to plan for the solution you need and want to deploy. Infrastructure planning and strategy optimizes the container image supply chain and reduces costs for compute and image scan time. Plan ahead to ensure your container strategy aligns with your infrastructure roadmap. Before deciding between bare metal and cloud, understand the different components of a container management solution and plan for current and future infrastructure services. |
Choosing the right container technology: IT is a rapidly changing and evolving market, with startups and seasoned technology vendors maintaining momentum in everything from container platforms to repositories to orchestration tools. The rapid evolution of container platform components such as orchestration, storage, networking, and system services such as load balancing has made the entire stack a moving target.
However, waiting for the industry to be standardized can be a recipe for paralysis, and waiting too long to decide on solutions and approaches can put a company's IT operations in catch-up mode.
Keeping containers secure: Security breaches in containers are almost identical to operating system level breaches in virtual machines in terms of potential application and system vulnerabilities. It is important for any DevOps team working on container and orchestration architecture and management to fully understand the potential vulnerabilities of the platforms they are using.
Optimize your infrastructure strategy for containers: One of the challenges enterprise IT operations management teams face when it comes to containers is the need to rethink the underlying infrastructure to accommodate the technology. While you may not want to embrace the public cloud for your critical applications just yet, IT operations managers will need an on-premises infrastructure so that applications can scale up and down the same way as they are containerized.
A Separation of responsibilities
Containerization provides a clear separation of responsibilities as developers can focus on application logic and dependencies, while IT operations teams can focus on deployment and management instead of application details such as specific software versions and configurations.
B Workload portability
Containers can run almost anywhere: physical servers or on-premise data centers on virtual machines or developer machines, as well as public clouds on Linux, Windows, or Mac operating systems, greatly easing development and deployment.
“Lift and shift” existing applications into a modern cloud architecture. Some organizations even use containers to migrate existing applications to more modern environments. While this approach provides some of the basic benefits of operating system virtualization, it does not provide all the benefits of a modular, container-based application architecture.
C Application isolation
Containers virtualize CPU, memory, storage, and network resources at the operating system level, providing developers with a logically isolated view of the operating system from other applications.
Source: TechTarget, 2021
A container is a partially isolated environment in which an application or parts of an application can run. You can use a single container to run anything from small microservices or software processes to larger applications. Inside the container are all the necessary executable, library, and configuration files. Containers do not contain operating system images. This makes them lighter and more portable with much less overhead. Large application deployments can deploy multiple containers into one or more container clusters (CapitalOne, 2020).
Containers have the following advantages:
Source: CapitalOne, 2020
On-premises containers | Public cloud-based containers |
---|---|
Advantages:
Disadvantages:
|
Advantages:
Disadvantages:
|
Info-Tech Insight
Start-ups and small businesses that don't typically need to be closely connected to hardware can easily move (or start) to the cloud. Large (e.g. enterprise-class) companies and companies that need to manage and control local hardware resources are more likely to prefer an on-premises infrastructure. For enterprises, on-premises container deployments can serve as a bridge to full public cloud deployments or hybrid private/public deployments. The answer to the question of public cloud versus on premises depends on the specific needs of your business.
From container labeling that identifies workloads and ownership to effective reporting that meets the needs of different stakeholders across the organization, it is important that organizations establish an effective framework for container management.
Four key considerations for your container management strategy:
01 Container Image Supply Chain
How containers are built
02 Container Infrastructure and Orchestration
Where and how containers run together
03 Container Runtime Security and Policy Enforcement
How to make sure your containers only do what you want them to do
04 Container Observability
Runtime metrics and debugging
To effectively understand container management solutions, it is useful to define the various components that make up a container management strategy.
To run a workload as a container, it must first be packaged into a container image. The image supply chain includes all libraries or components that make up a containerized application. This includes CI/CD tools to test and package code into container images, application security testing tools to check for vulnerabilities and logic errors, registries and mirroring tools for hosting container images, and attribution mechanisms such as image signatures for validating images in registries.
Important functions of the supply chain include the ability to:
Source: Rancher, 2022
Info-Tech Insight
It is important to consider disaster recovery for your image registry. As mentioned above, it is wise to isolate yourself from registry disruptions. However, external registry mirroring is only one part of the equation. You also want to make sure you have a high availability plan for your internal registry as well as proper backup and recovery processes. A highly available, fault-tolerant container management platform is not just a runtime environment.
Orchestration tools
Once you have a container image to run, you need a location to run it. That means both the computer the container runs on and the software that schedules it to run. If you're working with a few containers, you can make manual decisions about where to run container images, what to run with container images, and how best to manage storage and network connectivity. However, at scale, these kinds of decisions should be left to orchestration tools like Kubernetes, Swarm, or Mesos. These platforms can receive workload execution requests, determine where to run based on resource requirements and constraints, and then actually launch that workload on its target. And if a workload fails or resources are low, it can be restarted or moved as needed.
Source: DevOpsCube, 2022
Storage
Storage is another important consideration. This includes both the storage used by the operating system and the storage used by the container itself. First, you need to consider the type of storage you actually need. Can I outsource my storage concerns to a cloud provider using something like Amazon Relational Database Service instead? If not, do you really need block storage (e.g. disk) or can an external object store like AWS S3 meet your needs? If your external object storage service can meet your performance and durability requirements as well as your governance and compliance needs, you're in luck. You may not have to worry about managing the container's persistent storage. Many external storage services can be provisioned on demand, support discrete snapshots, and some even allow dynamic scaling on demand.
Networking
Network connectivity inside and outside the containerized environment is also very important. For example, Kubernetes supports a variety of container networking interfaces (CNIs), each providing different functionality. Questions to consider here are whether you can set traffic control policies (and the OSI layer), how to handle encryption between workloads and between workloads and external entities, and how to manage traffic import for containerized workloads. The impact of these decisions also plays a role on performance.
Backups
Backups are still an important task in containerized environments, but the backup target is changing slightly. An immutable, read-only container file system can be recreated very easily from the original container image and does not need to be backed up. Backups or snapshots on permanent storage should still be considered. If you are using a cloud provider, you should also consider fault domain and geo-recovery scenarios depending on the provider's capabilities. For example, if you're using AWS, you can use S3 replication to ensure that EBS snapshots can be restored in another region in case of a full region outage.
Ensuring that containers run in a place that meets the resource requirements and constraints set for them is necessary, but not sufficient. It is equally important that your container management solution performs continuous validation and ensures that your workloads comply with all security and other policy requirements of your organization. Runtime security and policy enforcement tools include a function for detecting vulnerabilities in running containers, handling detected vulnerabilities, ensuring that workloads are not running with unnecessary or unintended privileges, and ensuring that only other workloads that need to be allowed can connect.
One of the great benefits of (well implemented) containerized software is reducing the attackable surface of the application. But it doesn't completely remove it. This means you need to think about how to observe running applications to minimize security risks. Scanning as part of the build pipeline is not enough. This is because an image without vulnerabilities at build time can become a vulnerable container because new flaws are discovered in its code or support libraries. Instead, some modern tools focus on detecting unusual behavior at the system call level. As these types of tools mature, they can make a real difference to your workload’s security because they rely on actual observed behavior rather than up-to-date signature files.
Finally, if your container images are being run somewhere by orchestration tools and well managed by security and policy enforcement tools, you need to know what your containers are doing and how well they are doing it. Orchestration tools will likely have their own logs and metrics, as will networking layers, and security and compliance checking tools; there is a lot to understand in a containerized environment. Container observability covers logging and metrics collection for both your workloads and the tools that run them.
One very important element of observability is the importance of externalizing logs and metrics in a containerized environment. Containers come and go, and in many cases the nodes running on them also come and go, so relying on local storage is not recommended.
A container management platform typically consists of a variety of tools from multiple sources. Some container management software vendors or container management services attempt to address all four key components of effective container management. However, many organizations already have tools that provide at least some of the features they need and don't want to waste existing licenses or make significant changes to their entire infrastructure just to run containers.
When choosing tools from multiple sources, it's important to understand what needs each tool meets and what it doesn't. This holistic approach is necessary to avoid gaps and duplication of effort.
For example, scanning an image as part of the build pipeline and then rescanning the image while the container is running is a waste of CPU cycles in the runtime environment. Similarly, using orchestration tools and separate host-based agents to aggregate logs or metrics can waste CPU cycles as well as storage and network resources.
1 | DIY, Managed Services, or Packaged Products Developer satisfaction is important, but it's also wise to consider the team running the container management software. Migrating from bare metal or virtual machine-based deployment methodologies to containers can involve a significant learning curve, so it's a good idea to choose a tool that will help smooth this curve. |
2 | Kubernetes In the world of container management, Kubernetes is fast becoming the de facto standard for container orchestration and scheduling. Most of the products that address the other aspects of container management discussed in this post (image supply chain, runtime security and policy enforcement, observability) integrate easily with Kubernetes. Kubernetes is open-source software and using it is possible if your team has the technical skills and the desire to implement it themselves. However, that doesn't mean you should automatically opt to build yourself. |
3 | Managed Kubernetes Kubernetes is difficult to implement well. As a result, many solution providers offer packaged products or managed services to facilitate Kubernetes adoption. All major cloud providers now offer Kubernetes services that reduce the operational burden on your teams. Organizations that have invested heavily in the ecosystem of a particular cloud provider may find this route suitable. Other organizations may be able to find a fully managed service that provides container images and lets the service provider worry about running the images which, depending on the cost and capacity of the organization, may be the best option. |
4 | Third-Party Orchestration Products A third approach is packaged products from providers that can be installed on the infrastructure (cloud or otherwise). These products can offer several potential advantages over DIY or cloud provider offerings, such as access to additional configuration options or cluster components, enhanced functionality, implementation assistance and training, post-installation product support, and reduced risk of cloud provider lock-in. |
Source: Kubernetes, 2022; Rancher, 2022
It's important to describe your organization’s current and future infrastructure strategy and how it fits into your container management strategy. It’s all basic for now, but if you plan to move to a virtual machine or cloud provider next year, your container management solution should be able to adapt to your environment now and in the future. Similarly, if you’ve already chosen a public cloud, you may want to make sure that the tool you choose supports some of the cloud options, but full compatibility may not be an important feature.
Infrastructure considerations extend beyond computing. Choosing a container management platform should be compatible with the existing network infrastructure and storage capacity available to your organization. If you have existing policy enforcement, monitoring, and alerting tools, the ideal solution should be able to take advantage of them. Moving to containers can be a game changer for developers and operations teams, so continuing to use existing tools to reduce complexity where possible can save time and money.
Using the examples as a guide, complete the tool to strategize your container management
Download the Reference Architecture
Mell, Emily. “What is container management and why is it important?” TechTarget, April 2021.
https://www.techtarget.com/searchitoperations/definition/container-management-software#:~:text=A%20container%20management%20ecosystem%20automates,operator%20to%20keep%20up%20with
Conrad, John. “What is Container Orchestration?” CapitalOne, 24 August 2020.
https://www.capitalone.com/tech/cloud/what-is-container-orchestration/?v=1673357442624
Kubernetes. “Cluster Networking.” Kubernetes, 2022.
https://kubernetes.io/docs/concepts/cluster-administration/networking/
Rancher. “Comparing Kubernetes CNI Providers: Flannel, Calico, Canal, and Weave.” Rancher, 2022.
https://www.suse.com/c/rancher_blog/comparing-kubernetes-cni-providers-flannel-calico-canal-and-weave/
Wilson, Bob. “16 Best Container Orchestration Tools and Services.” DevopsCube, 5 January 2022.
https://devopscube.com/docker-container-clustering-tools/
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Complete a cultural assessment and select focus values to form core culture efforts.
Enable executives to gather feedback on behavioral perceptions and support behavioral change.
Review all areas of the department to understand where the links to culture exist and create a communication plan.
Customize a process to infuse behaviors aligned with focus values in work practices and complete the first wave of meetings.
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Architecture is a competency, not a function. Project teams, including even business managers outside of IT, can assimilate “architectural thinking.”
Increase business value through the dissemination of architectural thinking throughout the organization. Maturing your EAM practices beyond a certain point does not help.
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Improve benefits from your enterprise architecture efforts through the dissemination of architecture thinking throughout your organization.
Besides the small introduction, subscribers and consulting clients within this management domain have access to:
Map the current onboarding process and identify the challenges to a virtual approach.
Determine how existing onboarding activities can be modified for a virtual environment.
Finalize the virtual onboarding process and create an action plan. Continue to re-assess and iterate over time.